Cloud Security - Made simple
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Cloud Security - Made simple

on

  • 1,060 views

Cloud security is must for any of the IaaS, PaaS, SaaS or CaaS initiative. this presentation aims to simplify the concept of cloud security with clear steps to achieve it. It also summarize the ...

Cloud security is must for any of the IaaS, PaaS, SaaS or CaaS initiative. this presentation aims to simplify the concept of cloud security with clear steps to achieve it. It also summarize the controls required to implement cloud security.

Statistics

Views

Total Views
1,060
Views on SlideShare
1,054
Embed Views
6

Actions

Likes
0
Downloads
53
Comments
0

2 Embeds 6

http://www.linkedin.com 4
https://www.linkedin.com 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Cloud Security - Made simple Presentation Transcript

  • 1. Cloud SecurityCloud Security sameer paradia sameer paradia
  • 2. Goals 1. Brief on Cloud Computing 2. Security Threats  2 Security Threats 3. Framework  4. Controls   4. Controlshttp://www.flickr.com/photos/tomhaymes/321292834/
  • 3. Understand Cloud Cl d
  • 4. Essential CharacteristicOn‐Demand Lowered requirement to  forecasts Lowered requirement to forecasts Demand trends are predicted by the  providerUsage‐metered Usage metered Pay‐by‐the‐realtime use Self‐service from pool of resources Resources managed by consumer  Resources managed by consumer with a GUI or APIElastic Scalability Grow or shrink resources as required Grow or shrink resources as requiredUbiquitous  Network The network is essential to use the  service ser i e
  • 5. Beyond basic..Modes of Deployment p S i Services Types Compute Storage IaaSDeployment Network Datacentre  models Web 2.0 Applications  Public cloud S PaaS Runtime Development tools Business  Hybrid cloud Middleware Database Java Runtime Private cloud Pi t l dCommunity cloud Collaboratio ERP / CRM aS n Saa Business  Enterprise  Processes Applications
  • 6. Security Threat Thr t
  • 7. Lots of noise on....Cloud Security?...how do we simplify it how it... http://www.flickr.com/photos/purpleslog/2870445256/in/photostream/
  • 8. It is same As current InfoSec practice You have to take the ha e same approach as current ISMShttp://www.flickr.com/photos/pheckaboolala/3410638119
  • 9. Cloud Security• What is it? – Protection of your information in Protection of your information in  cloud• Why is critical? – Your information is at central  unknown place in cloud – No visibility of security measures in No visibility of security measures in  Public cloud• Impact of breach  on business? – Lack of Compliance  k f li – Legal issue – Breach of privacy Breach of privacy http://www.flickr.com/photos/nigeljohnson73/6788941421
  • 10. Threats in XaaS Threats in XaaS Models• SaaS:  – Built in security functionality Built in security functionality – Least consumer extensibility – Relatively high level of integrated security• PaaS – Enable developers to build their own applications on top of the platform – M More extensible than SaaS, at the expense of customer ready features ibl h S S h f d f – Built in capabilities are less complete, but there is more flexibility to layer on additional  security• IaaS  – Few  application‐like features,  – Enormous extensibility – Less integrated security capabilities and functionality beyond protecting the  infrastructure itself  – Assets to be managed and secured by the cloud consumer
  • 11. Security Framework Fr rk
  • 12. 1. Identify asset  2. Assess impact  3. Map the asset  to c oud y to cloudify o ta se g of transferring  to potential  to potential a) Data assets on cloud  cloud  b) Applications on business in  deployment  case of breach  case of breach models Security Framework 4. Evaluate  5. Evaluate the  controls in  Dataflow , to  ata o , to each of Iaas/  understand the  Paas/ Saas flow  layer  y depending  upon asset
  • 13. Cloud Controls C tr l
  • 14. 3 Dimensions of cloud security Business  IT Assets  Risk  Criticality  C iti lit in cloud i l d Assessment A t For achieving robust and practical security consider all 3 perspective
  • 15. Types of Controls Types of Controls Governance G Operational O ti l (Strategic)  (Tactical) • Risk Management  • BCP/ DR• Legal & Electronic  • Data centre  Discovery Operations• Compliance/ Audit • Incident • Information Life  Management  M t cycle management  • Application security• Portability and Portability and  • Encryption Encryption  Interoperability • Identity & Access  Management  Management • Virtualization 
  • 16. Implement Controls• Possible controls – Layered security  – facilities (physical security) – network infrastructure(network  t ki f t t ( t k security) – IT systems (system security) – information and applications  (application security).• IaaS Cloud provider : IaaS Cloud provider :  – address security controls such as  physical security, environmental  security, and virtualization security it d i t li ti it• SaaS – Addresses upto Application layer Addresses upto Application layer http://www.flickr.com/photos/telstar/2816038167
  • 17. Summary• Consider three perspective‐ Assets, Risk management and  Business criticality • Cloud as an operational model  neither  provide for nor prevent  p p achieving compliance • Selection of control depends on  the service and deployment model the service and deployment model• Control varies depending on  the  design, deployment, and  management of the resources f h• Most of Security controls in cloud  are, same as normal IT  environment http://www.flickr.com/photos/isadocafe/2095153000/
  • 18. Sameer Paradia – CGEIT, CISM, CISSP(sameer_m_paradia@yahoo.com)Practicing IT Security for 12+ y g y years out of 20+ y years of IT Services/ Outsourcing work experience. g p http://www.flickr.com/photos/forgetmeknottphotography/7003899183/sizes/l/in/photostream/