6. Why do we care about Cloud
security?
Security of Cloud
Cloud security – Current scenario
Several data breach cases
Challenges to Cloud security
?
Comparison between traditional and Cloud security
6
7. Greatest outsourcing concerns (n=200)
SOURCE: Cloud Security Insights for IT Strategic planning, Intel IT Center, Sep 2011 7
8. SOURCE: CompTIA’s 9th Annual Information Security Trends (based on 500 US IT and business executives)
8
10. Predicted challenges to Cloud security
Insecure layered
Attractive target Interfaces
Advanced
Persistent threats
Insider attacks Challenges
Resource
sharing issues
Unforeseen risks
Data isolation in
Adoption of BYOD multi tenancy
& cloud computing
10
11. Comparison in terms of security
Traditional networks Cloud networks
Most of the present day security controls apply for both the networks
• who Who does what?
Defined
Single client – His Data isolation
data and applications and life cycle
monitoring?
The more transparency with the
Contractual obligations between Do’s and Don’ts of the
stakeholders – regular process stakeholders – the more better
11
12. What is the approach to provide
security for Cloud?
Security for Cloud
Cloud security controls – Defense in depth
Approach to resolve underlying threats
Revisiting challenges
12
13. Cloud Security Controls – Defense in depth
SOURCE: Cloud security sub-team, Cloud standards customer council, Jan 2012 13
14. Approach to resolving underlying threats
Cost savings reinvested to improvise security
CIA – key consideration for any security related issue
Collaborative governance structure between customers and providers
Contractually enforcing security requirements
Compliance and exceptions as required for risk management policies of
companies
Simulation of incident scenarios and appropriate risk treatment plan
Defense in depth strategy
Improving awareness among the cloud users will help them play safe
14
15. Revisiting the challenges
Reinvest Insecure layered
Interfaces
Attractive target
Insider attacks
Advanced Defense
Challenges
persistent threats in depth
& CIA
Compliance, Risk Resource
management, sharing issues
& SLA
Unforeseen risks
Data isolation in
Adoption of BYOD multi tenancy
& cloud computing
Awareness
15
16. How does cloud provide
security?
Security by Cloud
Security as a Service (SeaaS)
Future prospects
SeaaS in cloud for Smartphones
16
17. Security as a service
Gartner predicts – Cloud based anti-malware, anti-
spyware will generate 60% of the revenue by 2013
CSA focuses on SeaaS from a service provider point of view
17
18. Possible Cloud based security services
Identity Management
Data loss Protection
Web Security
Email Security
IDS/IPS
Encryption
Business Continuity and Disaster Recovery
Network Security
18
19. Future prospects
Feasibility analysis of the proposed security services
Framing typical implementation guidelines
Analysing pros and cons of in-house and cloud based
security services
Deriving the essence of this aspect in its entirety
19
21. CONCLUSIONS
CIA will and should remain the key consideration for IT Security
success
Cloud computing is NOT as ALIEN as it is presumed to be
DEFENSE in DEPTH is a powerful strategy
ALL STAKEHOLDERS are in a way RESPONSIBLE for a cloud security
breach
Understanding WHAT DIFFERENCES cloud adoption could make
specifically is important
ADDRESSING these issues can help build a SAFE TOMORROW
21