Introduction Survey Risk Assessment for Cloud Computing Assessing the Security Risks of Cloud Computing Security and Privacy Challenges in Cloud Computing Conclusion

1. Cloud Computing
Risk Assessment
Done by Ahmad Taweel
1

2. Outline
• Introduction
• Survey Risk Assessment for Cloud Computing
• Assessing the Security Risks of Cloud
Computing
• Security and Privacy Challenges in Cloud
Computing
• Conclusion
2

3. Introduction
• Massive developments and implementations of cloud
computing services
• Real advantages in term of cost and computational
power
• Security risks that need to be assessed and mitigated
• Assessment of security risks is essential
3

4. Cloud Computing
4

5. What is Risk management ?
• Set of activities and methods to control risks
• Architecture to manage risks
5

6. What is Risk assessment ?
• Process
• Identifying the security risks
• Occurrence for these risks
• Impact
• Safeguards against these risks
• Controls for reducing or eliminating those risks 6

7. Risk assessment steps
• Threat Identification
• Vulnerability Identification(list)
• Risk Determination(level)
• Control Recommendation
7

8. Risk assessment for cloud
computing
• European Network and Information Security Agency
(ENISA)
• Pointed
• Advantages and security risks
• Provided
• recommendations
• Approaches to asses risks
8

9. Risk assessment for cloud
computing
• Risk analysis approach
• Service
• Methodology
9

10. Assessing the Security
Risks of Cloud Computing
• First What to Evaluate
• Then How to Assess
10

11. What to Evaluate
• Data Location
• Recovery
• Viability
• Support in Reducing Risk
11

12. Data Location
• Every customer need to know where his data are
hosted, in which country the data is stored
12

13. Recovery
• How cloud offerings will recover from total disaster?
• Know what will happen if one of the offered sites
went down?
• Can it completely restore everything?
• How much time does it need to complete restoration?
13

14. Viability
• What would happen to your service if the provider
goes broke?
• How would I get my data back?
• Can I use the data in a replacement application?
14

15. Support in Reducing Risk
• How to use the product safely?
• To whom the instructions for setting and monitoring
policies provided to ?
• How to avoid phishing or malware attacks?
15

16. How to Assess
• Qualification of the provider’s policymakers, coders
and operators
• What risk control processes and technical
mechanisms are used?
• Functionality of there services
• Identification of unanticipated vulnerabilities
16

17. Security and
Privacy Challenges
1. Authentication and Identity Management
2. Access Control and Accounting
3. Secure-Service Management
4. Privacy and Data Protection
17

18. Authentication and Identity
Management
• Users can easily access their personal information and
make it available to various services across the
Internet
• Issue is drawbacks that could result from using
different identity tokens
18

19. Access Control and Accounting
• Access control is demanded
• Access control should be flexible
• The access control models should also be able to
capture relevant aspects of SLAs
• Accounting create privacy issues
19

20. Secure-Service Management
• Many cloud service providers use the Web Services
Description Language (WSDL)
• Issues such as quality of service, price and SLAs are
critical in services
20

21. Privacy and Data Protection
• Privacy is a core issue
• Protect Identity information
• Transaction histories
• Data stored out side the premises
• who created a piece of data, who modified it and how,
and so on
21

22. Conclusion
• Risk assessment is for helping cloud consumers
• Specific risk assessment approach
• Cloud computing risk assessment isn’t easy
• Cloud computing need higher level of assurance
• Organizations need to
• Evaluate cloud-computing risks
• Identify appropriate controls
22