Security and Compliance Testing Strategies for Cloud Computing
Source: University of Melbourne
Due to rapidly changing Information Technologies, it is becoming more expensive for companies/organizations to regularly update hardware and software, and also maintain a big IT department with highly technical staff. So many organizations are adopting cloud services to reduce the cost and increase the flexibility of their IT infrastructures. While different sectors are adopting the cloud for their IT need, they are also very concern about data security (both in rest and in motion) and various compliance requirements such as PCI DSS, HIPAA, GLBA, SOX, etc. There are several cloud service models, where one model sits on top of another with lowest one as Infrastructure-as-a-Service (IaaS), and above that is Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS).