Introduction
Survey Risk Assessment for Cloud Computing
Assessing the Security Risks of Cloud Computing
Security and Privacy Challenges in Cloud Computing
Conclusion
2. Outline
• Introduction
• Survey Risk Assessment for Cloud Computing
• Assessing the Security Risks of Cloud
Computing
• Security and Privacy Challenges in Cloud
Computing
• Conclusion
2
3. Introduction
• Massive developments and implementations of cloud
computing services
• Real advantages in term of cost and computational
power
• Security risks that need to be assessed and mitigated
• Assessment of security risks is essential
3
5. What is Risk management ?
• Set of activities and methods to control risks
• Architecture to manage risks
5
6. What is Risk assessment ?
• Process
• Identifying the security risks
• Occurrence for these risks
• Impact
• Safeguards against these risks
• Controls for reducing or eliminating those risks 6
11. What to Evaluate
• Data Location
• Recovery
• Viability
• Support in Reducing Risk
11
12. Data Location
• Every customer need to know where his data are
hosted, in which country the data is stored
12
13. Recovery
• How cloud offerings will recover from total disaster?
• Know what will happen if one of the offered sites
went down?
• Can it completely restore everything?
• How much time does it need to complete restoration?
13
14. Viability
• What would happen to your service if the provider
goes broke?
• How would I get my data back?
• Can I use the data in a replacement application?
14
15. Support in Reducing Risk
• How to use the product safely?
• To whom the instructions for setting and monitoring
policies provided to ?
• How to avoid phishing or malware attacks?
15
16. How to Assess
• Qualification of the provider’s policymakers, coders
and operators
• What risk control processes and technical
mechanisms are used?
• Functionality of there services
• Identification of unanticipated vulnerabilities
16
17. Security and
Privacy Challenges
1. Authentication and Identity Management
2. Access Control and Accounting
3. Secure-Service Management
4. Privacy and Data Protection
17
18. Authentication and Identity
Management
• Users can easily access their personal information and
make it available to various services across the
Internet
• Issue is drawbacks that could result from using
different identity tokens
18
19. Access Control and Accounting
• Access control is demanded
• Access control should be flexible
• The access control models should also be able to
capture relevant aspects of SLAs
• Accounting create privacy issues
19
20. Secure-Service Management
• Many cloud service providers use the Web Services
Description Language (WSDL)
• Issues such as quality of service, price and SLAs are
critical in services
20
21. Privacy and Data Protection
• Privacy is a core issue
• Protect Identity information
• Transaction histories
• Data stored out side the premises
• who created a piece of data, who modified it and how,
and so on
21
22. Conclusion
• Risk assessment is for helping cloud consumers
• Specific risk assessment approach
• Cloud computing risk assessment isn’t easy
• Cloud computing need higher level of assurance
• Organizations need to
• Evaluate cloud-computing risks
• Identify appropriate controls
22