SlideShare ist ein Scribd-Unternehmen logo

Shared responsibility - a model for good cloud security

Als PPTX, PDF herunterladen
Jisc
Jisc

A presentation at the Jisc security conference 2019 by Andy Powell, Cloud CTO, Jisc.

Technologie
1 von 21
Shared responsibility - a model for good cloud security Andy Powell, Jisc
Shared responsibility - a model for good cloud security Andy Powell, Jisc
Mohamed Hammady, CTO Sky 3 Shared responsibility - a model for good cloud security “We have decided to build our data lake on Google Cloud Platform. This is a key component of our internal data factory transformation programme. One of the deliverables of this programme, which is very ambitious, is to join up all available data in a customer-centric way. This will allow us to progressively personalise every customer interaction to make it quicker and more relevant to the individual customer need.”
David Rogers, Head of Architecture and Security Ministry of Justice 4 Shared responsibility - a model for good cloud security “As we started to create more and more digital services AWS became a platform for us. We started to automate the way we were delivering these services into the cloud. We started to consolidate the way we were working with the cloud, such as thru our deployment pipeline and thru monitoring and logging. What emerged was the use of that platform very consistently across digital services for around 19 or 20 services.”
“We now have a unified API as a basis for designing, testing, and deploying the next generation of machine learning and digital services in the hospital for our young patients. This will also enable rapid and easier collaboration with our international paediatric hospital partners to share specialised tools to improve patient outcomes and experience.” “Partnering with Microsoft on the Azure API for Fast Healthcare Interoperability Resources (FHIR) allows us to scale out and accelerate our customers’ use of [data]. The managed service is a great additional component […] bringing research and innovation closer to clinical impact.” Professor Neil Sebire, Chief Research Information Officer Great Ormond Street Hospital Rodrigo Barnes, CTO Aridhia 5 Shared responsibility - a model for good cloud security
Darryl West, Group CIO HSBC 6 Shared responsibility - a model for good cloud security “HSBC is no different to most other global enterprises. We tried for many years to build data centres, to provision infrastructure, to buy products and to run it all ourselves. But we decided about 18 months ago that we ought to focus on what we are great at, which is customer experience and focusing on our customers and partnering with people like Google to do all the heavy lifting on infrastructure.”
Scene setting • Three big players in the market (yes, there are others as well!) • All with similar directions of travel • Global presence (10s or 100s of data centres) • Typically organised into Regions, Availability Zones and Edge locations • Service portfolio that extends well beyond traditional IaaS • … including big data, container platforms, serverless, database as a service, IoT, ML, AI, … • All three talk about a shared responsibility model for security 7 Shared responsibility - a model for good cloud security
Threat, what threat? 1. Data breaches 2. Data loss 3. Account / service compromise 4. Insecure API 5. Denial of service 6. Insider threat 7. Abuse of cloud services 8. Insufficient due diligence 9. Shared tech vulnerabilities 8 Shared responsibility - a model for good cloud security
Shared responsibility 9 Shared responsibility - a model for good cloud security Application design, identity & access management Operating system, network & firewall configuration Data at rest (on-prem) Data at rest (in cloud) Data in transit Software Hardware / global infrastructure Regions Availability zones Edge locations Compute Database NetworkingStorage Security in the cloud (your responsibility) Security of the cloud (cloud provider’s responsibility)
Confidentiality, Integrity, Availability • Is access to my data restricted to the people I want to see it? • Can I tell if my data has been tampered with? • Can the right people get access if they need to? 10 Shared responsibility - a model for good cloud security Confidentiality • Access control • Encryption • Firewalling Integrity • Encryption • Audit logs Availability • Global scale • Account/subscription config • DDoS protection
Basic building blocks • Regions and availability zones • Virtual Private Clouds (VPCs) and subnets • Security groups & Network Access Control Lists (firewalls) • Identity and access management (cloud platform level and operating system) • Logging of all API access • Encryption of data at rest (option to bring your own keys and use HSM in the cloud) including for database as a service options • Encryption of data in transit • DDoS protection at platform level (and WAF and DDoS available as extras, usually bundled into edge-based CDN) 11 Shared responsibility - a model for good cloud security
Connectivity • Most of your cloud usage is going to be hybrid • Connectivity will be critical, as will securing your data in transit • All the cloud providers provide dedicated private connectivity options • However, Janet has extremely good peering arrangements • For connectivity requirements up to 1.5Gbps bandwidth, just use Janet • For hybrid requirements, secure data in transit using a site-to-site VPN irrespective of whether you use Janet or not 12 Shared responsibility - a model for good cloud security
Infrastructure as Code • All the major cloud suppliers support infrastructure as code (IaC) • CloudFormation, ARM Templates, Cloud Deployment Manager • And you can also use third-party tooling such as Terraform • Repeatable and re-usable deployments • Manage your infrastructure in a code repository • Helps to prevent accidental deployments of insecure infrastructure 13 Shared responsibility - a model for good cloud security
Security Information and Event Management (SIEM) 14 Shared responsibility - a model for good cloud security • Native SIEM tooling is emerging from the major cloud vendors (e.g. Sentinel on Azure) • However, your SIEM requirements are likely to be hybrid (and may be multi- cloud) • All the major SIEM vendors will provide integration with cloud platform logging • Note that Jisc is partnered with Splunk in order to provide a hosted Splunk platform
Auto-remediation • All cloud vendors now support serverless • Small software ‘functions’ run on demand, typically triggered by an API event or by a timer • Use this approach to auto-run remediation code • E.g. to automatically (and instantly) close down a security group that allows world access to SSH or RDP or to take a copy of a compromised VM, prior to deletion, so that it can be spun up in an isolated environment for later analysis • Also look at Security Orchestration, Automation and Response (SOAR) tools, e.g. CloudCustodian 15 Shared responsibility - a model for good cloud security
Third-party tooling • Our experience is that some native tooling can be limited, especially with early releases • Your existing security approaches can almost always be stretched into the cloud • Either by buying them from the marketplace • … or by layering them in-front of cloud services • For example, we often use Imperva Cloud WAF as an alternative to the native WAF solutions provided by the cloud vendors • We also use CloudCheckr for billing recommendations, security posture analysis, and compliance status 16 Shared responsibility - a model for good cloud security
Compliance 17 Shared responsibility - a model for good cloud security
Are you well architected? 18 Shared responsibility - a model for good cloud security
Summary – 5 take-aways 1. Understand the shared responsibility model. Where does the cloud provider’s responsibility end and yours start? How does this apply to IaaS, PaaS and SaaS? How does this affect your compliance? 2. Use the basic building blocks to create highly resilient and secure solutions - don’t forget the basics… firewalls, anti-malware and backups 3. It’s your data - secure it at rest (on-prem and in the cloud) and in transit - encryption is your friend 4. If necessary, use existing security tooling to complement what the cloud provider gives you 5. Defend in depth - follow best-practice guidance including the NCSC 14 cloud security principles 19 Shared responsibility - a model for good cloud security
Arguably, AWS, Microsoft and Google are now the biggest security companies in the world Questions? Andy Powell, Jisc @andypowe11 andy.powell@jisc.ac.uk
Additional reading • AWS Compliance Programs • Azure Compliance • Google Compliance Resource Center • AWS Well-Architected • Pillars of a great Azure architecture • Google Infrastructure Security Design Overview • Azure Security and Compliance UK OFFICIAL Blueprint • Standardized Architecture for UK-OFFICIAL on AWS • NCSC Cloud security guidance 21 Shared responsibility - a model for good cloud security

Empfohlen

The adversary playbook - the tools, techniques and procedures used by threat ...
The adversary playbook - the tools, techniques and procedures used by threat ...The adversary playbook - the tools, techniques and procedures used by threat ...
The adversary playbook - the tools, techniques and procedures used by threat ...Jisc
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityAndy Powell
 
Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013javagroup2006
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
Cloud security (domain11 14)
Cloud security (domain11 14)Cloud security (domain11 14)
Cloud security (domain11 14)Maganathin Veeraragaloo
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security ProfessionalHatem ElSahhar
 
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersGokul Alex
 

Empfohlen

The adversary playbook - the tools, techniques and procedures used by threat ...
The adversary playbook - the tools, techniques and procedures used by threat ...The adversary playbook - the tools, techniques and procedures used by threat ...
The adversary playbook - the tools, techniques and procedures used by threat ...Jisc
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityAndy Powell
 
Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013javagroup2006
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
Cloud security (domain11 14)
Cloud security (domain11 14)Cloud security (domain11 14)
Cloud security (domain11 14)Maganathin Veeraragaloo
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security ProfessionalHatem ElSahhar
 
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersGokul Alex
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - KloudlearnKloudLearn
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approachEC-Council
 
Cloud Cryptography
Cloud CryptographyCloud Cryptography
Cloud Cryptographyijtsrd
 
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...Cisco DevNet
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureFidelis Cybersecurity
 
Ensuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha TukeEnsuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha TukeAnusha Chavan
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationCharles Lim
 
IT_RFO10-14-ITS_AppendixA_20100513
IT_RFO10-14-ITS_AppendixA_20100513IT_RFO10-14-ITS_AppendixA_20100513
IT_RFO10-14-ITS_AppendixA_20100513Alexander Doré
 
Cloud computing security from single to multiple
Cloud computing security from single to multipleCloud computing security from single to multiple
Cloud computing security from single to multipleKiran Kumar
 
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Next generation storage: eliminating the guesswork and avoiding forklift upgradeNext generation storage: eliminating the guesswork and avoiding forklift upgrade
Next generation storage: eliminating the guesswork and avoiding forklift upgradeJisc
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Cybersecurity
 
Brighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud SecurityBrighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud Securityguestc416cd26
 
cloud computing encrypted
cloud computing encryptedcloud computing encrypted
cloud computing encryptedDevanandPatil6
 
IRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET Journal
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud IBM Security
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing securityAntonio Sanz Alcober
 
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Project
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)Maganathin Veeraragaloo
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing Reza Pahlava
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeHimani Singh
 
Cloud computing by Rajat Shukla
Cloud computing by Rajat ShuklaCloud computing by Rajat Shukla
Cloud computing by Rajat ShuklaRajat Shukla
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - KloudlearnKloudLearn
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approachEC-Council
 
Cloud Cryptography
Cloud CryptographyCloud Cryptography
Cloud Cryptographyijtsrd
 
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...Cisco DevNet
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureFidelis Cybersecurity
 
Ensuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha TukeEnsuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha TukeAnusha Chavan
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationCharles Lim
 
IT_RFO10-14-ITS_AppendixA_20100513
IT_RFO10-14-ITS_AppendixA_20100513IT_RFO10-14-ITS_AppendixA_20100513
IT_RFO10-14-ITS_AppendixA_20100513Alexander Doré
 
Cloud computing security from single to multiple
Cloud computing security from single to multipleCloud computing security from single to multiple
Cloud computing security from single to multipleKiran Kumar
 
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Next generation storage: eliminating the guesswork and avoiding forklift upgradeNext generation storage: eliminating the guesswork and avoiding forklift upgrade
Next generation storage: eliminating the guesswork and avoiding forklift upgradeJisc
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Cybersecurity
 
Brighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud SecurityBrighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud Securityguestc416cd26
 
cloud computing encrypted
cloud computing encryptedcloud computing encrypted
cloud computing encryptedDevanandPatil6
 
IRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET Journal
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud IBM Security
 
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Project
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing Reza Pahlava
 

Was ist angesagt? (20)

Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - Kloudlearn
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approach
 
Cloud Cryptography
Cloud CryptographyCloud Cryptography
Cloud Cryptography
 
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in Azure
 
Ensuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha TukeEnsuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha Tuke
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your Organization
 
IT_RFO10-14-ITS_AppendixA_20100513
IT_RFO10-14-ITS_AppendixA_20100513IT_RFO10-14-ITS_AppendixA_20100513
IT_RFO10-14-ITS_AppendixA_20100513
 
Cloud computing security from single to multiple
Cloud computing security from single to multipleCloud computing security from single to multiple
Cloud computing security from single to multiple
 
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Next generation storage: eliminating the guesswork and avoiding forklift upgradeNext generation storage: eliminating the guesswork and avoiding forklift upgrade
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
 
Brighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud SecurityBrighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud Security
 
cloud computing encrypted
cloud computing encryptedcloud computing encrypted
cloud computing encrypted
 
IRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
 
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by Design
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chain
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing
 

Ähnlich wie Shared responsibility - a model for good cloud security

Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeHimani Singh
 
Cloud computing by Rajat Shukla
Cloud computing by Rajat ShuklaCloud computing by Rajat Shukla
Cloud computing by Rajat ShuklaRajat Shukla
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedNorm Barber
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
 
The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think Uni Systems S.M.S.A.
 
CLOUD SEMINAR.pptx
CLOUD SEMINAR.pptxCLOUD SEMINAR.pptx
CLOUD SEMINAR.pptxsakshi126838
 
Cloud computing and data security
Cloud computing and data securityCloud computing and data security
Cloud computing and data securityMohammed Fazuluddin
 
What are the pros and cons of using cloud applications.pdf
What are the pros and cons of using cloud applications.pdfWhat are the pros and cons of using cloud applications.pdf
What are the pros and cons of using cloud applications.pdfAnil
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloudpatmisasi
 
Building Cloud capability for startups
Building Cloud capability for startupsBuilding Cloud capability for startups
Building Cloud capability for startupsSekhar Mohanty
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhShah Sheikh
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourleyGovCloud Network
 
Cloud Computing in Africa
Cloud Computing in AfricaCloud Computing in Africa
Cloud Computing in Africatechzimslides
 

Ähnlich wie Shared responsibility - a model for good cloud security (20)

Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
 
Cloud computing by Rajat Shukla
Cloud computing by Rajat ShuklaCloud computing by Rajat Shukla
Cloud computing by Rajat Shukla
 
Understanding the Cloud
Understanding the CloudUnderstanding the Cloud
Understanding the Cloud
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 
The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think
 
CLOUD SEMINAR.pptx
CLOUD SEMINAR.pptxCLOUD SEMINAR.pptx
CLOUD SEMINAR.pptx
 
Cloud computing and data security
Cloud computing and data securityCloud computing and data security
Cloud computing and data security
 
What are the pros and cons of using cloud applications.pdf
What are the pros and cons of using cloud applications.pdfWhat are the pros and cons of using cloud applications.pdf
What are the pros and cons of using cloud applications.pdf
 
Securing The Journey To The Cloud
Securing The Journey To The Cloud Securing The Journey To The Cloud
Securing The Journey To The Cloud
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
Building Cloud capability for startups
Building Cloud capability for startupsBuilding Cloud capability for startups
Building Cloud capability for startups
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
 
Introduction Of Cloud Computing
Introduction Of Cloud Computing Introduction Of Cloud Computing
Introduction Of Cloud Computing
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Features of cloud
Features of cloudFeatures of cloud
Features of cloud
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud Computing in Africa
Cloud Computing in AfricaCloud Computing in Africa
Cloud Computing in Africa
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 

Mehr von Jisc

Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...Jisc
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxJisc
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxJisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Jisc
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...Jisc
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptxJisc
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxJisc
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxJisc
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxJisc
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJisc
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxJisc
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber EssentialsJisc
 

Mehr von Jisc (20)

Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptx
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptx
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptx
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptx
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 

Kürzlich hochgeladen

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 

Kürzlich hochgeladen (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

Shared responsibility - a model for good cloud security

  • 1. Shared responsibility - a model for good cloud security Andy Powell, Jisc
  • 2. Shared responsibility - a model for good cloud security Andy Powell, Jisc
  • 3. Mohamed Hammady, CTO Sky 3 Shared responsibility - a model for good cloud security “We have decided to build our data lake on Google Cloud Platform. This is a key component of our internal data factory transformation programme. One of the deliverables of this programme, which is very ambitious, is to join up all available data in a customer-centric way. This will allow us to progressively personalise every customer interaction to make it quicker and more relevant to the individual customer need.”
  • 4. David Rogers, Head of Architecture and Security Ministry of Justice 4 Shared responsibility - a model for good cloud security “As we started to create more and more digital services AWS became a platform for us. We started to automate the way we were delivering these services into the cloud. We started to consolidate the way we were working with the cloud, such as thru our deployment pipeline and thru monitoring and logging. What emerged was the use of that platform very consistently across digital services for around 19 or 20 services.”
  • 5. “We now have a unified API as a basis for designing, testing, and deploying the next generation of machine learning and digital services in the hospital for our young patients. This will also enable rapid and easier collaboration with our international paediatric hospital partners to share specialised tools to improve patient outcomes and experience.” “Partnering with Microsoft on the Azure API for Fast Healthcare Interoperability Resources (FHIR) allows us to scale out and accelerate our customers’ use of [data]. The managed service is a great additional component […] bringing research and innovation closer to clinical impact.” Professor Neil Sebire, Chief Research Information Officer Great Ormond Street Hospital Rodrigo Barnes, CTO Aridhia 5 Shared responsibility - a model for good cloud security
  • 6. Darryl West, Group CIO HSBC 6 Shared responsibility - a model for good cloud security “HSBC is no different to most other global enterprises. We tried for many years to build data centres, to provision infrastructure, to buy products and to run it all ourselves. But we decided about 18 months ago that we ought to focus on what we are great at, which is customer experience and focusing on our customers and partnering with people like Google to do all the heavy lifting on infrastructure.”
  • 7. Scene setting • Three big players in the market (yes, there are others as well!) • All with similar directions of travel • Global presence (10s or 100s of data centres) • Typically organised into Regions, Availability Zones and Edge locations • Service portfolio that extends well beyond traditional IaaS • … including big data, container platforms, serverless, database as a service, IoT, ML, AI, … • All three talk about a shared responsibility model for security 7 Shared responsibility - a model for good cloud security
  • 8. Threat, what threat? 1. Data breaches 2. Data loss 3. Account / service compromise 4. Insecure API 5. Denial of service 6. Insider threat 7. Abuse of cloud services 8. Insufficient due diligence 9. Shared tech vulnerabilities 8 Shared responsibility - a model for good cloud security
  • 9. Shared responsibility 9 Shared responsibility - a model for good cloud security Application design, identity & access management Operating system, network & firewall configuration Data at rest (on-prem) Data at rest (in cloud) Data in transit Software Hardware / global infrastructure Regions Availability zones Edge locations Compute Database NetworkingStorage Security in the cloud (your responsibility) Security of the cloud (cloud provider’s responsibility)
  • 10. Confidentiality, Integrity, Availability • Is access to my data restricted to the people I want to see it? • Can I tell if my data has been tampered with? • Can the right people get access if they need to? 10 Shared responsibility - a model for good cloud security Confidentiality • Access control • Encryption • Firewalling Integrity • Encryption • Audit logs Availability • Global scale • Account/subscription config • DDoS protection
  • 11. Basic building blocks • Regions and availability zones • Virtual Private Clouds (VPCs) and subnets • Security groups & Network Access Control Lists (firewalls) • Identity and access management (cloud platform level and operating system) • Logging of all API access • Encryption of data at rest (option to bring your own keys and use HSM in the cloud) including for database as a service options • Encryption of data in transit • DDoS protection at platform level (and WAF and DDoS available as extras, usually bundled into edge-based CDN) 11 Shared responsibility - a model for good cloud security
  • 12. Connectivity • Most of your cloud usage is going to be hybrid • Connectivity will be critical, as will securing your data in transit • All the cloud providers provide dedicated private connectivity options • However, Janet has extremely good peering arrangements • For connectivity requirements up to 1.5Gbps bandwidth, just use Janet • For hybrid requirements, secure data in transit using a site-to-site VPN irrespective of whether you use Janet or not 12 Shared responsibility - a model for good cloud security
  • 13. Infrastructure as Code • All the major cloud suppliers support infrastructure as code (IaC) • CloudFormation, ARM Templates, Cloud Deployment Manager • And you can also use third-party tooling such as Terraform • Repeatable and re-usable deployments • Manage your infrastructure in a code repository • Helps to prevent accidental deployments of insecure infrastructure 13 Shared responsibility - a model for good cloud security
  • 14. Security Information and Event Management (SIEM) 14 Shared responsibility - a model for good cloud security • Native SIEM tooling is emerging from the major cloud vendors (e.g. Sentinel on Azure) • However, your SIEM requirements are likely to be hybrid (and may be multi- cloud) • All the major SIEM vendors will provide integration with cloud platform logging • Note that Jisc is partnered with Splunk in order to provide a hosted Splunk platform
  • 15. Auto-remediation • All cloud vendors now support serverless • Small software ‘functions’ run on demand, typically triggered by an API event or by a timer • Use this approach to auto-run remediation code • E.g. to automatically (and instantly) close down a security group that allows world access to SSH or RDP or to take a copy of a compromised VM, prior to deletion, so that it can be spun up in an isolated environment for later analysis • Also look at Security Orchestration, Automation and Response (SOAR) tools, e.g. CloudCustodian 15 Shared responsibility - a model for good cloud security
  • 16. Third-party tooling • Our experience is that some native tooling can be limited, especially with early releases • Your existing security approaches can almost always be stretched into the cloud • Either by buying them from the marketplace • … or by layering them in-front of cloud services • For example, we often use Imperva Cloud WAF as an alternative to the native WAF solutions provided by the cloud vendors • We also use CloudCheckr for billing recommendations, security posture analysis, and compliance status 16 Shared responsibility - a model for good cloud security
  • 17. Compliance 17 Shared responsibility - a model for good cloud security
  • 18. Are you well architected? 18 Shared responsibility - a model for good cloud security
  • 19. Summary – 5 take-aways 1. Understand the shared responsibility model. Where does the cloud provider’s responsibility end and yours start? How does this apply to IaaS, PaaS and SaaS? How does this affect your compliance? 2. Use the basic building blocks to create highly resilient and secure solutions - don’t forget the basics… firewalls, anti-malware and backups 3. It’s your data - secure it at rest (on-prem and in the cloud) and in transit - encryption is your friend 4. If necessary, use existing security tooling to complement what the cloud provider gives you 5. Defend in depth - follow best-practice guidance including the NCSC 14 cloud security principles 19 Shared responsibility - a model for good cloud security
  • 20. Arguably, AWS, Microsoft and Google are now the biggest security companies in the world Questions? Andy Powell, Jisc @andypowe11 andy.powell@jisc.ac.uk
  • 21. Additional reading • AWS Compliance Programs • Azure Compliance • Google Compliance Resource Center • AWS Well-Architected • Pillars of a great Azure architecture • Google Infrastructure Security Design Overview • Azure Security and Compliance UK OFFICIAL Blueprint • Standardized Architecture for UK-OFFICIAL on AWS • NCSC Cloud security guidance 21 Shared responsibility - a model for good cloud security