Cloud Security

  • 892 views
Uploaded on

Cloud Security

Cloud Security

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
892
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
116
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Cloud Security http://clean-clouds.comhttp://clean-clouds.com
  • 2.  Security Objectives Cloud Characteristics & Security Implications Cloud Security Challenges Control & Cloud Service Model Roles & Responsibilities Security Guidelines Documents & ChecklistsObjectiveshttp://clean-clouds.com
  • 3.  Cloud security is about 3 objectives: Confidentiality ◦ Confidentiality (C): keeping data private ◦ Integrity (I): data in the cloud is what is supposed to be ◦ Availability (A): availability of Cloud Security Information Availability IntegritySecurity Objectives
  • 4.  All kinds of security measures, are cheaper when implemented on a larger scale. ◦ (e.g. filtering, backup patch management, hardening of virtual machine instances and hypervisors, etc)  The same amount of investment in security buys better protection. Cloud Computing~ Economy of Scale & Securityhttp://clean-clouds.com
  • 5.  Cloud computing presents an added level of risk ◦ Services are outsourced to a third party. ◦ Off-Premise ◦ Multi-tenant architecture ◦ Loss of Governance - Less control over data and operations ◦ Legal and Contractual RisksCloud Security - Overview Source: Unknown / Missing
  • 6. Cloud Characteristics -> Outsourced Source: Unknown / Missinghttp://clean-clouds.com
  • 7. Cloud Characteristics -> Off- Premise Source: Unknown / Missinghttp://clean-clouds.com
  • 8. Multi-Tenant Architecture~ Shared Resources Source: Unknown / Missinghttp://clean-clouds.com
  • 9. Loss of Governance The client cedes control to the Provider on a number of issues effecting security: External pen testing not permitted. ◦ Very limited logs available. ◦ Usually no forensics service offered ◦ Not possible to inspect hardware ◦ No information on location/jurisdiction of data. ◦ Outsource or sub-contract services to third-parties (fourth parties?) Source: Unknown / Missing
  • 10.  Data in multiple jurisdictions, some of which may be risky. ◦ Multiple transfers of data exacerbate the problem  Subpoena and e-discovery  Intellectual Property  Risk Allocation and limitation of liability  Compliance challenges–how to provide evidence of compliance.Legal and Contractual Risks Source: Unknown / Missing
  • 11.  Data dispersal and international privacy laws ◦ Exposure of data to foreign government and data subpoenas ◦ Data retention issues Need for isolation management Multi-tenancy Logging challenges Data ownership issues Quality of service guarantees Cloud Security Challenges - Part 1 Source: Unknown / Missing 11
  • 12.  Dependence on secure hypervisors  Attraction to hackers (high value target)  Security of virtual OSs in the cloud  Possibility for massive outages  Encryption needs for cloud computing ◦ Encrypting administrative access to OS instances ◦ Encrypting application data at rest ◦ Encrypting application data at transits  Public cloud vs internal cloud securityCloud Security Challenges - Part 2 Source: Unknown / Missing 12
  • 13.  Issues with moving PII and sensitive data to the cloud ◦ Privacy impact assessments Using SLAs to obtain cloud security ◦ Suggested requirements for cloud SLAs ◦ Issues with cloud forensics Contingency planning and disaster recovery for cloud implementations Handling compliance ◦ FISMA ◦ HIPAA ◦ FDA ◦ PCI ◦ SAS 70 Audits Additional Issueshttp://clean-clouds.com 13
  • 14. Control & Cloud Service Model Source: Unknown / Missinghttp://clean-clouds.com
  • 15. Responsibilitieshttp://clean-clouds.com
  • 16. CIA & Cloud Service Model Source: Unknown / Missinghttp://clean-clouds.com
  • 17. Why Security is “X” factor for Cloud Service Provider?http://clean-clouds.com
  • 18.  Skin in the Game is term by investor “warren buffet” referring to situation in which high ranking insiders uses their own money to buy stock in the company they are running.Skin in the Game & Cloud ServiceProvider Source: Unknown / Missing
  • 19. Security Guidelines for Application Migration on Cloudhttp://clean-clouds.com
  • 20. How Security Guidelines can help? Source: Unknown / Missinghttp://clean-clouds.com
  • 21. Cloud Security Areashttp://clean-clouds.com
  • 22.  Authentication ◦ Existing authentication or Cloud providers’ authentication service?  SSO ◦ Single sign on for applications on cloud and on premise?  Authorization ◦ User Provision and De-Provisioning Service  User directory & Federation Services ◦ How trust is maintained across cloud and on premise domain? Identity & Access Managementhttp://clean-clouds.com
  • 23.  Fedreration Service like ADFS 2.0 implements standards such as WS- Trust, WS-Federation which is useful.  Using the WS-Federation standard, Novell Access Manager supports multiple identity stores out of the box, including Novell eDirectory, Microsoft Active Directory and Sun ONE Directory Server.  IBM Tivoli Federated Identity Manager is used for federation services.Directory Services Source: Unknown / Missing
  • 24.  Hardware, database, memory, etc. .. –like buying a hotel room or booking an aircraft.Data Security Source: Unknown / Missing
  • 25.  Data Confidentiality  Data Integrity  Availability  Backup & Archive  Key Management Information Security Life-Cyclehttp://clean-clouds.com
  • 26.  Encryption technique e.g. 128/256-bit AES symmetric/Asymmetric encryption File system or disk encryption techniques Does the encryption meet FIPS 140-2? Practical processing operations on encrypted data are not possibleEncryption is sufficient? Source: Unknown / Missing
  • 27.  Concerns ◦ Security for Data in transit ◦ Perimeter Security ◦ N/W Security Threats (DoS, Man in the middle , Packet sniffing)  Solutions ◦ Virtual Private Cloud ◦ IPSec networks ◦ Stateful firewallNetwork Security Source: Unknown / Missing
  • 28.  Virtualization / Hypervisor Threats - How is your data and application isolated from other customers?  Host Operating System - How to protect Host Operating System?  OS hardening - How OS level security like OS hardening are maintained?  Anti-virus - ensure security from Malware & Spyware? Virtualization Securityhttp://clean-clouds.com
  • 29.  Environmental Safeguards - (SAS70) Type II audit procedures ◦ Redundancy ◦ Climate and Temperature ◦ Fire Detection and Suppression  Physical Security - (SAS70) Type II audit procedures ◦ Professional security staff utilizing video surveillance, ◦ Authorized staff must pass two-factor authentication ◦ Access to datacenters by employees must be logged and audited routinelyPhysical Security Source: Unknown / Missing
  • 30.  What constitutes a cloud-based incident? ◦ Customer vs. Provider definitions  What technologies play a key role in incident detection and response? ◦ Network security, host controls, monitoring/alerting  What do cloud customers need to ask/know about provider incident response? ◦ Will consumer organizations be provided an audit trail? Maybe. Incident response in the Cloudhttp://clean-clouds.com
  • 31. Download with Linkedin Username/Password http://clean-clouds.com
  • 32. Download with Linkedin Username/Password http://clean-clouds.com
  • 33. Download with Linkedin Username/Password http://clean-clouds.com
  • 34. Download with Linkedin Username/Password http://clean-clouds.com
  • 35. Download with Linkedin Username/Password http://clean-clouds.com
  • 36. http://clean-clouds.com