Hogan Kusnadi - Cloud Computing Secutity
Upcoming SlideShare
Loading in...5
×
 

Hogan Kusnadi - Cloud Computing Secutity

on

  • 395 views

Hogan Kusnadi - Cloud Computing Secutity

Hogan Kusnadi - Cloud Computing Secutity

Statistics

Views

Total Views
395
Views on SlideShare
395
Embed Views
0

Actions

Likes
0
Downloads
31
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Hogan Kusnadi - Cloud Computing Secutity Hogan Kusnadi - Cloud Computing Secutity Presentation Transcript

  • Seminar Honeynet Indonesia 2013Cloud Computing SecurityBy Hogan KusnadiCISSP-ISSAP, SSCP, CISA, CISMhoganklim@gmail.com18 June 2013
  • Peresmian SNI-ISO 20000 & 27001Kominfo & BSN, Oktober 2009
  • Rapid Development of ICT(Information Communication Technology)
  • From LAN, WAN to Cloud Computing
  • NISTNational Institute of Standards and TechnologyThis cloud model promotesavailability and is composed offive essential characteristics:– on-demand self-service– broad network access– resource pooling– rapid elasticity– measured service
  • Cloud Computing• Software as a Service (SaaS)• Platform as a Service (PaaS)• Infrastructure as a Service (IaaS)• Storage as a service (SaaS)• Communications as a service (Caas)• Network as a service (NaaS)• Monitoring as a service (MaaS)• Etc
  • XaaS (anything as a service)• Anything/Everything as a service (XaaS)– The acronym refers to an increasing number ofservices that are delivered over the Internetrather than provided locally or on-site.• XaaS is the essence of cloud computing
  • User vs Provider
  • Understanding Risk is Important
  • Two Sides of Technology
  • Benefit vs Risk of ICTMulti FunctionFlexibleEasy to useLower Cost BenefitDatabase ApplicationWeb ApplicationClient ServerNetwork IntegrationCloud ComputingIdentity TheftInformation TheftIndustrial EspionageCountry EspionageDenial of Service (DDOS)Data / Information SovereigntySabotage, Cyber Weapon, Cyber WarRiskConfidentialityIntegrityAvailability
  • Website Deface Attack Statisticwww.zone-h.org18 April 2012
  • Data Loss Incidents (2004-2013*)April2013
  • Cloud ComputingandInformation SecurityIncidents
  • How to Mitigate Risk
  • Enisa(European Network and Information Security Agency)
  • How Security Gets Integrated
  • Data Security Lifecycle
  • The Notorious NineCloud Computing Top Threats in 20131. Data Breaches2. Data Loss3. Account Hijacking4. Insecure APIs5. Denial of Service6. Malicious Insiders7. Abuse of Cloud Services8. Insufficient Due Diligence9. Shared Technology Issues
  • About the Cloud Security Alliance• Global, not-for-profit organization• Building security best practices for next generation IT• Research and Educational Programs• Cloud Provider Certification• User Certification• Awareness and Marketing• The globally authoritative source for Trust in the Cloud“To promote the use of best practices for providing security assurancewithin Cloud Computing, and provide education on the uses ofCloud Computing to help secure all other forms of computing.”
  • CSA Fast Facts• Founded in 2009• 42,000 individual members, 66 chapters globally• 200 corporate and affiliate members– Major cloud providers, tech companies, infosec leaders, DoD,Coca-Cola, Bank of America and much more• Regional hubs in Seattle USA, Singapore, HeraklionGreece• Over 30 research projects in 25 working groups• Strategic partnerships with governments, researchinstitutions, professional associations and industry
  • Growing to serve the Industry• 2009– CSA launch at RSA 2009 with SecurityGuidance for Critical Areas of Focus in CloudComputing– 6,000 members• 2010– Launch Certificate of Cloud SecurityKnowledge (CCSK)– 15,000 members• 2011– Launch CSA Security, Trust and AssuranceRegistry (STAR)– 27,000 members• 2012– Launch CSA Mobile and Big Data research toaddress emerging needs– 42,000 membersNorthAmericaEMEAAPAC010,00020,00030,00040,00050,000Membership Growth
  • www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgResearch PortfolioOur research includesfundamental projects neededto define and implement trustwithin the future ofinformation technologyCSA continues to beaggressive in producingcritical research, educationand toolsSponsorship opportunitiesSelected research projects infollowing slidesCopyright © 2012 Cloud Security Alliance
  • Security as a Service• Security as a Service– Research for gaining greaterunderstanding for how to deliver securitysolutions via cloud models.• Information Security Industry Re-invented• Identify Ten Categories within SecaaS• Implementation Guidance for eachSecaaS Category• Align with international standards andother CSA research• Industry Impact– Defined 10 Categories of Service andDeveloped Domain 14 of CSA Guidance V.3
  • GRC StackGRC StackFamily of 4 research projectsCloud Controls Matrix (CCM)Consensus Assessments Initiative(CAI)Cloud AuditCloud Trust Protocol (CTP)Impact to the IndustryDeveloped tools forgovernance, risk and compliancemanagement in the cloudTechnical pilotsProvider certification throughSTAR program ControlRequirementsProviderAssertionsPrivate, Community &PublicClouds
  • Smart Mobile• Mobile– Securing application stores and other publicentities deploying software to mobile devices– Analysis of mobile security capabilities andfeatures of key mobile operating systems– Cloud-based management, provisioning, policy,and data management of mobile devices toachieve security objectives– Guidelines for the mobile device securityframework and mobile cloud architectures– Solutions for resolving multiple usage rolesrelated to BYOD, e.g. personal and business useof a common device– Best practices for secure mobile applicationdevelopment
  • CCSK – User CertificationCertificate of Cloud SecurityKnowledge (CCSK)Benchmark of cloud security competencyOnline web-based examinationwww.cloudsecurityalliance.org/certifymeTraining partnershipsDeveloping new curriculum foraudit, software development andarchitecture
  • CSA Conference• Only multi-track, multi-day conferencefocused on cloud security• Key venue for new research• Primarily attended by enterprise end users• 2013 CSA Congress Plans– CSA Congress APAC, Singapore, May 15-16– CSA Congress EMEA, Europe, September– CSA Congress US, Orlando, November
  • CSA APAC• Incorporated and based in Singapore• Planned establishment of corporate HQ inSingapore• Supported by key Singaporean ministries, led byInfocomm Development Authority• Trend Micro as founding corporate office sponsor• IDA support for research and standards functions• Also private/public partnerships with gov’ts ofThailand and Hong Kong• CSA chapters throughout APAC
  • www.cloudsecurityalliance.orgCopyright © 2012 Cloud Security AllianceInternational Standardization Council• Engage international standards bodies on behalf of CSA• Propose key CSA research for standardization• Liaison relationship with ITU-T• Category A liaison with ISO/IEC SC27 & SC38• Tracking key SDOs for 2013– DMTF– IEEE– IETF– CCSA– RAISE