Cloud

Control Risks released their predictions for the top business risks for 2025, calling out Digital Concentration Risk as companies outsource their specialist IT services to external providers, such as cloud and security. “The concentration of risk in centralised technological ecosystems in a worsening threat landscape will be a top risk for organisations in 2025.” Global technology disruptions such as the July 2024 Crowdstrike outages shows how human error or system misconfigurations can create a correlated industry-wide impact to customer organisations. And as these companies pass control to external tech vendors, they may be losing the in-house skills needed to respond to future incidents and outages. ...

An availability zone (AZ) is a distinct location within a cloud provider’s infrastructure, designed to be isolated from failures in other zones. Each availability zone is implemented using one or more data centres, equipped with largely independent power, cooling, and networking to ensure high availability and fault tolerance between zones. Further reading Availability zone (Wikipedia)

An AKS cluster is a managed Kubernetes service provided by Microsoft Azure. Further reading What is Azure Kubernetes Service (AKS)? - Microsoft Learn Related pages Kubernetes

The Clarifying Lawful Overseas Use of Data (CLOUD) Act is a US law that allows US law enforcement to access digital information stored outside of the US. Further reading CLOUD Act (Wikipedia) Related Schrems II

*the cloud is just someone else’s computer Graham Cluley Example Cloud Providers Microsoft Azure Google Cloud Amazon Web Services (AWS)

The Cloud Control Matrix (CCM) is a cybersecurity control framework developed by the Cloud Security Alliance (CSA) that provides a comprehensive set of security and compliance controls for cloud computing environments. From the Cloud Security Alliance: The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance. ...

The Cloud Security Alliance (CSA) is a nonprofit organization that promotes best practices for securing cloud computing environments through research, education, and industry collaboration. Related Cloud Control Matrix (CCM)

An OpenShift cluster is a set of connected computers (called nodes) that run applications in containers. It lets you easily deploy, manage, and monitor these applications, and is designed for cloud environments.

Further reading Schrems II a summary – all you need to know The CJEU judgment in the Schrems II case (European Parliament) (PDF) What is Schrems II and how does it affect your data protection in 2021? (Thales) Related pages US CLOUD Act

What is a Hypervisor? A hypervisor is software that allows multiple operating systems to run on a single physical machine by creating and managing virtual machines (VMs). Each VM operates like a separate computer, with its own OS, CPU, memory, and storage, while sharing the same underlying hardware. Hypervisors abstract and allocate physical resources to VMs, enabling isolation, efficiency, and flexible workload management. They’re a foundational component of cloud infrastructure, enterprise IT, and even some home labs. Common examples of hypervisor technologies include KVM, Xen, VMware ESXi, and Microsoft Hyper-V. ...

What is Kubernetes? Kubernetes, often abbreviated as K8s, is an open-source platform designed to automate the deployment, scaling, and management of containerised applications. It orchestrates clusters of machines, ensuring that application components run reliably and efficiently across diverse environments. At its core, Kubernetes abstracts the underlying infrastructure, allowing developers and operators to define the desired state of their applications. The system then works to maintain this state, handling tasks like load balancing, scaling, and self-healing without manual intervention. ...

The Azure Shared Responsibility Model outlines the division of security responsibilities suggested by Microsoft between themselves and their customers for managing the cloud. Understanding this model is important for ensuring that both parties effectively manage and secure their cloud environments. Further reading Shared responsibility in the cloud - Microsoft Related pages Shared Responsibility Model