SlideShare ist ein Scribd-Unternehmen logo

Cloud Security by CK

Narinrit Prem-apiwathanokul
Narinrit Prem-apiwathanokul
Bildung
1 von 27
Downloaden Sie, um offline zu lesen
Cloud Security Concerns By Chaiyakorn Apiwathanokul C3O, S-Generation Co., Ltd.
Name: Chaiyakorn Apiwathanokul ไชยกร อภิวัฒโนกุล Title: Chief Executive Officer Company: S-GENERATION Company Limited S-FORENSICS Company Limited Certificates: CISSP, CSSLP, IRCA:ISMS (ISO27001), SANS:GCFA • CSO ASEAN Award 2010 by International Data Group (IDG) • 2010 Asia-Pacific Information Security Leadership Achievements (ISLA) by (ISC)2 • Security Sub-commission under Thailand Electronic Transaction Commission (ET Act B.E. 2544) • Contribute to Thailand Cyber Crime Act B.E.2550 • Workgroup for CA service standard development • Committee of national standard adoption of ISO27001/ISO27002 • Committee of Thailand Information Security Association (TISA) • Committee of Cybersecurity workforce development, Division of Skill Development, Ministry of Labour chaiyakorna@hotmail.com • Advisor to Department of Special Investigation (DSI) • Advisor to Cybersecurity Monitoring Center, Ministry of Defense (MOD) 1997 1999 2000 2004 2006 2011
CLOUD! How is it like?
What do you think of when it comes to CLOUD?
Now!
Cheaper Cost Efficiency Resiliency High Availability Elasticity On-Demand Quick Deployment Out-sourcing
Then what stop you?
GO!!! or NO GO?
What to worry about?
Surveys Show SECURITY & PRIVACY #1 Concern
Top Threats to Cloud Computing Survey Results Update 2012
Top Threats to Cloud Computing 1. Abuse & Nefarious Use of Cloud Computing 2. Insecure Interfaces & APIs 3. Malicious Insiders 4. Shared Technology Issues 5. Data Loss or Leakage 6. Account or Service Hijacking 7. Unknown Risk Profile © 2012 S-Generation Co., Ltd.
15 ENISA Cloud Risks 1. Loss of governance 2. Lock-in 3. Isolation failure 4. Compliance risks 5. Management interface compromise 6. Data protection 7. Insecure or incomplete data deletion 8. Malicious insider © 2012 S-Generation Co., Ltd.
© 2012 S-Generation Co., Ltd.
NIST SP800-144 Key Security and Privacy Issues 1 Governance 2 Compliance 3 Trust 4 Architecture 5 Identity and Access Management 6 Software Isolation 7 Data Protection 8 Availability 9 Incident Response © 2012 S-Generation Co., Ltd.
Certificate of Cloud Security Knowledge • First certification on cloud computing security • Most prestigious cloud computing certification • Measures mastery of CSA guidance and ENISA cloud risks whitepaper • Understand cloud issues • Look for the CCSKs at cloud providers, consulting partners • Online web-based examination • www.cloudsecurityalliance.org/certifyme © 2012 S-Generation Co., Ltd.
13 Domains of CCSK © 2012 S-Generation Co., Ltd.
0.5 Lifecycle considerations “Information” Create Destroy Store Transmit Process Use 20 © 2012 S-Generation Co., Ltd.
0.5 Lifecycle considerations “Information System” Conceive Implement Use Specify Test Maintain Design Develop Dispose 21 © 2012 S-Generation Co., Ltd.
Domain 5: Information Management & Data Security 5.6 Data Security 5.6.1 Detecting and Preventing Data Migrations to The Cloud 5.6.2 Protecting Data Moving to (And Within) The Cloud 5.6.3 Protecting Data in The Cloud 5.6.4 Data Lost Prevention 5.6.5 Database and File Activity Monitoring 5.6.6 Application Security 5.6.7 Privacy Preserving Storage 5.6.8 Digital Rights Management (DRM) © 2012 S-Generation Co., Ltd.
Back to The Basic • Classify everything – Data – Network – Platform – App – Provider – Personnel involved • Owner, who, R&R • Custodian, who, R&R © 2012 S-Generation Co., Ltd.
Conclusion • Cloud is here to stay • Cloud help reduce capital and operational cost • Cost of data breach is in question • It’s not about go or no-go, it’s about how to go effectively • We are not living in a business (only) world • There are underground economy, cyber criminal, terrorism, and state intelligence • Secure development and secure operation • Does cloud computing helps your operation more secure? – Operation - may be – Data security framework - ? © 2012 S-Generation Co., Ltd.
http://www. thailand.org © 2012 S-Generation Co., Ltd.
Happy New Year to ICTSEC • Free web security health check 1 scan 1 report • Promotion code: ICTSEC@EGAT • Contact: – Tel. 02-613-0500 Start at 5,000 THB/month – Mail. sales@s-generation.com – http://www.EZWebSec.com © 2012 S-Generation Co., Ltd.
Please visit h t t p : / / w w w. S - G E N E R AT I O N . c o m for more information Thank Y ou Please visit h t t p : / / w w w. S - F O R E N S I C S . c o m for more information 27

Empfohlen

Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...Software Park Thailand
 
The New IT – Empowering Your Next Generation Workforce
The New IT – Empowering Your Next Generation WorkforceThe New IT – Empowering Your Next Generation Workforce
The New IT – Empowering Your Next Generation WorkforceCisco Canada
 
Unc charlotte prezo2016
Unc charlotte prezo2016Unc charlotte prezo2016
Unc charlotte prezo2016Sanjay R. Gupta
 
HIPAA Compliance in the Cloud
HIPAA Compliance in the CloudHIPAA Compliance in the Cloud
HIPAA Compliance in the CloudOnline Tech
 
Mii Oracle Biz Map 2009
Mii Oracle Biz Map 2009Mii Oracle Biz Map 2009
Mii Oracle Biz Map 2009Dira Sabrina
 
Infosec lecture-final
Infosec lecture-finalInfosec lecture-final
Infosec lecture-finalPaul Dutot IEng MIET MBCS CITP OSCP CSTM
 
vip_day_2._1130_cloud
vip_day_2._1130_cloudvip_day_2._1130_cloud
vip_day_2._1130_cloudNicholas Chia
 
The Business Relevance of Security: Challenges & Solutions
The Business Relevance of Security: Challenges & SolutionsThe Business Relevance of Security: Challenges & Solutions
The Business Relevance of Security: Challenges & Solutionsdigitallibrary
 

Empfohlen

Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...Software Park Thailand
 
The New IT – Empowering Your Next Generation Workforce
The New IT – Empowering Your Next Generation WorkforceThe New IT – Empowering Your Next Generation Workforce
The New IT – Empowering Your Next Generation WorkforceCisco Canada
 
Unc charlotte prezo2016
Unc charlotte prezo2016Unc charlotte prezo2016
Unc charlotte prezo2016Sanjay R. Gupta
 
HIPAA Compliance in the Cloud
HIPAA Compliance in the CloudHIPAA Compliance in the Cloud
HIPAA Compliance in the CloudOnline Tech
 
Mii Oracle Biz Map 2009
Mii Oracle Biz Map 2009Mii Oracle Biz Map 2009
Mii Oracle Biz Map 2009Dira Sabrina
 
Infosec lecture-final
Infosec lecture-finalInfosec lecture-final
Infosec lecture-finalPaul Dutot IEng MIET MBCS CITP OSCP CSTM
 
vip_day_2._1130_cloud
vip_day_2._1130_cloudvip_day_2._1130_cloud
vip_day_2._1130_cloudNicholas Chia
 
The Business Relevance of Security: Challenges & Solutions
The Business Relevance of Security: Challenges & SolutionsThe Business Relevance of Security: Challenges & Solutions
The Business Relevance of Security: Challenges & Solutionsdigitallibrary
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasTripwire
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderBen Johnson
 
App sec owasp from developers prospective
App sec owasp from developers prospectiveApp sec owasp from developers prospective
App sec owasp from developers prospectiveSecurity Innovation
 
EU data protection laws and impacts on healthcare applications and health data
EU data protection laws and impacts on healthcare applications and health dataEU data protection laws and impacts on healthcare applications and health data
EU data protection laws and impacts on healthcare applications and health dataSpeck&Tech
 
PwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO ReprintPwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO ReprintKim Jensen
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Mark Evertz
 
The CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedThe CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedIBM Security
 
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOpen Access Systems Corporation
 
Aniketos trust bus_sept_2012
Aniketos trust bus_sept_2012Aniketos trust bus_sept_2012
Aniketos trust bus_sept_2012Aniketos EU FP7 Project
 
PCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingPCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingTroy Kitch
 
certificate
certificatecertificate
certificateamr fayed
 
Deploy & Manage BYOD and VDI Services
Deploy & Manage BYOD and VDI ServicesDeploy & Manage BYOD and VDI Services
Deploy & Manage BYOD and VDI ServicesCisco Canada
 
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...Doug Newdick
 
The Polytechnic of Namibia
The Polytechnic of NamibiaThe Polytechnic of Namibia
The Polytechnic of NamibiaCisco Case Studies
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Tripwire
 
Smart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsSmart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsRick Huijbregts
 
Milton smith 2013
Milton smith 2013Milton smith 2013
Milton smith 2013jowen_evansdata
 
Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011) Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011) PwC France
 
Attacking XML Security
Attacking XML SecurityAttacking XML Security
Attacking XML SecurityYusuf Motiwala
 
20101116 deckers
20101116 deckers20101116 deckers
20101116 deckersCIONET
 
IMC: risk base security
IMC: risk base securityIMC: risk base security
IMC: risk base securityNarinrit Prem-apiwathanokul
 
Tt 06-ck
Tt 06-ckTt 06-ck
Tt 06-ckNarinrit Prem-apiwathanokul
 

Weitere ähnliche Inhalte

Was ist angesagt?

Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasTripwire
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderBen Johnson
 
App sec owasp from developers prospective
App sec owasp from developers prospectiveApp sec owasp from developers prospective
App sec owasp from developers prospectiveSecurity Innovation
 
EU data protection laws and impacts on healthcare applications and health data
EU data protection laws and impacts on healthcare applications and health dataEU data protection laws and impacts on healthcare applications and health data
EU data protection laws and impacts on healthcare applications and health dataSpeck&Tech
 
PwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO ReprintPwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO ReprintKim Jensen
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Mark Evertz
 
The CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedThe CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedIBM Security
 
PCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingPCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingTroy Kitch
 
Deploy & Manage BYOD and VDI Services
Deploy & Manage BYOD and VDI ServicesDeploy & Manage BYOD and VDI Services
Deploy & Manage BYOD and VDI ServicesCisco Canada
 
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...Doug Newdick
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Tripwire
 
Smart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsSmart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsRick Huijbregts
 
Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011) Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011) PwC France
 
Attacking XML Security
Attacking XML SecurityAttacking XML Security
Attacking XML SecurityYusuf Motiwala
 
20101116 deckers
20101116 deckers20101116 deckers
20101116 deckersCIONET
 

Was ist angesagt? (20)

Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry Insider
 
App sec owasp from developers prospective
App sec owasp from developers prospectiveApp sec owasp from developers prospective
App sec owasp from developers prospective
 
EU data protection laws and impacts on healthcare applications and health data
EU data protection laws and impacts on healthcare applications and health dataEU data protection laws and impacts on healthcare applications and health data
EU data protection laws and impacts on healthcare applications and health data
 
PwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO ReprintPwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO Reprint
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
 
The CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedThe CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the Unexpected
 
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITIL
 
Aniketos trust bus_sept_2012
Aniketos trust bus_sept_2012Aniketos trust bus_sept_2012
Aniketos trust bus_sept_2012
 
PCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingPCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security Mapping
 
certificate
certificatecertificate
certificate
 
Deploy & Manage BYOD and VDI Services
Deploy & Manage BYOD and VDI ServicesDeploy & Manage BYOD and VDI Services
Deploy & Manage BYOD and VDI Services
 
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
 
The Polytechnic of Namibia
The Polytechnic of NamibiaThe Polytechnic of Namibia
The Polytechnic of Namibia
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
 
Smart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsSmart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter Organizations
 
Milton smith 2013
Milton smith 2013Milton smith 2013
Milton smith 2013
 
Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011) Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011)
 
Attacking XML Security
Attacking XML SecurityAttacking XML Security
Attacking XML Security
 
20101116 deckers
20101116 deckers20101116 deckers
20101116 deckers
 

Andere mochten auch

Vp Leadership And Organizational Development
Vp Leadership And Organizational DevelopmentVp Leadership And Organizational Development
Vp Leadership And Organizational DevelopmentAudianDunahm
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applicationscmstiernberg
 
The Role of Foreign Direct Investment in Myanmar by Naw Eh Khu Mue+Hnin Thuza...
The Role of Foreign Direct Investment in Myanmar by Naw Eh Khu Mue+Hnin Thuza...The Role of Foreign Direct Investment in Myanmar by Naw Eh Khu Mue+Hnin Thuza...
The Role of Foreign Direct Investment in Myanmar by Naw Eh Khu Mue+Hnin Thuza...KYAW THU WIN
 
Myanmar _ Investment Guide - Book 1 (ENG)
Myanmar _ Investment Guide - Book 1 (ENG)Myanmar _ Investment Guide - Book 1 (ENG)
Myanmar _ Investment Guide - Book 1 (ENG)Dr. Oliver Massmann
 

Andere mochten auch (12)

IMC: risk base security
IMC: risk base securityIMC: risk base security
IMC: risk base security
 
Tt 06-ck
Tt 06-ckTt 06-ck
Tt 06-ck
 
SecurityExchange2009-Key Note
SecurityExchange2009-Key NoteSecurityExchange2009-Key Note
SecurityExchange2009-Key Note
 
Chaiyakorn
ChaiyakornChaiyakorn
Chaiyakorn
 
Vp Leadership And Organizational Development
Vp Leadership And Organizational DevelopmentVp Leadership And Organizational Development
Vp Leadership And Organizational Development
 
IT Security EBK2008 Summary
IT Security EBK2008 SummaryIT Security EBK2008 Summary
IT Security EBK2008 Summary
 
Introduction to INFOSEC Professional
Introduction to INFOSEC ProfessionalIntroduction to INFOSEC Professional
Introduction to INFOSEC Professional
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applications
 
Addressing CIP
Addressing CIPAddressing CIP
Addressing CIP
 
The Role of Foreign Direct Investment in Myanmar by Naw Eh Khu Mue+Hnin Thuza...
The Role of Foreign Direct Investment in Myanmar by Naw Eh Khu Mue+Hnin Thuza...The Role of Foreign Direct Investment in Myanmar by Naw Eh Khu Mue+Hnin Thuza...
The Role of Foreign Direct Investment in Myanmar by Naw Eh Khu Mue+Hnin Thuza...
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber Threats
 
Myanmar _ Investment Guide - Book 1 (ENG)
Myanmar _ Investment Guide - Book 1 (ENG)Myanmar _ Investment Guide - Book 1 (ENG)
Myanmar _ Investment Guide - Book 1 (ENG)
 

Ähnlich wie Cloud Security by CK

The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...Elasticsearch
 
Oracle here. now. your choice.
Oracle here. now. your choice.Oracle here. now. your choice.
Oracle here. now. your choice.CIOEastAfrica
 
Identity Management for the Cloud
Identity Management for the CloudIdentity Management for the Cloud
Identity Management for the CloudHorst Walther
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
Financial Analyst Day 2013
Financial Analyst Day 2013Financial Analyst Day 2013
Financial Analyst Day 2013avelinakauffman
 
MDG & RDM field reports Aaron Zornes - 2012 Singapore- print v1
MDG & RDM field reports Aaron Zornes - 2012 Singapore- print v1MDG & RDM field reports Aaron Zornes - 2012 Singapore- print v1
MDG & RDM field reports Aaron Zornes - 2012 Singapore- print v1Aaron Zornes
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...OracleIDM
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlCipherCloud
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01promediakw
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
 
Cloud Services: Resolving the Trust vs. Uptake Paradox
Cloud Services: Resolving the Trust vs. Uptake ParadoxCloud Services: Resolving the Trust vs. Uptake Paradox
Cloud Services: Resolving the Trust vs. Uptake ParadoxcVidya Networks
 
Redefining Security in the Cloud
Redefining Security in the CloudRedefining Security in the Cloud
Redefining Security in the CloudMike Spaulding
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Jason Jolley
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! EMC
 
Engineering Big Data Infra with Openstack
Engineering Big Data Infra with OpenstackEngineering Big Data Infra with Openstack
Engineering Big Data Infra with OpenstackDebojyoti Dutta
 
Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ramy Houssaini
 

Ähnlich wie Cloud Security by CK (20)

The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
 
Oracle here. now. your choice.
Oracle here. now. your choice.Oracle here. now. your choice.
Oracle here. now. your choice.
 
Identity Management for the Cloud
Identity Management for the CloudIdentity Management for the Cloud
Identity Management for the Cloud
 
I Syed, Sr. Consultant - Enterprise Information Security Governance, Risk, Co...
I Syed, Sr. Consultant - Enterprise Information Security Governance, Risk, Co...I Syed, Sr. Consultant - Enterprise Information Security Governance, Risk, Co...
I Syed, Sr. Consultant - Enterprise Information Security Governance, Risk, Co...
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
 
Financial Analyst Day 2013
Financial Analyst Day 2013Financial Analyst Day 2013
Financial Analyst Day 2013
 
MDG & RDM field reports Aaron Zornes - 2012 Singapore- print v1
MDG & RDM field reports Aaron Zornes - 2012 Singapore- print v1MDG & RDM field reports Aaron Zornes - 2012 Singapore- print v1
MDG & RDM field reports Aaron Zornes - 2012 Singapore- print v1
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining Control
 
Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation Enabler
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
 
Fad final print
Fad final printFad final print
Fad final print
 
Cloud Services: Resolving the Trust vs. Uptake Paradox
Cloud Services: Resolving the Trust vs. Uptake ParadoxCloud Services: Resolving the Trust vs. Uptake Paradox
Cloud Services: Resolving the Trust vs. Uptake Paradox
 
Redefining Security in the Cloud
Redefining Security in the CloudRedefining Security in the Cloud
Redefining Security in the Cloud
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore!
 
Engineering Big Data Infra with Openstack
Engineering Big Data Infra with OpenstackEngineering Big Data Infra with Openstack
Engineering Big Data Infra with Openstack
 
Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011
 

Mehr von Narinrit Prem-apiwathanokul

Infosec Workforce Development Framework For Thailand
Infosec Workforce Development Framework For ThailandInfosec Workforce Development Framework For Thailand
Infosec Workforce Development Framework For ThailandNarinrit Prem-apiwathanokul
 

Mehr von Narinrit Prem-apiwathanokul (6)

How to address C-Level properly?
How to address C-Level properly?How to address C-Level properly?
How to address C-Level properly?
 
Infosec Workforce Development Framework For Thailand
Infosec Workforce Development Framework For ThailandInfosec Workforce Development Framework For Thailand
Infosec Workforce Development Framework For Thailand
 
Improving SCADA Security
Improving SCADA SecurityImproving SCADA Security
Improving SCADA Security
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C K
 
CCA Preparation for Organization
CCA Preparation for OrganizationCCA Preparation for Organization
CCA Preparation for Organization
 

Kürzlich hochgeladen

The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...anjaliyadav012327
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 

Kürzlich hochgeladen (20)

The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 

Cloud Security by CK

  • 1. Cloud Security Concerns By Chaiyakorn Apiwathanokul C3O, S-Generation Co., Ltd.
  • 2. Name: Chaiyakorn Apiwathanokul ไชยกร อภิวัฒโนกุล Title: Chief Executive Officer Company: S-GENERATION Company Limited S-FORENSICS Company Limited Certificates: CISSP, CSSLP, IRCA:ISMS (ISO27001), SANS:GCFA • CSO ASEAN Award 2010 by International Data Group (IDG) • 2010 Asia-Pacific Information Security Leadership Achievements (ISLA) by (ISC)2 • Security Sub-commission under Thailand Electronic Transaction Commission (ET Act B.E. 2544) • Contribute to Thailand Cyber Crime Act B.E.2550 • Workgroup for CA service standard development • Committee of national standard adoption of ISO27001/ISO27002 • Committee of Thailand Information Security Association (TISA) • Committee of Cybersecurity workforce development, Division of Skill Development, Ministry of Labour chaiyakorna@hotmail.com • Advisor to Department of Special Investigation (DSI) • Advisor to Cybersecurity Monitoring Center, Ministry of Defense (MOD) 1997 1999 2000 2004 2006 2011
  • 3.
  • 5. What do you think of when it comes to CLOUD?
  • 6.
  • 8. Cheaper Cost Efficiency Resiliency High Availability Elasticity On-Demand Quick Deployment Out-sourcing
  • 10. GO!!! or NO GO?
  • 11. What to worry about?
  • 12. Surveys Show SECURITY & PRIVACY #1 Concern
  • 13. Top Threats to Cloud Computing Survey Results Update 2012
  • 14. Top Threats to Cloud Computing 1. Abuse & Nefarious Use of Cloud Computing 2. Insecure Interfaces & APIs 3. Malicious Insiders 4. Shared Technology Issues 5. Data Loss or Leakage 6. Account or Service Hijacking 7. Unknown Risk Profile © 2012 S-Generation Co., Ltd.
  • 15. 15 ENISA Cloud Risks 1. Loss of governance 2. Lock-in 3. Isolation failure 4. Compliance risks 5. Management interface compromise 6. Data protection 7. Insecure or incomplete data deletion 8. Malicious insider © 2012 S-Generation Co., Ltd.
  • 16. © 2012 S-Generation Co., Ltd.
  • 17. NIST SP800-144 Key Security and Privacy Issues 1 Governance 2 Compliance 3 Trust 4 Architecture 5 Identity and Access Management 6 Software Isolation 7 Data Protection 8 Availability 9 Incident Response © 2012 S-Generation Co., Ltd.
  • 18. Certificate of Cloud Security Knowledge • First certification on cloud computing security • Most prestigious cloud computing certification • Measures mastery of CSA guidance and ENISA cloud risks whitepaper • Understand cloud issues • Look for the CCSKs at cloud providers, consulting partners • Online web-based examination • www.cloudsecurityalliance.org/certifyme © 2012 S-Generation Co., Ltd.
  • 19. 13 Domains of CCSK © 2012 S-Generation Co., Ltd.
  • 20. 0.5 Lifecycle considerations “Information” Create Destroy Store Transmit Process Use 20 © 2012 S-Generation Co., Ltd.
  • 21. 0.5 Lifecycle considerations “Information System” Conceive Implement Use Specify Test Maintain Design Develop Dispose 21 © 2012 S-Generation Co., Ltd.
  • 22. Domain 5: Information Management & Data Security 5.6 Data Security 5.6.1 Detecting and Preventing Data Migrations to The Cloud 5.6.2 Protecting Data Moving to (And Within) The Cloud 5.6.3 Protecting Data in The Cloud 5.6.4 Data Lost Prevention 5.6.5 Database and File Activity Monitoring 5.6.6 Application Security 5.6.7 Privacy Preserving Storage 5.6.8 Digital Rights Management (DRM) © 2012 S-Generation Co., Ltd.
  • 23. Back to The Basic • Classify everything – Data – Network – Platform – App – Provider – Personnel involved • Owner, who, R&R • Custodian, who, R&R © 2012 S-Generation Co., Ltd.
  • 24. Conclusion • Cloud is here to stay • Cloud help reduce capital and operational cost • Cost of data breach is in question • It’s not about go or no-go, it’s about how to go effectively • We are not living in a business (only) world • There are underground economy, cyber criminal, terrorism, and state intelligence • Secure development and secure operation • Does cloud computing helps your operation more secure? – Operation - may be – Data security framework - ? © 2012 S-Generation Co., Ltd.
  • 25. http://www. thailand.org © 2012 S-Generation Co., Ltd.
  • 26. Happy New Year to ICTSEC • Free web security health check 1 scan 1 report • Promotion code: ICTSEC@EGAT • Contact: – Tel. 02-613-0500 Start at 5,000 THB/month – Mail. sales@s-generation.com – http://www.EZWebSec.com © 2012 S-Generation Co., Ltd.
  • 27. Please visit h t t p : / / w w w. S - G E N E R AT I O N . c o m for more information Thank Y ou Please visit h t t p : / / w w w. S - F O R E N S I C S . c o m for more information 27