SlideShare a Scribd company logo

Securing Data in the Cloud - GISEC2017

Download as PPTX, PDF
Sohaib Mahmood
Sohaib Mahmood

Spoke on Securing Data in the Cloud at GISEC on 23rd May 2017. Touched on the trends, perceptions, and various controls to protect data. Finally, discussed various approaches to secure data in the cloud

Technology
1 of 20
Securing Data in the Cloud By Sohaib Mahmood (CISSP, SABSA, CCSK, CRISC) Lead Security Consultant
Founding Partners • Alibaba Cloud was established in 2009, with R & D centers and operations in Hangzhou, Beijing and Silicon Valley. Alibaba Cloud is a strategic business unit of Alibaba Group. • Alibaba Cloud’s goal is to create the world's leading cloud computing services platform. Alibaba Cloud is committed to creating a public, open cloud computing services platform. • Alibaba Cloud provides a cloud platform for 20+ Alibaba business units in addition to serving over 2,300,000 customers. • Meraas was established to make a positive contribution to the National economy • By creating a portfolio of investments in various industry sectors, Meraas seeks to generate long term wealth enhancement to the economic and social development of Dubai. • In order to capitalize on opportunities in Dubai and beyond, Meraas is pioneering several initiatives in various macroeconomic sectors including: • Retail • Leisure & Entertainment • Hospitality • Food & Beverage •Healthcare •Residential •Technology
Overview of Cloud Computing
01 Cloud SaaS Software as a Service Application and information clouds. Use provider’s applications over a network, cloud provider examples are Google Apps, Salesforce . 03 Cloud IaaS Infrastructure as a Service Infrastructure clouds. Rent processing, storage, network capacity Examples are Alibaba Cloud, AWS 02 Cloud PaaS Platform as a Service Development clouds. Deploy customer-created applications to a cloud, cloud provider examples Windows Azure, Google App Engine Cloud Computing Models
Can Clouds be Secure? “Public cloud workloads can be at least as secure as those in your own data center, likely better.” Neil McDonald – Garter Security and Risk Management Summit London Sept 2015
Cloud Security is a Shared Responsibility Compute Storage Networking Cloud InfraCloud Infra Data Security Server Side Encryption Client-side Encryption Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customers Security and compliance IN the Cloud Security OF the Cloud Cloud Service Provider SaaS •CSP owns application •Client owns data and access rights IaaS/PaaS • CSP owns network and hypervisors • Client owns “above the hypervisor”
Treacherous 12 - Cloud Computing Top Threats 1. Data Breaches 2. Weak Identity, Credential and Access Management 3. Insecure APIs 4. System and Application Vulnerabilities 5. Account Hijacking 6. Malicious Insiders 7. Advanced Persistent Threats (APTs) 8. Data Loss 9. Insufficient Due Diligence 10. Abuse and Nefarious Use of Cloud Services 11. Denial of Service 12. Shared Technology Issues By Cloud Security Alliance
Trends in Cloud Data Security & Governance Perception about Cloud Data Governance Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
Trends in Cloud Data Security & Governance Primary Types of Data Stored in the cloud 2016 v 2014 Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
Trends in Cloud Data Security & Governance How Data is protected in the cloud - 2016 v 2014 Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
Trends in Cloud Data Security & Governance Use of Data De identification tools to secure data in the cloud Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
Trends in Cloud Data Security & Governance How Encryption is applied - 2016 v 2014 Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
Traditional Data States Apply in Clouds too… TEXT HERE Data At Rest Cloud Storage Encryption. Different Cloud Storage types will require different data at rest encryption requirements Data In Motion When Data travels between cloud consumer environment & service provider or WITHIN cloud service provider environment . Data In Use Most critical area of the lot as it poses privacy, compliance and security challenges. Typical Application usages are Banking Application, advanced data analytics CRM etc. Data In Motion
Cloud Concerns in Data Context Oversharing of sensitive data Administrative Oversight Compliance & Regulated Data Data Sovereignty Cloud Sprawl (Cloud to Cloud Sharing)
Data At Rest There are various Encryption controls available with pros and cons  File/Folder Encryption  Full Disk Encryption  Full Virtual Machine Encryption  Special Encryption (DB, Email)
Data In Motion Encryption of Data in Motion needs to be considered in two places • Between Cloud Service Provide & Consumer Environment • Within CSP internal environment Various Controls Available  TLS/SSL  VPN  Virtual Private Computing (VPC)
Data In Use  Most challenging case because of the nature of cloud and processing applications  Need to satisfy compliance, data residency and sovereignty requirements Controls Available  Encryption (Format Preserving Encryption)  Tokenization  Masking
Approaches to Data Governance, Security & Privacy  Ask your service Provider lots of questions. Due Diligence  Data Classification  Evolving traditional Data Controls like DLP & Data Access Governance to protect Cloud Data making use of emerging technologies like CASB  Policies Enforcement  Leverage mitigating controls like Access Controls (MFA) to cater for Cloud data  Data De-identification  Compliance Enforcement  User Awareness & Coaching
What Future Holds?  Mobile Device Accessing Cloud Data  Internet of Things Data  Smart Cities  Cyber incidents (Ransomware) impacting cloud adoption
THANK YOU www.yvolv.ae CorporatePresentation(c) YVOLVLLC,2016

Recommended

Cloud computing risks
Cloud computing risksCloud computing risks
Cloud computing riskssripriya78
 
Cloud computing risk assesment presentation
Cloud computing risk assesment presentationCloud computing risk assesment presentation
Cloud computing risk assesment presentationAhmad El Tawil
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management Padma Jella
 
4.5.cloud security
4.5.cloud security4.5.cloud security
4.5.cloud securityDrRajapraveenkN
 
O365Con18 - Big Data - Sasha Fredrich
O365Con18 - Big Data - Sasha FredrichO365Con18 - Big Data - Sasha Fredrich
O365Con18 - Big Data - Sasha FredrichNCCOMMS
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Dock 365
 
Where's My Data? Managing the Data Residency Challenge
Where's My Data? Managing the Data Residency ChallengeWhere's My Data? Managing the Data Residency Challenge
Where's My Data? Managing the Data Residency ChallengeCloud Standards Customer Council
 

Recommended

Cloud computing risks
Cloud computing risksCloud computing risks
Cloud computing riskssripriya78
 
Cloud computing risk assesment presentation
Cloud computing risk assesment presentationCloud computing risk assesment presentation
Cloud computing risk assesment presentationAhmad El Tawil
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management Padma Jella
 
4.5.cloud security
4.5.cloud security4.5.cloud security
4.5.cloud securityDrRajapraveenkN
 
O365Con18 - Big Data - Sasha Fredrich
O365Con18 - Big Data - Sasha FredrichO365Con18 - Big Data - Sasha Fredrich
O365Con18 - Big Data - Sasha FredrichNCCOMMS
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Dock 365
 
Where's My Data? Managing the Data Residency Challenge
Where's My Data? Managing the Data Residency ChallengeWhere's My Data? Managing the Data Residency Challenge
Where's My Data? Managing the Data Residency ChallengeCloud Standards Customer Council
 
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersGokul Alex
 
Cloud security
Cloud securityCloud security
Cloud securityBikashPokharel3
 
Data Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for StandardsData Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for StandardsCloud Standards Customer Council
 
Cloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing CapabilitiesCloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing CapabilitiesSusanneT
 
Impact of Cloud Computing on Healthcare v2.0
Impact of Cloud Computing on Healthcare v2.0Impact of Cloud Computing on Healthcare v2.0
Impact of Cloud Computing on Healthcare v2.0Cloud Standards Customer Council
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
what is cloud security(Basics)
what is cloud security(Basics)what is cloud security(Basics)
what is cloud security(Basics)Santhosh Kumar
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security Teja Babu
 
Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)InTechnology Managed Services (part of Redcentric)
 
IT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business ProblemsIT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business ProblemsBrooke Bordelon
 
Intro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance CenterIntro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance CenterCraig Jahnke
 
Microsoft Azure Rights Management
Microsoft Azure Rights ManagementMicrosoft Azure Rights Management
Microsoft Azure Rights ManagementDavid J Rosenthal
 
5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a PriorityOkta-Inc
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYForgeRock
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Robert Crane
 
Cloud Managed Services: Cloud Infrastructure
Cloud Managed Services: Cloud InfrastructureCloud Managed Services: Cloud Infrastructure
Cloud Managed Services: Cloud InfrastructureThe TNS Group
 
OpenText SIE Integration Slideshare
OpenText SIE Integration SlideshareOpenText SIE Integration Slideshare
OpenText SIE Integration SlideshareOpenText
 
CloudWALL Profile ENG
CloudWALL Profile ENGCloudWALL Profile ENG
CloudWALL Profile ENGCloudWALL Italia
 
Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Moshe Ferber
 
Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?
Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?
Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?Viana Labs
 
Guide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureGuide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureAbdul Khan
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125Gabor Bokor
 

More Related Content

What's hot

Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersGokul Alex
 
Cloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing CapabilitiesCloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing CapabilitiesSusanneT
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
what is cloud security(Basics)
what is cloud security(Basics)what is cloud security(Basics)
what is cloud security(Basics)Santhosh Kumar
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security Teja Babu
 
IT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business ProblemsIT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business ProblemsBrooke Bordelon
 
Intro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance CenterIntro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance CenterCraig Jahnke
 
Microsoft Azure Rights Management
Microsoft Azure Rights ManagementMicrosoft Azure Rights Management
Microsoft Azure Rights ManagementDavid J Rosenthal
 
5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a PriorityOkta-Inc
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYForgeRock
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Robert Crane
 
Cloud Managed Services: Cloud Infrastructure
Cloud Managed Services: Cloud InfrastructureCloud Managed Services: Cloud Infrastructure
Cloud Managed Services: Cloud InfrastructureThe TNS Group
 
OpenText SIE Integration Slideshare
OpenText SIE Integration SlideshareOpenText SIE Integration Slideshare
OpenText SIE Integration SlideshareOpenText
 
Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Moshe Ferber
 
Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?
Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?
Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?Viana Labs
 

What's hot (20)

Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and Frontiers
 
Cloud security
Cloud securityCloud security
Cloud security
 
Data Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for StandardsData Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for Standards
 
Cloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing CapabilitiesCloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing Capabilities
 
Impact of Cloud Computing on Healthcare v2.0
Impact of Cloud Computing on Healthcare v2.0Impact of Cloud Computing on Healthcare v2.0
Impact of Cloud Computing on Healthcare v2.0
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
 
what is cloud security(Basics)
what is cloud security(Basics)what is cloud security(Basics)
what is cloud security(Basics)
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
 
Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)
 
IT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business ProblemsIT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business Problems
 
Intro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance CenterIntro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance Center
 
Microsoft Azure Rights Management
Microsoft Azure Rights ManagementMicrosoft Azure Rights Management
Microsoft Azure Rights Management
 
5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
 
Cloud Managed Services: Cloud Infrastructure
Cloud Managed Services: Cloud InfrastructureCloud Managed Services: Cloud Infrastructure
Cloud Managed Services: Cloud Infrastructure
 
OpenText SIE Integration Slideshare
OpenText SIE Integration SlideshareOpenText SIE Integration Slideshare
OpenText SIE Integration Slideshare
 
CloudWALL Profile ENG
CloudWALL Profile ENGCloudWALL Profile ENG
CloudWALL Profile ENG
 
Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)
 
Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?
Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?
Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?
 

Similar to Securing Data in the Cloud - GISEC2017

Guide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureGuide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureAbdul Khan
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125Gabor Bokor
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01promediakw
 
Govern and Protect Your End User Information
Govern and Protect Your End User InformationGovern and Protect Your End User Information
Govern and Protect Your End User InformationDenodo
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Standards Customer Council
 
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksLions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksSAP Ariba
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing presentJames Sutter
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloudpatmisasi
 
Company concern risk migration
Company concern risk migrationCompany concern risk migration
Company concern risk migrationRaj Raj
 
Cloud Computing (Lecture 1 & 2).pptx
Cloud Computing (Lecture 1 & 2).pptxCloud Computing (Lecture 1 & 2).pptx
Cloud Computing (Lecture 1 & 2).pptxMuhammadArslan799356
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
Cloud computing- Benefits,Future and Challenges
Cloud computing- Benefits,Future and Challenges Cloud computing- Benefits,Future and Challenges
Cloud computing- Benefits,Future and Challenges RohitKumar3153
 
10 security concerns cloud computing
10 security concerns cloud computing10 security concerns cloud computing
10 security concerns cloud computingHossam Zein
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedNorm Barber
 
Cloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itCloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itHentsū
 

Similar to Securing Data in the Cloud - GISEC2017 (20)

Guide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureGuide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azure
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
 
Govern and Protect Your End User Information
Govern and Protect Your End User InformationGovern and Protect Your End User Information
Govern and Protect Your End User Information
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
 
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksLions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing present
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
Company concern risk migration
Company concern risk migrationCompany concern risk migration
Company concern risk migration
 
Cloud Computing (Lecture 1 & 2).pptx
Cloud Computing (Lecture 1 & 2).pptxCloud Computing (Lecture 1 & 2).pptx
Cloud Computing (Lecture 1 & 2).pptx
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
 
Cloud computing- Benefits,Future and Challenges
Cloud computing- Benefits,Future and Challenges Cloud computing- Benefits,Future and Challenges
Cloud computing- Benefits,Future and Challenges
 
10 security concerns cloud computing
10 security concerns cloud computing10 security concerns cloud computing
10 security concerns cloud computing
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
 
Cloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itCloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving it
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

Securing Data in the Cloud - GISEC2017

  • 1. Securing Data in the Cloud By Sohaib Mahmood (CISSP, SABSA, CCSK, CRISC) Lead Security Consultant
  • 2. Founding Partners • Alibaba Cloud was established in 2009, with R & D centers and operations in Hangzhou, Beijing and Silicon Valley. Alibaba Cloud is a strategic business unit of Alibaba Group. • Alibaba Cloud’s goal is to create the world's leading cloud computing services platform. Alibaba Cloud is committed to creating a public, open cloud computing services platform. • Alibaba Cloud provides a cloud platform for 20+ Alibaba business units in addition to serving over 2,300,000 customers. • Meraas was established to make a positive contribution to the National economy • By creating a portfolio of investments in various industry sectors, Meraas seeks to generate long term wealth enhancement to the economic and social development of Dubai. • In order to capitalize on opportunities in Dubai and beyond, Meraas is pioneering several initiatives in various macroeconomic sectors including: • Retail • Leisure & Entertainment • Hospitality • Food & Beverage •Healthcare •Residential •Technology
  • 3. Overview of Cloud Computing
  • 4. 01 Cloud SaaS Software as a Service Application and information clouds. Use provider’s applications over a network, cloud provider examples are Google Apps, Salesforce . 03 Cloud IaaS Infrastructure as a Service Infrastructure clouds. Rent processing, storage, network capacity Examples are Alibaba Cloud, AWS 02 Cloud PaaS Platform as a Service Development clouds. Deploy customer-created applications to a cloud, cloud provider examples Windows Azure, Google App Engine Cloud Computing Models
  • 5. Can Clouds be Secure? “Public cloud workloads can be at least as secure as those in your own data center, likely better.” Neil McDonald – Garter Security and Risk Management Summit London Sept 2015
  • 6. Cloud Security is a Shared Responsibility Compute Storage Networking Cloud InfraCloud Infra Data Security Server Side Encryption Client-side Encryption Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customers Security and compliance IN the Cloud Security OF the Cloud Cloud Service Provider SaaS •CSP owns application •Client owns data and access rights IaaS/PaaS • CSP owns network and hypervisors • Client owns “above the hypervisor”
  • 7. Treacherous 12 - Cloud Computing Top Threats 1. Data Breaches 2. Weak Identity, Credential and Access Management 3. Insecure APIs 4. System and Application Vulnerabilities 5. Account Hijacking 6. Malicious Insiders 7. Advanced Persistent Threats (APTs) 8. Data Loss 9. Insufficient Due Diligence 10. Abuse and Nefarious Use of Cloud Services 11. Denial of Service 12. Shared Technology Issues By Cloud Security Alliance
  • 8. Trends in Cloud Data Security & Governance Perception about Cloud Data Governance Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
  • 9. Trends in Cloud Data Security & Governance Primary Types of Data Stored in the cloud 2016 v 2014 Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
  • 10. Trends in Cloud Data Security & Governance How Data is protected in the cloud - 2016 v 2014 Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
  • 11. Trends in Cloud Data Security & Governance Use of Data De identification tools to secure data in the cloud Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
  • 12. Trends in Cloud Data Security & Governance How Encryption is applied - 2016 v 2014 Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
  • 13. Traditional Data States Apply in Clouds too… TEXT HERE Data At Rest Cloud Storage Encryption. Different Cloud Storage types will require different data at rest encryption requirements Data In Motion When Data travels between cloud consumer environment & service provider or WITHIN cloud service provider environment . Data In Use Most critical area of the lot as it poses privacy, compliance and security challenges. Typical Application usages are Banking Application, advanced data analytics CRM etc. Data In Motion
  • 14. Cloud Concerns in Data Context Oversharing of sensitive data Administrative Oversight Compliance & Regulated Data Data Sovereignty Cloud Sprawl (Cloud to Cloud Sharing)
  • 15. Data At Rest There are various Encryption controls available with pros and cons  File/Folder Encryption  Full Disk Encryption  Full Virtual Machine Encryption  Special Encryption (DB, Email)
  • 16. Data In Motion Encryption of Data in Motion needs to be considered in two places • Between Cloud Service Provide & Consumer Environment • Within CSP internal environment Various Controls Available  TLS/SSL  VPN  Virtual Private Computing (VPC)
  • 17. Data In Use  Most challenging case because of the nature of cloud and processing applications  Need to satisfy compliance, data residency and sovereignty requirements Controls Available  Encryption (Format Preserving Encryption)  Tokenization  Masking
  • 18. Approaches to Data Governance, Security & Privacy  Ask your service Provider lots of questions. Due Diligence  Data Classification  Evolving traditional Data Controls like DLP & Data Access Governance to protect Cloud Data making use of emerging technologies like CASB  Policies Enforcement  Leverage mitigating controls like Access Controls (MFA) to cater for Cloud data  Data De-identification  Compliance Enforcement  User Awareness & Coaching
  • 19. What Future Holds?  Mobile Device Accessing Cloud Data  Internet of Things Data  Smart Cities  Cyber incidents (Ransomware) impacting cloud adoption

Editor's Notes

  1. 4 years ago in meetings we were being told the cloud was insecure, very boring Lets change this quote around “If you do it right, the public cloud can be more secure than your own datacentre” That is the key, that is what today is about – how do you do it right
  2. All of these threats affect Data directly or indirectly. Some affect availability, some integrity and some confidentiality
  3. Oversharing - Users may accidentally share sensitive content such as source code, confidential information, or client records too broadly (i.e., with the whole company or publicly). Users may also re-share content with unexpected consequences, leading to risky exposure, and financial liability for the organization.  Administrative Oversight - Due to the challenges of managing data repositories, organizations may inadvertently share data with employees or contractors who have left the company or discover inherited folder permissions that are inappropriate. Without proper monitoring, such oversights can risk data exposure.  Compliance & Regulated data - Cloud apps pose a special concern with compliance regulated data. Are users uploading customer or employee personally identifiable information (PII) or consumer payment card information (PCI) into cloud apps? If so, how is this content being shared and secured? Inappropriate sharing of such content may lead to compliance violations and financial penalties.  Data Sovereignty - Corporations with a global footprint increasingly find themselves grappling with strict data residency and sovereignty challenges that require certain types of data to remain within a defined geographic border. How do organizations ensure use of this restricted data is not violating corporate policies or applicable regulations? Smart Cities Example Cloud Sprawl - In addition to tracking what users are uploading or downloading from cloud apps, there are also cloud-to-cloud transactions that may expose corporations to liability. Box and office 365 example
  4. There are pros and cons of each control and method Processing Speed, Cost (Talk about Format Preserving Encryption FPE), Many Cloud Security Provider provide basic encryption. P
  5. There are pros and cons of each control and method Processing Speed, Cost (Talk about Format Preserving Encryption FPE), Many Cloud Security Provider provide basic encryption. P
  6. Data in motion and at rest have provided cornerstone for encryption solution but encryption in use go against the basic premise of the first two. Data has to stay protected