• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Seclud it polesc_sjuly7
 

Seclud it polesc_sjuly7

on

  • 2,032 views

Presentation to partners

Presentation to partners

Statistics

Views

Total Views
2,032
Views on SlideShare
941
Embed Views
1,091

Actions

Likes
0
Downloads
9
Comments
0

3 Embeds 1,091

http://elastic-security.com 1085
http://translate.googleusercontent.com 5
http://webcache.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Seclud it polesc_sjuly7 Seclud it polesc_sjuly7 Presentation Transcript

    • Top threats to cloud computing Pole SCS July 7th 2011 Sergio Loureiro, CEO and Founder sergio@secludit.com
    • 2
    • Shared Technology VulnerabilitiesExposed hardware, operating systems, middleware, application stacks andnetwork components may posses known vulnerabilitiesImpact • Successful exploitation cloud impact multiple customersExample • Cloudburst - Kostya Kortchinksy • Red and Blue pill - Joanna Rutkowaska 3
    • Data Loss and LeakageData compromise due to improper access controls or weak encryptionPoorly secured data is at greater risk due to the multi-tenant architectureImpact • Data integrity and confidentialityExample • Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds - UCSD/MIT 4
    • Malicious InsidersEmployees of the cloud vendor may abuse privileges to access customerdata + Reduced visibility into internal processesImpact • Data confidentiality and integrity • Reputation damage • Legal repercussionsExample • Google investigates insider threat after China Hack 5
    • Abuse and Nefarious Use of Cloud ComputingAttackers are drawn to the cloud for the same reasons as legitimateconsumers - access to massive processing power at low costImpact • Password cracking, DDoS, malware hosting, spam, CAPTCHA crackingExample • Malware hosting and blacklisting of IPs of Amazon EC2 6
    • Insecure APIsAPIs designed to permit access to functionality and data may bevulnerable or improperly utilized, exposing applicationsImpact • Data confidentiality and integrity • Denial of serviceExample • P0wning the Programmable Web (Websense - AusCERT 2009) 7
    • Account or Service HijackingSteal credentials to eavesdrop or manipulate account information /servicesImpact • Confidentiality and integrity of data • Reputation damageExample • Twitter DNS account compromise 8
    • Unknown Risk ProfileA lack of visibility into security controls could leave cloud consumersexposed to unnecessary riskImpact • Data breaches could occur, without the knowledge of the cloud consumerExample • Heartland Payments Systems was “willing to do only the bare minimum and comply with state laws instead of taking the extra effort to notify every single customer, regardless of law, about whether their data had been stolen” 9
    • Resourceshttps://cloudsecurityalliance.org/research/projects/top-threats-to-cloud-computing/https://cloudsecurityalliance.org/guidance/http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessmentFrench:http://www.tendances-cloud.com/http://www.meetup.com/CSA-France/ 10
    • THANK YOUENTERPRISE > secludit.comPRODUCT > https://elastic-detector.secludit.com/BLOG > elastic-security.comOPENSOURCE > cloudyscripts.comTWITTER > @elasticsecurity