Cloud Security - Security Aspects of Cloud Computing
Upcoming SlideShare
Loading in...5
×
 

Cloud Security - Security Aspects of Cloud Computing

on

  • 4,042 views

Lightning talk presented at Jakarta's Executive Forum, 5 August 2010.

Lightning talk presented at Jakarta's Executive Forum, 5 August 2010.

Statistics

Views

Total Views
4,042
Views on SlideShare
4,025
Embed Views
17

Actions

Likes
4
Downloads
252
Comments
2

4 Embeds 17

http://www.linkedin.com 8
http://testesweb.blogspot.com 6
http://www.testesweb.blogspot.com.br 2
http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Cloud Security - Security Aspects of Cloud Computing Cloud Security - Security Aspects of Cloud Computing Presentation Transcript

  • Bellua Asia Pacific CLOUD SECURITY SECURITY ASPECTS OF CLOUD COMPUTING JIM GEOVEDI Director, Bellua Asia Pacific jim.geovedi@bellua.com @geovedi Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com
  • Bellua Asia Pacific Essential characteristics • On-demand Service - Get computing capabilities as needed automatically • Broad Network Access - Services available over the net • Resource Pooling - Provider resources pooled to server multiple clients • Rapid Elasticity - Ability to quickly scale in/out service • Measured Service - Control, optimise services based on metering Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 2
  • Bellua Asia Pacific Service models Presentation Modality Presentation Platform APIs Applications Data Metadata Content Integration and Middleware APIs Infrastructure as Core Connectivity and Delivery Software as Platform as a Service a Service a Service Abstraction Hardware Facilities Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 3
  • Bellua Asia Pacific Deployment models • Public - Cloud infrastructure is available to the general public, owned by org selling cloud services • Private - Cloud infrastructure for single organisation only, may be managed by the organisation or a 3rd party, on or off premise • Community - Cloud infrastructure shared by several organisations that have shared concerns, managed by org or 3rd party • Hybrid - Combinations of more than clouds bound by standard or proprietary technology Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 4
  • Bellua Asia Pacific Cloud examples Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 5
  • Bellua Asia Pacific Move to the cloud? • Identify the asset(s) for cloud deployment - Data - Applications/Functions/Process • Evaluate the asset - Determine how important the data or function is to the organisation Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 6
  • Bellua Asia Pacific Top CIO concerns Security Availability Performance Cost Standards Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 7
  • Bellua Asia Pacific Cloud security threats 1. Abuse and nefarious use 2. Insecure interfaces and APIs 3. Malicious insiders 4. Shared technology issues 5. Data loss or leakage 6. Account or service hijacking 7. Unknown risk profile source: http://www.cloudsecurityalliance.org/topthreats Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 8
  • Bellua Asia Pacific Threat #1: Abuse and Nefarious Use • Criminals continue to leverage new technologies to improve their reach, avoid detection, and improve the effectiveness of their activities. • Cloud Computing providers are actively being targeted, partially because their relatively weak registration systems facilitate anonymity, and providers’ fraud detection capabilities are limited. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 9
  • Bellua Asia Pacific Threat #2: Insecure Interfaces and APIs • While most providers strive to ensure security is well integrated into their service models, it is critical for consumers of those services to understand the security implications associated with the usage, management, orchestration and monitoring of cloud services. • Reliance on a weak set of interfaces and APIs exposes organisations to a variety of security issues related to confidentiality, integrity, availability and accountability. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 10
  • Bellua Asia Pacific Threat #3: Malicious Insiders • The impact that malicious insiders can have on an organisation is considerable, given their level of access and ability to infiltrate organisations and assets. • Brand damage, financial impact, and productivity losses are just some of the ways a malicious insider can affect an operation. • As organisations adopt cloud services, the human element takes on an even more profound importance. It is critical therefore that consumers of cloud services understand what providers are doing to detect and defend against the malicious insider threat. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 11
  • Bellua Asia Pacific Threat #4: Shared Technology Issues • Attacks have surfaced in recent years that target the shared technology inside Cloud Computing environments. Disk partitions, CPU caches, GPUs, and other shared elements were never designed for strong compartmentalisation. • As a result, attackers focus on how to impact the operations of other cloud customers, and how to gain unauthorised access to data. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 12
  • Bellua Asia Pacific Threat #5: Data Loss or Leakage • Data loss or leakage can have a devastating impact on a business. Beyond the damage to one’s brand and reputation, a loss could significantly impact employee, partner, and customer morale and trust. • Loss of core intellectual property could have competitive and financial implications. Worse still, depending upon the data that is lost or leaked, there might be compliance violations and legal ramifications. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 13
  • Bellua Asia Pacific Threat #6: Account or Service Hijacking • Account and service hijacking, usually with stolen credentials, remains a top threat. With stolen credentials, attackers can often access critical areas of deployed cloud computing services, allowing them to compromise the confidentiality, integrity and availability of those services. • Organisations should be aware of these techniques as well as common defence in depth protection strategies to contain the damage (and possible litigation) resulting from a breach. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 14
  • Bellua Asia Pacific Threat #7: Unknown Risk Profile • When adopting a cloud service, the features and functionality may be well advertised, but... - What about details or compliance of the internal security procedures, configuration hardening, patching, auditing, and logging? - How are your data and related logs stored and who has access to them? - What information if any will the vendor disclose in the event of a security incident? • Often such questions are not clearly answered or are overlooked, leaving customers with an unknown risk profile that may include serious threats. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 15
  • Bellua Asia Pacific Security guidance Security guidance for critical areas of focus in cloud computing source: http://www.cloudsecurityalliance.org/guidance.html Cloud Architecture Governing in the Cloud Operating in the Cloud Cloud Computing Architectural Governance and Enterprise Risk Traditional Security, Business Framework Management Continuity and Disaster Recovery Legal and Electronic Discovery Data Centre Operations Compliance and Audit Incident Response, Notification, and Remediation Information Lifecycle Management Application Security Portability and Interoperability Encryption and Key Management Identity and Access Management Virtualisation Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 16