SlideShare ist ein Scribd-Unternehmen logo

Cloud computing-security-issues

Als PPT, PDF herunterladen
Aleem Mohammed
Aleem Mohammed

this ppt discusses the Security Issues in Cloud Computing

Technologie
1 von 40
CLOUD COMPUTING SECURITY ISSUES
Something Old, Something New 2  New: Cloud describes the use of a collection of services, applications, information, and infrastructure comprised of pools of compute, network, information and storage resources. These components can be rapidly orchestrated, provisioned, implemented and decommissioned, and scaled up or down providing for an on- demand utility-like model of allocations and consumption
Cloud Computing Parts 3  NIST defines cloud computing by:  5 essential characteristics  3 cloud service models  4 cloud deployment models
Essential Characteristics 4  On-demand service  Get computing capabilities as needed automatically  Broad Network Access  Services available over the net using desktop, laptop, PDA, mobile phone
Essential Characteristics 5  Resource pooling  Provider resources pooled to server multiple clients  Rapid Elasticity  Ability to quickly scale in/out service  Measured service  control, optimize services based on metering
Cloud Service Models 6  Software as a Service (SaaS)  We use the provider apps  User doesn’t manage or control the network, servers, OS, storage or applications  Platformas a Service (PaaS)  User deploys their apps on the cloud  Controls their apps  User doesn’t manage servers, IS, storage
Cloud Service Models 7  Infrastructure as a Service (IaaS)  Consumers get access to the infrastructure to deploy their stuff  User doesn’t manage or control the infrastructure  User manages or controls the OS, storage, apps, selected network components
Deployment Models 8  Public  Cloud infrastructure is available to the general public, owned by org selling cloud services  Private  Cloud infrastructure for single org only, may be managed by the org or a 3rd party, on or off premise
Deployment Models 9  Community  Cloud infrastructure is shared by several organizations that have the same shared concerns, managed by organization or 3rd party  Hybrid  Consists of tow or more clouds bound by standard or proprietary technology
What, When, How to Move to the Cloud10  Identify the asset(s) for cloud deployment  Data  Applications/Functions/Process  Evaluate the asset  Determine how important the data or function is to the org
Evaluate the Asset 11  How would we be harmed if  the asset became widely public & widely distributed?  An employee of our cloud provider accessed the asset?  The process of function were manipulated by an outsider?  The process or function failed to provide expected results?  The info/data was unexpectedly changed?  The asset were unavailable for a period of time?
Map Asset to Models 12  4 Cloud Models  Public  Private, internal, on premise  Private, external  Community  Hybrid  Which cloud model addresses your security concerns?
Map Data Flow 13  Map the data flow between your organization, cloud service, customers, other nodes  Essential to understand whether & HOW data can move in/out of the cloud  Sketch it for each of the models  Know your risk tolerance!
Cloud Domains 14  Service contracts should address these 13 domains  Architectural Framework  Governance, Enterprise Risk Mgt  Legal, e-Discovery  Compliance & Audit  Information Lifecycle Mgt  Portability & Interoperability
Cloud Domains 15  Security, Business Continuity, Disaster Recovery  Data Center Operations  Incident Response Issues  Application Security  Encryption & Key Mgt  Identity & Access Mgt  Virtualization
Security Stack 16  IaaS: entire infrastructure from facilities to HW  PaaS: application, Middleware, database, messaging supported by IaaS  SaaS: self contained operating environment: content, presentation, apps, mgt
Security Stack Concerns 17  Lower down the stack the cloud vendor provides, the more security issues the consumer has to address or provide  Who do you trust?
Key Takeaways 18  SaaS  Service levels, security, governance, compliance, liability expectations of the service & provider are contractually defined  PaaS, IaaS  Customer sysadmins manage the same with provider handling platform, infrastructure security
Sample Clouds 19 From “Security Guidance for Critical Areas of Focus in Cloud Computing v2.1, p.18
20 SaaS Paas IaaS
Security Pitfalls 21  How cloud services are provided confused with where they are provided  Well demarcated networksecurity borderis not fixed  Cloud computing implies loss of control
Overall Security Concerns 22  Gracefully lose control while maintaining accountability even if operational responsibility falls upon 3rd parties  Provider, user security duties differ greatly between cloud models
Governance 23  Identify, implement process, controls to maintain effective governance, risk mgt, compliance  Provider security governance should be assessed for sufficiency, maturity, consistency with user ITSEC process
3rd Party Governance 24  Request clear docs on how facility & services are assessed  Require defn of what provider considers critical services, info  Perform full contract, terms of use due diligence to determine roles, accountability
Legal, e-Discovery 25  Functional: which functions & services in the Cloud have legal implications for both parties  Jurisdictional: which governments administer laws and regs impacting services, stakeholders, data assets  Contractual: terms & conditions
Legal, e-Discovery 26  Both parties must understand each other’s roles  Litigation hold, Discovery searches  Expert testimony  Provider must save primary and secondary (logs) data  Where is the data stored?  laws for cross border data flows
Legal, e-Discovery 27  Plan for unexpected contract termination and orderly return or secure disposal of assets  You should ensure you retain ownership of your data in its original form
Compliance & Audit 28  Hard to maintain with your sec/reg requirements, harder to demonstrate to auditors  Right to Audit clause  Analyze compliance scope  Regulatory impact on data security  Evidence requirements are met  Do Provider have SAS 70 Type II, ISO 27001/2 audit statements?
Info Lifecycle Mgt 29  Data security (CIA)  Data Location  All copies, backups stored only at location allowed by contract, SLA and/or regulation  Compliant storage (EU mandate) for storing e- health records
Portability, Interoperability 30  When you have to switch cloud providers  Contract price increase  Provider bankruptcy  Provider service shutdown  Decrease in service quality  Business dispute
Security, BC, DS 31  Centralization of data = greater insider threat from within the provider  Require onsite inspections of provider facilities  Disaster recover, Business continuity, etc
Data Center Ops 32  How does provider do:  On-demand self service  Broad network access  Resource pooling  Rapid elasticity  Measured service
Incident Response 33 Cloud apps aren’t always designed with data integrity, security in mind Provider keep app, firewall, IDS logs? Provider deliver snapshots of your virtual environment? Sensitive data must be encrypted for data breach regs
Application Security 34  Different trust boundaries for IaaS, PaaS, Saas  Provider web application security?  Secure inter-host communication channel
Encryption, Key Mgt 35  Encrypt data in transit, at rest, backup media  Secure key store  Protect encryption keys  Ensure encryption is based on industry/govt standards.  NO proprietary standard  Limit access to key stores  Key backup & recoverability  Test these procedures
ID, Access Mgt 36  Determine how provider handles:  Provisioning, deprovisioning  Authentication  Federation  Authorization, user profile mgt
Virtualization 37  What type of virtualization is used by the provider?  What 3rd party security technology augments the virtual OS?  Which controls protect admin interfaces exposed to users?
38
Summary 39  We already do some sort of cloud computing  NFS, Samba shares, SAN, NAS, Web applications  Decide on public or private cloud  Public cloud implies loss of control
Reference 40  All material from “Security Guidance for Critical Areas of Focus in Cloud Computing v2.1”, http://www.cloudsecurityalliance.org  All figures in this talk taken from this paper  NIST Cloud Model: www.csrc.nist.gov/groups/SNS/cloud-computing/index.html  Various cloud working groups  Open Cloud Computing Interface Working Group, Amazon EC2 API, Sun Open Cloud API, Rackspace API, GoGrid API, DMTF Open Virtualization Format (OVF)

Empfohlen

Cloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSCloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSAnchises Moraes
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management Padma Jella
 
Cloud Computing Presentation
Cloud Computing PresentationCloud Computing Presentation
Cloud Computing PresentationVivek Ravindran
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computingprachupanchal
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
Cloud security
Cloud securityCloud security
Cloud securityBikashPokharel3
 
Cloud computing
Cloud computingCloud computing
Cloud computingMOHIT PANDEY
 

Empfohlen

Cloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSCloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSAnchises Moraes
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management Padma Jella
 
Cloud Computing Presentation
Cloud Computing PresentationCloud Computing Presentation
Cloud Computing PresentationVivek Ravindran
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computingprachupanchal
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
Cloud security
Cloud securityCloud security
Cloud securityBikashPokharel3
 
Cloud computing
Cloud computingCloud computing
Cloud computingMOHIT PANDEY
 
Cloud Service Models
Cloud Service ModelsCloud Service Models
Cloud Service ModelsAbhishek Pachisia
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
Cloud computing
Cloud computingCloud computing
Cloud computingReetesh Gupta
 
Cloud computing
Cloud computingCloud computing
Cloud computingDebrajKarmakar
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Cloud platforms - Cloud Computing
Cloud platforms - Cloud ComputingCloud platforms - Cloud Computing
Cloud platforms - Cloud ComputingAditi Rai
 
Cloud sim
Cloud simCloud sim
Cloud simKhyati Rajput
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing pptSarvesh Meena
 
Cloud computing
Cloud computingCloud computing
Cloud computingSarthakNawal1
 
Cloud deployment models
Cloud deployment modelsCloud deployment models
Cloud deployment modelsAshok Kumar
 
Cloud Computing Architecture
Cloud Computing ArchitectureCloud Computing Architecture
Cloud Computing ArchitectureAnimesh Chaturvedi
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingNaveed Farooq
 
Cloud computing
Cloud computingCloud computing
Cloud computingRupak Chaulagain
 
Cloud computing by Bharat Bodage
Cloud computing by Bharat BodageCloud computing by Bharat Bodage
Cloud computing by Bharat BodageBharat Bodage
 
Cloud Computing Principles and Paradigms: 4 the enterprise cloud computing pa...
Cloud Computing Principles and Paradigms: 4 the enterprise cloud computing pa...Cloud Computing Principles and Paradigms: 4 the enterprise cloud computing pa...
Cloud Computing Principles and Paradigms: 4 the enterprise cloud computing pa...Majid Hajibaba
 
cloud computing
cloud computingcloud computing
cloud computingYasir Hilal
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingArwa
 
Cloud computing
Cloud computingCloud computing
Cloud computingWaseem Ahmed
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
INTRODUCTION TO CLOUD COMPUTING
INTRODUCTION TO CLOUD COMPUTINGINTRODUCTION TO CLOUD COMPUTING
INTRODUCTION TO CLOUD COMPUTINGTanmoy Barman
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Cloud platforms - Cloud Computing
Cloud platforms - Cloud ComputingCloud platforms - Cloud Computing
Cloud platforms - Cloud ComputingAditi Rai
 
Cloud deployment models
Cloud deployment modelsCloud deployment models
Cloud deployment modelsAshok Kumar
 
Cloud computing by Bharat Bodage
Cloud computing by Bharat BodageCloud computing by Bharat Bodage
Cloud computing by Bharat BodageBharat Bodage
 
Cloud Computing Principles and Paradigms: 4 the enterprise cloud computing pa...
Cloud Computing Principles and Paradigms: 4 the enterprise cloud computing pa...Cloud Computing Principles and Paradigms: 4 the enterprise cloud computing pa...
Cloud Computing Principles and Paradigms: 4 the enterprise cloud computing pa...Majid Hajibaba
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingArwa
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
INTRODUCTION TO CLOUD COMPUTING
INTRODUCTION TO CLOUD COMPUTINGINTRODUCTION TO CLOUD COMPUTING
INTRODUCTION TO CLOUD COMPUTINGTanmoy Barman
 

Was ist angesagt? (20)

Cloud Service Models
Cloud Service ModelsCloud Service Models
Cloud Service Models
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Cloud platforms - Cloud Computing
Cloud platforms - Cloud ComputingCloud platforms - Cloud Computing
Cloud platforms - Cloud Computing
 
Cloud sim
Cloud simCloud sim
Cloud sim
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud deployment models
Cloud deployment modelsCloud deployment models
Cloud deployment models
 
Cloud Computing Architecture
Cloud Computing ArchitectureCloud Computing Architecture
Cloud Computing Architecture
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud computing by Bharat Bodage
Cloud computing by Bharat BodageCloud computing by Bharat Bodage
Cloud computing by Bharat Bodage
 
Cloud Computing Principles and Paradigms: 4 the enterprise cloud computing pa...
Cloud Computing Principles and Paradigms: 4 the enterprise cloud computing pa...Cloud Computing Principles and Paradigms: 4 the enterprise cloud computing pa...
Cloud Computing Principles and Paradigms: 4 the enterprise cloud computing pa...
 
cloud computing
cloud computingcloud computing
cloud computing
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
 
INTRODUCTION TO CLOUD COMPUTING
INTRODUCTION TO CLOUD COMPUTINGINTRODUCTION TO CLOUD COMPUTING
INTRODUCTION TO CLOUD COMPUTING
 

Ähnlich wie Cloud computing-security-issues

Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfCiente
 
Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?Jody Keyser
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) ijceronline
 
iaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocoliaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocolIaetsd Iaetsd
 
Ensuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudEnsuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudCognizant
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar reportshafzonly
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared CarstensenCloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared Carstensenjaredcarst
 
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...IJCNCJournal
 
Guide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureGuide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureAbdul Khan
 
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET Journal
 
Hybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdfHybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdfmanoharparakh
 

Ähnlich wie Cloud computing-security-issues (20)

Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the Cloud
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the Cloud
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
SECURITY ISSUES IN CLOUD COMPUTING
SECURITY ISSUES IN CLOUD COMPUTINGSECURITY ISSUES IN CLOUD COMPUTING
SECURITY ISSUES IN CLOUD COMPUTING
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdf
 
Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
iaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocoliaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocol
 
Ensuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudEnsuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the Cloud
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar report
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared CarstensenCloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared Carstensen
 
cloud1_aggy.pdf
cloud1_aggy.pdfcloud1_aggy.pdf
cloud1_aggy.pdf
 
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
 
Cloud security
Cloud securityCloud security
Cloud security
 
Guide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureGuide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azure
 
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
 
Hybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdfHybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdf
 

Kürzlich hochgeladen

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Kürzlich hochgeladen (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Cloud computing-security-issues

  • 2. Something Old, Something New 2  New: Cloud describes the use of a collection of services, applications, information, and infrastructure comprised of pools of compute, network, information and storage resources. These components can be rapidly orchestrated, provisioned, implemented and decommissioned, and scaled up or down providing for an on- demand utility-like model of allocations and consumption
  • 3. Cloud Computing Parts 3  NIST defines cloud computing by:  5 essential characteristics  3 cloud service models  4 cloud deployment models
  • 4. Essential Characteristics 4  On-demand service  Get computing capabilities as needed automatically  Broad Network Access  Services available over the net using desktop, laptop, PDA, mobile phone
  • 5. Essential Characteristics 5  Resource pooling  Provider resources pooled to server multiple clients  Rapid Elasticity  Ability to quickly scale in/out service  Measured service  control, optimize services based on metering
  • 6. Cloud Service Models 6  Software as a Service (SaaS)  We use the provider apps  User doesn’t manage or control the network, servers, OS, storage or applications  Platformas a Service (PaaS)  User deploys their apps on the cloud  Controls their apps  User doesn’t manage servers, IS, storage
  • 7. Cloud Service Models 7  Infrastructure as a Service (IaaS)  Consumers get access to the infrastructure to deploy their stuff  User doesn’t manage or control the infrastructure  User manages or controls the OS, storage, apps, selected network components
  • 8. Deployment Models 8  Public  Cloud infrastructure is available to the general public, owned by org selling cloud services  Private  Cloud infrastructure for single org only, may be managed by the org or a 3rd party, on or off premise
  • 9. Deployment Models 9  Community  Cloud infrastructure is shared by several organizations that have the same shared concerns, managed by organization or 3rd party  Hybrid  Consists of tow or more clouds bound by standard or proprietary technology
  • 10. What, When, How to Move to the Cloud10  Identify the asset(s) for cloud deployment  Data  Applications/Functions/Process  Evaluate the asset  Determine how important the data or function is to the org
  • 11. Evaluate the Asset 11  How would we be harmed if  the asset became widely public & widely distributed?  An employee of our cloud provider accessed the asset?  The process of function were manipulated by an outsider?  The process or function failed to provide expected results?  The info/data was unexpectedly changed?  The asset were unavailable for a period of time?
  • 12. Map Asset to Models 12  4 Cloud Models  Public  Private, internal, on premise  Private, external  Community  Hybrid  Which cloud model addresses your security concerns?
  • 13. Map Data Flow 13  Map the data flow between your organization, cloud service, customers, other nodes  Essential to understand whether & HOW data can move in/out of the cloud  Sketch it for each of the models  Know your risk tolerance!
  • 14. Cloud Domains 14  Service contracts should address these 13 domains  Architectural Framework  Governance, Enterprise Risk Mgt  Legal, e-Discovery  Compliance & Audit  Information Lifecycle Mgt  Portability & Interoperability
  • 15. Cloud Domains 15  Security, Business Continuity, Disaster Recovery  Data Center Operations  Incident Response Issues  Application Security  Encryption & Key Mgt  Identity & Access Mgt  Virtualization
  • 16. Security Stack 16  IaaS: entire infrastructure from facilities to HW  PaaS: application, Middleware, database, messaging supported by IaaS  SaaS: self contained operating environment: content, presentation, apps, mgt
  • 17. Security Stack Concerns 17  Lower down the stack the cloud vendor provides, the more security issues the consumer has to address or provide  Who do you trust?
  • 18. Key Takeaways 18  SaaS  Service levels, security, governance, compliance, liability expectations of the service & provider are contractually defined  PaaS, IaaS  Customer sysadmins manage the same with provider handling platform, infrastructure security
  • 19. Sample Clouds 19 From “Security Guidance for Critical Areas of Focus in Cloud Computing v2.1, p.18
  • 21. Security Pitfalls 21  How cloud services are provided confused with where they are provided  Well demarcated networksecurity borderis not fixed  Cloud computing implies loss of control
  • 22. Overall Security Concerns 22  Gracefully lose control while maintaining accountability even if operational responsibility falls upon 3rd parties  Provider, user security duties differ greatly between cloud models
  • 23. Governance 23  Identify, implement process, controls to maintain effective governance, risk mgt, compliance  Provider security governance should be assessed for sufficiency, maturity, consistency with user ITSEC process
  • 24. 3rd Party Governance 24  Request clear docs on how facility & services are assessed  Require defn of what provider considers critical services, info  Perform full contract, terms of use due diligence to determine roles, accountability
  • 25. Legal, e-Discovery 25  Functional: which functions & services in the Cloud have legal implications for both parties  Jurisdictional: which governments administer laws and regs impacting services, stakeholders, data assets  Contractual: terms & conditions
  • 26. Legal, e-Discovery 26  Both parties must understand each other’s roles  Litigation hold, Discovery searches  Expert testimony  Provider must save primary and secondary (logs) data  Where is the data stored?  laws for cross border data flows
  • 27. Legal, e-Discovery 27  Plan for unexpected contract termination and orderly return or secure disposal of assets  You should ensure you retain ownership of your data in its original form
  • 28. Compliance & Audit 28  Hard to maintain with your sec/reg requirements, harder to demonstrate to auditors  Right to Audit clause  Analyze compliance scope  Regulatory impact on data security  Evidence requirements are met  Do Provider have SAS 70 Type II, ISO 27001/2 audit statements?
  • 29. Info Lifecycle Mgt 29  Data security (CIA)  Data Location  All copies, backups stored only at location allowed by contract, SLA and/or regulation  Compliant storage (EU mandate) for storing e- health records
  • 30. Portability, Interoperability 30  When you have to switch cloud providers  Contract price increase  Provider bankruptcy  Provider service shutdown  Decrease in service quality  Business dispute
  • 31. Security, BC, DS 31  Centralization of data = greater insider threat from within the provider  Require onsite inspections of provider facilities  Disaster recover, Business continuity, etc
  • 32. Data Center Ops 32  How does provider do:  On-demand self service  Broad network access  Resource pooling  Rapid elasticity  Measured service
  • 33. Incident Response 33 Cloud apps aren’t always designed with data integrity, security in mind Provider keep app, firewall, IDS logs? Provider deliver snapshots of your virtual environment? Sensitive data must be encrypted for data breach regs
  • 34. Application Security 34  Different trust boundaries for IaaS, PaaS, Saas  Provider web application security?  Secure inter-host communication channel
  • 35. Encryption, Key Mgt 35  Encrypt data in transit, at rest, backup media  Secure key store  Protect encryption keys  Ensure encryption is based on industry/govt standards.  NO proprietary standard  Limit access to key stores  Key backup & recoverability  Test these procedures
  • 36. ID, Access Mgt 36  Determine how provider handles:  Provisioning, deprovisioning  Authentication  Federation  Authorization, user profile mgt
  • 37. Virtualization 37  What type of virtualization is used by the provider?  What 3rd party security technology augments the virtual OS?  Which controls protect admin interfaces exposed to users?
  • 38. 38
  • 39. Summary 39  We already do some sort of cloud computing  NFS, Samba shares, SAN, NAS, Web applications  Decide on public or private cloud  Public cloud implies loss of control
  • 40. Reference 40  All material from “Security Guidance for Critical Areas of Focus in Cloud Computing v2.1”, http://www.cloudsecurityalliance.org  All figures in this talk taken from this paper  NIST Cloud Model: www.csrc.nist.gov/groups/SNS/cloud-computing/index.html  Various cloud working groups  Open Cloud Computing Interface Working Group, Amazon EC2 API, Sun Open Cloud API, Rackspace API, GoGrid API, DMTF Open Virtualization Format (OVF)