SlideShare ist ein Scribd-Unternehmen logo

SSL Europa Cloud Security 2013

S
ssleuropa

Cloud Security: the rules and best practices by SSL Europa

TechnologieBildung
1 von 27
Downloaden Sie, um offline zu lesen
Cloud Security: Rules and Best Practices patrick.duboys@ssl-europa.com 20/11/2013 Autorité d’Enregistrement
Agenda       Seven Cloud Computing Risks Asymmetric encryption Electronic signature Strong authentication Rules Best Practices Autorité d’Enregistrement
Cloud-Computing Security Risks (1) Risk Assessment • • • Data integrity, recovery privacy Evaluation of legal issues, regulatory compliance, auditing Etc… Transparency • • • • • Qualification of policy makers, architects, coders, operators Risk-control processes and technical mechanisms Level of testing How unanticipated vulnerabilities are identified Etc… Autorité d’Enregistrement
Seven Cloud-Computing Risks (1) 1. Privileged user access • • • 2. Regulatory compliance • • 3. Customers are responsible Check external audits and security certifications Data location • • 4. Physical, logical and personnel control Ask about hiring and oversight of administrators What control there is ? Commitment to storing and processing data in specific jurisdictions Contractual commitment Data segregation • • Data at rest and in use ? Encryption designed and tested by experienced specialist Autorité d’Enregistrement
Seven Cloud-Computing Risks (2) 5. Recovery • • • What happens in case of a disaster? Replication of data and application across multiple sites? Ability to do a complete restoration ? how long would it take? 6. Investigative support • • • • How to trace inappropriate or illegal activities? Logging and data may be for multiple customers Contractual commitment to support specific forms of investigation Get evidence that the vendor has already supported such activities 7. Long-term viability • • What if your Cloud provider goes broke or gets acquired? How could you get your data back? In which format? Replacement application? Autorité d’Enregistrement
Asymmetric Encryption  Symmetric Encryption  Asymmetric Encryption Autorité d’Enregistrement
Symmetric Encryption Message in clear Encryption Encrypted Message Decryption Message in clear Autorité d’Enregistrement
Symmetric Encryption Autorité d’Enregistrement
Symmetric Encryption Advantages – Fast – Relatively simple to implement – Very efficient in particular when the key is used only once Drawbacks – A different key by pair of users • The major issue : Keys management (as many keys to exchange as there are users) • How do Alice and Bob get the key without anybody else having access to it ? • The key must follow a different channel (phone, fax, …) Autorité d’Enregistrement
Symmetric Encryption Internet & Cloud Applications Authentication Confidentiality Authorization Integrity (applicative) � Security Infrastructure Security Policy Autorité d’Enregistrement Non repudiation
Asymmetric Encryption Invented in 1975 by Whitfield Diffie and Martin Hellman Each user owns a pair of key – The public key that is used to encrypt and which is known by everybody – The private key that is used to decrypt and which is only known by the owner Autorité d’Enregistrement
Asymmetric Encryption Encryption Symmetric Key Decryption = = Asymmetric Key Autorité d’Enregistrement
Asymmetric Encryption Autorité d’Enregistrement
Asymmetric Encryption: Signature Autorité d’Enregistrement
Symmetric Encryption Internet & Cloud Applications Authentication Confidentiality Authorization Integrity Non repudiation (applicative) � � Security Infrastructure Security Policy Autorité d’Enregistrement �
Example : SSL Server Client Server Send a message A Verification of the certificate and of the signature Negotiation of the encryption algorithm Send the certificate and the message A signed Negotiation of the encryption algorithm Generation of a session key Encryption of the session Key with the server public key Send the session key Encrypted Decryption of the session key with the private key The session key is shared Autorité d’Enregistrement
Symmetric Encryption Internet & Cloud Applications Authentication Confidentiality Authorization Integrity Non repudiation (applicative) � � � Security Infrastructure Security Policy Autorité d’Enregistrement � �
Examples of Solutions Autorité d’Enregistrement
Rules of thumbs  Use encryption   For exchanges of data with the Cloud For data in the Cloud  Use strong authentication   To connect to the Cloud To identify the Cloud server  Use signature  For exchanges of data in the Cloud Autorité d’Enregistrement
Best Practices (1)        Protect data transfer but also data in the cloud Use data-centric encryption & encryption embedded in the file format Understand how the keys will be managed (avoid reliance on cloud providers) Include files such as logs and metadata in encryption Use strong standard algorithm (such as AES-256) Use open validated formats Avoid proprietary encryption Autorité d’Enregistrement
Best Practices (2)  Content aware Encryption  Format-preserving Encryption  Use Data Leak Prevention (DLP) solutions Autorité d’Enregistrement
Best Practices (3. Data Base)  Be aware of performances issues  Use object security  Store a secure hash Autorité d’Enregistrement
Best Practices (4) Use a Key Management Software Use group levels keys Maintain keys within the Enterprise Revoking keys Define and enforce strong Key management processes and practices  Implement segregation of duties      Autorité d’Enregistrement
Recommendations (1)  Use best practices key management practices  Use off-the-shelf products from credible sources  Maintain your own trusted cryptographic source  Key scoping at the individual or group level  Use DRM systems Autorité d’Enregistrement
Recommendations (2)  Use standard algorithm  Avoid old ones such as DES  Use central and internal key management (with your own HSM, etc.)  Use segregation of duties Autorité d’Enregistrement
Reference http://www.cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf Autorité d’Enregistrement
Thank you for your attention SSL EUROPA 8 chemin des escargots 18200 Orval - France +33 (0)9 88 99 54 09 www.ssl-europa.com Autorité d’Enregistrement

Empfohlen

Security chapter6
Security chapter6Security chapter6
Security chapter6FLYMAN TECHNOLOGY LIMITED
 
Storage on cloud using dynamic encryption
Storage on cloud using dynamic encryptionStorage on cloud using dynamic encryption
Storage on cloud using dynamic encryptionMphasis
 
CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementSam Bowne
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge Pereira
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsNCC Group
 
Protecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementProtecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementStuart Marsh
 
Proprietary Information
Proprietary InformationProprietary Information
Proprietary Informationhypknight
 
Arjun it
Arjun itArjun it
Arjun itThakur Prasad
 

Empfohlen

Security chapter6
Security chapter6Security chapter6
Security chapter6FLYMAN TECHNOLOGY LIMITED
 
Storage on cloud using dynamic encryption
Storage on cloud using dynamic encryptionStorage on cloud using dynamic encryption
Storage on cloud using dynamic encryptionMphasis
 
CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementSam Bowne
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge Pereira
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsNCC Group
 
Protecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementProtecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementStuart Marsh
 
Proprietary Information
Proprietary InformationProprietary Information
Proprietary Informationhypknight
 
Arjun it
Arjun itArjun it
Arjun itThakur Prasad
 
NIC - Securing one drive and its content
NIC - Securing one drive and its contentNIC - Securing one drive and its content
NIC - Securing one drive and its contentOlav Tvedt
 
Unit 3
Unit 3Unit 3
Unit 3abhishek srivastav
 
Brochure Imperva Vormetric
Brochure Imperva VormetricBrochure Imperva Vormetric
Brochure Imperva VormetricMichelle Guerrero Montalvo
 
Securing Data in MongoDB with Gazzang and Chef
Securing Data in MongoDB with Gazzang and ChefSecuring Data in MongoDB with Gazzang and Chef
Securing Data in MongoDB with Gazzang and ChefMongoDB
 
IACP 2011
IACP 2011IACP 2011
IACP 2011gnichols_interdev
 
FinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-OptimizedFinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-OptimizedPhillip Stalnaker
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityKarthikeyan Dhayalan
 
Next-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with TelosNext-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with TelosAmazon Web Services
 
In data security
In data securityIn data security
In data securityadithdev
 
The security story behind critical industrial networks
The security story behind critical industrial networks The security story behind critical industrial networks
The security story behind critical industrial networks odix (ODI LTD)
 
Crypto academy
Crypto academyCrypto academy
Crypto academyPaul Gillingwater, MBA
 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and TestingSam Bowne
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020odix (ODI LTD)
 
Honeypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsHoneypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsAPNIC
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingSam Bowne
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security OperationsSam Bowne
 
CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)Sam Bowne
 
CISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingCISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingSam Bowne
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
Judgment Debtors
Judgment DebtorsJudgment Debtors
Judgment Debtorsnavneetrai
 
2 ПАТ Черкассыоблэнерго sml
2 ПАТ Черкассыоблэнерго sml2 ПАТ Черкассыоблэнерго sml
2 ПАТ Черкассыоблэнерго smlOleksander Prudkoy
 

Weitere ähnliche Inhalte

Was ist angesagt?

NIC - Securing one drive and its content
NIC - Securing one drive and its contentNIC - Securing one drive and its content
NIC - Securing one drive and its contentOlav Tvedt
 
Securing Data in MongoDB with Gazzang and Chef
Securing Data in MongoDB with Gazzang and ChefSecuring Data in MongoDB with Gazzang and Chef
Securing Data in MongoDB with Gazzang and ChefMongoDB
 
FinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-OptimizedFinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-OptimizedPhillip Stalnaker
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityKarthikeyan Dhayalan
 
Next-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with TelosNext-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with TelosAmazon Web Services
 
In data security
In data securityIn data security
In data securityadithdev
 
The security story behind critical industrial networks
The security story behind critical industrial networks The security story behind critical industrial networks
The security story behind critical industrial networks odix (ODI LTD)
 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and TestingSam Bowne
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020odix (ODI LTD)
 
Honeypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsHoneypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsAPNIC
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingSam Bowne
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security OperationsSam Bowne
 
CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)Sam Bowne
 
CISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingCISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingSam Bowne
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 

Was ist angesagt? (20)

NIC - Securing one drive and its content
NIC - Securing one drive and its contentNIC - Securing one drive and its content
NIC - Securing one drive and its content
 
Unit 3
Unit 3Unit 3
Unit 3
 
Brochure Imperva Vormetric
Brochure Imperva VormetricBrochure Imperva Vormetric
Brochure Imperva Vormetric
 
Securing Data in MongoDB with Gazzang and Chef
Securing Data in MongoDB with Gazzang and ChefSecuring Data in MongoDB with Gazzang and Chef
Securing Data in MongoDB with Gazzang and Chef
 
IACP 2011
IACP 2011IACP 2011
IACP 2011
 
FinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-OptimizedFinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-Optimized
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical security
 
Next-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with TelosNext-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with Telos
 
In data security
In data securityIn data security
In data security
 
The security story behind critical industrial networks
The security story behind critical industrial networks The security story behind critical industrial networks
The security story behind critical industrial networks
 
Crypto academy
Crypto academyCrypto academy
Crypto academy
 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and Testing
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
 
odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020
 
Honeypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsHoneypots for proactively detecting security incidents
Honeypots for proactively detecting security incidents
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and Testing
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security Operations
 
CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)
 
CISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingCISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and Testing
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
 

Andere mochten auch

Judgment Debtors
Judgment DebtorsJudgment Debtors
Judgment Debtorsnavneetrai
 
2 ПАТ Черкассыоблэнерго sml
2 ПАТ Черкассыоблэнерго sml2 ПАТ Черкассыоблэнерго sml
2 ПАТ Черкассыоблэнерго smlOleksander Prudkoy
 
การเขียนโปรแกรมโดยใช้ Net beans
การเขียนโปรแกรมโดยใช้ Net beansการเขียนโปรแกรมโดยใช้ Net beans
การเขียนโปรแกรมโดยใช้ Net beansDonnapha Bor-sap
 
8051 Microcontroller Tutorial and Architecture with Applications
8051 Microcontroller Tutorial and Architecture with Applications8051 Microcontroller Tutorial and Architecture with Applications
8051 Microcontroller Tutorial and Architecture with Applicationselprocus
 
Enfermedad trofoblastica gestacional
Enfermedad trofoblastica gestacionalEnfermedad trofoblastica gestacional
Enfermedad trofoblastica gestacionalNelva Gallardo
 
Aguilas enero del 2016
Aguilas enero del 2016Aguilas enero del 2016
Aguilas enero del 2016Josue Gonzalez
 
Harvey Nichols Dubai - by www.aramanstudio.com
Harvey Nichols Dubai - by www.aramanstudio.comHarvey Nichols Dubai - by www.aramanstudio.com
Harvey Nichols Dubai - by www.aramanstudio.comaraman
 
Levítico santidad practica xxiv ibe callao
Levítico santidad practica xxiv ibe callaoLevítico santidad practica xxiv ibe callao
Levítico santidad practica xxiv ibe callaoIBE Callao
 

Andere mochten auch (9)

Judgment Debtors
Judgment DebtorsJudgment Debtors
Judgment Debtors
 
2 ПАТ Черкассыоблэнерго sml
2 ПАТ Черкассыоблэнерго sml2 ПАТ Черкассыоблэнерго sml
2 ПАТ Черкассыоблэнерго sml
 
Personal SWOT
Personal SWOTPersonal SWOT
Personal SWOT
 
การเขียนโปรแกรมโดยใช้ Net beans
การเขียนโปรแกรมโดยใช้ Net beansการเขียนโปรแกรมโดยใช้ Net beans
การเขียนโปรแกรมโดยใช้ Net beans
 
8051 Microcontroller Tutorial and Architecture with Applications
8051 Microcontroller Tutorial and Architecture with Applications8051 Microcontroller Tutorial and Architecture with Applications
8051 Microcontroller Tutorial and Architecture with Applications
 
Enfermedad trofoblastica gestacional
Enfermedad trofoblastica gestacionalEnfermedad trofoblastica gestacional
Enfermedad trofoblastica gestacional
 
Aguilas enero del 2016
Aguilas enero del 2016Aguilas enero del 2016
Aguilas enero del 2016
 
Harvey Nichols Dubai - by www.aramanstudio.com
Harvey Nichols Dubai - by www.aramanstudio.comHarvey Nichols Dubai - by www.aramanstudio.com
Harvey Nichols Dubai - by www.aramanstudio.com
 
Levítico santidad practica xxiv ibe callao
Levítico santidad practica xxiv ibe callaoLevítico santidad practica xxiv ibe callao
Levítico santidad practica xxiv ibe callao
 

Ähnlich wie SSL Europa Cloud Security 2013

Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataPrecisely
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...Ulf Mattsson
 
Web-of-Things and Services Security
Web-of-Things and Services SecurityWeb-of-Things and Services Security
Web-of-Things and Services SecurityOliver Pfaff
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...MongoDB
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 
2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion DetectionAPNIC
 
Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romneywoyaoni
 
Cloud Security and some preferred practices
Cloud Security and some preferred practicesCloud Security and some preferred practices
Cloud Security and some preferred practicesMichael Pearce
 
Encryption in the enterprise
Encryption in the enterpriseEncryption in the enterprise
Encryption in the enterpriseBozhidar Bozhanov
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
CLOUD SECURITY.pptx
CLOUD SECURITY.pptxCLOUD SECURITY.pptx
CLOUD SECURITY.pptxMrPrathapG
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Mukesh Chinta
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Security Innovation
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPandreasschuster
 

Ähnlich wie SSL Europa Cloud Security 2013 (20)

Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i Data
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...
 
Web-of-Things and Services Security
Web-of-Things and Services SecurityWeb-of-Things and Services Security
Web-of-Things and Services Security
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
 
2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection
 
Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romney
 
Cloud Security and some preferred practices
Cloud Security and some preferred practicesCloud Security and some preferred practices
Cloud Security and some preferred practices
 
Encryption in the enterprise
Encryption in the enterpriseEncryption in the enterprise
Encryption in the enterprise
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
CLOUD SECURITY.pptx
CLOUD SECURITY.pptxCLOUD SECURITY.pptx
CLOUD SECURITY.pptx
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLP
 
Praetorian secure encryption_services_overview
Praetorian secure encryption_services_overviewPraetorian secure encryption_services_overview
Praetorian secure encryption_services_overview
 
Praetorian_Secure_EncryptionServices_Overview
Praetorian_Secure_EncryptionServices_OverviewPraetorian_Secure_EncryptionServices_Overview
Praetorian_Secure_EncryptionServices_Overview
 
Praetorian secure encryption_services_overview
Praetorian secure encryption_services_overviewPraetorian secure encryption_services_overview
Praetorian secure encryption_services_overview
 

Mehr von ssleuropa

Comment obtenir une clé de signature RGS avec SSL Europa?
Comment obtenir une clé de signature RGS avec SSL Europa? Comment obtenir une clé de signature RGS avec SSL Europa?
Comment obtenir une clé de signature RGS avec SSL Europa? ssleuropa
 
Comment obtenir un certificat SSL pour sécuriser son site internet?
Comment obtenir un certificat SSL pour sécuriser son site internet? Comment obtenir un certificat SSL pour sécuriser son site internet?
Comment obtenir un certificat SSL pour sécuriser son site internet? ssleuropa
 
Digital signature by SSL Europa
Digital signature by SSL EuropaDigital signature by SSL Europa
Digital signature by SSL Europassleuropa
 
Signature électronique par SSL Europa
Signature électronique par SSL EuropaSignature électronique par SSL Europa
Signature électronique par SSL Europassleuropa
 
Comment choisir son certificat ssl fr v01
Comment choisir son certificat ssl fr v01Comment choisir son certificat ssl fr v01
Comment choisir son certificat ssl fr v01ssleuropa
 
Secure your digital world v01
Secure your digital world v01Secure your digital world v01
Secure your digital world v01ssleuropa
 
Sécurité du monde numérique v01
Sécurité du monde numérique v01Sécurité du monde numérique v01
Sécurité du monde numérique v01ssleuropa
 

Mehr von ssleuropa (7)

Comment obtenir une clé de signature RGS avec SSL Europa?
Comment obtenir une clé de signature RGS avec SSL Europa? Comment obtenir une clé de signature RGS avec SSL Europa?
Comment obtenir une clé de signature RGS avec SSL Europa?
 
Comment obtenir un certificat SSL pour sécuriser son site internet?
Comment obtenir un certificat SSL pour sécuriser son site internet? Comment obtenir un certificat SSL pour sécuriser son site internet?
Comment obtenir un certificat SSL pour sécuriser son site internet?
 
Digital signature by SSL Europa
Digital signature by SSL EuropaDigital signature by SSL Europa
Digital signature by SSL Europa
 
Signature électronique par SSL Europa
Signature électronique par SSL EuropaSignature électronique par SSL Europa
Signature électronique par SSL Europa
 
Comment choisir son certificat ssl fr v01
Comment choisir son certificat ssl fr v01Comment choisir son certificat ssl fr v01
Comment choisir son certificat ssl fr v01
 
Secure your digital world v01
Secure your digital world v01Secure your digital world v01
Secure your digital world v01
 
Sécurité du monde numérique v01
Sécurité du monde numérique v01Sécurité du monde numérique v01
Sécurité du monde numérique v01
 

Kürzlich hochgeladen

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 

Kürzlich hochgeladen (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 

SSL Europa Cloud Security 2013

  • 1. Cloud Security: Rules and Best Practices patrick.duboys@ssl-europa.com 20/11/2013 Autorité d’Enregistrement
  • 2. Agenda       Seven Cloud Computing Risks Asymmetric encryption Electronic signature Strong authentication Rules Best Practices Autorité d’Enregistrement
  • 3. Cloud-Computing Security Risks (1) Risk Assessment • • • Data integrity, recovery privacy Evaluation of legal issues, regulatory compliance, auditing Etc… Transparency • • • • • Qualification of policy makers, architects, coders, operators Risk-control processes and technical mechanisms Level of testing How unanticipated vulnerabilities are identified Etc… Autorité d’Enregistrement
  • 4. Seven Cloud-Computing Risks (1) 1. Privileged user access • • • 2. Regulatory compliance • • 3. Customers are responsible Check external audits and security certifications Data location • • 4. Physical, logical and personnel control Ask about hiring and oversight of administrators What control there is ? Commitment to storing and processing data in specific jurisdictions Contractual commitment Data segregation • • Data at rest and in use ? Encryption designed and tested by experienced specialist Autorité d’Enregistrement
  • 5. Seven Cloud-Computing Risks (2) 5. Recovery • • • What happens in case of a disaster? Replication of data and application across multiple sites? Ability to do a complete restoration ? how long would it take? 6. Investigative support • • • • How to trace inappropriate or illegal activities? Logging and data may be for multiple customers Contractual commitment to support specific forms of investigation Get evidence that the vendor has already supported such activities 7. Long-term viability • • What if your Cloud provider goes broke or gets acquired? How could you get your data back? In which format? Replacement application? Autorité d’Enregistrement
  • 6. Asymmetric Encryption  Symmetric Encryption  Asymmetric Encryption Autorité d’Enregistrement
  • 7. Symmetric Encryption Message in clear Encryption Encrypted Message Decryption Message in clear Autorité d’Enregistrement
  • 9. Symmetric Encryption Advantages – Fast – Relatively simple to implement – Very efficient in particular when the key is used only once Drawbacks – A different key by pair of users • The major issue : Keys management (as many keys to exchange as there are users) • How do Alice and Bob get the key without anybody else having access to it ? • The key must follow a different channel (phone, fax, …) Autorité d’Enregistrement
  • 10. Symmetric Encryption Internet & Cloud Applications Authentication Confidentiality Authorization Integrity (applicative) � Security Infrastructure Security Policy Autorité d’Enregistrement Non repudiation
  • 11. Asymmetric Encryption Invented in 1975 by Whitfield Diffie and Martin Hellman Each user owns a pair of key – The public key that is used to encrypt and which is known by everybody – The private key that is used to decrypt and which is only known by the owner Autorité d’Enregistrement
  • 15. Symmetric Encryption Internet & Cloud Applications Authentication Confidentiality Authorization Integrity Non repudiation (applicative) � � Security Infrastructure Security Policy Autorité d’Enregistrement �
  • 16. Example : SSL Server Client Server Send a message A Verification of the certificate and of the signature Negotiation of the encryption algorithm Send the certificate and the message A signed Negotiation of the encryption algorithm Generation of a session key Encryption of the session Key with the server public key Send the session key Encrypted Decryption of the session key with the private key The session key is shared Autorité d’Enregistrement
  • 17. Symmetric Encryption Internet & Cloud Applications Authentication Confidentiality Authorization Integrity Non repudiation (applicative) � � � Security Infrastructure Security Policy Autorité d’Enregistrement � �
  • 18. Examples of Solutions Autorité d’Enregistrement
  • 19. Rules of thumbs  Use encryption   For exchanges of data with the Cloud For data in the Cloud  Use strong authentication   To connect to the Cloud To identify the Cloud server  Use signature  For exchanges of data in the Cloud Autorité d’Enregistrement
  • 20. Best Practices (1)        Protect data transfer but also data in the cloud Use data-centric encryption & encryption embedded in the file format Understand how the keys will be managed (avoid reliance on cloud providers) Include files such as logs and metadata in encryption Use strong standard algorithm (such as AES-256) Use open validated formats Avoid proprietary encryption Autorité d’Enregistrement
  • 21. Best Practices (2)  Content aware Encryption  Format-preserving Encryption  Use Data Leak Prevention (DLP) solutions Autorité d’Enregistrement
  • 22. Best Practices (3. Data Base)  Be aware of performances issues  Use object security  Store a secure hash Autorité d’Enregistrement
  • 23. Best Practices (4) Use a Key Management Software Use group levels keys Maintain keys within the Enterprise Revoking keys Define and enforce strong Key management processes and practices  Implement segregation of duties      Autorité d’Enregistrement
  • 24. Recommendations (1)  Use best practices key management practices  Use off-the-shelf products from credible sources  Maintain your own trusted cryptographic source  Key scoping at the individual or group level  Use DRM systems Autorité d’Enregistrement
  • 25. Recommendations (2)  Use standard algorithm  Avoid old ones such as DES  Use central and internal key management (with your own HSM, etc.)  Use segregation of duties Autorité d’Enregistrement
  • 27. Thank you for your attention SSL EUROPA 8 chemin des escargots 18200 Orval - France +33 (0)9 88 99 54 09 www.ssl-europa.com Autorité d’Enregistrement