This document provides an introduction to cloud security. It discusses the shared responsibility model of cloud security between customers and providers for different cloud service models like IaaS, PaaS, and SaaS. It outlines some common cloud security risks like data leakage, malware injections, DDoS attacks, and insecure APIs. The document then defines cloud security and discusses key questions around responsibility, fortification, and controls. It introduces the NIST Cybersecurity Framework as an important resource for managing cyber risks and provides additional resources for researching cloud providers' security programs and NIST guidelines on cloud computing security and privacy.
Related topics: