The document discusses securing clouds proactively in a cloud-driven world. It outlines key cloud computing concepts like service and deployment models. It emphasizes the importance of choosing a reliable cloud service provider by aligning with standards like CSA CAIQ. The document discusses how to secure clouds by considering cross-cutting edges and combating threats using models like STRIDE and DREAD. It stresses that security must be incorporated from the start and that shared responsibility between cloud service customers and providers is important.
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Securing The Clouds Proactively-BlackisTech.pptx
1. Securing The Clouds Proactively
in the
Cloud-Driven World
CISSP, CCISO, CISM, CISA, CEH, …..
2. Content Contributor.
Security Congress Event Advisory
Committee.
Chapters Advisory
Committee(CAC).
Blogger.
Authorized Instructor.
Founding Past President , Nigeria
Chapter.
Volunteering
VigiTrust Chartered Advisory Board.
Global Speaker, Mentor, Volunteer
and Delegate.
Over 20 years wealth of experience
as an IT/Cyber Security Professional
Profession
CISSP, CCISO, CISM, CISA, CEH, Others.
Top 50 Women in Cyber Security , Africa,
2020.
Education
Honorary Doctorate, London Graduate
School.
MSc. Information Systems Management,
University of Liverpool.
BSc. Computer Science/Maths, University
of Port Harcourt.
Global Conference Speaker.
Global Ambassador.
Mentor.
ChinatuUzuegbu
ManagingCyber/CloudSecurityConsultant
RoseTechCyberCrimeSolutionsLimited
https://www.linkedin.com/in/chinatu-uzuegbu-67593119/
https://de.slideshare.net/Chinatu
3. It is a Cloud-driven World!
Securing The Cloud Proactively is the way to go!
Public Cloud
Subscribers
>90%
>40%
Private Cloud
Subscribers
>60% Cloud A Premise Cloud B
Hybrid Cloud Subscribers
>60%
Community
cloud
Subscribers
4. Securing The Cloud
Proactively
in the
Cloud-driven World
• The Concept of Cloud Computing.
• The Cloud Computing Reference architecture
• Why do you need to subscribe to the Cloud?
• Reliable Cloud Service Provider.
• Applicable Frameworks in Cloud Computing.
• Cloud Service Model(Advantages/Disadvantages).
• Cloud Deployment
Model(Advantages/Disadvantages).
• Shared Responsibility in The Cloud.
• Securing The Clouds with Cross cutting Edges in
Cloud Security in mind.
• Securing The Clouds with Resource Allocation in
mind.
• Securing The Cloud with a Combat against The
STRIDE Model with The DREAD Model
• Securing The Clouds Proactively. In The Cloud –
Driven World.
5. The Concept of Cloud Computing
What does Cloud Computing entail?
shared pool of Configurable Resources
thatcouldbe
Cloud Computing is like a market
place not seen or known for all
kinds of perpetual, persistent and
ever-present convenient On-
demand Network Access, to:
rapidly Provisioned and Released
with
minimal Management Efforts or Cloud
Providers Interactions
6. Cloud Service
Provider(CSP
(Data processor)
Cloud Service
Customer(CSC)
(Data Controller)
Cloud Access Service
Broker(CASB)
(Identity Provider)
Cloud Auditor
(Third Party Attestation-TPA)
Inter-Cloud Partner
(Peer Group)
Others
The Entity provisioning and releasing the Cloud services from
a shared pool of configurable resources.
The entity requesting and consuming conveniently, the on-
demand network access to the shared pool of configurable
resources for free or with pay.
The intermediary between the Cloud Service Customer and
the Cloud Service Provider for Identity provisioning, Service
Aggregation and Service Arbitrage
The independent Verifier for Third Party Attestation(TPA)
assuring that the processes of the cloud Service Provider
and that of the Cloud Service Customer are in compliance
with the best practice and standards.
A member of the Relying Parties in a Peer Group with
federated Identity and common goal in mind.
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nists
pecialpublication500-292.pdf Cloud Computing
Reference Architecture
The Concept of Cloud Computing Cont’d
The Roles and Responsibilities in Cloud Computing
8. Why do you need to subscribe to the Cloud?
Outline your Business Needs
Speed
Scalability
Cost
Reduced cost
of Capital and
Operating
Expenditures
Rapid Provisioning
and seamless
Operations
Agility with less
Administrative Bottle-
necks.
Business need is paramount!
Clear-cut comparative Analysis is the best
approach.
Convincing Business Case with Cost Benefit
Analysis(CBA).
Key-players or Cyber Security
Steering Committee must be
involved.
Critical Decisions should not be
monopolist.
The Process Owner, Data Owner or
Information Asset Owner is a Critical
Key Player!
Your Business Need determines your choice of Cloud Service Provider
and the proposed services thereof.
9. Choose a Reliable Cloud Service Provider
Aligning Attributes with Standard Frameworks
https://cloudsecurityalliance.org/research/cloud-controls-matrix/
The Authentic
Cloud
Broad Band
Network
Access
Rapid
Elasticity
Proactive Benchmark with Industry Best
Practice in mind.
Third-Party Auditor (TPA) for
Attestations
Cloud Security Alliance Consensus
Assessment Initiative Questionnaire(
CSA CAIQ) and
Security, Trust, Assurance and Risk(CSA
STAR) Registry
11. Cloud Service Model
(Advantages/Disadvantages
Infrastructure as a
Service(IaaS)
Platform as a
Service(PaaS)
Software as a
Service(SaaS)
•Compute
•Networks
•Storage
•Memory
•Servers
•IaaS
•PaaS
•Applications
•IaaS
•The host(OS)
•Runtime
•Development Env.
•Programming Lang.
•Databases
•Reduced cost of Asset
Ownership
•Pay-As-Used
•Highest levelof Control
for Customers
•Auto-Scaling
•Portability
•Inter-Operability
•SeamlessBCDR
•Soft Development
•Cost effective or free
•High availability.
•Software licensing
•Streamlined Control of
Data
•Data Reminiscence
•Vendor Lock-out
•Vendor Lock-in
•Lost physical Control
•Lost Infrastructures
Control
•IT Operations •Software Developer
•Database Administrator.
•Data Analyst
•Data Processor
•End-Users
12. Cloud deployment Model
(Advantages/Disadvantages
Private Cloud Public Cloud Hybrid Cloud
•Dedicated to single org.
•On Customer’s Premise.
•Managed internally or
by Service Provider
•Mostly applied for
subscribers with
common goal for
example an Alumni
Class of a University,
forum of all Cloud
Security Pros
•Public Subscriptions.
•Seamless BCDR.
•Test environments, file
sharing and others.
•Tighter Control
•Better Privacy
•Cheap
•Availability of
Resources.
•On-demand
•BCDR
•Focused control.
•Shared
Computing
Resources.
•Multiple
Organizations
•Identity
Management and
Authentications
Issues.
•Individuals on
Gmail , Dropbox.
and others
•More Expensive
•Remote Data Access
Restrictions
•Regulatory Bodies.
•Top Governing Bodies.
•Military
•Other Forces
•Minimal control of
Customers
resources.
•Subject to threats
•Universities
•Communities with
common goal.
•Peer groups
Community
Cloud
•Interconnected
Infrastructure.
•Enterprise,
Private and Public
Cloud
•Good for peak
Sales.
•Rapid Scaling
•Cloud Bursting
• Issues of Inter-
operability due to
complicated
technology.
•Jumia + AWS
•On Premise
Production + Public
Cloud Deployment.
•Others
13. Shared Responsibility in The Cloud
The concept of Security of The Cloud and in The Cloud
Physical
Activity
Networking
Storage
Servers
Virtualization
Applications
Data
Runtime
Operating
System
Host
Dev.
Environment
Premise
(IT Env.)
IaaS SaaS
PaaS
Customer
Cloud
Service
Provider
(Security of
The Cloud)
Cloud Service
Customer
(Security in
The Cloud)
CSC(Security
in the cloud)
Cloud Service
Provider
(Security of
The Cloud)
Cloud
Service
Provider
(Security of
The Cloud)
Cloud Service
Customer
(Security in
The Cloud)
14. Securing The Clouds
The Cross-cutting Edge
Virtuali
zation
Hypervi
sor
Virtual
Machine
Virtual
Instance
Infrastruct
ures
Security
Storage
(Object/
Volume)
Platform
Security
Software
Security
Operations
Security
Unstru
ctured
Storage
Structu
red
Storage
Reversi
bilty
Inter-
Operab
ility
Portabili
ty
Cloud
Data
Lifecycl
e
Data
Hiding
Techniq
ues
Data
Encrypt
ion
App.
Testing
Techniq
ues
Data
Rights
Mgt.
Configu
ration
Mgt
Change
Manag
ement
Assets
Invento
ry
Incident
s Mgt
Business
Continui
ty
Assuring an acceptable level of Confidentiality, Process Integrity, Availability, Privacy and
Security around the above processes is the main Objective!
15. Securing The Clouds Cont’d
With Resource Allocation and Other Cross Cutting Edges
Shares
Limit
Reservation
Isolation
Digital Forensics
E-
discovery/Litigation
s
Contract Terms
Service Level
Agreement
Prioritization weighting/Contentions
Guaranteed Minimum amount of Resources
Maximum amount of Resources( Threshold)
Process Isolation, VM Isolation between Tenants.
Appropriate Chain of Custody with Convincing
evidence
Responsibility of both the CSP and CSC with
Quality of Data in mind.
Clear-cut Terms and Conditions of Service Signed
by All Parties
Measurable and quantifiable areas of Services
as agreed with sanctions
Multiple
Jurisdictions
What Data Privacy Laws and ethics apply in the
Jurisdiction your Cloud Data is hosted.
16. Securing The Clouds Cont’d
Combat against The STRIDE Model with The DREAD Model
Identity & Access Mgt
Integrity Checks, DLP, DRM,
SIEM
Digital Signature, time-
stamps
Privilege Access Mgt,
Least Privilege
Reservation, Baselines
Encryption, Masking, anonymization,
obfuscation, tokenization
17. • Concepts of Cloud Computing.
• Business Key Needs with Value
Chain(Cost, Speed, Scalability).
• Frameworks, Regulations, Best Practices
for a Reliable Cloud Service provider
(CSA CAIQ) and (CSA STAR Registry).
• Service and Deployment models and
which to subscribe to and deploy.
• Cloud Computing Cross-cutting Edges
with Confidentiality, Process Integrity,
Availability, Privacy and Security in
mind.
• Allocation of the shared Pool of
Configurable resources with minimal
• Challenges that go with Multiple
Jurisdictions , Vendor Lock-in/Out of your
Cloud Data.
• The Threats in Cloud Computing and how to
combat or Safeguard.
• The shared Responsibilities between the CSP
and The CSC with Due Diligence and Due
Care in mind.
• Above All, pay attention to your Contract
Terms, Operational Level Agreement and
Service Level Agreement.
• The CSC is ultimately liable to any Data Loss!
• Security must be inculcated right from the
beginning of the adoption process.
Securing The Clouds Proactively
in The Cloud-driven World