Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
5/22/2011            Session: Cloud Security Overview!                                    y            Speaker: Mohamed El...
5/22/2011                                                                        Cloud Security   Open  SecurityArchitectu...
5/22/2011                                CSA Areas of Focus                                       Cloud Architecture      ...
5/22/2011                      Cloud Threat Model Threats• Risk 1: Resource Exhaustion• Risk 2: Customer Isolation Failure...
5/22/2011                               Cloud Security Initiatives                                     & Certificates•   T...
5/22/2011                           Some Take Aways• Beware the trap of trusting the cloud vendors too  Beware the trap of...
Upcoming SlideShare
Loading in …5

Egypt Cloud Day, May2011 -- Cloud Security


Published on

  • Be the first to like this

Egypt Cloud Day, May2011 -- Cloud Security

  1. 1. 5/22/2011 Session: Cloud Security Overview! y Speaker: Mohamed El‐Refaey!/melrefaey!/egyptcloudforum!/pages/Egypt‐Cloud‐ Forum/111055065588154 Agenda• Cloud Security  Overview• Operating in the cloud & Security.• Standards, Initiatives and Certifications• Take Aways 1
  2. 2. 5/22/2011 Cloud Security Open SecurityArchitectureActor-centricActor centric view of cloud architecture CSA Areas of Focus Security, Buss Cont., DR ing in the Cloud Data Center Operations Incident Response, Notification, Remediation Application Security Operati Encryption & Key Management Identity & Access Management Virtualization 2
  3. 3. 5/22/2011 CSA Areas of Focus Cloud Architecture ance the Cloud Governance & Enterprise Risk Management Legal & Electronic Discovery Compliance & Audit p Governa Information lifecycle Management Portability & Interoperability Top Threats (As defined by CSA)• Abuse and Nefarious Use of Cloud Abuse and Nefarious Use of Cloud  Computing• Insecure Application Programming  Interfaces• Malicious Insiders• Shared Technology Vulnerabilities Shared Technology Vulnerabilities• Data Loss/Leakage• Account, Service & Traffic Hijacking• Unknown Risk Profile 3
  4. 4. 5/22/2011 Cloud Threat Model Threats• Risk 1: Resource Exhaustion• Risk 2: Customer Isolation Failure• Risk 3: Management Interface Compromise• Risk 4: Interception of Data in Transmission• Risk 5: Data leakage on Upload/Download, Intra‐cloud• Risk 6: Insecure or Ineffective Deletion of Data• Risk 7: Distributed Denial of Service (DDoS)• Risk 8 Economic Denial of Service Risk 8: Economic Denial of Service• Risk 9: Loss or Compromise of Encryption Keys• Risk 10: Malicious Probes or Scans…• Risk 25   … Check ENISA document for the rest … Is my data safe in the cloud? 4
  5. 5. 5/22/2011 Cloud Security Initiatives  & Certificates• Trusted Cloud  McAfee Cloud  Initiative CloudAudit Security • Cloud  Security  Alliance Certificate of Cloud  FedRAMP Security Knowledge 5
  6. 6. 5/22/2011 Some Take Aways• Beware the trap of trusting the cloud vendors too Beware the trap of trusting the cloud vendors too  much• Centralized cloud model puts huge power and control  in the hands of cloud players.• Wikileaks and Amazon!• Cloud computing is a harkening back to centralizing  everything (Just not as the Internet engineered  distributed model)• Cloud Computing is not a problem‐free panacea for  businesses Thank Th k you Now, it is time for Q&A 6