Cloud ComputingCLOUD SECURITY PEDRO ALEXANDER ROMERO
Cloud SecurityAgenda- Security Framework- What Vendors Should do- What Customers Should do From: www.rackspace.com/cloud/cloudu
Cloud SecurityA Security Framework for the CloudThe Cloud Security Alliance (CSA) is a non-profitorganization formed to promote the use of best practices forproviding security assurance within Cloud Computing, andprovide education on the uses of Cloud Computing to helpsecure all other forms of computing.Objectives: Promote a common level of understanding between the consumers and providers Promote independent research into best practices. Create consensus lists of issues and guidance for cloud security assurance
Cloud SecurityWhat Vendors Should Do (1/7) 1. Physical Data Center Security 2. Security of Host Machine Operating System 3. Control of Hypervisor 4. Network Security 5. Virtual Machine Security
Cloud SecurityWhat Vendors Should Do (2/7)1. Physical Data Center Security: Security of the Building: Keycard protocols, biometric scanning protocols and round-the-clock interior and exterior surveillance Authorization of Personnel: Only authorized data center personnel should be granted access Employee Background checking: Before they’re hired
Cloud SecurityWhat Vendors Should Do (3/7)2. Security of Host Machine Operating System: The operating system within which virtual machines are hosted requires extra scrutiny as it is the manager for guest virtual machines. Intrusiondetection system The minimum number of users accounts possible Limited administrator access to named accounts No publicly accessible network accessible services Vulnerabilities in the base OS can have impacts on the individual Virtual Machines.
Cloud SecurityWhat Vendors Should Do (4/7)3. Control of the Hypervisor: While, in most cases, control of individual virtual machines is the responsibility for the customer, vendors need to ensure robust security of the hypervisor itself, the tool which keeps the individual virtual machines separate.Hypervisor or virtual machine monitor (VMM) is a piece of computer software, firmware or hardware that creates and runs virtual machines.
Cloud SecurityWhat Vendors Should Do (5/7)4. Network Security:
Cloud SecurityWhat Vendors Should Do (6/7)4. Network Security: (Cont.) Consists of the policies and procedures adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification or denial of the computer network and network-accessible resources. Includes: Perimeter Controls Network access Regulate access control
Cloud SecurityWhat Vendors Should Do (7/7)5. Virtual Machine Security Virtual machines share the same security vulnerabilities as physical machines and should be protected from the same problems: hardware failures, viruses, hacking , data corruption.
Cloud SecurityWhat Customers Should Do Customers too have an important part to play in ensuring the security of the solutions they utilize.1. Firewall2. Patches and Backups3. Passwords4. Controlling Access to Devices Connected to the Cloud5. Ensuring the Security of Staff
Cloud SecurityWhat Customers Should DoThe Whispered Truth - Your Data, Your ResponsibilityIn Infrastructure as a Service (IaaS) and Platform as aService (PaaS) clouds, protecting data at rest is Customerresponsibility not the Providers.To meet privacy obligations to the company customers and employees,and to comply with regulatory standards such as PCI DSS and SOX, is amust to securely encrypt cloud-based data, while keeping operationaloverhead to a minimum.PCI DSS: Payment Card Industry Data Security StandardSOX:Sarbanes-Oxley Act of 2002