Modern digital technology underpins the shift that enables businesses to implement new processes, scale quickly and serve customers in a whole new way.
Historically, organisations would invest in their own IT infrastructure to support their business objectives and the IT department’s role would be focused on keeping the ‘lights on’.
To minimise the chance of failure of the equipment, engineers traditionally introduced an element of redundancy in the architecture. That redundancy could manifest itself on many levels. For example, it could be a redundant datacentre, which is kept as a ‘hot’ or ‘warm’ site with a complete set of hardware and software ready to take the workload in case of the failure of a primary datacentre. Components of the datacentre, like power and cooling, can also be redundant to increase the resiliency.
On a lesser scale, within a single datacentre, networking infrastructure elements can be redundant. It is not uncommon to procure two firewalls instead of just one to configure them to balance the load or just to have a second one as a backup. Power and utilities companies still stock up on critical industrial control equipment to be able to quickly react to a failed component.
The majority of effort, however, went into protecting the data storage. Magnetic disks were assembled in RAIDs to reduce the chances of data loss in case of failure and backups were relegated to magnetic tapes to preserve less time-sensitive data and stored in separate physical locations.
Depending on specific business objectives or compliance requirements, organisations had to heavily invest in these architectures. One-off investments were, however, only one side of the story. On-going maintenance, regular tests and periodic upgrades were also required to keep these components operational. Labour, electricity, insurance and other costs were adding to the final bill. Moreover, if a company was operating in a regulated space, for example if they processed payments and cardholder data then external audits, certification and attestation were also required.
With the advent of cloud computing, companies were able to abstract away a lot of this complexity and let someone else handle the building and operation of datacentres and dealing with compliance issues relating to physical security.
The need for the business resilience, however, did not go away.
Cloud providers can offer options that far exceed (at comparable costs) the traditional infrastructure; but only if configured appropriately.
One example of this is the use of ‘zones’ of availability, where your resources can be deployed across physically separate datacentres. In this scenario, your service can be balanced across these availability zones and can remain running even if one of the ‘zones’ goes down. If you build your own infrastructure for this, you would have to build one datacentre in each zone and . You better have a solid business case for this.
It is important to keep this in mind when deciding to move to the cloud from the traditional infrastructure. Simply lifting and shifting your applications to the cloud may, in fact. These applications are unlikely to have been developed to work in the cloud and take advantage of these additional resiliency options. Therefore, I advise against such migration in favour of re-architecting.
Cloud Service Provider SLAs should also be considered. Compensation might be offered for failure to meet these, but it’s your job to check how this compares to the traditional “5 nines” of a availability in a traditional datacentre.
You should also be aware of the many differences between cloud service models.
When procuring a SaaS, for example, your ability to manage resilience is significantly reduced. In this case you are relying completely on your provider to keep the service up and running, potentially raising the provider outage concern. . Even with the data, however, your options are limited without a second application on-hand to process that data which may also require data transformation. Study the historical performance and pick your SaaS provider carefully.
IaaS gives you more options to design an architecture for your application, but with this great freedom comes great responsibility. The provider is responsible for fewer layers of the overall stack when it comes to IaaS, so you must design and maintain a lot of it yourself. When doing so, assume failure rather than thinking of it as a (remote) possibility. Availability Zones are helpful, but not always sufficient. What scenarios require consideration of the use of a separate geographical region? The European Banking Authority recommendations on Exit and Continuity can be an interesting example to look at from a testing and deliverability perspective.
Be mindful of characteristics of SaaS that also affect PaaS from a redundancy perspective. For example, if you’re using a proprietary PaaS then you can’t just lift and shift your data and code.
Above all, when designing for resiliency, take a risk-based approach. Not all your assets have the same criticality. , know your RPO and RTO. Remember that SaaS can be built on top of AWS or Azure, exposing you to supply chain risks.
Even when assuming the worst, you may not have to keep every single service running should the worst actually happen. For one thing, it’s too expensive – just ask your business stakeholders. The very worst time to be defining your approach to resilience is in the middle of an incident, closely followed by shortly after an incident. As with other elements of security in the cloud, resilience should “shift left” and be addressed as early in the delivery cycle as possible. As the Scout movement is fond of saying – “be prepared”.
I just passed the Certified Cloud Security Practitioner (CCSP) exam. It wasn’t easy, but nothing you can’t prepare for.
Apart from the official (ISC)2 guides, here are some of the resources I used in my studies:
- Cloud Security Alliance Security Guidance v4.0
- Cloud Security Alliance Enterprise Architecture
- Security Guidance for Critical Areas of Mobile Computing
- CSA Cloud Controls Matrix
- The ‘Treacherous Twelve’ Cloud Computing Top Threats in 2016
- ENISA Cloud Security Publications
- NIST SP 800-146 Cloud Computing Synopsis and Recommendations
- NIST Special Publication 500-299 Cloud Computing Security Reference Architecture (Draft)
- OWASP Top 10
If you would prefer to add video lectures to your study plan, there’s a free course on Cybrary. For a quick summary, check out these study notes and mindmaps. Also, multiple sets of free flashcards are available on Quizlet.
It is a good idea to do some practice questions: there are books and mobile apps out there to help you with this. Practical experience in cloud security is also essential.
The exam tests your knowledge of the following CCSP domains:
- Architectural Concepts and Design Requirements
- Cloud Data Security
- Cloud Platform and Infrastructure Security
- Cloud Application Security
- Legal and Compliance
The structure and format might change as (ISC)2 continuously revise their exams, so please check the official website to make sure you are up-to-date with the latest developments.
On the day, read the questions carefully. It’s not a time pressured exam (I was done in two hours), so it’s worth re-reading the questions and answers again to make sure you are answering exactly what is being asked. Eliminate the wrong options first and then decide on the best out of the remaining ones.
Finally, my suggestion would be to approach the questions from the perspective of a consultant. What would you recommend in each situation? Don’t go too technical – keep the business needs in mind at all times.
Don’t stress too much about the final result. I’m sure you’ll pass, but even if not on your first attempt, you’ll learn either way! Remember, the knowledge you accumulate in the process of preparing for the test itself has the most value, not the credential.
I’ve recently passed my AWS Certified Solutions Architect – Associate exam. In this blog I would like to share some preparation tips that would help you ace it.
Not only practice makes perfect, some hands-on experience is also a prerequisite for the exam. So there is really no way around that! But what if you didn’t have a chance to use your skills on a real-world project yet? No problem! AWS gives you a opportunity to learn how their cloud components work through AWS Free Tier. For one year, you can use Amazon EC2 , Amazon S3, Amazon RDS, AWS IoT and many more free of charge,
You want more guidance? Qwiklabs developed a set of labs that specifically designed to help you prepare for this exam. For a small price, you can complete exercises without even requiring an AWS account or signing up for Free Tier.
I recommend studying AWS Whitepapers to broaden your technical understanding. If you are short on time, focus on these:
- Overview of Amazon Web Services
- Architecting for the Cloud: AWS Best Practices
- How AWS Pricing Works
- Compare AWS Support Plans
AWS developed a freecself-paced Cloud Practitioner Essential course, to help you develop an overall understanding of the AWS Cloud. You will learn basic cloud concepts and AWS services, security, architecture, pricing, and support.
There is also a YouTube channel with free introductory videos and other noteworthy material.
Exam sample questions can help you check your knowledge and highlight areas requiring more study.
Remember, the best preparation for the exam is practical experience: AWS recommend 1+ years of hands-on experience with their technologies.
When you’re ready, go ahead and schedule an exam here.
Your company has decided to adopt Cloud. Or maybe it was among the ones that relied on virtualised environments before it was even a thing? In either case, cloud security has to be managed. How do you go about that?
Before checking out vendor marketing materials in search of the perfect technology solution, let’s step back and think of it from a governance perspective. In an enterprise like yours, there are a number of business functions and departments with various level of autonomy. Do you trust them to manage business process-specific risk or choose to relieve them from this burden by setting security control objectives and standards centrally? Or maybe something in-between?
Managing security centrally allows you to uniformly project your security strategy and guiding policy across all departments. This is especially useful when aiming to achieve alignment across business functions. It helps when your customers, products or services are similar across the company, but even if not, centralised governance and clear accountability may reduce duplication of work through streamlining the processes and cost-effective use of people and technology (if organised in a central pool).
If one of the departments is struggling financially or is less profitable, the centralised approach ensures that overall risk is still managed appropriately and security is not neglected. This point is especially important when considering a security incident (e.g. due to misconfigured access permissions) that may affect the whole company.
Responding to incidents in general may be simplified not only from the reporting perspective, but also by making sure due process is followed with appropriate oversight.
There are, of course, some drawbacks. In the effort to come up with a uniform policy, you may end up in a situation where it loses its appeal. It’s now perceived as too high-level and out of touch with real business unit needs. The buy-in from the business stakeholders, therefore, might be challenging to achieve.
Let’s explore the alternative; the decentralised model.
This approach is best applied when your company’s departments have different customers, varied needs and business models. This situation naturally calls for more granular security requirements preferably set at the business unit level.
In this scenario, every department is empowered to develop their own set of policies and controls. These policies should be aligned with the specific business need relevant to that team. This allows for local adjustments and increased levels of autonomy. For example, upstream and downstream operations of an oil company have vastly different needs due to the nature of activities they are involved in. Drilling and extracting raw materials from the ground is not the same as operating a petrol station, which can feel more like a retail business rather than one dominated by industrial control systems.
Another example might be a company that grew through a series of mergers and acquisitions where acquired companies retained a level of individuality and operate as an enterprise under the umbrella of a parent corporation.
With this degree of decentralisation, resource allocation is no longer managed centrally and, combined with increased buy-in, allows for greater ownership of the security programme.
This model naturally has limitations. These have been highlighted when identifying the benefits of the centralised approach: potential duplication of effort, inconsistent policy framework, challenges while responding to the enterprise-wide incident, etc. But is there a way to combine the best of both worlds? Let’s explore what a hybrid model might look like.
The middle ground can be achieved through establishing a governance body setting goals and objectives for the company overall, and allowing departments to choose the ways to achieve these targets. What are the examples of such centrally defined security outcomes? Maintaining compliance with relevant laws and regulations is an obvious one but this point is more subtle.
The aim here is to make sure security is supporting the business objectives and strategy. Every department in the hybrid model in turn decides how their security efforts contribute to the overall risk reduction and better security posture.
This means setting a baseline of security controls and communicating it to all business units and then gradually rolling out training, updating policies and setting risk, assurance and audit processes to match. While developing this baseline, however, input from various departments should be considered, as it is essential to ensure adoption.
When an overall control framework is developed, departments are asked to come up with a specific set of controls that meet their business requirements and take distinctive business unit characteristics into account. This should be followed up by gap assessment, understanding potential inconsistencies with the baseline framework.
In the context of the Cloud, decentralised and hybrid models might allow different business units to choose different cloud providers based on individual needs and cost-benefit analysis. They can go further and focus on different solution types such as SaaS over IaaS.
As mentioned above, business units are free to decide on implementation methods of security controls providing they align with the overall policy. Compliance monitoring responsibilities, however, are best shared. Business units can manage the implemented controls but link in with the central function for reporting to agree consistent metrics and remove potential bias. This approach is similar to the Three Lines of Defence employed in many organisations to effectively manage risk. This model suggests that departments themselves own and manage risk in the first instance with security and audit and assurance functions forming second and third lines of defence respectively.
We’ve looked at three different governance models and discussed their pros and cons in relation to Cloud. Depending on the organisation the choice can be fairly obvious. It might be emerging naturally from the way the company is running its operations. All you need to do is fit in the organisational culture and adopt the approach to cloud governance accordingly.
The point of this article, however, is to encourage you to consider security in the business context. Don’t just select a governance model based on what “sounds good” or what you’ve done in the past. Instead, analyse the company, talk to people, see what works and be ready to adjust the course of action.
If the governance structure chosen is wrong or, worse still, undefined, this can stifle the business instead of enabling it. And believe me, that’s the last thing you want to do.
Be prepared to listen: the decision to choose one of the above models doesn’t have to be final. It can be adjusted as part of the continuous improvement and feedback cycle. It always, however, has to be aligned with business needs.
|Centralised model||Decentralised model||Hybrid model|
|A single function responsible for all aspects of a Cloud security: people, process, technology, governance, operations, etc.||Strategic direction is set centrally, while all other capabilities are left up to existing teams to define.||Strategy, policy, governance and vendors are managed by the Cloud security team; other capabilities remain outside the Cloud security initiative.|
Organisations around the world are increasingly relying on third-party vendors to provide them with competitive advantage. Many companies in a race to optimise processes and reduce costs begin to outsource core functions. This leads to increased risk profile and new challenges of supplier oversight.
Dealing with third-parties has grown bigger than being just a procurement issue. Suppliers companies increasingly rely on, pose not only legal but also reputational risks that cannot be fully transferred. Security and privacy related incidents related to third-party providers are presenting new management challenges. Moreover, regulators are increasingly demanding the management of the third-party risk.
Suppliers, however, have their own challenges. Constant squeeze on costs from their clients reduces the profit margins making it increasingly difficult for vendors to prioritise security requirements implementation.
How do we make sure the suppliers we work with are trustworthy? How do we minimise the risk exposure from a potential incident? What level of assurance is required for a supplier?
These are the questions I’m going to answer in this blog.
Understanding business drivers and goals is essential for developing a third-party risk management approach. By analysing company’s corporate strategy I was able to derive multiple business attributes relevant to the shareholders. One of them stands out: Trusted. I’m going to disregard other attributes and focus on this one for the purposes of this case study. Not only it is important for the company to be trusted by its customers, but trustworthiness is also something I’m going to explore in this blog from the third-party relationship standpoint.
After a workshop with the CIO and IT managers in various business units, I’ve defined the following IT attributes supporting the main business attribute (Trusted): Transparent, Assured and Managed.
How does the security function support the wider IT objectives and corresponding attributes? After a number of workshops and analysing the security strategy document I’ve managed to create a number of security attributes. Below is a simplified example correlating to the business and IT attributes in scope:
Dealing with customers and managing relationships with them is one of the core activities of the company. As discussed above, being trusted by the customers is one of the main values of the organisation. IT department through the implementation of their technology strategy supported the business stakeholders in Sales and Marketing to outsource customer relationship management platform to a third party provider. A cloud-based solution has been chosen to fulfill this requirement.
A combination of attribute profiling, trust modelling and risk analysis is used to assess the degree of assurance required and compare third-party providers. Below is a recommended approach based on the attributes defined.
Security attributes mapping
Based on the internal security policy the following questionnaire has been developed to assess the supplier. Responses from the supplier have been omitted to preserve confidentiality. Below is a short excerpt from one of the sections of the questionnaire related to cloud services.
|Are terms of services and liabilities clearly defined in service agreements?||Governed|
|Are escrow arrangements in supplier contract agreement and cloud service agreements registered with procurement and documented in cloud service register.||Identified|
|Are physical security and environmental controls present in the data centre that contains company data?||Integrated|
|Are procedures for user authentication, authorization and access termination documented?||Access-Controlled|
|Has the Business Continuity Plan been reviewed and approved by the executive management?||Governed|
|How often is the Business Continuity Plans and Disaster Recovery Plans tested?||Available|
|Is there a specific Recovery Time Objective(s) (RTO) and Recovery Point Objective(s) (RPO)? If yes, specify the RTO and RPO for the company services.||Available|
|Are default settings customized to implement strong encryption for authentication and transmission?||Access-Controlled|
Attribute compliance is assessed based on the questionnaire answers, as every question is mapped to a specific attribute. Where a specific combination of an attribute corresponds to multiple questions, all answers are rated separately then an average rating for that attribute weight is calculated. Exceptions apply where certain specific questions are identified to have priority (higher level of impact on attribute compliance) over the other questions mapped to the same attribute. Expert judgement is applied to analyse such situations.
Attributes are evaluated with three main levels:
- High level of compliance with policy (Green),
- Medium level of compliance with policy (Amber),
- Low level of compliance with policy (Red)
In 2013 the Cloud Security Alliance released a report, which identifies and describes 9 significant threats to Cloud computing . This report was conducted through a survey of experts and intends to help companies in their Risk assessment. The Cloud Security Alliance (CSA) is one of the first nonprofit organizations that have tried to set up standards for best practices for secure cloud computing. They further try to offer guidance and security education.
The identified threats are listed in accordance to their severity:
1. Data Breaches: Data breaches occur when sensitive information of a company falls into the hands of its competitors and cloud computing introduces new ways of attack [1,3].
2. Data Loss: Data Loss can happen in several ways and is a terrifying thought for businesses. Accidental deletions by the CSP or physical catastrophes are examples of possible ways of loosing data in the cloud. Another example is if the consumer encrypts the data before uploading it to the cloud but then looses the encryption key [1, 3].
3. Account or Service Traffic Hijacking: There are different ways an account can be hijacked such as social engineering. If an attacker is able to get access to an account he can access, for example, sensitive data, manipulate it, and also redirect transactions [3, 9].
4. Insecure APIs: Services provided by CSPs can be accessed through APIs and therefore the security of the cloud depends also highly on the security of these APIs. Weak credentials, insufficient authorization checks and insufficient input-data validation are some problems that can arise with APIs [3, 9].
5. Denial of Service (DoS): Cloud System Resources are being overused by an attacker, which prevent users from being able to access their data or applications [1, 3].
6. Malicious insiders: This threat refers to the fraud, damage or theft of information and misuse of IT resources caused from inside the CSP [3, 9].
7. Abuse of Nefarious Use: CSP are known to have weak registration processes and therefore can give easy access to attackers. Possible impacts include decoding and cracking of passwords and executing malicious commands [1, 3].
8. Insufficient due diligence: Some companies do not have the right resources and understanding of the cloud environment to correctly evaluate the risk associated with responsibilities. Some implications can be contractual issues and operational and architectural issues .
9. Shared Technology Vulnerabilities: This threat can occur in all service models and refers to the fact that a single vulnerability could compromise the entire provides cloud .
Vulnerabilities in the Cloud
Vulnerability is the second factor companies have to consider when assessing the risk of migrating data to the cloud. Even though many types of vulnerabilities exist, when identifying them it is important to make sure they are cloud specific.
What makes a Vulnerability cloud specific?
According to the research conducted in  there are several criteria, which can be met by a vulnerability to make it cloud specific.
- Virtualization, service- oriented architecture and cryptography are examples of core technologies of cloud computing. A Vulnerability is cloud specific if it is frequent and fundamental to these core technologies.
- Elasticity, resource pooling and pay-as-you go mode are example on the other hand of cloud characteristics . A Vulnerability is cloud specific if its root cause is in one of those characteristics.
- Another criteria that makes a vulnerability cloud specific is if it hard to implement existing security controls to cloud innovations.
- The last criteria they mention is that it has to be frequent in established state-of-the-art cloud services
Knowing what makes a vulnerability cloud specific one can then identify vulnerabilities in the cloud. The paper  has identified in total 7 major vulnerabilities of cloud computing:
1 Session Riding and Hijacking: This vulnerability is related to web applications weaknesses. Session Hijacking is unauthorized access is gained through a valid session key . Session riding on the other hand is when the attacker sends commands to a web application by tricking the user open an email or to visit a malicious website .
2. Reliability and Availability of Service: This vulnerability takes into consideration that cloud computing is not perfect. More and more service are built on top of cloud computing infrastructures. In case of a failure a large amount of Internet based services and applications may stop working. The paper  give the example of an event in 2008 when Amazon’s Web Service cloud storage infrastructure went down for several hours. This caused data loss and access issues.
3. Insecure Cryptography: One of the fundamental problems in cryptography is the random generation of numbers. If numbers used in cryptographic algorithm are not truly random flaws can be found easily. The Virtual machines used on the cloud do not have enough sources of entropy and are therefore susceptible to attacks .
4. Data Protection and Portability: This vulnerability addresses the questions of what happens with the sensitive data in case of contract termination or in case the CSP goes out of business .
5. Virtual Machine Escape: This vulnerability refers to the possibility of breaking out of a virtual machine and interacting with the host operating system. Given that many virtual machine can exist in the same location increases the attack surface for the attacker .
6 Vendor Lock-in: The vulnerability lies in companies being dependent on the CSP they have initially chosen. Inconsistencies between CSPs and lack of standards make it hard for companies to switch providers .
7. Internet Dependency: Cloud Computing is very much dependent on the Internet. Users usually access services through web browsers. Some critical operation such as Healthcare systems needs to be up and running 24 hours. The question arises in situations where the Internet is not reliable .
Having identified the risks of cloud computing it is then possible to assess which data or applications should be migrated and how much security is needed. Further, it is possible to come up with countermeasures or safeguards to mitigate these risks. Countermeasures may come in various forms such as policies, procedures, software configurations, and hardware devices .
For the threats and vulnerabilities mentioned in this report there exist countermeasures that can help mitigate the risk. Papers such as , , and  give possible solutions to these risks. Some of them are for example Identity and access management guidance for the threat of account or service hijacking . The CSA has issued a report to provide a list of best practices such as separation of duties and identity management . For the threat of data leakage for example the main countermeasure is encryption [8, 6].
Even though there are many countermeasures that have been identified a good practice for companies is to have a good Service Level agreement (SLA) with the CSP. SLAs are the only legal agreement between client and service provider and should cover aspects such as security policies and their implantation and also should discuss legal issues in case of misuse of services . The CSA further has come up with a framework that can assist in looking at the aspects of Governance, Risk and Compliance (GRC) in a company’s IT policy when adopting a new solution. Their framework assists in assessing Clouds provided by CSPs against established best practices and standards.
We have looked at Threats and Vulnerabilities and come to conclude that there are still several issues to cloud computing that need to be solved. Therefore, it is only understandable that companies still view cloud computing skeptical and do not adopt it as an option without consideration. Companies themselves should ensure through service level agreements that they get the security they need. Further we are able to see through organizations such as the Cloud Security Alliance that there are efforts in trying to create standards and help companies in choosing the right provider.
 Bamiah, Mervat Adib, and Sarfraz Nawaz Brohi. “Seven Deadly Threats and Vulnerabilities in Cloud Computing.” International Journal of Advanced Engineering Sciences and Technologies (IJAEST) (2011).
 Brunette, Glenn, and Rich Mogull. “Security guidance for critical areas of focus in cloud computing v2. 1.” Cloud Security Alliance (2009): 1-76.
 Cloud Security Alliance, “The Notorious Nine Cloud Computing Top Threats in 2013”, Cloud Security Alliance, 2013, [Online]
 Dahbur, Kamal, Bassil Mohammad, and Ahmad Bisher Tarakji. “A survey of risks, threats and vulnerabilities in cloud computing.” In Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications, p. 12. ACM, 2011.
 Grobauer, Bernd, Tobias Walloschek, and Elmar Stocker. “Understanding cloud computing vulnerabilities.” Security & Privacy, IEEE 9, no. 2 (2011): 50-57.
 Hashizume, Keiko, David G. Rosado, Eduardo Fernández-Medina, and Eduardo B. Fernandez. “An analysis of security issues for cloud computing.” Journal of Internet Services and Applications 4, no. 1 (2013): 5.
 Kandukuri, Balachandra Reddy, V. Ramakrishna Paturi, and Atanu Rakshit. “Cloud security issues.” In Services Computing, 2009. SCC’09. IEEE International Conference on, pp. 517-520. IEEE, 2009.
 Munir, Kashif, and Sellapan Palaniappan. “Secure Cloud Architecture.” Advanced Computing: An International Journal (ACIJ), 4 (1), 9-22. (2013).
 Yu, Ting-ting, and Ying-Guo Zhu. “Research on Cloud Computing and Security.” In Distributed Computing and Applications to Business, Engineering & Science (DCABES), 2012 11th International Symposium on, pp. 314-316. IEEE, 2012.
A major UK-based telecommunications company proposed to conduct a joint research with MSc Information Security students at UCL.
The use of cloud computing as a way of providing and consuming on-demand, pay-as-you-consume ICT service has revolutionised the industry. Services like Amazon EC2 have seen a huge increase in its revenue. However, currently it is the Small and Medium Enterprises (SMEs) that are leading the way in the use of these public Infrastructure as a Service (IaaS) offerings.
The company envisages that as these services become more mature and secure, they will be adopted and used by more “traditional” enterprises like the finance, health and government sector.
Governance, Risk and Compliance (GRC) plays a very important role in the IT policies of these institutions and as such, for any solution to be adopted by them, these aspects of the IT policies will have to be considered. Several initiatives have been started to address this issue. The Cloud Security Alliance’s GRC Stack is one of the most mature and accepted initiative in this area. It consists of four main stacks – Cloud Controls Matrix, Consensus Assessments Initiative, Cloud Audit and Cloud Trust Protocol.
It was very interesting to participate in the series of workshops to investigate how this framework would impact and be used by the company. This helped me to learn a lot about the telecoms industry and the way they are adopting cloud technologies in a secure way.