Keith prabhu cloud security-public
Upcoming SlideShare
Loading in...5
×
 

Keith prabhu cloud security-public

on

  • 360 views

 

Statistics

Views

Total Views
360
Views on SlideShare
271
Embed Views
89

Actions

Likes
1
Downloads
5
Comments
0

1 Embed 89

http://www.confidis.co 89

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Keith prabhu cloud security-public Keith prabhu cloud security-public Presentation Transcript

  • www.confidis.coTechnology ConsultingCloud SecurityEmerging TrendsJune 12, 2013Keith PrabhuMaster of Business (Australia), CCSK, MBCI, CISSP, CISAExecutive Director, Confidis Advisory ServicesFounder & Director, Cloud Security Alliance, Mumbai Chapter
  • www.confidis.coStorylineNeed for Cloud SecurityThreatsInhibiting CloudAdoptionCloud Vulnerabilities ResearchCSA ResourcesNeed for CCSKNew Trends
  • www.confidis.coNeed for Cloud Security• Previously users, applications and data weresecured within the organization’s perimeter• Mobility was restricted• Firewalls were used to keep the bad guys out andemployees in• Standardized access devices were owned by theorganizations• Employees had to conform to IT policiesThe Good (?) Old days…
  • www.confidis.coNeed for Cloud Security• Confidential data resides in the Cloud• Data is everywhere• IT users need to access data locatedoutside the organization’s perimeter• IT users can BYOD while organizationsneed to allow access to partner apps• IT users can buy business apps “off theCloud” without IT knowing let aloneapproving itToday’s Scenario
  • www.confidis.coThreats inhibiting Cloud AdoptionSource: The Notorious Nine. Cloud Computing Top Threats in 2013, Cloud Security Alliancehttps://cloudsecurityalliance.org/research/top-threats/Cloud ComputingTop Threats 2013#1 Data Breaches#2 Data Loss#3 Account Hijacking#4 Insecure APIs#5 Denial of Service#6 Malicious Insiders#7 Abuse of CloudServices#8 Insufficient DueDiligence#9 Shared TechnologyIssues
  • www.confidis.coCloud Vulnerabilities ResearchSource: CSA Research, Dr. Ryan Ko, Sr. Lecturer, University of Waikato
  • www.confidis.coAssessing Security MaturityIncident Management and ForensicsConsensus Assessments InitiativeCloud Controls Matrix Trusted Cloud Initiative Top Threats to Cloud Computing
  • www.confidis.coNeed for Cloud Security KnowledgeProfessionals• While large areas of IT Security remain the same,new combinations of technology have resulted innew security challenges• These new challenges require a study of securityfrom a Cloud perspective• Certificate of Cloud Security Knowledge(CCSK) is available from CSA• Key guidance available in form of:• CSA Guidance• ENISA
  • www.confidis.coNew Trends/Challenges in CloudSecurityCloud Application Protection: Application protection repeatedly tests anapplication to see if changes in code were made, preventing hackers intent onputting their own malicious code into applications. This is now available as aservice from the CloudOpen Certification FrameworkThe CSA Open Certification Framework is an industryinitiative to allow global, accredited, trusted certification ofcloud providers.Big Data Security in the Cloud: The Big Data Working Group (BDWG) will beidentifying scalable techniques for data-centric security and privacy problems.(https://cloudsecurityalliance.org/research/big-data/)Encryption: Mitigating risks of extraction of keys from memoryForensics in the Cloud: Ways to conduct forensic investigation in a sharedenvironment
  • www.confidis.coCloud Security Alliance• Global, not-for-profit organization• Over 45,000+ individual members, 100+ corporatemembers• Building best practices and a trusted cloud ecosystem• Agile philosophy, rapid development of appliedresearch− GRC: Balance compliance with risk management− Reference models: build using existing standards− Identity: a key foundation of a functioning cloudeconomy− Champion interoperability− Advocacy of prudent public policy“To promote the use of best practices for providingsecurity assurance within Cloud Computing, andprovide education on the uses of Cloud Computing tohelp secure all other forms of computing.”Join: Cloud Security Alliance, Mumbai Chapter on LinkedIn(http://www.linkedin.com/groups?gid=2963138)
  • www.confidis.coThank You!
  • www.confidis.coContact UsFor any furtherinformation,please contact:Keith PrabhuExecutive DirectorConfidis Advisory ServicesPrivate LimitedEmail: info @ confidis DOT co