The CIO and CFO have been working on a new plan to save money by moving a majority of their workload to the cloud. They didn’t bring the CISO into the mix until the last steps of planning, and they’ve already chosen a mixture of SaaS, PaaS, and IaaS tools to meet their requirements. These spans a variety of cloud providers as the CIO said it would increase resilience if one cloud provider became unavailable.
The CISO isn’t happy and needs another presentation from you quickly on cloud security. He’s generally unfamiliar with Cloud as he’s always managed on-premises tools. He’s asked you to prepare a solution that covers the following information:
What is the difference between IaaS, SaaS, and PaaS?
Who bears the majority of security responsibility with an IaaS provider? A PaaS? A SaaS?
What are some of the basic tenets of cloud security?
Is security more difficult in a multi-cloud environment? If so, would the loss of the additional resilience (as stated by the CIO) by moving to a single cloud provider be worth it?