SlideShare a Scribd company logo

Securing The Clouds Proactively-BlackisTech.pptx

Download as PPTX, PDF
C
Chinatu Uzuegbu

The document discusses securing clouds proactively in a cloud-driven world. It outlines key cloud computing concepts like service and deployment models. It emphasizes the importance of choosing a reliable cloud service provider by aligning with standards like CSA CAIQ. The document discusses how to secure clouds by considering cross-cutting edges and combating threats using models like STRIDE and DREAD. It stresses that security must be incorporated from the start and that shared responsibility between cloud service customers and providers is important.

Technology
1 of 19
Securing The Clouds Proactively in the Cloud-Driven World CISSP, CCISO, CISM, CISA, CEH, …..
Content Contributor. Security Congress Event Advisory Committee. Chapters Advisory Committee(CAC). Blogger. Authorized Instructor. Founding Past President , Nigeria Chapter. Volunteering VigiTrust Chartered Advisory Board. Global Speaker, Mentor, Volunteer and Delegate. Over 20 years wealth of experience as an IT/Cyber Security Professional Profession CISSP, CCISO, CISM, CISA, CEH, Others. Top 50 Women in Cyber Security , Africa, 2020. Education Honorary Doctorate, London Graduate School. MSc. Information Systems Management, University of Liverpool. BSc. Computer Science/Maths, University of Port Harcourt. Global Conference Speaker. Global Ambassador. Mentor. ChinatuUzuegbu ManagingCyber/CloudSecurityConsultant RoseTechCyberCrimeSolutionsLimited https://www.linkedin.com/in/chinatu-uzuegbu-67593119/ https://de.slideshare.net/Chinatu
It is a Cloud-driven World! Securing The Cloud Proactively is the way to go! Public Cloud Subscribers >90% >40% Private Cloud Subscribers >60% Cloud A Premise Cloud B Hybrid Cloud Subscribers >60% Community cloud Subscribers
Securing The Cloud Proactively in the Cloud-driven World • The Concept of Cloud Computing. • The Cloud Computing Reference architecture • Why do you need to subscribe to the Cloud? • Reliable Cloud Service Provider. • Applicable Frameworks in Cloud Computing. • Cloud Service Model(Advantages/Disadvantages). • Cloud Deployment Model(Advantages/Disadvantages). • Shared Responsibility in The Cloud. • Securing The Clouds with Cross cutting Edges in Cloud Security in mind. • Securing The Clouds with Resource Allocation in mind. • Securing The Cloud with a Combat against The STRIDE Model with The DREAD Model • Securing The Clouds Proactively. In The Cloud – Driven World.
The Concept of Cloud Computing What does Cloud Computing entail? shared pool of Configurable Resources thatcouldbe Cloud Computing is like a market place not seen or known for all kinds of perpetual, persistent and ever-present convenient On- demand Network Access, to: rapidly Provisioned and Released with minimal Management Efforts or Cloud Providers Interactions
Cloud Service Provider(CSP (Data processor) Cloud Service Customer(CSC) (Data Controller) Cloud Access Service Broker(CASB) (Identity Provider) Cloud Auditor (Third Party Attestation-TPA) Inter-Cloud Partner (Peer Group) Others The Entity provisioning and releasing the Cloud services from a shared pool of configurable resources. The entity requesting and consuming conveniently, the on- demand network access to the shared pool of configurable resources for free or with pay. The intermediary between the Cloud Service Customer and the Cloud Service Provider for Identity provisioning, Service Aggregation and Service Arbitrage The independent Verifier for Third Party Attestation(TPA) assuring that the processes of the cloud Service Provider and that of the Cloud Service Customer are in compliance with the best practice and standards. A member of the Relying Parties in a Peer Group with federated Identity and common goal in mind. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nists pecialpublication500-292.pdf Cloud Computing Reference Architecture The Concept of Cloud Computing Cont’d The Roles and Responsibilities in Cloud Computing
Cloud Computing Reference Architecture(CCRA) https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication500-292.pdf
Why do you need to subscribe to the Cloud? Outline your Business Needs Speed Scalability Cost Reduced cost of Capital and Operating Expenditures Rapid Provisioning and seamless Operations Agility with less Administrative Bottle- necks. Business need is paramount! Clear-cut comparative Analysis is the best approach. Convincing Business Case with Cost Benefit Analysis(CBA). Key-players or Cyber Security Steering Committee must be involved. Critical Decisions should not be monopolist. The Process Owner, Data Owner or Information Asset Owner is a Critical Key Player! Your Business Need determines your choice of Cloud Service Provider and the proposed services thereof.
Choose a Reliable Cloud Service Provider Aligning Attributes with Standard Frameworks https://cloudsecurityalliance.org/research/cloud-controls-matrix/ The Authentic Cloud Broad Band Network Access Rapid Elasticity Proactive Benchmark with Industry Best Practice in mind. Third-Party Auditor (TPA) for Attestations Cloud Security Alliance Consensus Assessment Initiative Questionnaire( CSA CAIQ) and Security, Trust, Assurance and Risk(CSA STAR) Registry
Applicable Frameworks in Cloud Computing S/N Regulation/Framework Web-Site 1 NIST 800-145(Cloud Computing) https://csrc.nist.gov/publications/detail/sp/800-145/final 2 Cloud Computing ReferenceArchitecture https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication500- 292.pdf https://aistandardshub.org/ai-standards/information-technology-cloud- computing-vocabulary/ 3 Cloud SecurityAlliance Consensus Assessments InitiativeQuestionnaireand Cloud Control Model(CAIQ) https://cloudsecurityalliance.org/research/cloud-controls-matrix/ 4 CSA STAR(Security,Trust, Assurance and Risk ) Registry- Self-Assessment,Certifications, Continuous Monitoring Levels. https://cloudsecurityalliance.org/blog/2020/10/16/what-is-the-cloud- controls-matrix-ccm/ iance.org/star/registry/ 5 Statementon Standards for Attestation Engagements(SSAE18(SOC2 &SOC3) https://ssae-16.com/ssae-16/the-ssae-18-audit-standard/ https://kfinancial.com/what-you-need-to-know-about-ssae-18-reports/ 6 ISO 31000 on Risk Management https://www.iso.org/iso-31000-risk-management.html 7 ENISA(CloudRisk Frameworks) EuropeanUnion Agencyfor Cyber Security https://www.enisa.europa.eu/topics/cloud-and-big-data/cloud- security/enisa-cloud-computing-risk-assessment. https://www.clubcloudcomputing.com/top-8-cloud-security-risks- according-enisa/ 8 ISO 27018-Cloud Data Privacy https://www.itgovernance.co.uk/iso-27017-and-iso-27018 9 Privacy Regulations on PII GDPR, HIPAA, GLBA, PIPEDA, NDPR , PCI-DSSand others 10 FIPS-140(Cryptographic Modules) https://csrc.nist.gov/publications/detail/fips/140/2/final 11 ISO 28000-Supply Chain Security Management https://www.scribd.com/document/441398920/ISO-28000-pdf
Cloud Service Model (Advantages/Disadvantages Infrastructure as a Service(IaaS) Platform as a Service(PaaS) Software as a Service(SaaS) •Compute •Networks •Storage •Memory •Servers •IaaS •PaaS •Applications •IaaS •The host(OS) •Runtime •Development Env. •Programming Lang. •Databases •Reduced cost of Asset Ownership •Pay-As-Used •Highest levelof Control for Customers •Auto-Scaling •Portability •Inter-Operability •SeamlessBCDR •Soft Development •Cost effective or free •High availability. •Software licensing •Streamlined Control of Data •Data Reminiscence •Vendor Lock-out •Vendor Lock-in •Lost physical Control •Lost Infrastructures Control •IT Operations •Software Developer •Database Administrator. •Data Analyst •Data Processor •End-Users
Cloud deployment Model (Advantages/Disadvantages Private Cloud Public Cloud Hybrid Cloud •Dedicated to single org. •On Customer’s Premise. •Managed internally or by Service Provider •Mostly applied for subscribers with common goal for example an Alumni Class of a University, forum of all Cloud Security Pros •Public Subscriptions. •Seamless BCDR. •Test environments, file sharing and others. •Tighter Control •Better Privacy •Cheap •Availability of Resources. •On-demand •BCDR •Focused control. •Shared Computing Resources. •Multiple Organizations •Identity Management and Authentications Issues. •Individuals on Gmail , Dropbox. and others •More Expensive •Remote Data Access Restrictions •Regulatory Bodies. •Top Governing Bodies. •Military •Other Forces •Minimal control of Customers resources. •Subject to threats •Universities •Communities with common goal. •Peer groups Community Cloud •Interconnected Infrastructure. •Enterprise, Private and Public Cloud •Good for peak Sales. •Rapid Scaling •Cloud Bursting • Issues of Inter- operability due to complicated technology. •Jumia + AWS •On Premise Production + Public Cloud Deployment. •Others
Shared Responsibility in The Cloud The concept of Security of The Cloud and in The Cloud Physical Activity Networking Storage Servers Virtualization Applications Data Runtime Operating System Host Dev. Environment Premise (IT Env.) IaaS SaaS PaaS Customer Cloud Service Provider (Security of The Cloud) Cloud Service Customer (Security in The Cloud) CSC(Security in the cloud) Cloud Service Provider (Security of The Cloud) Cloud Service Provider (Security of The Cloud) Cloud Service Customer (Security in The Cloud)
Securing The Clouds The Cross-cutting Edge Virtuali zation Hypervi sor Virtual Machine Virtual Instance Infrastruct ures Security Storage (Object/ Volume) Platform Security Software Security Operations Security Unstru ctured Storage Structu red Storage Reversi bilty Inter- Operab ility Portabili ty Cloud Data Lifecycl e Data Hiding Techniq ues Data Encrypt ion App. Testing Techniq ues Data Rights Mgt. Configu ration Mgt Change Manag ement Assets Invento ry Incident s Mgt Business Continui ty Assuring an acceptable level of Confidentiality, Process Integrity, Availability, Privacy and Security around the above processes is the main Objective!
Securing The Clouds Cont’d With Resource Allocation and Other Cross Cutting Edges Shares Limit Reservation Isolation Digital Forensics E- discovery/Litigation s Contract Terms Service Level Agreement Prioritization weighting/Contentions Guaranteed Minimum amount of Resources Maximum amount of Resources( Threshold) Process Isolation, VM Isolation between Tenants. Appropriate Chain of Custody with Convincing evidence Responsibility of both the CSP and CSC with Quality of Data in mind. Clear-cut Terms and Conditions of Service Signed by All Parties Measurable and quantifiable areas of Services as agreed with sanctions Multiple Jurisdictions What Data Privacy Laws and ethics apply in the Jurisdiction your Cloud Data is hosted.
Securing The Clouds Cont’d Combat against The STRIDE Model with The DREAD Model Identity & Access Mgt Integrity Checks, DLP, DRM, SIEM Digital Signature, time- stamps Privilege Access Mgt, Least Privilege Reservation, Baselines Encryption, Masking, anonymization, obfuscation, tokenization
• Concepts of Cloud Computing. • Business Key Needs with Value Chain(Cost, Speed, Scalability). • Frameworks, Regulations, Best Practices for a Reliable Cloud Service provider (CSA CAIQ) and (CSA STAR Registry). • Service and Deployment models and which to subscribe to and deploy. • Cloud Computing Cross-cutting Edges with Confidentiality, Process Integrity, Availability, Privacy and Security in mind. • Allocation of the shared Pool of Configurable resources with minimal • Challenges that go with Multiple Jurisdictions , Vendor Lock-in/Out of your Cloud Data. • The Threats in Cloud Computing and how to combat or Safeguard. • The shared Responsibilities between the CSP and The CSC with Due Diligence and Due Care in mind. • Above All, pay attention to your Contract Terms, Operational Level Agreement and Service Level Agreement. • The CSC is ultimately liable to any Data Loss! • Security must be inculcated right from the beginning of the adoption process. Securing The Clouds Proactively in The Cloud-driven World
Thank You! Chinatu Uzuegbu CISSP, CCISO, CISM, CISA, CEH,…. Managing Cyber/Cloud Security Consultant RoseTech Cybercrime Solutions Limited chinatuuzuegbu@outlook.com https://www.linkedin.com/in/chinatu- uzuegbu-67593119/ https://de.slideshare.net/Chinatu

Recommended

Securing The Clouds with The Standard Best Practices-1.pdf
Securing The Clouds with The Standard Best Practices-1.pdfSecuring The Clouds with The Standard Best Practices-1.pdf
Securing The Clouds with The Standard Best Practices-1.pdfChinatu Uzuegbu
 
Fundamentals for Stronger Cloud Security2.pdf
Fundamentals for Stronger Cloud Security2.pdfFundamentals for Stronger Cloud Security2.pdf
Fundamentals for Stronger Cloud Security2.pdfChinatu Uzuegbu
 
Preventing Cloud Data Breaches.pdf
Preventing Cloud Data Breaches.pdfPreventing Cloud Data Breaches.pdf
Preventing Cloud Data Breaches.pdfChinatu Uzuegbu
 
Cloud Computing Impact On Small Business
Cloud Computing Impact On Small BusinessCloud Computing Impact On Small Business
Cloud Computing Impact On Small BusinessDavid Linthicum
 
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture IT
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture ITProposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture IT
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture ITJürgen Ambrosi
 
Logicalis Cloud Briefing
Logicalis Cloud BriefingLogicalis Cloud Briefing
Logicalis Cloud BriefingLogicalis Australia
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Cisco Connect Halifax 2018 Cisco dna - network intuitive
Cisco Connect Halifax 2018 Cisco dna - network intuitiveCisco Connect Halifax 2018 Cisco dna - network intuitive
Cisco Connect Halifax 2018 Cisco dna - network intuitiveCisco Canada
 

Recommended

Securing The Clouds with The Standard Best Practices-1.pdf
Securing The Clouds with The Standard Best Practices-1.pdfSecuring The Clouds with The Standard Best Practices-1.pdf
Securing The Clouds with The Standard Best Practices-1.pdfChinatu Uzuegbu
 
Fundamentals for Stronger Cloud Security2.pdf
Fundamentals for Stronger Cloud Security2.pdfFundamentals for Stronger Cloud Security2.pdf
Fundamentals for Stronger Cloud Security2.pdfChinatu Uzuegbu
 
Preventing Cloud Data Breaches.pdf
Preventing Cloud Data Breaches.pdfPreventing Cloud Data Breaches.pdf
Preventing Cloud Data Breaches.pdfChinatu Uzuegbu
 
Cloud Computing Impact On Small Business
Cloud Computing Impact On Small BusinessCloud Computing Impact On Small Business
Cloud Computing Impact On Small BusinessDavid Linthicum
 
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture IT
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture ITProposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture IT
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture ITJürgen Ambrosi
 
Logicalis Cloud Briefing
Logicalis Cloud BriefingLogicalis Cloud Briefing
Logicalis Cloud BriefingLogicalis Australia
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Cisco Connect Halifax 2018 Cisco dna - network intuitive
Cisco Connect Halifax 2018 Cisco dna - network intuitiveCisco Connect Halifax 2018 Cisco dna - network intuitive
Cisco Connect Halifax 2018 Cisco dna - network intuitiveCisco Canada
 
Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicAmazon Web Services
 
How to Get Cloud Architecture and Design Right the First Time
How to Get Cloud Architecture and Design Right the First TimeHow to Get Cloud Architecture and Design Right the First Time
How to Get Cloud Architecture and Design Right the First TimeDavid Linthicum
 
Sify - IT Management Services
Sify - IT Management ServicesSify - IT Management Services
Sify - IT Management Serviceswebhostingguy
 
Proposte ORACLE per la modernizzazione dello sviluppo applicativo
Proposte ORACLE per la modernizzazione dello sviluppo applicativoProposte ORACLE per la modernizzazione dello sviluppo applicativo
Proposte ORACLE per la modernizzazione dello sviluppo applicativoJürgen Ambrosi
 
Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalMauricio Godoy
 
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...EuroCloud
 
Azure Overview Csco
Azure Overview CscoAzure Overview Csco
Azure Overview Cscorajramab
 
Next Generation Infrastructure for Internet of Things
Next Generation Infrastructure for Internet of ThingsNext Generation Infrastructure for Internet of Things
Next Generation Infrastructure for Internet of ThingsPT Datacomm Diangraha
 
ISACA Cloud Computing Risks
ISACA Cloud Computing RisksISACA Cloud Computing Risks
ISACA Cloud Computing RisksMarc Vael
 
Cloud Computing for Nonprofit Organizations
Cloud Computing for Nonprofit OrganizationsCloud Computing for Nonprofit Organizations
Cloud Computing for Nonprofit Organizations4Good.org
 
Business and Online Services - Ben Kepes
Business and Online Services - Ben KepesBusiness and Online Services - Ben Kepes
Business and Online Services - Ben KepesIntergen
 
Cisco connect winnipeg 2018 introducing the network intuitive
Cisco connect winnipeg 2018 introducing the network intuitiveCisco connect winnipeg 2018 introducing the network intuitive
Cisco connect winnipeg 2018 introducing the network intuitiveCisco Canada
 
Track 3 - Atelier 3 - Assurez l’agilité et la profitabilité de votre business...
Track 3 - Atelier 3 - Assurez l’agilité et la profitabilité de votre business...Track 3 - Atelier 3 - Assurez l’agilité et la profitabilité de votre business...
Track 3 - Atelier 3 - Assurez l’agilité et la profitabilité de votre business...Amazon Web Services
 
Hogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityHogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityIndonesia Honeynet Chapter
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...NetworkCollaborators
 
ON event - May 2010
ON event - May 2010ON event - May 2010
ON event - May 2010Ben Kepes
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it securityEast Midlands Cyber Security Forum
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...apidays
 
LeadMaster Cloud Computing Presentation
LeadMaster Cloud Computing PresentationLeadMaster Cloud Computing Presentation
LeadMaster Cloud Computing PresentationLeadMaster Australia Pty Ltd
 
2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...
2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...
2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...Club Cloud des Partenaires
 
Business Process Revamp is Paramount in 2024.pdf
Business Process Revamp is Paramount in 2024.pdfBusiness Process Revamp is Paramount in 2024.pdf
Business Process Revamp is Paramount in 2024.pdfChinatu Uzuegbu
 
World Password Management Day, 2023.pdf
World Password Management Day, 2023.pdfWorld Password Management Day, 2023.pdf
World Password Management Day, 2023.pdfChinatu Uzuegbu
 

More Related Content

Similar to Securing The Clouds Proactively-BlackisTech.pptx

Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicAmazon Web Services
 
How to Get Cloud Architecture and Design Right the First Time
How to Get Cloud Architecture and Design Right the First TimeHow to Get Cloud Architecture and Design Right the First Time
How to Get Cloud Architecture and Design Right the First TimeDavid Linthicum
 
Sify - IT Management Services
Sify - IT Management ServicesSify - IT Management Services
Sify - IT Management Serviceswebhostingguy
 
Proposte ORACLE per la modernizzazione dello sviluppo applicativo
Proposte ORACLE per la modernizzazione dello sviluppo applicativoProposte ORACLE per la modernizzazione dello sviluppo applicativo
Proposte ORACLE per la modernizzazione dello sviluppo applicativoJürgen Ambrosi
 
Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalMauricio Godoy
 
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...EuroCloud
 
Azure Overview Csco
Azure Overview CscoAzure Overview Csco
Azure Overview Cscorajramab
 
Next Generation Infrastructure for Internet of Things
Next Generation Infrastructure for Internet of ThingsNext Generation Infrastructure for Internet of Things
Next Generation Infrastructure for Internet of ThingsPT Datacomm Diangraha
 
ISACA Cloud Computing Risks
ISACA Cloud Computing RisksISACA Cloud Computing Risks
ISACA Cloud Computing RisksMarc Vael
 
Cloud Computing for Nonprofit Organizations
Cloud Computing for Nonprofit OrganizationsCloud Computing for Nonprofit Organizations
Cloud Computing for Nonprofit Organizations4Good.org
 
Business and Online Services - Ben Kepes
Business and Online Services - Ben KepesBusiness and Online Services - Ben Kepes
Business and Online Services - Ben KepesIntergen
 
Cisco connect winnipeg 2018 introducing the network intuitive
Cisco connect winnipeg 2018 introducing the network intuitiveCisco connect winnipeg 2018 introducing the network intuitive
Cisco connect winnipeg 2018 introducing the network intuitiveCisco Canada
 
Track 3 - Atelier 3 - Assurez l’agilité et la profitabilité de votre business...
Track 3 - Atelier 3 - Assurez l’agilité et la profitabilité de votre business...Track 3 - Atelier 3 - Assurez l’agilité et la profitabilité de votre business...
Track 3 - Atelier 3 - Assurez l’agilité et la profitabilité de votre business...Amazon Web Services
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...NetworkCollaborators
 
ON event - May 2010
ON event - May 2010ON event - May 2010
ON event - May 2010Ben Kepes
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...apidays
 
2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...
2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...
2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...Club Cloud des Partenaires
 

Similar to Securing The Clouds Proactively-BlackisTech.pptx (20)

Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo Logic
 
How to Get Cloud Architecture and Design Right the First Time
How to Get Cloud Architecture and Design Right the First TimeHow to Get Cloud Architecture and Design Right the First Time
How to Get Cloud Architecture and Design Right the First Time
 
Sify - IT Management Services
Sify - IT Management ServicesSify - IT Management Services
Sify - IT Management Services
 
Proposte ORACLE per la modernizzazione dello sviluppo applicativo
Proposte ORACLE per la modernizzazione dello sviluppo applicativoProposte ORACLE per la modernizzazione dello sviluppo applicativo
Proposte ORACLE per la modernizzazione dello sviluppo applicativo
 
Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_final
 
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
 
Azure Overview Csco
Azure Overview CscoAzure Overview Csco
Azure Overview Csco
 
Next Generation Infrastructure for Internet of Things
Next Generation Infrastructure for Internet of ThingsNext Generation Infrastructure for Internet of Things
Next Generation Infrastructure for Internet of Things
 
ISACA Cloud Computing Risks
ISACA Cloud Computing RisksISACA Cloud Computing Risks
ISACA Cloud Computing Risks
 
Cloud Computing for Nonprofit Organizations
Cloud Computing for Nonprofit OrganizationsCloud Computing for Nonprofit Organizations
Cloud Computing for Nonprofit Organizations
 
Business and Online Services - Ben Kepes
Business and Online Services - Ben KepesBusiness and Online Services - Ben Kepes
Business and Online Services - Ben Kepes
 
Cisco connect winnipeg 2018 introducing the network intuitive
Cisco connect winnipeg 2018 introducing the network intuitiveCisco connect winnipeg 2018 introducing the network intuitive
Cisco connect winnipeg 2018 introducing the network intuitive
 
Track 3 - Atelier 3 - Assurez l’agilité et la profitabilité de votre business...
Track 3 - Atelier 3 - Assurez l’agilité et la profitabilité de votre business...Track 3 - Atelier 3 - Assurez l’agilité et la profitabilité de votre business...
Track 3 - Atelier 3 - Assurez l’agilité et la profitabilité de votre business...
 
Hogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityHogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing Secutity
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
 
ON event - May 2010
ON event - May 2010ON event - May 2010
ON event - May 2010
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
 
LeadMaster Cloud Computing Presentation
LeadMaster Cloud Computing PresentationLeadMaster Cloud Computing Presentation
LeadMaster Cloud Computing Presentation
 
2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...
2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...
2011.11.22 - Cloud Infrastructure Provider - 8ème Forum du Club Cloud des Par...
 

More from Chinatu Uzuegbu

Business Process Revamp is Paramount in 2024.pdf
Business Process Revamp is Paramount in 2024.pdfBusiness Process Revamp is Paramount in 2024.pdf
Business Process Revamp is Paramount in 2024.pdfChinatu Uzuegbu
 
World Password Management Day, 2023.pdf
World Password Management Day, 2023.pdfWorld Password Management Day, 2023.pdf
World Password Management Day, 2023.pdfChinatu Uzuegbu
 
The Nigerian Cybersecurity Space-How Regulated Are We?
The Nigerian Cybersecurity Space-How Regulated Are We?The Nigerian Cybersecurity Space-How Regulated Are We?
The Nigerian Cybersecurity Space-How Regulated Are We?Chinatu Uzuegbu
 
Effectiveness of Cyber Security Awareness.pdf
Effectiveness of Cyber Security Awareness.pdfEffectiveness of Cyber Security Awareness.pdf
Effectiveness of Cyber Security Awareness.pdfChinatu Uzuegbu
 
What The Cyber Entails-2.pdf
What The Cyber Entails-2.pdfWhat The Cyber Entails-2.pdf
What The Cyber Entails-2.pdfChinatu Uzuegbu
 
What The Cyber Entails-1.pdf
What The Cyber Entails-1.pdfWhat The Cyber Entails-1.pdf
What The Cyber Entails-1.pdfChinatu Uzuegbu
 
Combating Cyber Crimes Proactively.pdf
Combating Cyber Crimes Proactively.pdfCombating Cyber Crimes Proactively.pdf
Combating Cyber Crimes Proactively.pdfChinatu Uzuegbu
 
Identity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdfIdentity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdfChinatu Uzuegbu
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
Practical approach to combating cyber crimes
Practical approach to combating cyber crimesPractical approach to combating cyber crimes
Practical approach to combating cyber crimesChinatu Uzuegbu
 
Cyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpCyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpChinatu Uzuegbu
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Chinatu Uzuegbu
 
Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015Chinatu Uzuegbu
 
Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Chinatu Uzuegbu
 
Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Chinatu Uzuegbu
 
Cyber Security Awareness Month 2017
Cyber Security Awareness Month 2017Cyber Security Awareness Month 2017
Cyber Security Awareness Month 2017Chinatu Uzuegbu
 

More from Chinatu Uzuegbu (17)

Business Process Revamp is Paramount in 2024.pdf
Business Process Revamp is Paramount in 2024.pdfBusiness Process Revamp is Paramount in 2024.pdf
Business Process Revamp is Paramount in 2024.pdf
 
World Password Management Day, 2023.pdf
World Password Management Day, 2023.pdfWorld Password Management Day, 2023.pdf
World Password Management Day, 2023.pdf
 
The Nigerian Cybersecurity Space-How Regulated Are We?
The Nigerian Cybersecurity Space-How Regulated Are We?The Nigerian Cybersecurity Space-How Regulated Are We?
The Nigerian Cybersecurity Space-How Regulated Are We?
 
Effectiveness of Cyber Security Awareness.pdf
Effectiveness of Cyber Security Awareness.pdfEffectiveness of Cyber Security Awareness.pdf
Effectiveness of Cyber Security Awareness.pdf
 
What The Cyber Entails-2.pdf
What The Cyber Entails-2.pdfWhat The Cyber Entails-2.pdf
What The Cyber Entails-2.pdf
 
What The Cyber Entails-1.pdf
What The Cyber Entails-1.pdfWhat The Cyber Entails-1.pdf
What The Cyber Entails-1.pdf
 
Combating Cyber Crimes Proactively.pdf
Combating Cyber Crimes Proactively.pdfCombating Cyber Crimes Proactively.pdf
Combating Cyber Crimes Proactively.pdf
 
Identity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdfIdentity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdf
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatu
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.
 
Practical approach to combating cyber crimes
Practical approach to combating cyber crimesPractical approach to combating cyber crimes
Practical approach to combating cyber crimes
 
Cyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpCyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-Up
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6
 
Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015
 
Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3
 
Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2
 
Cyber Security Awareness Month 2017
Cyber Security Awareness Month 2017Cyber Security Awareness Month 2017
Cyber Security Awareness Month 2017
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

Securing The Clouds Proactively-BlackisTech.pptx

  • 1. Securing The Clouds Proactively in the Cloud-Driven World CISSP, CCISO, CISM, CISA, CEH, …..
  • 2. Content Contributor. Security Congress Event Advisory Committee. Chapters Advisory Committee(CAC). Blogger. Authorized Instructor. Founding Past President , Nigeria Chapter. Volunteering VigiTrust Chartered Advisory Board. Global Speaker, Mentor, Volunteer and Delegate. Over 20 years wealth of experience as an IT/Cyber Security Professional Profession CISSP, CCISO, CISM, CISA, CEH, Others. Top 50 Women in Cyber Security , Africa, 2020. Education Honorary Doctorate, London Graduate School. MSc. Information Systems Management, University of Liverpool. BSc. Computer Science/Maths, University of Port Harcourt. Global Conference Speaker. Global Ambassador. Mentor. ChinatuUzuegbu ManagingCyber/CloudSecurityConsultant RoseTechCyberCrimeSolutionsLimited https://www.linkedin.com/in/chinatu-uzuegbu-67593119/ https://de.slideshare.net/Chinatu
  • 3. It is a Cloud-driven World! Securing The Cloud Proactively is the way to go! Public Cloud Subscribers >90% >40% Private Cloud Subscribers >60% Cloud A Premise Cloud B Hybrid Cloud Subscribers >60% Community cloud Subscribers
  • 4. Securing The Cloud Proactively in the Cloud-driven World • The Concept of Cloud Computing. • The Cloud Computing Reference architecture • Why do you need to subscribe to the Cloud? • Reliable Cloud Service Provider. • Applicable Frameworks in Cloud Computing. • Cloud Service Model(Advantages/Disadvantages). • Cloud Deployment Model(Advantages/Disadvantages). • Shared Responsibility in The Cloud. • Securing The Clouds with Cross cutting Edges in Cloud Security in mind. • Securing The Clouds with Resource Allocation in mind. • Securing The Cloud with a Combat against The STRIDE Model with The DREAD Model • Securing The Clouds Proactively. In The Cloud – Driven World.
  • 5. The Concept of Cloud Computing What does Cloud Computing entail? shared pool of Configurable Resources thatcouldbe Cloud Computing is like a market place not seen or known for all kinds of perpetual, persistent and ever-present convenient On- demand Network Access, to: rapidly Provisioned and Released with minimal Management Efforts or Cloud Providers Interactions
  • 6. Cloud Service Provider(CSP (Data processor) Cloud Service Customer(CSC) (Data Controller) Cloud Access Service Broker(CASB) (Identity Provider) Cloud Auditor (Third Party Attestation-TPA) Inter-Cloud Partner (Peer Group) Others The Entity provisioning and releasing the Cloud services from a shared pool of configurable resources. The entity requesting and consuming conveniently, the on- demand network access to the shared pool of configurable resources for free or with pay. The intermediary between the Cloud Service Customer and the Cloud Service Provider for Identity provisioning, Service Aggregation and Service Arbitrage The independent Verifier for Third Party Attestation(TPA) assuring that the processes of the cloud Service Provider and that of the Cloud Service Customer are in compliance with the best practice and standards. A member of the Relying Parties in a Peer Group with federated Identity and common goal in mind. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nists pecialpublication500-292.pdf Cloud Computing Reference Architecture The Concept of Cloud Computing Cont’d The Roles and Responsibilities in Cloud Computing
  • 7. Cloud Computing Reference Architecture(CCRA) https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication500-292.pdf
  • 8. Why do you need to subscribe to the Cloud? Outline your Business Needs Speed Scalability Cost Reduced cost of Capital and Operating Expenditures Rapid Provisioning and seamless Operations Agility with less Administrative Bottle- necks. Business need is paramount! Clear-cut comparative Analysis is the best approach. Convincing Business Case with Cost Benefit Analysis(CBA). Key-players or Cyber Security Steering Committee must be involved. Critical Decisions should not be monopolist. The Process Owner, Data Owner or Information Asset Owner is a Critical Key Player! Your Business Need determines your choice of Cloud Service Provider and the proposed services thereof.
  • 9. Choose a Reliable Cloud Service Provider Aligning Attributes with Standard Frameworks https://cloudsecurityalliance.org/research/cloud-controls-matrix/ The Authentic Cloud Broad Band Network Access Rapid Elasticity Proactive Benchmark with Industry Best Practice in mind. Third-Party Auditor (TPA) for Attestations Cloud Security Alliance Consensus Assessment Initiative Questionnaire( CSA CAIQ) and Security, Trust, Assurance and Risk(CSA STAR) Registry
  • 10. Applicable Frameworks in Cloud Computing S/N Regulation/Framework Web-Site 1 NIST 800-145(Cloud Computing) https://csrc.nist.gov/publications/detail/sp/800-145/final 2 Cloud Computing ReferenceArchitecture https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication500- 292.pdf https://aistandardshub.org/ai-standards/information-technology-cloud- computing-vocabulary/ 3 Cloud SecurityAlliance Consensus Assessments InitiativeQuestionnaireand Cloud Control Model(CAIQ) https://cloudsecurityalliance.org/research/cloud-controls-matrix/ 4 CSA STAR(Security,Trust, Assurance and Risk ) Registry- Self-Assessment,Certifications, Continuous Monitoring Levels. https://cloudsecurityalliance.org/blog/2020/10/16/what-is-the-cloud- controls-matrix-ccm/ iance.org/star/registry/ 5 Statementon Standards for Attestation Engagements(SSAE18(SOC2 &SOC3) https://ssae-16.com/ssae-16/the-ssae-18-audit-standard/ https://kfinancial.com/what-you-need-to-know-about-ssae-18-reports/ 6 ISO 31000 on Risk Management https://www.iso.org/iso-31000-risk-management.html 7 ENISA(CloudRisk Frameworks) EuropeanUnion Agencyfor Cyber Security https://www.enisa.europa.eu/topics/cloud-and-big-data/cloud- security/enisa-cloud-computing-risk-assessment. https://www.clubcloudcomputing.com/top-8-cloud-security-risks- according-enisa/ 8 ISO 27018-Cloud Data Privacy https://www.itgovernance.co.uk/iso-27017-and-iso-27018 9 Privacy Regulations on PII GDPR, HIPAA, GLBA, PIPEDA, NDPR , PCI-DSSand others 10 FIPS-140(Cryptographic Modules) https://csrc.nist.gov/publications/detail/fips/140/2/final 11 ISO 28000-Supply Chain Security Management https://www.scribd.com/document/441398920/ISO-28000-pdf
  • 11. Cloud Service Model (Advantages/Disadvantages Infrastructure as a Service(IaaS) Platform as a Service(PaaS) Software as a Service(SaaS) •Compute •Networks •Storage •Memory •Servers •IaaS •PaaS •Applications •IaaS •The host(OS) •Runtime •Development Env. •Programming Lang. •Databases •Reduced cost of Asset Ownership •Pay-As-Used •Highest levelof Control for Customers •Auto-Scaling •Portability •Inter-Operability •SeamlessBCDR •Soft Development •Cost effective or free •High availability. •Software licensing •Streamlined Control of Data •Data Reminiscence •Vendor Lock-out •Vendor Lock-in •Lost physical Control •Lost Infrastructures Control •IT Operations •Software Developer •Database Administrator. •Data Analyst •Data Processor •End-Users
  • 12. Cloud deployment Model (Advantages/Disadvantages Private Cloud Public Cloud Hybrid Cloud •Dedicated to single org. •On Customer’s Premise. •Managed internally or by Service Provider •Mostly applied for subscribers with common goal for example an Alumni Class of a University, forum of all Cloud Security Pros •Public Subscriptions. •Seamless BCDR. •Test environments, file sharing and others. •Tighter Control •Better Privacy •Cheap •Availability of Resources. •On-demand •BCDR •Focused control. •Shared Computing Resources. •Multiple Organizations •Identity Management and Authentications Issues. •Individuals on Gmail , Dropbox. and others •More Expensive •Remote Data Access Restrictions •Regulatory Bodies. •Top Governing Bodies. •Military •Other Forces •Minimal control of Customers resources. •Subject to threats •Universities •Communities with common goal. •Peer groups Community Cloud •Interconnected Infrastructure. •Enterprise, Private and Public Cloud •Good for peak Sales. •Rapid Scaling •Cloud Bursting • Issues of Inter- operability due to complicated technology. •Jumia + AWS •On Premise Production + Public Cloud Deployment. •Others
  • 13. Shared Responsibility in The Cloud The concept of Security of The Cloud and in The Cloud Physical Activity Networking Storage Servers Virtualization Applications Data Runtime Operating System Host Dev. Environment Premise (IT Env.) IaaS SaaS PaaS Customer Cloud Service Provider (Security of The Cloud) Cloud Service Customer (Security in The Cloud) CSC(Security in the cloud) Cloud Service Provider (Security of The Cloud) Cloud Service Provider (Security of The Cloud) Cloud Service Customer (Security in The Cloud)
  • 14. Securing The Clouds The Cross-cutting Edge Virtuali zation Hypervi sor Virtual Machine Virtual Instance Infrastruct ures Security Storage (Object/ Volume) Platform Security Software Security Operations Security Unstru ctured Storage Structu red Storage Reversi bilty Inter- Operab ility Portabili ty Cloud Data Lifecycl e Data Hiding Techniq ues Data Encrypt ion App. Testing Techniq ues Data Rights Mgt. Configu ration Mgt Change Manag ement Assets Invento ry Incident s Mgt Business Continui ty Assuring an acceptable level of Confidentiality, Process Integrity, Availability, Privacy and Security around the above processes is the main Objective!
  • 15. Securing The Clouds Cont’d With Resource Allocation and Other Cross Cutting Edges Shares Limit Reservation Isolation Digital Forensics E- discovery/Litigation s Contract Terms Service Level Agreement Prioritization weighting/Contentions Guaranteed Minimum amount of Resources Maximum amount of Resources( Threshold) Process Isolation, VM Isolation between Tenants. Appropriate Chain of Custody with Convincing evidence Responsibility of both the CSP and CSC with Quality of Data in mind. Clear-cut Terms and Conditions of Service Signed by All Parties Measurable and quantifiable areas of Services as agreed with sanctions Multiple Jurisdictions What Data Privacy Laws and ethics apply in the Jurisdiction your Cloud Data is hosted.
  • 16. Securing The Clouds Cont’d Combat against The STRIDE Model with The DREAD Model Identity & Access Mgt Integrity Checks, DLP, DRM, SIEM Digital Signature, time- stamps Privilege Access Mgt, Least Privilege Reservation, Baselines Encryption, Masking, anonymization, obfuscation, tokenization
  • 17. • Concepts of Cloud Computing. • Business Key Needs with Value Chain(Cost, Speed, Scalability). • Frameworks, Regulations, Best Practices for a Reliable Cloud Service provider (CSA CAIQ) and (CSA STAR Registry). • Service and Deployment models and which to subscribe to and deploy. • Cloud Computing Cross-cutting Edges with Confidentiality, Process Integrity, Availability, Privacy and Security in mind. • Allocation of the shared Pool of Configurable resources with minimal • Challenges that go with Multiple Jurisdictions , Vendor Lock-in/Out of your Cloud Data. • The Threats in Cloud Computing and how to combat or Safeguard. • The shared Responsibilities between the CSP and The CSC with Due Diligence and Due Care in mind. • Above All, pay attention to your Contract Terms, Operational Level Agreement and Service Level Agreement. • The CSC is ultimately liable to any Data Loss! • Security must be inculcated right from the beginning of the adoption process. Securing The Clouds Proactively in The Cloud-driven World
  • 18.
  • 19. Thank You! Chinatu Uzuegbu CISSP, CCISO, CISM, CISA, CEH,…. Managing Cyber/Cloud Security Consultant RoseTech Cybercrime Solutions Limited chinatuuzuegbu@outlook.com https://www.linkedin.com/in/chinatu- uzuegbu-67593119/ https://de.slideshare.net/Chinatu