Your SlideShare is downloading. ×
0
Coud discovery chap 5
Coud discovery chap 5
Coud discovery chap 5
Coud discovery chap 5
Coud discovery chap 5
Coud discovery chap 5
Coud discovery chap 5
Coud discovery chap 5
Coud discovery chap 5
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Coud discovery chap 5

249

Published on

An introduction to Cloud Computing, based on the material from Rackspace’s, CloudU Certification. …

An introduction to Cloud Computing, based on the material from Rackspace’s, CloudU Certification.
Chapter 5: Cloud security

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
249
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. CLOUD DISCOVERYAN INTRODUCTION TO CLOUD COMPUTING Chapter 5: Cloud security By: Alain Charpentier
  • 2. Table of content• Cloud security framework• Cloud provider’s responsibilities – Physical security, Operating system security, Hypervisor security, Network security• Cloud customer’s responsibilities – Firewalls, Patches and backup, Passwords, Virtual machine security, Access devices security, Staff
  • 3. Cloud Security framework• The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into best practices for securing Cloud Computing technologies. The industry group also provides security education and guidance to companies implementing cloud computing and helps vendors address security in their software delivery models.• The CSA leads a number of initiatives through which it provides white papers, tools and reports to help companies and vendors secure Cloud Computing services. For example, it provides a toolkit for assessing private and public clouds against industry-established security best practices.
  • 4. Cloud provider’s responsibilities (1/2)• Physical Security – Security of the building – Keycard, round-the-clock surveillance – Authorization of personnel – Background checking• Operating system security – Utilization of a hardened operating system – An intrusion detection system – The minimum number of user accounts possible – Controls to limit administrator access to named accounts – Strong/ complex access passwords – No publicly accessible network accessible services – Hardened systems running only the necessary programs, services, and drivers
  • 5. Cloud provider’s responsibilities (2/2)• Hypervisor security – Protects the hypervisor from malware and rootkits installing themselves below the operating system – Protects the hypervisor management network from unauthorized access – Ensures compliance with security policies for protecting the hypervisor from network attack – Validates the secure configuration of hypervisor network services – Use policy driven configuration for protection of the hypervisor network• Network security – Network security consists of the policies and procedures adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources – These include perimeter controls, controls to limit network access, and lists to regulate access control
  • 6. Cloud customer’s responsibilities (1/3)• Firewalls – Hardware Firewalls, which are frequently built into broadband routers network of the Cloud provider. They tend to protect all the machines on the local network. Users should learn the specific features of the firewall to ensure it is configured correctly to guarantee optimum performance. – Software Firewalls, unlike hardware firewalls that protect the entire network, are installed on individual machines and protect only the particular machine within which they are installed. Software firewalls focus on averting the possibility that a third party will gain access or control of the device. Because of the virtual nature of servers in a Cloud Computing scenario, typically software firewalls are the method best suited to protect a customer’s virtual machine.
  • 7. Cloud customer’s responsibilities (2/3)• Patches and backup – Patching software on individual devices with the latest version is important as software vendors generally roll out patches frequently to respond to security threats. – Generally backing up involves the copying of data from the primary location to some other locations so that, in the event of a loss, data can be restored rapidly.• Passwords – Often passwords are the weakest link in the security chain. There is little point in investing millions of dollars in security checks, firewalls, etc. only to have security breached by an insecure password. – Other element of password safety include : • Complexity - avoid passwords that are easily guessed • Expiration – Passwords should have an expiration date • Differentiation / Federation – Users should chose different passwords for different services. • History – Users shouldn’t be able to select a password that is the same as their previous few passwords.
  • 8. Cloud customer’s responsibilities (3/3)• Virtual machine security – The use of encryption for communication – The checking of file integrity – The use of Audit Logging – The use of data encryption techniques (File/DB)• Access devices security – Physical Security – locking your desktop/laptop with a physical cable lock – The use of password protected screen savers – Rationalized access (often called Role Based Access) ensures that users are granted the minimum access needed to perform their jobs – Administrators should ideally have the ability to remotely wipe stored passwords, bookmarks and other potentially sensitive information – Taking security of Smart Phones, Tablet, and Notepads into account.• Staff – All potential employees should undergo a rigorous security check designed to weed out any personnel who may cause a security threat. Employees should continue to be monitored over time to ensure that this particular vector for security breaches remains watertight.
  • 9. QUESTIONS ?

×