Your SlideShare is downloading. ×
  • Like
Cloud security design considerations
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Cloud security design considerations

  • 1,273 views
Published

 

Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,273
On SlideShare
0
From Embeds
0
Number of Embeds
6

Actions

Shares
Downloads
119
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Cloud SecurityDesign ConsiderationsKavis Technology Consulting
  • 2. What level of security is required
  • 3. What level of security is required•••••
  • 4. What level of security is required••••••••••
  • 5. What level of security is required••••••••••
  • 6. What level of security is required•••••••••
  • 7. Security and Cloud Service Models
  • 8. Private Cloudshttp://designyoutrust.com
  • 9. It’s allYou!
  • 10. Public Clouds
  • 11. Vendor supplies …- Infrastructure securityYoudothis
  • 12. Vendor supplies …- Application Stack Security- Infrastructure SecurityYoudothis
  • 13. Vendor supplies …- Application Security- Application Stack Security- Infrastructure SecurityYoudothis
  • 14. Infrastructure Security••••
  • 15. Applications Stack Security••••
  • 16. Application Security•••••••••
  • 17. User security•••
  • 18. Security across all service models•••••••••Source:https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf
  • 19. Key Security Areas of Focus••••••••••
  • 20. Security StrategiesCentralizeStandardizeAutomate
  • 21. Security ActionsApplicationDetectionPrevention
  • 22. Policy Enforcement”Golden” ImageCloud ServersDeploy••••••
  • 23. Policy Enforcement••••••
  • 24. Policy Enforcement••••••••Client ServerData StoreDeployAdmin ConsolePolicies
  • 25. Encryption•••••••••Encryption• Compliance• SecurityUsability• Complexity• Performance
  • 26. Encryption•••••••••••Encryption• Compliance• SecurityUsability• Complexity• Performance
  • 27. Key Management•••••••••ApplicationsUsersOrganizationsAccount
  • 28. Web Security••••
  • 29. API Token ManagementDo Not Roll Your Own
  • 30. API Token Management
  • 31. API Token Management
  • 32. API Token Management••••••
  • 33. Patch Management•••••••••
  • 34. Monitoring Security Performance Capacity Uptime Throughput SLA User metrics Kpis Log file analysis
  • 35. IntrusionDetectionTroubleShootingLogging
  • 36. Source: http://www.thoughtworks.com/continuous-deliveryContinuous Deployments
  • 37. Maintaining Consistent EnvironmentsAutomationManageTrackAdminister• Self Provision• Charge Back• Access Control• Policies• Audits
  • 38. ID ManagementCentralizedLDAPFacadeEntity 1 Entity 2 Entity nCSP 1 CSP 2 CSP 3USE CASEs Business to Business Internal costumers Known CustomersAdvantages Central control Roles, and groups termination
  • 39. ID ManagementdeCentralizedUSE CASEs Business to Consumer Open registration Large Number ofenrolleesAdvantages Must accept terms Simple integrationwith PartnersSource: http://static.springsource.org/spring-social/docs/1.0.x/reference/html/serviceprovider.html
  • 40. Thank YouFor details on this topic and others go to my blogwww Kavistechnology comImages courtesy of www.thinkstockphotos.com