Egypt Cloud Day, May2011 -- Cloud Security

374
-1

Published on

1 Comment
0 Likes
Statistics
Notes
  • Be the first to like this

No Downloads
Views
Total Views
374
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

Egypt Cloud Day, May2011 -- Cloud Security

  1. 1. 5/22/2011 Session: Cloud Security Overview! y Speaker: Mohamed El‐Refaey Mohamed@egyptcloudforum.com http://twitter.com/#!/melrefaey http://twitter.com/#!/egyptcloudforum http://www.facebook.com/?ref=home#!/pages/Egypt‐Cloud‐ Forum/111055065588154 http://eg.linkedin.com/in/mohamedelrefaey Agenda• Cloud Security  Overview• Operating in the cloud & Security.• Standards, Initiatives and Certifications• Take Aways 1
  2. 2. 5/22/2011 Cloud Security Open SecurityArchitectureActor-centricActor centric view of cloud architecture CSA Areas of Focus Security, Buss Cont., DR ing in the Cloud Data Center Operations Incident Response, Notification, Remediation Application Security Operati Encryption & Key Management Identity & Access Management Virtualization 2
  3. 3. 5/22/2011 CSA Areas of Focus Cloud Architecture ance the Cloud Governance & Enterprise Risk Management Legal & Electronic Discovery Compliance & Audit p Governa Information lifecycle Management Portability & Interoperability Top Threats (As defined by CSA)• Abuse and Nefarious Use of Cloud Abuse and Nefarious Use of Cloud  Computing• Insecure Application Programming  Interfaces• Malicious Insiders• Shared Technology Vulnerabilities Shared Technology Vulnerabilities• Data Loss/Leakage• Account, Service & Traffic Hijacking• Unknown Risk Profile 3
  4. 4. 5/22/2011 Cloud Threat Model Threats• Risk 1: Resource Exhaustion• Risk 2: Customer Isolation Failure• Risk 3: Management Interface Compromise• Risk 4: Interception of Data in Transmission• Risk 5: Data leakage on Upload/Download, Intra‐cloud• Risk 6: Insecure or Ineffective Deletion of Data• Risk 7: Distributed Denial of Service (DDoS)• Risk 8 Economic Denial of Service Risk 8: Economic Denial of Service• Risk 9: Loss or Compromise of Encryption Keys• Risk 10: Malicious Probes or Scans…• Risk 25   … Check ENISA document for the rest … Is my data safe in the cloud? 4
  5. 5. 5/22/2011 Cloud Security Initiatives  & Certificates• Trusted Cloud  McAfee Cloud  Initiative CloudAudit Security • Cloud  Security  Alliance Certificate of Cloud  FedRAMP Security Knowledge 5
  6. 6. 5/22/2011 Some Take Aways• Beware the trap of trusting the cloud vendors too Beware the trap of trusting the cloud vendors too  much• Centralized cloud model puts huge power and control  in the hands of cloud players.• Wikileaks and Amazon!• Cloud computing is a harkening back to centralizing  everything (Just not as the Internet engineered  distributed model)• Cloud Computing is not a problem‐free panacea for  businesses Thank Th k you Now, it is time for Q&A 6

×