{{Short description|Methods used to protect cloud-based assets}} {{for|cloud-hosted security software|Security as a service}} {{Computer hacking|expanded=Computer security}}
'''Cloud computing security''' or '''cloud security''' refers to a broad set of policies, technologies, applications, and controls used to protect data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security and, more broadly, information security.
==Security issues associated with the cloud==
Cloud computing and storage provide users with the capability to store and process their data in third-party data centers.<ref name="cloudid">{{cite journal |last1=Haghighat |first1=Mohammad |last2=Zonouz |first2=Saman |last3=Abdel-Mottaleb |first3=Mohamed |title=CloudID: Trustworthy cloud-based and cross-enterprise biometric identification |journal=Expert Systems with Applications |date=November 2015 |volume=42 |issue=21 |pages=7905–7916 |doi=10.1016/j.eswa.2015.06.025 |s2cid=30476498 }}</ref> Organizations use the cloud in a variety of service models (e.g., SaaS, PaaS, IaaS) and deployment models (private, public, hybrid, and community).<ref name="Srinivasan">{{cite book |chapter=State-of-the-art cloud computing security taxonomies |title=Proceedings of the International Conference on Advances in Computing, Communications and Informatics - ICACCI '12 |year=2012 |last1=Srinivasan |first1=Madhan Kumar |last2=Sarukesi |first2=K. |last3=Rodrigues |first3=Paul |last4=Manoj |first4=M. Sai |last5=Revathy |first5=P. |pages=470–476 |doi=10.1145/2345396.2345474 |isbn=978-1-4503-1196-0 |s2cid=18507025 }}</ref>
Security concerns associated with cloud computing are typically divided into issues faced by cloud providers and those faced by their customers.<ref>{{cite news|url=http://security.sys-con.com/node/1231725|title=Swamp Computing a.k.a. Cloud Computing|publisher=Web Security Journal|date=2009-12-28|access-date=2010-01-25|archive-date=2019-08-31|archive-url=https://web.archive.org/web/20190831163708/http://security.sys-con.com/node/1231725}}</ref> The responsibility is shared and is often described in a vendor's "shared responsibility model".<ref name="CSACloudCont4">{{cite web |url=https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/ |format=xlsx |title=Cloud Controls Matrix v4 |publisher=Cloud Security Alliance |date=15 March 2021 |access-date=21 May 2021}}</ref><ref name="AWSShared20">{{cite web |url=https://docs.aws.amazon.com/whitepapers/latest/navigating-gdpr-compliance/shared-security-responsibility-model.html |title=Shared Security Responsibility Model |work=Navigating GDPR Compliance on AWS |publisher=AWS |date=December 2020 |access-date=21 May 2021}}</ref><ref name="TozziAvoid20">{{cite web |url=https://www.paloaltonetworks.com/blog/prisma-cloud/pitfalls-shared-responsibility-cloud-security/ |title=Avoiding the Pitfalls of the Shared Responsibility Model for Cloud Security |author=C. Tozzi |work=Palo Alto Networks Blog |date=24 September 2020 |access-date=21 May 2021}}</ref> The provider must secure its infrastructure, while customers must secure their applications, identities, and configuration settings.<ref name="AWSShared20" /><ref name="TozziAvoid20" />
Analyses of large-scale cloud incidents indicate that many breaches result from misconfigurations and long-unremediated exposures rather than solely from zero-day vulnerabilities.{{cn|date=December 2025}}
When an organization stores data or hosts applications on the public cloud, it loses physical access to the hardware. As a result, potentially sensitive data may be at risk from insider attacks. According to a 2010 Cloud Security Alliance report, insider attacks rank among the top threats in cloud computing.<ref name="Top Threats to Cloud Computing v1.0">{{cite web|date=March 2010|title=Top Threats to Cloud Computing v1.0|url=http://www.itsecure.hu/library/file/Biztons%C3%A1gi%20%C3%BAtmutat%C3%A1k/Felh%C5%91%20szolg%C3%A1ltat%C3%A1sok/Top%20threats%20to%20cloud-computing%20v1_0.pdf|access-date=2020-09-19|publisher=Cloud Security Alliance}}</ref> Cloud service providers must ensure that thorough background checks are conducted for employees with physical access to data centers.
To conserve resources and reduce cost, cloud providers often store multiple customers' data on the same server. As a result, one user's private data might be viewable by another without proper isolation.<ref name="Srinivasan"/> Providers implement data isolation and logical segregation to mitigate these risks.
The extensive use of virtualization in cloud infrastructure brings unique security concerns.<ref name="Cloud Virtual Security Winkler">{{cite web|last=Winkler|first=Vic|title=Cloud Computing: Virtual Cloud Security Concerns|url=https://technet.microsoft.com/en-us/magazine/hh641415.aspx|publisher=Technet Magazine, Microsoft|access-date=12 February 2012}}</ref> Virtualization introduces an additional layer—the hypervisor—that must be secured and correctly configured.<ref name="virtualization risks hickey">{{cite web|last=Hickey|first=Kathleen|title=Dark Cloud: Study finds security risks in virtualization|date=18 March 2010|url=http://gcn.com/articles/2010/03/18/dark-cloud-security.aspx|publisher=Government Security News|access-date=12 February 2012|archive-date=30 January 2012|archive-url=https://web.archive.org/web/20120130090012/http://gcn.com/articles/2010/03/18/dark-cloud-security.aspx}}</ref> A compromise of the hypervisor management system can impact an entire data center.<ref name="Securing the Cloud Winkler virt">{{cite book |last1=Winkler |first1=Joachim R. |title=Securing the Cloud: Cloud Computer Security Techniques and Tactics |date=2011 |publisher=Elsevier |isbn=978-1-59749-592-9 |page=59 }}</ref>
==Cloud security controls==
Cloud security architecture is effective only if the correct defensive implementations are in place. An efficient cloud security architecture should recognize the issues that will arise with security management and follow all the best practices, procedures, and guidelines to ensure a secure cloud environment. Security management addresses these issues with security controls. These controls protect cloud environments and are put in place to safeguard any weaknesses in the system and reduce the effect of an attack.
;Deterrent controls :Administrative mechanisms intended to reduce attacks by informing attackers of consequences.<ref>{{cite book |doi=10.1016/B978-0-12-800744-0.00009-9 |chapter=Physical Security |title=The Basics of Information Security |date=2014 |last1=Andress |first1=Jason |pages=131–149 |isbn=978-0-12-800744-0 }}</ref>
;Preventive controls :Controls designed to reduce vulnerabilities and prevent unauthorized access.<ref>{{cite book |doi=10.1016/B978-0-12-802043-2.00006-9 |chapter=Information Risk Assessment |title=HCISPP Study Guide |date=2015 |last1=Virtue |first1=Timothy |last2=Rainey |first2=Justin |pages=131–166 |isbn=978-0-12-802043-2 }}</ref>
;Detective controls :Controls that detect and respond to security events. Includes monitoring, SIEM, IDS/IPS, malware detection.<ref>{{cite web|date=2020-12-04|title=Detective Security Controls|url=https://lifars.com/2020/12/detective-security-controls/|access-date=7 December 2023}}</ref>
;Corrective controls :Controls that reduce the impact of an incident and restore systems.<ref>{{cite web|date=2019-08-22|title=What are Security Controls?|url=https://www.f5.com/labs/articles/education/what-are-security-controls|access-date=7 December 2023}}</ref>
==Dimensions of cloud security==
Cloud security engineering is characterized by the security layers, plan, design, programming, and best practices that exist inside a cloud security arrangement. Cloud security engineering requires the composed and visual model (design and UI) to be characterized by the tasks inside the Cloud. This cloud security engineering process includes such things as access to the executives, techniques, and controls to ensure applications and information. It also includes ways to deal with and keep up with permeability, consistency, danger stance, and by and large security. Processes for imparting security standards into cloud administrations and activities assume an approach that fulfills consistent guidelines and essential foundation security parts.<ref name="CSA_1">{{cite web|title=Cloud Security Architecture|url=https://www.guidepointsecurity.com/education-center/cloud-security-architecture|publisher=GuidePoint Security LLC|date=2023|access-date=6 December 2023}}</ref>
Though the idea of cloud computing is not new, organizations are increasingly adopting it because of its flexible scalability, relative trustability, and cost-effectiveness of services. However, despite its rapid adoption in some sectors and disciplines, research and statistics indicate that security-related pitfalls remain a major barrier to its full adoption.{{Citation needed|date=April 2026}}
It is generally recommended that information security controls be selected and implemented in proportion to the risks, typically by assessing the threats, vulnerabilities and impacts. Cloud security concerns can be grouped in various ways; Gartner identified seven, while the Cloud Security Alliance identified twelve areas of concern.<ref>{{cite magazine|url=http://www.infoworld.com/d/security-central/gartner-seven-cloud-computing-security-risks-853|title=Gartner: Seven cloud-computing security risks|magazine=InfoWorld|date=2008-07-02|access-date=2010-01-25}}</ref><ref>{{cite web|url=https://cloudsecurityalliance.org/artifacts/top-threats-cloud-computing-plus-industry-insights/|title=Top Threats to Cloud Computing Plus: Industry Insights|date=2017-10-20|publisher=Cloud Security Alliance|access-date=2018-10-20}}</ref> Cloud access security brokers (CASBs) are software that sits between cloud users and cloud applications to provide visibility into cloud application usage, data protection and governance to monitor all activity and enforce security policies.<ref>{{cite web|title=What is a CASB (Cloud Access Security Broker)?|publisher=CipherCloud|url=https://www.ciphercloud.com/what-is-a-casb|access-date=2018-08-30|archive-url=https://web.archive.org/web/20180831071934/https://www.ciphercloud.com/what-is-a-casb|archive-date=2018-08-31}}</ref>
==Security and privacy==
Any service without a "hardened" environment is considered a "soft" target. Virtual servers should be protected just like a physical server against data leakage, malware, and exploited vulnerabilities. "Data loss or leakage represents 24.6 % and cloud-related malware 3.4 % of threats causing cloud outages".<ref name="JA_1">{{cite journal| title=Limitations and challenges on Security Cloud Testing| author1=Ahmad Dahari Bin Jarno| author2=Shahrin Bin Baharom| author3=Maryam Shahpasand| url=https://www.apu.edu.my/ejournals/jati/journal/JATI-VOLUME_1-ISSUE_2-2017.pdf| journal=Journal of Applied Technology and Innovation| volume=1| issue=2| pages=89–90| date=2017}}</ref>
===Identity management=== Every enterprise will have its own identity management system to control access to information and computing resources. Cloud providers either integrate the customer's identity management system into their own infrastructure, using federation or SSO technology or a biometric-based identification system,<ref name="cloudid"/> or provide an identity management system of their own.
===Physical security=== Cloud service providers physically secure the IT hardware (servers, routers, cables etc.) against unauthorized access, interference, theft, fire, flood etc., and ensure that essential supplies (such as electricity) are sufficiently robust to minimise the possibility of disruption.
===Personnel security=== Various information security concerns relating to personnel involved in cloud services are typically handled through screening, security-awareness training, and role-based access controls.
===Privacy=== Providers ensure that all critical data (credit-card numbers, for example) are masked or encrypted and that only authorised users have access to data in its entirety. Moreover, digital identities and credentials must be protected as must any data that the provider collects or produces about customer activity in the cloud.
===Penetration testing=== Penetration testing is the process of performing offensive security tests on a system, service, or computer network to find security weaknesses in it. Since the cloud is a shared environment with other customers or tenants, following penetration-testing rules of engagement step-by-step is a mandatory requirement. Scanning and penetration-testing from inside or outside the cloud should be authorised by the cloud provider.<ref>{{cite book |doi=10.1145/3026724.3026728 |chapter=Penetration Testing on Virtual Environments |title=Proceedings of the 4th International Conference on Information and Network Security – ICINS '16 |year=2016 |last1=Guarda |first1=Teresa |last2=Orozco |first2=Walter |last3=Augusto |first3=Maria Fernanda |last4=Morillo |first4=Giovanna |last5=Navarrete |first5=Silvia Arévalo |last6=Pinto |first6=Filipe Mota |pages=9–12 |isbn=978-1-4503-4796-9 |s2cid=14414621 }}</ref>
=== Cloud vulnerability and penetration testing === Scanning the cloud from outside and inside using free or commercial tools is crucial. Without a hardened environment, your service is considered a soft target. Virtual servers should be hardened just like a physical server against data leakage, malware, and exploited vulnerabilities. "Data loss or leakage represents 24.6 % and cloud-related malware 3.4 % of threats causing cloud outages".
===Legal issues=== Privacy legislation often varies by country. By having information stored via the cloud it is difficult to determine under which jurisdiction the data falls. Trans-border clouds are popular given that the largest companies transcend several countries. Legal dilemmas from the ambiguity of the cloud refer to how there is a difference in data-sharing law between and inside organisations.<ref name="Svantesson & Clarke 2010">{{cite journal |last1=Svantesson |first1=Dan |last2=Clarke |first2=Roger |title=Privacy and consumer risks in cloud computing |journal=Computer Law & Security Review |date=July 2010 |volume=26 |issue=4 |pages=391–397 |doi=10.1016/j.clsr.2010.05.005 |hdl=1885/57037 |s2cid=62515390 |hdl-access=free }}</ref>
===Unauthorized Access to Management Interface=== Due to the autonomous nature of the cloud, consumers are often given management interfaces to monitor their databases. By having controls in one central location and by having the interface be easily accessible for user convenience, there is a possibility that a single actor could gain access to the cloud's management interface; giving them control over much of the system.<ref name="Grobauer Walloschek & Stocker 2011">{{cite journal |last1=Grobauer |first1=Bernd |last2=Walloschek |first2=Tobias |last3=Stocker |first3=Elmar |title=Understanding Cloud Computing Vulnerabilities |journal=IEEE Security & Privacy |date=March 2011 |volume=9 |issue=2 |pages=50–57 |doi=10.1109/MSP.2010.115 |bibcode=2011ISPri...9b..50G |s2cid=1156866 }}</ref>
===Data Recovery Vulnerabilities=== The cloud's use of resource pooling means memory or storage resources may be recycled to another user. It is possible for current users to access information left by previous ones.<ref name="Grobauer Walloschek & Stocker 2011"/>
===Internet Vulnerabilities=== Cloud services require internet connectivity and use internet protocols, making them subject to attacks such as man-in-the-middle attacks. Furthermore, heavy reliance on internet connectivity means service disruptions or outages can cut off users entirely.<ref name="Grobauer Walloschek & Stocker 2011"/>
===Encryption Vulnerabilities=== As encryption algorithms age, vulnerabilities arise. Cloud providers must stay current with encryption standards and transition older systems before they become compromised.<ref>{{cite book |doi=10.1109/SCM.2017.7970558 |chapter=A cloud computing security solution based on fully homomorphic encryption |title=2017 XX IEEE International Conference on Soft Computing and Measurements (SCM) |year=2017 |last1=Rukavitsyn |first1=Andrey N. |last2=Borisenko |first2=Konstantin A. |last3=Holod |first3=Ivan I. |last4=Shorov |first4=Andrey V. |pages=272–274 |isbn=978-1-5386-1810-3 |s2cid=40593182 }}</ref>
==Encryption== Some advanced encryption algorithms applied to cloud computing increase the protection of privacy. In a practice called crypto-shredding, encryption keys can be deleted when data is no longer used.
===Attribute-based encryption (ABE)=== Attribute-based encryption is a form of public-key encryption in which the user's secret key and the ciphertext depend on attributes (e.g., the country the user lives in, or their subscription type). In such systems, access to decryption depends not simply on identity but on attributes.
Some of the strengths of ABE are that it bypasses the need for explicit key sharing (as in traditional PKI) and identity-based encryption (IBE). However, ABE suffers from key-redistribution complexity: since decryption keys depend on attributes rather than identities, malicious users might leak attribute information, enabling unauthorized access.<ref name="Xu et al. 2020">{{cite journal |last1=Xu |first1=Shengmin |last2=Yuan |first2=Jiaming |last3=Xu |first3=Guowen |last4=Li |first4=Yingjiu |last5=Liu |first5=Ximeng |last6=Zhang |first6=Yinghui |last7=Ying |first7=Zuobin |title=Efficient ciphertext-policy attribute-based encryption with black-box traceability |journal=Information Sciences |date=October 2020 |volume=538 |pages=19–38 |doi=10.1016/j.ins.2020.05.115 |s2cid=224845384 |url=https://ink.library.smu.edu.sg/sis_research/5179 }}</ref>
====Ciphertext-policy ABE (CP-ABE)==== In CP-ABE, the encryptor controls the access policy for the ciphertext. The process includes Setup, Encrypt, KeyGen, and Decrypt algorithms; the encryptor defines an access structure that must match a user's attributes before decryption is allowed.<ref name="Bethencourt2007">{{cite conference |last1=Bethencourt |first1=John |last2=Sahai |first2=Amit |last3=Waters |first3=Brent |title=2007 IEEE Symposium on Security and Privacy (SP '07) |chapter=Ciphertext-Policy Attribute-Based Encryption |date=May 2007 |pages=321–334 |doi=10.1109/SP.2007.11 |isbn=978-0-7695-2848-9 |s2cid=6282684 |chapter-url=https://hal.archives-ouvertes.fr/hal-01788815/file/cp-abe.pdf }}</ref>
====Key-policy ABE (KP-ABE)==== In KP-ABE, the sender encrypts under a set of attributes, and the user's private key is issued to match a policy describing which ciphertexts they may decrypt. KP-ABE shifts access-control responsibility partially to the key-issuer rather than the encryptor. While it provides flexibility, the policy disclosure may weaken privacy guarantees.<ref name="Wang 2013">{{cite book |last1=Wang |first1=Chang-Ji |last2=Luo |first2=Jian-Fa |title=2012 Eighth International Conference on Computational Intelligence and Security |chapter=A Key-Policy Attribute-Based Encryption Scheme with Constant Size Ciphertext |date=November 2012 |pages=447–451 |doi=10.1109/CIS.2012.106 |isbn=978-1-4673-4725-9 |s2cid=1116590 }}</ref>
===Fully Homomorphic Encryption (FHE)=== Fully Homomorphic Encryption allows arbitrary computation on ciphertext without decryption. It is emerging as a high-security option for cloud environments, including voting systems. While promising, it remains largely experimental.<ref name="FHE2012">{{cite book |doi=10.1007/978-3-642-31410-0_15 |chapter=Shift-Type Homomorphic Encryption and Its Application to Fully Homomorphic Encryption |title=Progress in Cryptology – AFRICACRYPT 2012 |series=Lecture Notes in Computer Science |year=2012 |last1=Armknecht |first1=Frederik |last2=Katzenbeisser |first2=Stefan |last3=Peter |first3=Andreas |volume=7374 |pages=234–251 |isbn=978-3-642-31409-4 |chapter-url=https://ris.utwente.nl/ws/files/5322305/andreas.pdf }}</ref>
===Searchable Encryption (SE)=== Searchable encryption enables secure search on encrypted data. It has symmetric and public-key variants. While it supports functionality over encrypted data, it introduces extra attack surfaces, especially when attribute indexing is involved.<ref name="Naveed 2014">{{cite book |chapter=Dynamic Searchable Encryption via Blind Storage |title=2014 IEEE Symposium on Security and Privacy |year=2014 |last1=Naveed |first1=Muhammad |last2=Prabhakaran |first2=Manoj |last3=Gunter |first3=Carl A. |pages=639–654 |doi=10.1109/SP.2014.47 |isbn=978-1-4799-4686-0 |s2cid=10910918 }}</ref>
==Compliance== Numerous laws and regulations govern the storage and use of data. In the US these include privacy and data-protection laws, the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act, the Federal Information Security Management Act of 2002 (FISMA), and the Children's Online Privacy Protection Act of 1998. Similar standards exist in other jurisdictions (e.g., Singapore's Multi-Tier Cloud Security Standard).
Similar laws may apply in different legal jurisdictions and may differ markedly from those in the US. Cloud service users must often understand the legal and regulatory differences between the jurisdictions. For example, data stored by a cloud service provider (CSP) may be located in, say, Singapore and mirrored in the US.<ref>{{cite web|url=http://www.technologyslegaledge.com/2014/08/29/managing-legal-risks-arising-from-cloud-computing/|title=Managing legal risks arising from cloud computing |date=29 August 2014 |publisher=DLA Piper |access-date=2014-11-22}}</ref>
;Business continuity and data recovery :Cloud providers have business continuity and data recovery plans in place to ensure service continuity and data protection.<ref>{{cite web|url=http://content.dell.com/us/en/enterprise/d/large-business/benefits-cloud-based-recovery.aspx|title=It's Time to Explore the Benefits of Cloud-Based Disaster Recovery|publisher=Dell.com|access-date=2012-03-26|archive-url=https://web.archive.org/web/20120515134339/http://content.dell.com/us/en/enterprise/d/large-business/benefits-cloud-based-recovery.aspx|archive-date=2012-05-15}}</ref>
;Log and audit trail :In addition to producing logs and audit trails, cloud providers work with their customers to secure these logs and ensure they're accessible for forensic investigation (e.g., eDiscovery).
;Unique compliance requirements :In addition to the requirements on customers, data centers used by cloud providers may be subject to additional compliance obligations. Using a cloud service provider (CSP) can lead to extra security concerns around data jurisdiction since customer or tenant data may not remain in the same location or provider's cloud.<ref name="Securing the Cloud Winkler">{{cite book |last1=Winkler |first1=Joachim R. |title=Securing the Cloud: Cloud Computer Security Techniques and Tactics |date=2011 |publisher=Elsevier |isbn=978-1-59749-592-9 |pages=65,68,72,81,218–219,231,240 }}</ref>
==Legal and contractual issues== thumb|325px|right|Cloud providers' security and privacy agreements must align to customer requirements and regulation. Aside from the security and compliance issues already discussed, cloud providers and their customers negotiate terms around liability (stipulating how incidents involving data loss or compromise will be resolved, for example), intellectual property, and end-of-service (when data and applications are ultimately returned to the customer). These issues are typically addressed in service-level agreements (SLAs).<ref name="adams">{{cite book |last1=Adams |first1=Richard |chapter=The emergence of cloud storage and the need for a new digital forensic process model |pages=79–104 |chapter-url=https://researchrepository.murdoch.edu.au/id/eprint/19431/1/emergence_of_cloud_storage.pdf |editor1-last=Ruan |editor1-first=Keyun |title=Cybercrime and Cloud Forensics: Applications for Investigation Processes |date=2013 |publisher=Information Science Reference |isbn=978-1-4666-2662-1 }}</ref>
===Public records=== Legal issues may also include records-keeping requirements in the public sector, where agencies must retain and make available electronic records in a specific fashion.
==See also== * Computer security * Common Vulnerabilities and Exposures
==References== {{reflist}}
==Further reading== * {{cite journal |last1=Mowbray |first1=Miranda |title=The Fog over the Grimpen Mire: Cloud Computing and the Law |journal=SCRIPT-ed |date=15 April 2009 |volume=6 |issue=1 |pages=132–146 |doi=10.2966/scrip.060109.132 |doi-access=free }} * {{cite book|title=Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance|first1=Tim|last1=Mather|first2=Subra|last2=Kumaraswamy|first3=Shahed|last3=Latif|publisher=O'Reilly Media, Inc.|year=2009|isbn=978-0-596-80276-9}} * {{cite book|title=Securing the Cloud: Cloud Computer Security Techniques and Tactics|first1=Vic|last1=Winkler|publisher=Elsevier|year=2011|isbn=978-1-59749-592-9}} * {{cite book|title=Securing the Virtual Environment: How to Defend the Enterprise Against Attack|first1=Davi|last1=Ottenheimer|publisher=Wiley|year=2012|isbn=978-1-118-15548-6}} * [http://www.iso.org/iso/catalogue_detail?csnumber=43757 BS ISO/IEC 27017]: "Information technology. Security techniques. Code of practice for information security controls based on ISO/IEC 27002 for cloud services." (2015) * [http://www.iso.org/iso/catalogue_detail?csnumber=61498 BS ISO/IEC 27018]: "Information technology. Security techniques. Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors." (2014) * [http://www.iso.org/iso/catalogue_detail?csnumber=59689 BS ISO/IEC 27036-4]: "Information technology. Security techniques. Information security for supplier relationships. Guidelines for security of cloud services" (2016)
==External links== * [https://www.cyber.mil/dccs DoD Cloud Computing Security Requirements Guide (CC SRG)]
===Archive=== * {{Webarchive|url=https://web.archive.org/web/20181021193742/https://iase.disa.mil/cloud_security/Pages/index.aspx |date=2018-10-21}}
{{Cloud computing}} {{DEFAULTSORT:Cloud computing security}} Category:Cloud computing Category:Computer security