More Related Content
Similar to Cloud computing risk assesment presentation
Cloud computing risk assesment presentation
- 1. Cloud Computing Risk Assessment Doneby Ahmad Taweel 1
- 2. Outline • Introduction • SurveyRisk Assessment for Cloud Computing • Assessing the Security Risks of Cloud Computing • Security and Privacy Challenges in Cloud Computing • Conclusion 2
- 3. Introduction • Massive developmentsand implementations of cloud computing services • Real advantages in term of cost and computational power • Security risks that need to be assessed and mitigated • Assessment of security risks is essential 3
- 4.
- 5. What is Riskmanagement ? • Set of activities and methods to control risks • Architecture to manage risks 5
- 6. What is Riskassessment ? • Process • Identifying the security risks • Occurrence for these risks • Impact • Safeguards against these risks • Controls for reducing or eliminating those risks 6
- 7. Risk assessment steps •Threat Identification • Vulnerability Identification(list) • Risk Determination(level) • Control Recommendation 7
- 8. Risk assessment forcloud computing • European Network and Information Security Agency (ENISA) • Pointed • Advantages and security risks • Provided • recommendations • Approaches to asses risks 8
- 9. Risk assessment forcloud computing • Risk analysis approach • Service • Methodology 9
- 10. Assessing the Security Risksof Cloud Computing • First What to Evaluate • Then How to Assess 10
- 11. What to Evaluate •Data Location • Recovery • Viability • Support in Reducing Risk 11
- 12. Data Location • Everycustomer need to know where his data are hosted, in which country the data is stored 12
- 13. Recovery • How cloudofferings will recover from total disaster? • Know what will happen if one of the offered sites went down? • Can it completely restore everything? • How much time does it need to complete restoration? 13
- 14. Viability • What wouldhappen to your service if the provider goes broke? • How would I get my data back? • Can I use the data in a replacement application? 14
- 15. Support in ReducingRisk • How to use the product safely? • To whom the instructions for setting and monitoring policies provided to ? • How to avoid phishing or malware attacks? 15
- 16. How to Assess •Qualification of the provider’s policymakers, coders and operators • What risk control processes and technical mechanisms are used? • Functionality of there services • Identification of unanticipated vulnerabilities 16
- 17. Security and Privacy Challenges 1.Authentication and Identity Management 2. Access Control and Accounting 3. Secure-Service Management 4. Privacy and Data Protection 17
- 18. Authentication and Identity Management •Users can easily access their personal information and make it available to various services across the Internet • Issue is drawbacks that could result from using different identity tokens 18
- 19. Access Control andAccounting • Access control is demanded • Access control should be flexible • The access control models should also be able to capture relevant aspects of SLAs • Accounting create privacy issues 19
- 20. Secure-Service Management • Manycloud service providers use the Web Services Description Language (WSDL) • Issues such as quality of service, price and SLAs are critical in services 20
- 21. Privacy and DataProtection • Privacy is a core issue • Protect Identity information • Transaction histories • Data stored out side the premises • who created a piece of data, who modified it and how, and so on 21
- 22. Conclusion • Risk assessmentis for helping cloud consumers • Specific risk assessment approach • Cloud computing risk assessment isn’t easy • Cloud computing need higher level of assurance • Organizations need to • Evaluate cloud-computing risks • Identify appropriate controls 22