• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
369
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
30
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Cloud Security Concerns By Chaiyakorn Apiwathanokul C3O, S-Generation Co., Ltd.
  • 2. Name: Chaiyakorn Apiwathanokul ไชยกร อภิวัฒโนกุล Title: Chief Executive Officer Company: S-GENERATION Company Limited S-FORENSICS Company Limited Certificates: CISSP, CSSLP, IRCA:ISMS (ISO27001), SANS:GCFA• CSO ASEAN Award 2010 by International Data Group (IDG)• 2010 Asia-Pacific Information Security Leadership Achievements (ISLA) by (ISC)2• Security Sub-commission under Thailand Electronic Transaction Commission (ET Act B.E. 2544)• Contribute to Thailand Cyber Crime Act B.E.2550• Workgroup for CA service standard development• Committee of national standard adoption of ISO27001/ISO27002• Committee of Thailand Information Security Association (TISA)• Committee of Cybersecurity workforce development, Division of Skill Development, Ministry of Labour chaiyakorna@hotmail.com• Advisor to Department of Special Investigation (DSI)• Advisor to Cybersecurity Monitoring Center, Ministry of Defense (MOD) 1997 1999 2000 2004 2006 2011
  • 3. CLOUD!How is it like?
  • 4. What do you think of when it comes to CLOUD?
  • 5. Now!
  • 6. Cheaper Cost EfficiencyResiliency High Availability Elasticity On-Demand Quick Deployment Out-sourcing
  • 7. Then what stop you?
  • 8. GO!!! or NO GO?
  • 9. What to worry about?
  • 10. Surveys ShowSECURITY & PRIVACY #1 Concern
  • 11. Top Threats to Cloud Computing Survey Results Update 2012
  • 12. Top Threats to Cloud Computing 1. Abuse & Nefarious Use of Cloud Computing 2. Insecure Interfaces & APIs 3. Malicious Insiders 4. Shared Technology Issues 5. Data Loss or Leakage 6. Account or Service Hijacking 7. Unknown Risk Profile© 2012 S-Generation Co., Ltd.
  • 13. 15 ENISA Cloud Risks 1. Loss of governance 2. Lock-in 3. Isolation failure 4. Compliance risks 5. Management interface compromise 6. Data protection 7. Insecure or incomplete data deletion 8. Malicious insider© 2012 S-Generation Co., Ltd.
  • 14. © 2012 S-Generation Co., Ltd.
  • 15. NIST SP800-144 Key Security and Privacy Issues 1 Governance 2 Compliance 3 Trust 4 Architecture 5 Identity and Access Management 6 Software Isolation 7 Data Protection 8 Availability 9 Incident Response© 2012 S-Generation Co., Ltd.
  • 16. Certificate of Cloud Security Knowledge • First certification on cloud computing security • Most prestigious cloud computing certification • Measures mastery of CSA guidance and ENISA cloud risks whitepaper • Understand cloud issues • Look for the CCSKs at cloud providers, consulting partners • Online web-based examination • www.cloudsecurityalliance.org/certifyme© 2012 S-Generation Co., Ltd.
  • 17. 13 Domains of CCSK© 2012 S-Generation Co., Ltd.
  • 18. 0.5 Lifecycle considerations “Information” Create Destroy Store Transmit Process Use 20© 2012 S-Generation Co., Ltd.
  • 19. 0.5 Lifecycle considerations “Information System” Conceive Implement Use Specify Test Maintain Design Develop Dispose 21© 2012 S-Generation Co., Ltd.
  • 20. Domain 5: Information Management & Data Security 5.6 Data Security 5.6.1 Detecting and Preventing Data Migrations to The Cloud 5.6.2 Protecting Data Moving to (And Within) The Cloud 5.6.3 Protecting Data in The Cloud 5.6.4 Data Lost Prevention 5.6.5 Database and File Activity Monitoring 5.6.6 Application Security 5.6.7 Privacy Preserving Storage 5.6.8 Digital Rights Management (DRM)© 2012 S-Generation Co., Ltd.
  • 21. Back to The Basic • Classify everything – Data – Network – Platform – App – Provider – Personnel involved • Owner, who, R&R • Custodian, who, R&R© 2012 S-Generation Co., Ltd.
  • 22. Conclusion • Cloud is here to stay • Cloud help reduce capital and operational cost • Cost of data breach is in question • It’s not about go or no-go, it’s about how to go effectively • We are not living in a business (only) world • There are underground economy, cyber criminal, terrorism, and state intelligence • Secure development and secure operation • Does cloud computing helps your operation more secure? – Operation - may be – Data security framework - ?© 2012 S-Generation Co., Ltd.
  • 23. http://www. thailand.org© 2012 S-Generation Co., Ltd.
  • 24. Happy New Year to ICTSEC • Free web security health check 1 scan 1 report • Promotion code: ICTSEC@EGAT • Contact: – Tel. 02-613-0500 Start at 5,000 THB/month – Mail. sales@s-generation.com – http://www.EZWebSec.com© 2012 S-Generation Co., Ltd.
  • 25. Please visit h t t p : / / w w w. S - G E N E R AT I O N . c o m for more information Thank Y ou Please visith t t p : / / w w w. S - F O R E N S I C S . c o mfor more information 27