SlideShare a Scribd company logo

Cloud computing Security

Cloud Genius
Cloud Genius

Cloud computing Security

Technology
1 of 15
Download to read offline
Cloud Computing Security1
Cloud Computing Security 2
Cloud Security Issues/Concerns ¨  Faced by providers ¤  Ensure that infrastructure is secure ¤  Client data and apps are protected ¨  Faced by clients ¤  Ensure that provider has taken proper measures to protect info 3 Security and Privacy Compliance Legal/ Contractual issues
Security and Privacy ¨  Data Protection ¤  Data stored securely n  when at rest and n  while in motion ¨  Identity Management ¤  ID Federation ¤  Single Sign On ¤  Other Identity Management that Clients dictate ¨  Physical and Personnel Security ¤  Access is secured and documented ¨  Availability ¤  Regular and predictable access to data and applications ¨  Application Security ¤  Testing and acceptance procedure for 3rd party code/outsourced code ¤  App level firewalls ¨  Privacy ¤  Only authorized users access information ¤  Digital identity protection 4
Compliance Cloud providers must enable clients to comply with regulations ¨  Laws and Regulations ¤  Depends on geography and laws of the land ¤  e.g., Health Insurance Portability and Accountability Act (HIPAA), Sarbanes- Oxley Act (SarbOx) ¨  Industry Standards ¤  e.g., Payment Card Industry Data Security Standard (PCI DSS) ¨  Regular reporting requirements ¨  Audit Trails ¨  Business Continuity and Data Recovery ¤  Services continue even in case of a disaster ¤  Plan for recovery of lost data ¨  Logs and Audit Trails ¤  eDiscovery ¤  Forensic Investigation ¨  Client specific compliance requirements ¨  Data isolation requirements 5
Legal/Contractual Issues ¨  Liability Terms ¨  Intellectual Property ¨  End of service obligations ¨  Public records ¤  Record keeping ¤  Retain and make data available ¤  May be stipulated by law 6
Computer Security 7 Secure OS Secure Architecture Security by design Secure coding practise Vulnerability Eavesdropping Exploits Trojans/Virus/DOS Payloads Backdoors/Rootkits/Key loggers ComputerSecurity ComputerInsecurity
Security by Design 8 ¨  Principle of least privilege ¤  An entity has only the privileges it needs to function ¤  Hacker gaining access to one part would find it equally difficult to access other parts ¨  Breaking modules into small individual components simplifies correct design of crucial software subsystems ¨  Rigorous code review and unit testing ¨  Smart Secure Default Settings ¤  Fail to a secure state. Not fail to an insecure state ¤  A secure system should require deliberate, conscious, knowledgeable and free decision on part of legitimate authority in order to make it insecure
Security Architecture ¨  Design artifacts that describe how security controls are positioned to ensure system quality attributes 9 Confidentiality Integrity AvailabilityAccountability Assurance
Hardware Mechanisms for Security 10 ¨  Hardware based or hardware assisted compliments software based security, e.g, ¤  Trusted Platform Modules (TPM) ¤  Devices/Dongles that require physical access
Secure OS 11 ¨  Ultra-strong secure OS ¤  Based on kernel that guarantee certain security policies are absolutely enforced in an operating environment ¤  e.g., Bell-LaPadula model ¤  Such OS are not widely known ¤  Used primarily to protect n  National security/Military secrets ¤  e.g., NSA Blacker, Honeywell SCOMP ¤  Achieve the orange book standard Microprocessor Hardware Features such as memory management Correctly implemented OS kernel
Secure Coding 12 ¨  Most commercial OS fall in a “low security” category so applications must make themselves resistant to malicious subversion ¨  Common software defects include ¤  buffer overflows ¤  format string vulnerabilities ¤  integer overflow ¤  code/command injection ¤  dangling pointers
Application Threats/Attacks ¨  Input Validation ¤  Buffer overflow, cross site scripting, SQL injection ¨  Authentication ¤  Eavesdropping, brute force attack, dictionary attach, cookie replay, credential theft ¨  Authorization ¤  Elevation of privilege, disclosure of confidential info, data tampering ¨  Configuration Management ¤  Unauth access to admin interfaces, retrieval of config data in clear text, lack of individual accountability ¨  Sensitive Information ¤  Unauth access to stored data ¨  Session Management ¤  Session hijacking, session replace, man in the middle attacks ¨  Cryptography ¤  Poor key generation, weak encryption, improper key management practices ¨  Parameter Manipulation ¤  Query string manipulation, Form field manipulation, cookie manipulation, HTTP header manipulation ¨  Exception management ¤  Improper info disclosure, denial of service ¨  Auditing and logging ¤  User denies performing an operation, attacker exploits without a trace or covers the tracks 13
Questions and discussion on topic 14
15 Thank you.

Recommended

Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNithin Raj
 
Cloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedCloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedPorticor - The Cloud Security Experts
 
Cloud security
Cloud securityCloud security
Cloud securityBikashPokharel3
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simpleSameer Paradia
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)أحلام انصارى
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 

Recommended

Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNithin Raj
 
Cloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedCloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedPorticor - The Cloud Security Experts
 
Cloud security
Cloud securityCloud security
Cloud securityBikashPokharel3
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simpleSameer Paradia
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)أحلام انصارى
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 
Secaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidanceSecaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidancedrewz lin
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing Reza Pahlava
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentKaashivInfoTech Company
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Cloud security
Cloud securityCloud security
Cloud securityTushar Kayande
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud ComputingKeet Sugathadasa
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security GovernanceShankar Subramaniyan
 
Strategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceStrategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceAberla
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - KloudlearnKloudLearn
 
Intel SaaS Security Playbook
Intel SaaS Security PlaybookIntel SaaS Security Playbook
Intel SaaS Security PlaybookIntel IT Center
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recoverySameeu Imad
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 
4.5.cloud security
4.5.cloud security4.5.cloud security
4.5.cloud securityDrRajapraveenkN
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloudAzure Group
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell ApartIBM Security
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptxmishogelashvili28
 
Security for io t apr 29th mentor embedded hangout
Security for io t apr 29th mentor embedded hangoutSecurity for io t apr 29th mentor embedded hangout
Security for io t apr 29th mentor embedded hangoutmentoresd
 

More Related Content

What's hot

Secaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidanceSecaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidancedrewz lin
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing Reza Pahlava
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentKaashivInfoTech Company
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud ComputingKeet Sugathadasa
 
Strategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceStrategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceAberla
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - KloudlearnKloudLearn
 
Intel SaaS Security Playbook
Intel SaaS Security PlaybookIntel SaaS Security Playbook
Intel SaaS Security PlaybookIntel IT Center
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recoverySameeu Imad
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloudAzure Group
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell ApartIBM Security
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
 

What's hot (20)

Secaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidanceSecaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidance
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud Environment
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
Strategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceStrategy Cloud and Security as a Service
Strategy Cloud and Security as a Service
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - Kloudlearn
 
Intel SaaS Security Playbook
Intel SaaS Security PlaybookIntel SaaS Security Playbook
Intel SaaS Security Playbook
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recovery
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
 
4.5.cloud security
4.5.cloud security4.5.cloud security
4.5.cloud security
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloud
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 

Similar to Cloud computing Security

Security for io t apr 29th mentor embedded hangout
Security for io t apr 29th mentor embedded hangoutSecurity for io t apr 29th mentor embedded hangout
Security for io t apr 29th mentor embedded hangoutmentoresd
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Trustworthy Records Retention
Trustworthy Records Retention Trustworthy Records Retention
Trustworthy Records Retention Arwa
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1bora.gungoren
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17LennartF
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!MarketingArrowECS_CZ
 
UplinQ - the future of mobile security
UplinQ - the future of mobile securityUplinQ - the future of mobile security
UplinQ - the future of mobile securitySatya Harish
 
Network Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationNetwork Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationDouglas Gourlay
 
Chapter 11Database Control Issues Security, Backup an.docx
Chapter 11Database Control Issues Security, Backup an.docxChapter 11Database Control Issues Security, Backup an.docx
Chapter 11Database Control Issues Security, Backup an.docxketurahhazelhurst
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...Ulf Mattsson
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012RECIPA
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPandreasschuster
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Precisely
 
Datasheet: Security
Datasheet: SecurityDatasheet: Security
Datasheet: SecurityVoIPstudio
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
 

Similar to Cloud computing Security (20)

Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
 
Security for io t apr 29th mentor embedded hangout
Security for io t apr 29th mentor embedded hangoutSecurity for io t apr 29th mentor embedded hangout
Security for io t apr 29th mentor embedded hangout
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Widepoint orc thales webinar 111313d - nov 2013
Widepoint orc thales webinar 111313d - nov 2013Widepoint orc thales webinar 111313d - nov 2013
Widepoint orc thales webinar 111313d - nov 2013
 
Trustworthy Records Retention
Trustworthy Records Retention Trustworthy Records Retention
Trustworthy Records Retention
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
 
Ecommerce Security
Ecommerce SecurityEcommerce Security
Ecommerce Security
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
 
UplinQ - the future of mobile security
UplinQ - the future of mobile securityUplinQ - the future of mobile security
UplinQ - the future of mobile security
 
The Future Mobile Security
The Future Mobile Security The Future Mobile Security
The Future Mobile Security
 
Network Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationNetwork Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems Presentation
 
Chapter 11Database Control Issues Security, Backup an.docx
Chapter 11Database Control Issues Security, Backup an.docxChapter 11Database Control Issues Security, Backup an.docx
Chapter 11Database Control Issues Security, Backup an.docx
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLP
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 
Datasheet: Security
Datasheet: SecurityDatasheet: Security
Datasheet: Security
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 

More from Cloud Genius

Netflix cloud architecture...continued
Netflix cloud architecture...continuedNetflix cloud architecture...continued
Netflix cloud architecture...continuedCloud Genius
 
From DVD in the mail to Streaming from the Cloud
From DVD in the mail to Streaming from the CloudFrom DVD in the mail to Streaming from the Cloud
From DVD in the mail to Streaming from the CloudCloud Genius
 
Architecting applications in the AWS cloud
Architecting applications in the AWS cloudArchitecting applications in the AWS cloud
Architecting applications in the AWS cloudCloud Genius
 
Network characteristics of the cloud
Network characteristics of the cloudNetwork characteristics of the cloud
Network characteristics of the cloudCloud Genius
 
Meeting application performance needs: Scaling up versus scaling out
Meeting application performance needs: Scaling up versus scaling outMeeting application performance needs: Scaling up versus scaling out
Meeting application performance needs: Scaling up versus scaling outCloud Genius
 
Understanding application requirements
Understanding application requirementsUnderstanding application requirements
Understanding application requirementsCloud Genius
 
Understanding business_requirements: Security_legal_compliance_budgets
Understanding business_requirements: Security_legal_compliance_budgetsUnderstanding business_requirements: Security_legal_compliance_budgets
Understanding business_requirements: Security_legal_compliance_budgetsCloud Genius
 
1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architecture1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architectureCloud Genius
 

More from Cloud Genius (8)

Netflix cloud architecture...continued
Netflix cloud architecture...continuedNetflix cloud architecture...continued
Netflix cloud architecture...continued
 
From DVD in the mail to Streaming from the Cloud
From DVD in the mail to Streaming from the CloudFrom DVD in the mail to Streaming from the Cloud
From DVD in the mail to Streaming from the Cloud
 
Architecting applications in the AWS cloud
Architecting applications in the AWS cloudArchitecting applications in the AWS cloud
Architecting applications in the AWS cloud
 
Network characteristics of the cloud
Network characteristics of the cloudNetwork characteristics of the cloud
Network characteristics of the cloud
 
Meeting application performance needs: Scaling up versus scaling out
Meeting application performance needs: Scaling up versus scaling outMeeting application performance needs: Scaling up versus scaling out
Meeting application performance needs: Scaling up versus scaling out
 
Understanding application requirements
Understanding application requirementsUnderstanding application requirements
Understanding application requirements
 
Understanding business_requirements: Security_legal_compliance_budgets
Understanding business_requirements: Security_legal_compliance_budgetsUnderstanding business_requirements: Security_legal_compliance_budgets
Understanding business_requirements: Security_legal_compliance_budgets
 
1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architecture1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architecture
 

Recently uploaded

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 

Cloud computing Security

  • 3. Cloud Security Issues/Concerns ¨  Faced by providers ¤  Ensure that infrastructure is secure ¤  Client data and apps are protected ¨  Faced by clients ¤  Ensure that provider has taken proper measures to protect info 3 Security and Privacy Compliance Legal/ Contractual issues
  • 4. Security and Privacy ¨  Data Protection ¤  Data stored securely n  when at rest and n  while in motion ¨  Identity Management ¤  ID Federation ¤  Single Sign On ¤  Other Identity Management that Clients dictate ¨  Physical and Personnel Security ¤  Access is secured and documented ¨  Availability ¤  Regular and predictable access to data and applications ¨  Application Security ¤  Testing and acceptance procedure for 3rd party code/outsourced code ¤  App level firewalls ¨  Privacy ¤  Only authorized users access information ¤  Digital identity protection 4
  • 5. Compliance Cloud providers must enable clients to comply with regulations ¨  Laws and Regulations ¤  Depends on geography and laws of the land ¤  e.g., Health Insurance Portability and Accountability Act (HIPAA), Sarbanes- Oxley Act (SarbOx) ¨  Industry Standards ¤  e.g., Payment Card Industry Data Security Standard (PCI DSS) ¨  Regular reporting requirements ¨  Audit Trails ¨  Business Continuity and Data Recovery ¤  Services continue even in case of a disaster ¤  Plan for recovery of lost data ¨  Logs and Audit Trails ¤  eDiscovery ¤  Forensic Investigation ¨  Client specific compliance requirements ¨  Data isolation requirements 5
  • 6. Legal/Contractual Issues ¨  Liability Terms ¨  Intellectual Property ¨  End of service obligations ¨  Public records ¤  Record keeping ¤  Retain and make data available ¤  May be stipulated by law 6
  • 7. Computer Security 7 Secure OS Secure Architecture Security by design Secure coding practise Vulnerability Eavesdropping Exploits Trojans/Virus/DOS Payloads Backdoors/Rootkits/Key loggers ComputerSecurity ComputerInsecurity
  • 8. Security by Design 8 ¨  Principle of least privilege ¤  An entity has only the privileges it needs to function ¤  Hacker gaining access to one part would find it equally difficult to access other parts ¨  Breaking modules into small individual components simplifies correct design of crucial software subsystems ¨  Rigorous code review and unit testing ¨  Smart Secure Default Settings ¤  Fail to a secure state. Not fail to an insecure state ¤  A secure system should require deliberate, conscious, knowledgeable and free decision on part of legitimate authority in order to make it insecure
  • 9. Security Architecture ¨  Design artifacts that describe how security controls are positioned to ensure system quality attributes 9 Confidentiality Integrity AvailabilityAccountability Assurance
  • 10. Hardware Mechanisms for Security 10 ¨  Hardware based or hardware assisted compliments software based security, e.g, ¤  Trusted Platform Modules (TPM) ¤  Devices/Dongles that require physical access
  • 11. Secure OS 11 ¨  Ultra-strong secure OS ¤  Based on kernel that guarantee certain security policies are absolutely enforced in an operating environment ¤  e.g., Bell-LaPadula model ¤  Such OS are not widely known ¤  Used primarily to protect n  National security/Military secrets ¤  e.g., NSA Blacker, Honeywell SCOMP ¤  Achieve the orange book standard Microprocessor Hardware Features such as memory management Correctly implemented OS kernel
  • 12. Secure Coding 12 ¨  Most commercial OS fall in a “low security” category so applications must make themselves resistant to malicious subversion ¨  Common software defects include ¤  buffer overflows ¤  format string vulnerabilities ¤  integer overflow ¤  code/command injection ¤  dangling pointers
  • 13. Application Threats/Attacks ¨  Input Validation ¤  Buffer overflow, cross site scripting, SQL injection ¨  Authentication ¤  Eavesdropping, brute force attack, dictionary attach, cookie replay, credential theft ¨  Authorization ¤  Elevation of privilege, disclosure of confidential info, data tampering ¨  Configuration Management ¤  Unauth access to admin interfaces, retrieval of config data in clear text, lack of individual accountability ¨  Sensitive Information ¤  Unauth access to stored data ¨  Session Management ¤  Session hijacking, session replace, man in the middle attacks ¨  Cryptography ¤  Poor key generation, weak encryption, improper key management practices ¨  Parameter Manipulation ¤  Query string manipulation, Form field manipulation, cookie manipulation, HTTP header manipulation ¨  Exception management ¤  Improper info disclosure, denial of service ¨  Auditing and logging ¤  User denies performing an operation, attacker exploits without a trace or covers the tracks 13