3. www.confidis.co
Need for Cloud Security
• Previously users, applications and data were
secured within the organization’s perimeter
• Mobility was restricted
• Firewalls were used to keep the bad guys out and
employees in
• Standardized access devices were owned by the
organizations
• Employees had to conform to IT policies
The Good (?) Old days…
4. www.confidis.co
Need for Cloud Security
• Confidential data resides in the Cloud
• Data is everywhere
• IT users need to access data located
outside the organization’s perimeter
• IT users can BYOD while organizations
need to allow access to partner apps
• IT users can buy business apps “off the
Cloud” without IT knowing let alone
approving it
Today’s Scenario
5. www.confidis.co
Threats inhibiting Cloud Adoption
Source: The Notorious Nine. Cloud Computing Top Threats in 2013, Cloud Security Alliance
https://cloudsecurityalliance.org/research/top-threats/
Cloud Computing
Top Threats 2013
#1 Data Breaches
#2 Data Loss
#3 Account Hijacking
#4 Insecure APIs
#5 Denial of Service
#6 Malicious Insiders
#7 Abuse of Cloud
Services
#8 Insufficient Due
Diligence
#9 Shared Technology
Issues
8. www.confidis.co
Need for Cloud Security Knowledge
Professionals
• While large areas of IT Security remain the same,
new combinations of technology have resulted in
new security challenges
• These new challenges require a study of security
from a Cloud perspective
• Certificate of Cloud Security Knowledge
(CCSK) is available from CSA
• Key guidance available in form of:
• CSA Guidance
• ENISA
9. www.confidis.co
New Trends/Challenges in Cloud
Security
Cloud Application Protection: Application protection repeatedly tests an
application to see if changes in code were made, preventing hackers intent on
putting their own malicious code into applications. This is now available as a
service from the Cloud
Open Certification Framework
The CSA Open Certification Framework is an industry
initiative to allow global, accredited, trusted certification of
cloud providers.
Big Data Security in the Cloud: The Big Data Working Group (BDWG) will be
identifying scalable techniques for data-centric security and privacy problems.
(https://cloudsecurityalliance.org/research/big-data/)
Encryption: Mitigating risks of extraction of keys from memory
Forensics in the Cloud: Ways to conduct forensic investigation in a shared
environment
10. www.confidis.co
Cloud Security Alliance
• Global, not-for-profit organization
• Over 45,000+ individual members, 100+ corporate
members
• Building best practices and a trusted cloud ecosystem
• Agile philosophy, rapid development of applied
research
− GRC: Balance compliance with risk management
− Reference models: build using existing standards
− Identity: a key foundation of a functioning cloud
economy
− Champion interoperability
− Advocacy of prudent public policy
“To promote the use of best practices for providing
security assurance within Cloud Computing, and
provide education on the uses of Cloud Computing to
help secure all other forms of computing.”
Join: Cloud Security Alliance, Mumbai Chapter on LinkedIn
(http://www.linkedin.com/groups?gid=2963138)
12. www.confidis.co
Contact Us
For any further
information,
please contact:
Keith Prabhu
Executive Director
Confidis Advisory Services
Private Limited
Email: info @ confidis DOT co