SlideShare ist ein Scribd-Unternehmen logo

Cloud security Presentation

Als PPTX, PDF herunterladen
A
Ajay p

The document discusses cloud computing security. It begins with an introduction to cloud computing that defines it and outlines its characteristics, service models, and deployment models. It then discusses common security concerns and attacks in cloud computing like DDoS attacks, side channel attacks, and attacks on management consoles. It provides best practices for different security domains like architecture, governance, compliance, and data security. It also discusses current industry initiatives in cloud security.

Bildung
1 von 46
CLOUD COMPUTING SECURITY Ajay Porus ISO27K LA,CPISI Founder & Director CSA Hyderabad Chapter Lead Implementer Honey Net Project India 1
Agenda Introduction to Cloud Computing Cloud Architecture and Characteristics Cloud Security Concerns and Attacks Different Security Domains Best Practices What's going in Industry on Cloud 2
Introduction to Cloud Computing Is It Really New? What is Cloud Computing? How Does it Evolve? What are the Characteristics of Cloud Computing? What is difference in Architecture from traditional Computing? What are different Services Delivery Models? What are different deployment models? Frame work of Cloud Computing Cloud Eco-System 3
Is It Really New? No,its Not it’s the evolution of old technologies to a new level which bring together many technologies to provide huge computational power First Cloud around networking (Network As a Cloud) as said ..”we Didn’t care where the message sent, the cloud had it from us” –Kevin Marks, Google Second Cloud around Documents (WWW data abstraction) Third Cloud Present and future. This abstracts infrastructure complexities of servers, application, database and different platforms. (Amazon CEO) 4
Cloud Computing Definition Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of Seven essential characteristics, three service models, and four deployment models 5
How Does it Evolve? Mainframes Mini Computer Personal desktops Client – Server Ip Networks Mobile Devices Cloud Computing 6
Characteristics of Cloud Computing Multi-tenancy (shared resources) Massive scalability Rapid Elasticity Measured service On-demand self-service Broad network access 7
Traditional vs Cloud Computing Dedicated/traditional High upfront IT investments for new builds High cost of reliable infrastructure High complexity of IT environment Complex infrastructure IT Cloud computing Reliability built into the cloud architecture Low upfront IT investments pay-for-use model Modular IT architecture environments No infrastructure 8
Services Delivery Models 9
Deployment Models Public Cloud Private Cloud Community Cloud Hybrid Cloud 10
Cloud Computing Framework 11
Cloud Computing Framework Hybrid Clouds Deployment Models Community Cloud Public Cloud Service Models Private Cloud Essential Characteristics Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) On Demand Self-Service Massive Scale Resilient Computing Broad Network Access Rapid Elasticity Homogeneity Geographic Distribution Common Characteristics Virtualization Service Orientation Resource Pooling Measured Service Low Cost Software Advanced Security 12
Cloud Eco-System 13
Cloud Security Concerns & Attacks General Security Concerns Cloud Security Challenges Top Threats to Cloud Computing DDOS & EDOS Side Channel Attack MIM Crypto graphic Attack Poisoned VM’s Attack Against Management Console Abusing Cloud Billing Models and Cloud Phishing DNS Cache poisoning Attacks Authentication Attack 14
General Security Concerns Trusting vendor’s security model Customer inability to respond to audit findings Obtaining support for investigations Indirect administrator accountability Proprietary implementations can’t be examined Loss of physical control 15
Cloud Security Challenges Data dispersal and international privacy laws Need for isolation management Logging challenges Data ownership issues Using SLAs to obtain cloud security Dependence on secure hypervisors Attraction to hackers (high value target) Encryption needs for cloud computing Handling compliance 16
Top Threats to Cloud Computing Abuse and Nefarious Use of Cloud Computing Insecure Interfaces and APIs Malicious Insiders Shared Technology Issues Account or Service Hijacking Loss of governance Lock-In Compliance risks Management interface compromise Data protection (Data Loss or Leakage) 17
DDOS & EDOS Distributed denial of service: An attack that make computer or network resources unavailable. Economic denial of service: A DDosattack that make large number of request for which cloud user have to pay (generally per 100oo request 1$ in Amazon) Originates majorly from compromised computers 18
Side Channel Attack Attack based on information gained from the physical implementation of a cryptosystem. Timing Attack Power Consumption Attack - Simple Power Analysis Attack (SPA) - Differential Power Analysis Attack (DPA) Electromagnetic Attack Acoustic Crypto Analysis Cache Attack Differential Fault Analysis 19
MIM Crypto graphic Attack Phishing Scam Attack Communication Steal Private or public Key Attacker’s eavesdropping between the two parties Send and execute malicious code Gain access to Victim’s system 20
Poisoned VM’s Administrator with full access to configure VM Addition of malicious code Tampering with AMI(Amazon Machine Image) Isolation provided by CSP Launch of Shared AMI Preconfigured Malicious Business Logic No ways till this time to find out. 21
Attack Against Management Console Proprietary console of CSP Most critical console as environment can be changed Google Made 2 management consoles - 1st console for normal administration ,[object Object],Amazon shared domain of EC2 and amazon.com If vulnerability found Like CSRF attack on secret keys Once keys hacked then management console can be hacked 22
Abusing Billing Models & Cloud Phishing Phishing Scams for Amazon Phishing from Amazon cloud Blacklisting Amazon domain in phishing database Once secret key hacked Cloud based DDOS very costly Million of poisoned VM initiate by 1 CSRFattack Payment for the network and CPU consumption 23
DNS Cache Poisoning Attacks Shared IP’s Once IP released take time to clear from cache & Arp table Till cleared can be accessed with same IP Lack of Knowledge for DNS cache & ARP table Washigton post face d problem at Amazon EC2 Even IP released but had access from internal network 24
Authentication Attack Weak Password Google Hack Database Sql Injections Cross site Scripting Man in the Middle Brute force Attack Session Hijacking Social Engineering 25
Different Security Domains Best Practices Cloud Computing Architectural Framework . Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Data Security Lifecycle Portability and Interoperability Traditional Security, BCP & DR Data Center Operations Incident Management Application Security Encryption and Key Management Identity and Access Management Virtualization Security 26
Cloud Architectural Security Hardware Security (xeon 5600, AES and TXT Support) Virtualization Security (Hypervisor Hardening) Guest OS Security (Operating system Hardening) Platform Security ( Patches and Updates) Application Security ( Secure Development Lifecycle) Network Security ( Firewall, IDS, IPS, VPN, SSL/TLS) Cryptographic Security (PGP Keys, AES, 3DES, 2-DNF) 27
Governance and Risk Management Invest some of saved money for Security Robust IS governance with defined roles & responsibilities Collaborative governance structure between provider & customer Assess for sufficiency, maturity, and consistency with the user’s ISMS. SLA should be added in Risk assessment New approach for risk assessment from both end’s. CSP include metrics and controls 28
Legal and Electronic Discovery Mutual understanding of each other’s R&R related to electronic discovery, litigation & Laws. Responsive Information security system to preserve data to authentic & reliable. Providing equal guardianship as in owner’s hand. Pre-contract due diligence, contract term negotiation, post-contract monitoring, and contract termination Unified process for responding to subpoenas, service of process, and other legal requests. 29
Compliance and Audit Involve Legal and Contracts Teams in SLA Right to Audit Clause Analyze Compliance Scope Analyze Impact of Regulations on Data Security Review Relevant Partners and Services Providers Analyze Impact of Regulations on Provider Infrastructure Auditor Qualification and Selection Cloud Provider’s SAS 70 Type II Cloud Provider’s ISO/IEC 27001/27002 Roadmap 30
Data Security Lifecycle Maintain CIA of data Security practices and procedures Strong SLA with all area’s. System of service penalties in SLA Data Classification Encryption Perform Regular Backup 31
Portability and Interoperability Identify and eliminate any provider-specific extensions to the VM environment. Appropriate de-provisioning of VM images Appropriate de-provisioning of discs & storage device. Platform components with a standard syntax Understand the impacts on performance and availability of the application. Consistency of control effectiveness across old and new providers. Vendor to test and evaluate the applications before migration 32
Traditional Security, BCP & DR Centralization of data Adopting as a security baseline Perform onsite inspections of cloud provider facilities Customers should inspect cloud provider disaster recovery BCP Policy approved by the provider’s board of directors 33
Data Center Operations permission to conduct customer or external third-party audits. Demonstrate compartmentalization of systems, networks, management, provisioning, and personnel. SLA should be clearly defined, measurable, enforceable, and adequate for your requirements Continual improvement in policies, processes, procedures. 24*7*365 days Technical support should be available. 34
Incident Management Define incident and event before SLA signoff to CSP What incident detection and analysis tools used by CSP Conducting proper risk management to stop incidents A robust Security Information and Event Management (SIEM) required Deliver snapshots of the customer’s entire virtual environment Whole data should be encrypted 35
Application Security Application assessment tools Create trust boundaries for SDLC Use Own VM with configured policies in IAAS Use best practice to harden system as in DMZ Multi-tenancy in application threat model Securing inter host communication Metrics to assess effectiveness of Security Program Keep cloud architecture in Mind. 36
Encryption & Key Management Encrypting data In transit (SSL/TLS, SSH) Encrypting data at rest (AES128, 3DES, 2DNF) Encrypting data on Backup media Use of encryption data separate then for use. Stipulate encryption in contract Define secure key lifecycle management Use industry level key management systems Make keys secure, limited access to key store & key backup. 37
Identity and Access Management Avoid proprietary identity provisioning system Use 2 factor authentication Consider user centric authentication (Google, live Id) Use open standard for authentication and VPN Use of federated identity and gateways like SAML Use mechanism to transmit user info from PIP to PDP Use IdaaS to have better security & risk mitigation 38
Virtualization Security Identify types of virtualization provided by CSP Understand hypervisor security and isolation mechanism Understand security to protect administrative interfaces (API, web-based) Strong authentication mechanism with tamper proof logging and integrity monitoring tools Explore Efficiency and feasibility of segregating VMs Strong reporting mechanism for raising alert if compromised 39
What's going in Industry on Cloud Different Initiatives Fabric Computing Homomorphic Encryption Future of Cloud –Mobile Computing 40
Different Initiatives Cloud Security Alliance Cloud Cert Cloud CAMM(Capability and Maturity Model) Cloud Audit A6 CCM ( Cloud Control Matrix Tool) CAI (Consensus Assessment Initiative CSA GRC Stack Trusted Cloud Initiative CCSK (Certificate of Cloud Security Knowledge) Cloud Metrics Research 41
Fabric Computing Next generation computing by interconnecting nodes like fabric (including various clouds) High performance computing by loosely coupled storage network devices and parallel processors 42
Homomorphic & Predicate Encryption Processing of encrypted data very difficult IBM announced Homomorphic encryption (2DNF+) Enables Processing of encrypted data. Require immense computational power Predicate encryption No need to Decrypt whole data Decrypt only required Supporting Disjunctions, Polynomial Equations, and Inner Products 43
Future of Cloud –Mobile Computing Mobile computing increasing rapidly Android Platform next generation mobile computing Application to access cloud on mobile phone Wi-Fi and 3G connection enabling high bandwidth SSL/TLS and SSH from Phone web browser to VM Trusted certificate and private key on phone 2 factor Authentication (Fingerprint and password) Different platforms to configure cloud API’s 44
Questions? 45
Thank You Contact: www.csaindia.in ajayporus@csaindia.in http://in.linkedin.com/in/ajayporus Skype: ajayporus1 Yahoo: ajayporus1986 46

Empfohlen

Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
Venkatesh Chary
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Ninh Nguyen
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Cloud security
Cloud securityCloud security
Cloud security
Niharika Varshney
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
Yateesh Yadav
 
Cloud deployment models
Cloud deployment modelsCloud deployment models
Cloud deployment models
Ashok Kumar
 

Empfohlen

Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
Venkatesh Chary
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Ninh Nguyen
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Cloud security
Cloud securityCloud security
Cloud security
Niharika Varshney
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
Yateesh Yadav
 
Cloud deployment models
Cloud deployment modelsCloud deployment models
Cloud deployment models
Ashok Kumar
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Dheeraj Negi
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
Jim Geovedi
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
Rashmi Agale
 
Cloud security
Cloud securityCloud security
Cloud security
Tushar Kayande
 
Cloud Service Models
Cloud Service ModelsCloud Service Models
Cloud Service Models
Abhishek Pachisia
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing
Reza Pahlava
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
Devyani Vaidya
 
Cloud computing and data security
Cloud computing and data securityCloud computing and data security
Cloud computing and data security
Mohammed Fazuluddin
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud Security
Legal Services National Technology Assistance Project (LSNTAP)
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
Identacor
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
cloud computing
cloud computingcloud computing
cloud computing
Yasir Hilal
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
Keet Sugathadasa
 
Cloud Computing and Services | PPT
Cloud Computing and Services | PPTCloud Computing and Services | PPT
Cloud Computing and Services | PPT
Seminar Links
 
Cloud computing and service models
Cloud computing and service modelsCloud computing and service models
Cloud computing and service models
Prateek Soni
 
Cloud security
Cloud securityCloud security
Cloud security
BikashPokharel3
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
AWS PPT.pptx
AWS PPT.pptxAWS PPT.pptx
AWS PPT.pptx
GauravSharma164138
 
Commercial T&C Mukul Draft
Commercial T&C Mukul DraftCommercial T&C Mukul Draft
Commercial T&C Mukul Draft
guest107b0
 
Verb To Bes
Verb To BesVerb To Bes
Verb To Bes
guest8560f
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 

Was ist angesagt? (20)

Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cloud Service Models
Cloud Service ModelsCloud Service Models
Cloud Service Models
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
 
Cloud computing and data security
Cloud computing and data securityCloud computing and data security
Cloud computing and data security
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud Security
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
cloud computing
cloud computingcloud computing
cloud computing
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
 
Cloud Computing and Services | PPT
Cloud Computing and Services | PPTCloud Computing and Services | PPT
Cloud Computing and Services | PPT
 
Cloud computing and service models
Cloud computing and service modelsCloud computing and service models
Cloud computing and service models
 
Cloud security
Cloud securityCloud security
Cloud security
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
AWS PPT.pptx
AWS PPT.pptxAWS PPT.pptx
AWS PPT.pptx
 

Andere mochten auch

Strategisk bruk av sosiale medier, foredrag hos Abelia 20.08.2009
Strategisk bruk av sosiale medier, foredrag hos Abelia 20.08.2009Strategisk bruk av sosiale medier, foredrag hos Abelia 20.08.2009
Strategisk bruk av sosiale medier, foredrag hos Abelia 20.08.2009
Merete Berg
 
Shift CD Presentation
Shift CD PresentationShift CD Presentation
Shift CD Presentation
guestb6e8f
 
God kunnskapsledelse i praksis, foredrag for Dataforeningen Summit
God kunnskapsledelse i praksis, foredrag for Dataforeningen SummitGod kunnskapsledelse i praksis, foredrag for Dataforeningen Summit
God kunnskapsledelse i praksis, foredrag for Dataforeningen Summit
Merete Berg
 
Presente Simple
Presente SimplePresente Simple
Presente Simple
guest8560f
 
Drms Inter Clinic Appointment
Drms Inter Clinic AppointmentDrms Inter Clinic Appointment
Drms Inter Clinic Appointment
Niezzam Harun
 

Andere mochten auch (16)

Commercial T&C Mukul Draft
Commercial T&C Mukul DraftCommercial T&C Mukul Draft
Commercial T&C Mukul Draft
 
Verb To Bes
Verb To BesVerb To Bes
Verb To Bes
 
Healthy Fruits
Healthy FruitsHealthy Fruits
Healthy Fruits
 
Strategisk bruk av sosiale medier, foredrag hos Abelia 20.08.2009
Strategisk bruk av sosiale medier, foredrag hos Abelia 20.08.2009Strategisk bruk av sosiale medier, foredrag hos Abelia 20.08.2009
Strategisk bruk av sosiale medier, foredrag hos Abelia 20.08.2009
 
Shift CD Presentation
Shift CD PresentationShift CD Presentation
Shift CD Presentation
 
Past Simple
Past SimplePast Simple
Past Simple
 
God kunnskapsledelse i praksis, foredrag for Dataforeningen Summit
God kunnskapsledelse i praksis, foredrag for Dataforeningen SummitGod kunnskapsledelse i praksis, foredrag for Dataforeningen Summit
God kunnskapsledelse i praksis, foredrag for Dataforeningen Summit
 
Shift Profie
Shift ProfieShift Profie
Shift Profie
 
profit from the core
profit from the coreprofit from the core
profit from the core
 
Print & Web Portfolio
Print & Web PortfolioPrint & Web Portfolio
Print & Web Portfolio
 
HoCare Interreg Europe project
HoCare Interreg Europe projectHoCare Interreg Europe project
HoCare Interreg Europe project
 
Presente Simple
Presente SimplePresente Simple
Presente Simple
 
Drms Inter Clinic Appointment
Drms Inter Clinic AppointmentDrms Inter Clinic Appointment
Drms Inter Clinic Appointment
 
Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...
 
Past Simple
Past SimplePast Simple
Past Simple
 
Verb To Be
Verb To BeVerb To Be
Verb To Be
 

Ähnlich wie Cloud security Presentation

Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
fanc1985
 
Cloud and the Future of Networked Systems
Cloud and the Future of Networked SystemsCloud and the Future of Networked Systems
Cloud and the Future of Networked Systems
James Urquhart
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunal
Kashyap Kunal
 
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Bill Annibell
 
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
TT L
 
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
Amazon Web Services
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
Qualys
 
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013
STO STRATEGY
 

Ähnlich wie Cloud security Presentation (20)

Brighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud SecurityBrighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud Security
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
 
Cloud and the Future of Networked Systems
Cloud and the Future of Networked SystemsCloud and the Future of Networked Systems
Cloud and the Future of Networked Systems
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunal
 
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
 
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
 
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
 
Cloud Ecosystems A Perspective
Cloud Ecosystems A PerspectiveCloud Ecosystems A Perspective
Cloud Ecosystems A Perspective
 
cloud computing models
cloud computing modelscloud computing models
cloud computing models
 
Salesforce - Introduction to Security & Access
Salesforce - Introduction to Security & Access Salesforce - Introduction to Security & Access
Salesforce - Introduction to Security & Access
 
htcia-5-2015
htcia-5-2015htcia-5-2015
htcia-5-2015
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
 
Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial services
 
Cloud computing – An Overview
Cloud computing – An OverviewCloud computing – An Overview
Cloud computing – An Overview
 
Cloud security v2
Cloud security v2Cloud security v2
Cloud security v2
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelines
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelines
 
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013
 

Kürzlich hochgeladen

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
 

Kürzlich hochgeladen (20)

Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesEnergy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 

Cloud security Presentation

  • 1. CLOUD COMPUTING SECURITY Ajay Porus ISO27K LA,CPISI Founder & Director CSA Hyderabad Chapter Lead Implementer Honey Net Project India 1
  • 2. Agenda Introduction to Cloud Computing Cloud Architecture and Characteristics Cloud Security Concerns and Attacks Different Security Domains Best Practices What's going in Industry on Cloud 2
  • 3. Introduction to Cloud Computing Is It Really New? What is Cloud Computing? How Does it Evolve? What are the Characteristics of Cloud Computing? What is difference in Architecture from traditional Computing? What are different Services Delivery Models? What are different deployment models? Frame work of Cloud Computing Cloud Eco-System 3
  • 4. Is It Really New? No,its Not it’s the evolution of old technologies to a new level which bring together many technologies to provide huge computational power First Cloud around networking (Network As a Cloud) as said ..”we Didn’t care where the message sent, the cloud had it from us” –Kevin Marks, Google Second Cloud around Documents (WWW data abstraction) Third Cloud Present and future. This abstracts infrastructure complexities of servers, application, database and different platforms. (Amazon CEO) 4
  • 5. Cloud Computing Definition Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of Seven essential characteristics, three service models, and four deployment models 5
  • 6. How Does it Evolve? Mainframes Mini Computer Personal desktops Client – Server Ip Networks Mobile Devices Cloud Computing 6
  • 7. Characteristics of Cloud Computing Multi-tenancy (shared resources) Massive scalability Rapid Elasticity Measured service On-demand self-service Broad network access 7
  • 8. Traditional vs Cloud Computing Dedicated/traditional High upfront IT investments for new builds High cost of reliable infrastructure High complexity of IT environment Complex infrastructure IT Cloud computing Reliability built into the cloud architecture Low upfront IT investments pay-for-use model Modular IT architecture environments No infrastructure 8
  • 10. Deployment Models Public Cloud Private Cloud Community Cloud Hybrid Cloud 10
  • 12. Cloud Computing Framework Hybrid Clouds Deployment Models Community Cloud Public Cloud Service Models Private Cloud Essential Characteristics Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) On Demand Self-Service Massive Scale Resilient Computing Broad Network Access Rapid Elasticity Homogeneity Geographic Distribution Common Characteristics Virtualization Service Orientation Resource Pooling Measured Service Low Cost Software Advanced Security 12
  • 14. Cloud Security Concerns & Attacks General Security Concerns Cloud Security Challenges Top Threats to Cloud Computing DDOS & EDOS Side Channel Attack MIM Crypto graphic Attack Poisoned VM’s Attack Against Management Console Abusing Cloud Billing Models and Cloud Phishing DNS Cache poisoning Attacks Authentication Attack 14
  • 15. General Security Concerns Trusting vendor’s security model Customer inability to respond to audit findings Obtaining support for investigations Indirect administrator accountability Proprietary implementations can’t be examined Loss of physical control 15
  • 16. Cloud Security Challenges Data dispersal and international privacy laws Need for isolation management Logging challenges Data ownership issues Using SLAs to obtain cloud security Dependence on secure hypervisors Attraction to hackers (high value target) Encryption needs for cloud computing Handling compliance 16
  • 17. Top Threats to Cloud Computing Abuse and Nefarious Use of Cloud Computing Insecure Interfaces and APIs Malicious Insiders Shared Technology Issues Account or Service Hijacking Loss of governance Lock-In Compliance risks Management interface compromise Data protection (Data Loss or Leakage) 17
  • 18. DDOS & EDOS Distributed denial of service: An attack that make computer or network resources unavailable. Economic denial of service: A DDosattack that make large number of request for which cloud user have to pay (generally per 100oo request 1$ in Amazon) Originates majorly from compromised computers 18
  • 19. Side Channel Attack Attack based on information gained from the physical implementation of a cryptosystem. Timing Attack Power Consumption Attack - Simple Power Analysis Attack (SPA) - Differential Power Analysis Attack (DPA) Electromagnetic Attack Acoustic Crypto Analysis Cache Attack Differential Fault Analysis 19
  • 20. MIM Crypto graphic Attack Phishing Scam Attack Communication Steal Private or public Key Attacker’s eavesdropping between the two parties Send and execute malicious code Gain access to Victim’s system 20
  • 21. Poisoned VM’s Administrator with full access to configure VM Addition of malicious code Tampering with AMI(Amazon Machine Image) Isolation provided by CSP Launch of Shared AMI Preconfigured Malicious Business Logic No ways till this time to find out. 21
  • 22.
  • 23. Abusing Billing Models & Cloud Phishing Phishing Scams for Amazon Phishing from Amazon cloud Blacklisting Amazon domain in phishing database Once secret key hacked Cloud based DDOS very costly Million of poisoned VM initiate by 1 CSRFattack Payment for the network and CPU consumption 23
  • 24. DNS Cache Poisoning Attacks Shared IP’s Once IP released take time to clear from cache & Arp table Till cleared can be accessed with same IP Lack of Knowledge for DNS cache & ARP table Washigton post face d problem at Amazon EC2 Even IP released but had access from internal network 24
  • 25. Authentication Attack Weak Password Google Hack Database Sql Injections Cross site Scripting Man in the Middle Brute force Attack Session Hijacking Social Engineering 25
  • 26. Different Security Domains Best Practices Cloud Computing Architectural Framework . Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Data Security Lifecycle Portability and Interoperability Traditional Security, BCP & DR Data Center Operations Incident Management Application Security Encryption and Key Management Identity and Access Management Virtualization Security 26
  • 27. Cloud Architectural Security Hardware Security (xeon 5600, AES and TXT Support) Virtualization Security (Hypervisor Hardening) Guest OS Security (Operating system Hardening) Platform Security ( Patches and Updates) Application Security ( Secure Development Lifecycle) Network Security ( Firewall, IDS, IPS, VPN, SSL/TLS) Cryptographic Security (PGP Keys, AES, 3DES, 2-DNF) 27
  • 28. Governance and Risk Management Invest some of saved money for Security Robust IS governance with defined roles & responsibilities Collaborative governance structure between provider & customer Assess for sufficiency, maturity, and consistency with the user’s ISMS. SLA should be added in Risk assessment New approach for risk assessment from both end’s. CSP include metrics and controls 28
  • 29. Legal and Electronic Discovery Mutual understanding of each other’s R&R related to electronic discovery, litigation & Laws. Responsive Information security system to preserve data to authentic & reliable. Providing equal guardianship as in owner’s hand. Pre-contract due diligence, contract term negotiation, post-contract monitoring, and contract termination Unified process for responding to subpoenas, service of process, and other legal requests. 29
  • 30. Compliance and Audit Involve Legal and Contracts Teams in SLA Right to Audit Clause Analyze Compliance Scope Analyze Impact of Regulations on Data Security Review Relevant Partners and Services Providers Analyze Impact of Regulations on Provider Infrastructure Auditor Qualification and Selection Cloud Provider’s SAS 70 Type II Cloud Provider’s ISO/IEC 27001/27002 Roadmap 30
  • 31. Data Security Lifecycle Maintain CIA of data Security practices and procedures Strong SLA with all area’s. System of service penalties in SLA Data Classification Encryption Perform Regular Backup 31
  • 32. Portability and Interoperability Identify and eliminate any provider-specific extensions to the VM environment. Appropriate de-provisioning of VM images Appropriate de-provisioning of discs & storage device. Platform components with a standard syntax Understand the impacts on performance and availability of the application. Consistency of control effectiveness across old and new providers. Vendor to test and evaluate the applications before migration 32
  • 33. Traditional Security, BCP & DR Centralization of data Adopting as a security baseline Perform onsite inspections of cloud provider facilities Customers should inspect cloud provider disaster recovery BCP Policy approved by the provider’s board of directors 33
  • 34. Data Center Operations permission to conduct customer or external third-party audits. Demonstrate compartmentalization of systems, networks, management, provisioning, and personnel. SLA should be clearly defined, measurable, enforceable, and adequate for your requirements Continual improvement in policies, processes, procedures. 24*7*365 days Technical support should be available. 34
  • 35. Incident Management Define incident and event before SLA signoff to CSP What incident detection and analysis tools used by CSP Conducting proper risk management to stop incidents A robust Security Information and Event Management (SIEM) required Deliver snapshots of the customer’s entire virtual environment Whole data should be encrypted 35
  • 36. Application Security Application assessment tools Create trust boundaries for SDLC Use Own VM with configured policies in IAAS Use best practice to harden system as in DMZ Multi-tenancy in application threat model Securing inter host communication Metrics to assess effectiveness of Security Program Keep cloud architecture in Mind. 36
  • 37. Encryption & Key Management Encrypting data In transit (SSL/TLS, SSH) Encrypting data at rest (AES128, 3DES, 2DNF) Encrypting data on Backup media Use of encryption data separate then for use. Stipulate encryption in contract Define secure key lifecycle management Use industry level key management systems Make keys secure, limited access to key store & key backup. 37
  • 38. Identity and Access Management Avoid proprietary identity provisioning system Use 2 factor authentication Consider user centric authentication (Google, live Id) Use open standard for authentication and VPN Use of federated identity and gateways like SAML Use mechanism to transmit user info from PIP to PDP Use IdaaS to have better security & risk mitigation 38
  • 39. Virtualization Security Identify types of virtualization provided by CSP Understand hypervisor security and isolation mechanism Understand security to protect administrative interfaces (API, web-based) Strong authentication mechanism with tamper proof logging and integrity monitoring tools Explore Efficiency and feasibility of segregating VMs Strong reporting mechanism for raising alert if compromised 39
  • 40. What's going in Industry on Cloud Different Initiatives Fabric Computing Homomorphic Encryption Future of Cloud –Mobile Computing 40
  • 41. Different Initiatives Cloud Security Alliance Cloud Cert Cloud CAMM(Capability and Maturity Model) Cloud Audit A6 CCM ( Cloud Control Matrix Tool) CAI (Consensus Assessment Initiative CSA GRC Stack Trusted Cloud Initiative CCSK (Certificate of Cloud Security Knowledge) Cloud Metrics Research 41
  • 42. Fabric Computing Next generation computing by interconnecting nodes like fabric (including various clouds) High performance computing by loosely coupled storage network devices and parallel processors 42
  • 43. Homomorphic & Predicate Encryption Processing of encrypted data very difficult IBM announced Homomorphic encryption (2DNF+) Enables Processing of encrypted data. Require immense computational power Predicate encryption No need to Decrypt whole data Decrypt only required Supporting Disjunctions, Polynomial Equations, and Inner Products 43
  • 44. Future of Cloud –Mobile Computing Mobile computing increasing rapidly Android Platform next generation mobile computing Application to access cloud on mobile phone Wi-Fi and 3G connection enabling high bandwidth SSL/TLS and SSH from Phone web browser to VM Trusted certificate and private key on phone 2 factor Authentication (Fingerprint and password) Different platforms to configure cloud API’s 44
  • 46. Thank You Contact: www.csaindia.in ajayporus@csaindia.in http://in.linkedin.com/in/ajayporus Skype: ajayporus1 Yahoo: ajayporus1986 46

Hinweis der Redaktion

  1. PIP policy information point pdp policy decision point