SlideShare a Scribd company logo

Cloud Computing : Security and Forensics

Download as PPTX, PDF
Govind Maheswaran
Govind Maheswaran

This document discusses a seminar on cloud computing security and forensics. It covers topics like cloud security risks, risk assessment, and cloud forensics. The seminar aims to help people understand security issues in cloud computing and how to address them.

Technology
1 of 41
Seminar on Cloud Computing : Security and Forensics Govind Maheswaran govindmaheswaran@gmail.com facebook.com/govindmaheswaran twitter.com/RestlessMystic
Cloud Computing Cloud security Risk Assesment Cloud Forensics Conclusion
“The cloud is for everyone. The cloud is a democracy.”
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models In Simple English, I can get my data when I want, over some kind of network, and even though the data might be coming from different places and my computing power shared with others, somehow the back end is going to scale up or down to fulfill my needs, and interestingly, bills me for only what I use.
On-Demand • Unilaterally provision computing capabilities as needed automatically, without requiring human interaction with a Self-Service service provider Resource • The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model Pooling • Shared pools are assigned and reallocated as per requirement • Upgrade? More memory required? New software version? Rapid Elasticity Incompatibility with current version? • “The Cloud Almighty” has it all… Broad Network • Available over the network and accessed through standard Access mechanisms Measured • Metering capability • Resource usage can be monitored, controlled, and reported — Service providing transparency for both the provider and consumer
•Servers and Network •Cloud OS and Platforms •User gets the software as connections. •All the user needs is to a web service. •User needs to install put up his applications. •Eg : Google Docs, Office Required OS and Platform •Eg : Windows Hyper V 365, Amazon S3 and Applications.(some Cloud, Amazon EC2 vendors provide OS) •Eg: Windows Azure Infrastructure Platform as a Software as a as a Service Service Service [IaaS] [PaaS] [SaaS] Processor Runtime Application Operating Memory API Web Service System Storage Web Server Web UI
Public Cloud Community Cloud Private Cloud Hybrid Cloud
Compute Storage Database Transaction
• Scale vs. Cost • Lack of Control Pros Cons • Multiplatform • Reliability support Issues • Encapsulated • Lock In Change • Data out of Management Premises • Next-Gen • Security Architecture
“They're certainly a threat, and would be easy to make malicious.” “The technology demands of the cybersecurity adviser's job are relatively trivial..”
* Cloud is a relatively newer technology. So, its security domains are not fully known. * Cloud based Security Risks => CRISKS * Hardware * Data * Applications * (in short, everything in the cloud) Some major security Issues are discussed in the following slides
• Any kind of intentional and un-intentional malicious activity carried out or executed on a shared platform may affect the other tenants and associated stake holders. • Eg : Blocking of IP Ranges, Confiscation of resources etc • Sudden increase in the resource usage by one application can drastically affect the performance and availability of other applications shared in the same cloud infrastructure.
• Bankruptcy and catastrophes does not come with an early warning. • Such a run-on-the-cloud may lead to acquisitions or mergers. • Sudden take over can result in a deviation from the agreed Terms of Use & License Agreement which may lead to a Lock- In situation.
• Migrating from cloud is difficult, as different cloud providers use various OS n middleware and APIs • Also, sudden change of provider policies may make the user stuck with the cloud. • The user may want to quit, but he cannot as his data is in the cloud. • Lock-In Situation
• Handled by the Provider • User rarely has information about the protection facilities. • Prevent unauthorized access by the priviledged employees of Service Provider
• The service provider may be following good security procedures, but it is not visible to the customers and end users. • May be due to security reasons. • End user questions remains un-answered: • how the data is backed up, who back up the data,whether the cloud service provider does it or has they outsourced to some third party,
• Confidential data remains confidential. • The information deleted by the customer may be available to the cloud solution provider as part of their regular backups. • Insecure and inefficient deletion of data where true data wiping is not happening, exposing the sensitive information to other cloud users.
• Vulnerabilities applicable to programs running in the conventional systems & networks are also applicable to cloud infrastructure. • It also requires application security measures (application- level firewalls) be in place in the production environment.
• The cloud provider maintains logs of none/some/all of the cloud activities • The end user has no access to these logs,neither are they aware of what exactly are being logged.
• Security testing is a process to determine that an information system protects data and maintains functionality as intended. • Cloud security testing is futile, due to the following reasons.  Permission Issues  If a user traverse through unauthorised areas of a cloud, he may reach a black hole.  An application is tested today and found vulnerable or not, how do you know that the app tested tomorrow is the same one that was tested yesterday?
“Who protects my data?” “Are we to skip on-site inspections, discoverability, and complex encryption schemes..”
• Although Cloud can be considered a failure in terms of Security, there are still many takers for it. • This is mainly due to the Multi-tenancy(cost sharing) aspect. • A risk based approach needs to be adopted, after considering the profit and loss involved in moving the assets to the cloud. An RA Framework is presented in the coming slides…
Map the Evaluate asset to Cloud Sketch the Identify Evaluate Existing Service Potential the Asset The Asset cloud Models and Data Flow Deployment Providers Models
Map the Evaluate asset to Cloud Sketch the Identify Evaluate Existing Service Potential the Asset The Asset cloud Models and Data Flow Deployment Providers Models • Assets can be Data or Applications. Choose which all needs to be migrated to the cloud. • In cloud, data and application need not reside at the same location. • Thus,even parts of functions can be shifted to the cloud. • Make the choice based upon current data usage, and potential data usage.
Map the Evaluate asset to Cloud Sketch the Identify Evaluate Existing Service Potential the Asset The Asset cloud Models and Data Flow Deployment Providers Models • Determine how Important and sensitive the asset is to the organisation. • In short, evaluate the asset on the basis of Confidentiality and availability.
Map the Evaluate asset to Cloud Sketch the Identify Evaluate Existing Service Potential the Asset The Asset cloud Models and Data Flow Deployment Providers Models • Determine which deployment model is good for the organizational requirement • Decide whether the organization can accept the risks implicit to the various deployment models (private, public, community, or hybrid).
Map the Evaluate asset to Cloud Sketch the Identify Evaluate Existing Service Potential the Asset The Asset cloud Models and Data Flow Deployment Providers Models • Determine which service deployment model is good for the organizational requirement • Decide whether the organization is competent enough to implement the extra layers (in case of IaaS or PaaS)
Map the Evaluate asset to Cloud Sketch the Identify Evaluate Existing Service Potential the Asset The Asset cloud Models and Data Flow Deployment Providers Models • Required to analyse how and when data will move In and Out the cloud..
“They're certainly a threat, and would be easy to make malicious.” “Quiet as the forest”
DEFINITION: “The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.” Cloud Forensics refers to the usage of Digital Forensics Science in Cloud computing models.
• Cloud forensics is more cost effective than conventional Digital forensic methodologies. • In case a cloud need to be shut down for data collection,it can be implemented with very less extra work (transfering data to another data center within the same cloud) • Forensics may be implemented as a Cloud Service.
Legal Regulations Legal & regulatory requirements and compliances may be lacking in the location(s) where the data is actually stored. Record Retention Policies There exists no standardized logging format for the cloud. Each provider logs in different formats, making log crunching for forensics difficult in case of Cloud. Identity Management There exists no proper KYC norms in case of Cloud Providers. Anyone with a credit card can purchase a cloud account.
Continously Overwriten Logs The cloud keeps working, and its logs are replicated and overwritten continously. So it poses a great challenge to the forensic scientist to spot the state of the log file at the time of an attempted crime.. Admissibility Along with finding the evidence, the scientist must also prove it to a legal non technical person. This part is worser than the real forensics process. Privacy Someone hacked something somewhere. Why should a Forensic guy check the data that i have put in my cloud ..?
• Cloud is changing the way systems and services are provided and utilized. • The more informed IT departments are about the cloud, the better the position they will be in when making decisions about deploying, developing, and maintaining systems in the cloud. • With so many different cloud deployment and service models, and their hybrid permutations - no list of security controls can cover all these circumstances. • Cloud has just crossed its inception states, and Researches on cloud security are still going on.
• Use a Risk Assesment framework before data is put on the cloud. • Cloud forensics, being younger than Cloud computing, has very less to offer as of now. • Watch your activities, keep in touch with your cloud service provider, read the user manual carefully.
• Cloud Security Alliance, a non Profit Cloud Evangelists Group https://cloudsecurityalliance.org/ • Microsoft Corporation, Windows Azure http://www.microsoft.com/windowsazure • IEEE Paper “Cloud Computing: The impact on digital forensic investigations “ • IEEE Paper “Cloud computing: Forensic challenges for law enforcement “ • Cyber Forensics by Albert J Marcella and Robert greenfield
Drop me a mail : govindmaheswaran@gmail.com

Recommended

Cloud Computing Forensic Science
Cloud Computing Forensic Science Cloud Computing Forensic Science
Cloud Computing Forensic Science David Sweigert
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computingprachupanchal
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Challenges of Cloud Forensics.pptx
Challenges of Cloud Forensics.pptxChallenges of Cloud Forensics.pptx
Challenges of Cloud Forensics.pptxShehanSanjula
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Identacor
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesrahul kundu
 
Cloud Mashup
Cloud MashupCloud Mashup
Cloud MashupVasco Elvas
 

Recommended

Cloud Computing Forensic Science
Cloud Computing Forensic Science Cloud Computing Forensic Science
Cloud Computing Forensic Science David Sweigert
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computingprachupanchal
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Challenges of Cloud Forensics.pptx
Challenges of Cloud Forensics.pptxChallenges of Cloud Forensics.pptx
Challenges of Cloud Forensics.pptxShehanSanjula
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Identacor
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesrahul kundu
 
Cloud Mashup
Cloud MashupCloud Mashup
Cloud MashupVasco Elvas
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
Unit 2 -Cloud Computing Architecture
Unit 2 -Cloud Computing ArchitectureUnit 2 -Cloud Computing Architecture
Unit 2 -Cloud Computing ArchitectureMonishaNehkal
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model PresentationGowdhaman Jothilingam
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksWilliam McBorrough
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Jack Forbes
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computingmovinghats
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security Akhila Param
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical SystemsBob Marcus
 
Security & Privacy In Cloud Computing
Security & Privacy In Cloud ComputingSecurity & Privacy In Cloud Computing
Security & Privacy In Cloud Computingsaurabh soni
 
Cloud security
Cloud securityCloud security
Cloud securityTushar Kayande
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security ChallengesYateesh Yadav
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Samrat Das
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud EncryptionRituparnaNag
 
Cloud Deployments Models
Cloud Deployments ModelsCloud Deployments Models
Cloud Deployments ModelsMohamed Sami El-Tahawy
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningValdez Ladd MBA, CISSP, CISA,
 

More Related Content

What's hot

The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
Unit 2 -Cloud Computing Architecture
Unit 2 -Cloud Computing ArchitectureUnit 2 -Cloud Computing Architecture
Unit 2 -Cloud Computing ArchitectureMonishaNehkal
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksWilliam McBorrough
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Jack Forbes
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computingmovinghats
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security Akhila Param
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical SystemsBob Marcus
 
Security & Privacy In Cloud Computing
Security & Privacy In Cloud ComputingSecurity & Privacy In Cloud Computing
Security & Privacy In Cloud Computingsaurabh soni
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security ChallengesYateesh Yadav
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Samrat Das
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 

What's hot (20)

The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
Unit 2 -Cloud Computing Architecture
Unit 2 -Cloud Computing ArchitectureUnit 2 -Cloud Computing Architecture
Unit 2 -Cloud Computing Architecture
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and Risks
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical Systems
 
Security & Privacy In Cloud Computing
Security & Privacy In Cloud ComputingSecurity & Privacy In Cloud Computing
Security & Privacy In Cloud Computing
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
 
Cloud Deployments Models
Cloud Deployments ModelsCloud Deployments Models
Cloud Deployments Models
 

Viewers also liked

Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Cloud Forensics
Cloud ForensicsCloud Forensics
Cloud Forensicssdavis532
 
Providing Proofs of Past Data Possession in Cloud Forensics
Providing Proofs of Past Data Possession in Cloud Forensics Providing Proofs of Past Data Possession in Cloud Forensics
Providing Proofs of Past Data Possession in Cloud Forensics zawoad
 
Digital forensics ahmed emam
Digital forensics ahmed emamDigital forensics ahmed emam
Digital forensics ahmed emamahmad abdelhafeez
 
NGN Japan 2012-2017
NGN Japan 2012-2017NGN Japan 2012-2017
NGN Japan 2012-2017Kabir Ahmad
 
Performance Analysis of Mobile Security Protocols: Encryption and Authenticat...
Performance Analysis of Mobile Security Protocols: Encryption and Authenticat...Performance Analysis of Mobile Security Protocols: Encryption and Authenticat...
Performance Analysis of Mobile Security Protocols: Encryption and Authenticat...CSCJournals
 
Babadook
BabadookBabadook
Babadookjupton1
 
MEDIA ICMI EDISI 11
MEDIA ICMI EDISI 11 MEDIA ICMI EDISI 11
MEDIA ICMI EDISI 11 ICMI Pusat
 
Mobile security
Mobile securityMobile security
Mobile securityStefaan
 
Looking for Information Vacuums
Looking for Information VacuumsLooking for Information Vacuums
Looking for Information VacuumsInfo Ops HQ
 
Delivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsDelivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsCloudPassage
 
Anti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionAnti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionSeccuris Inc.
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsZyxware Technologies
 
Cloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsCloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsSandeep Saxena
 
Mobile security
Mobile securityMobile security
Mobile securityMphasis
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security IssuesStelios Krasadakis
 

Viewers also liked (20)

Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit Planning
 
Cloud Forensics
Cloud ForensicsCloud Forensics
Cloud Forensics
 
Ceic 2012 anti-anti-forensics
Ceic 2012 anti-anti-forensicsCeic 2012 anti-anti-forensics
Ceic 2012 anti-anti-forensics
 
Providing Proofs of Past Data Possession in Cloud Forensics
Providing Proofs of Past Data Possession in Cloud Forensics Providing Proofs of Past Data Possession in Cloud Forensics
Providing Proofs of Past Data Possession in Cloud Forensics
 
Digital forensics ahmed emam
Digital forensics ahmed emamDigital forensics ahmed emam
Digital forensics ahmed emam
 
NGN Japan 2012-2017
NGN Japan 2012-2017NGN Japan 2012-2017
NGN Japan 2012-2017
 
Performance Analysis of Mobile Security Protocols: Encryption and Authenticat...
Performance Analysis of Mobile Security Protocols: Encryption and Authenticat...Performance Analysis of Mobile Security Protocols: Encryption and Authenticat...
Performance Analysis of Mobile Security Protocols: Encryption and Authenticat...
 
Babadook
BabadookBabadook
Babadook
 
MEDIA ICMI EDISI 11
MEDIA ICMI EDISI 11 MEDIA ICMI EDISI 11
MEDIA ICMI EDISI 11
 
Updated CV
Updated CVUpdated CV
Updated CV
 
Mobile security
Mobile securityMobile security
Mobile security
 
Looking for Information Vacuums
Looking for Information VacuumsLooking for Information Vacuums
Looking for Information Vacuums
 
Delivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsDelivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS Products
 
Anti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionAnti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and prevention
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensics
 
Cloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsCloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security Metrics
 
Mobile security
Mobile securityMobile security
Mobile security
 
IaaS Security - Back to the Drawing Board
IaaS Security - Back to the Drawing BoardIaaS Security - Back to the Drawing Board
IaaS Security - Back to the Drawing Board
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security Issues
 

Similar to Cloud Computing : Security and Forensics

Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computingJithin Parakka
 
Towards a Federated Cloud Ecosystem
Towards a Federated Cloud EcosystemTowards a Federated Cloud Ecosystem
Towards a Federated Cloud EcosystemClovis Chapman
 
Cloud Computing 101
Cloud Computing 101Cloud Computing 101
Cloud Computing 101Kamal Arora
 
Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureBob Rhubart
 
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStack
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStackIntroduction: Build infrastucture-as-a-service Clouds with Apache CloudStack
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStackbuildacloud
 
Trend and Future of Cloud Computing
Trend and Future of Cloud ComputingTrend and Future of Cloud Computing
Trend and Future of Cloud Computinghybrid cloud
 
Unit-I: Introduction to Cloud Computing
Unit-I: Introduction to Cloud ComputingUnit-I: Introduction to Cloud Computing
Unit-I: Introduction to Cloud ComputingDivya S
 
Speaker Presention by Irena Bojanova of the University of Maryland University...
Speaker Presention by Irena Bojanova of the University of Maryland University...Speaker Presention by Irena Bojanova of the University of Maryland University...
Speaker Presention by Irena Bojanova of the University of Maryland University...Tim Harvey
 
Cloud computing
Cloud computing Cloud computing
Cloud computing ananyaakk
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...ptaglephd
 
Mahika cloud services
Mahika cloud servicesMahika cloud services
Mahika cloud servicesSomnath Sen
 
Data Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtcData Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtcDataTactics
 
Cloud computing by Luqman
Cloud computing by LuqmanCloud computing by Luqman
Cloud computing by LuqmanLuqman Shareef
 
CloudComputing_UNIT4.pdf
CloudComputing_UNIT4.pdfCloudComputing_UNIT4.pdf
CloudComputing_UNIT4.pdfkhan593595
 
CloudComputing_UNIT4.pdf
CloudComputing_UNIT4.pdfCloudComputing_UNIT4.pdf
CloudComputing_UNIT4.pdfkhan593595
 
AWS Cloud Solution - An Overview
AWS Cloud Solution - An OverviewAWS Cloud Solution - An Overview
AWS Cloud Solution - An OverviewDony Riyanto
 
CLOUD COMPUTING.ppt
CLOUD COMPUTING.pptCLOUD COMPUTING.ppt
CLOUD COMPUTING.pptDss
 

Similar to Cloud Computing : Security and Forensics (20)

Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computing
 
Towards a Federated Cloud Ecosystem
Towards a Federated Cloud EcosystemTowards a Federated Cloud Ecosystem
Towards a Federated Cloud Ecosystem
 
Cloud Computing 101
Cloud Computing 101Cloud Computing 101
Cloud Computing 101
 
Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference Architecture
 
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStack
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStackIntroduction: Build infrastucture-as-a-service Clouds with Apache CloudStack
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStack
 
Trend and Future of Cloud Computing
Trend and Future of Cloud ComputingTrend and Future of Cloud Computing
Trend and Future of Cloud Computing
 
Unit-I: Introduction to Cloud Computing
Unit-I: Introduction to Cloud ComputingUnit-I: Introduction to Cloud Computing
Unit-I: Introduction to Cloud Computing
 
Speaker Presention by Irena Bojanova of the University of Maryland University...
Speaker Presention by Irena Bojanova of the University of Maryland University...Speaker Presention by Irena Bojanova of the University of Maryland University...
Speaker Presention by Irena Bojanova of the University of Maryland University...
 
Cloud computing
Cloud computing Cloud computing
Cloud computing
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Mahika cloud services
Mahika cloud servicesMahika cloud services
Mahika cloud services
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Data Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtcData Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtc
 
Cloud computing by Luqman
Cloud computing by LuqmanCloud computing by Luqman
Cloud computing by Luqman
 
CloudComputing_UNIT4.pdf
CloudComputing_UNIT4.pdfCloudComputing_UNIT4.pdf
CloudComputing_UNIT4.pdf
 
CloudComputing_UNIT4.pdf
CloudComputing_UNIT4.pdfCloudComputing_UNIT4.pdf
CloudComputing_UNIT4.pdf
 
Virtualization vs. Cloud Computing: What's the Difference?
Virtualization vs. Cloud Computing: What's the Difference?Virtualization vs. Cloud Computing: What's the Difference?
Virtualization vs. Cloud Computing: What's the Difference?
 
AWS Cloud Solution - An Overview
AWS Cloud Solution - An OverviewAWS Cloud Solution - An Overview
AWS Cloud Solution - An Overview
 
CLOUD COMPUTING.ppt
CLOUD COMPUTING.pptCLOUD COMPUTING.ppt
CLOUD COMPUTING.ppt
 

Recently uploaded

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...Sri Ambati
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀DianaGray10
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...Elena Simperl
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...Product School
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
 

Recently uploaded (20)

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 

Cloud Computing : Security and Forensics

  • 1. Seminar on Cloud Computing : Security and Forensics Govind Maheswaran govindmaheswaran@gmail.com facebook.com/govindmaheswaran twitter.com/RestlessMystic
  • 2. Cloud Computing Cloud security Risk Assesment Cloud Forensics Conclusion
  • 3. “The cloud is for everyone. The cloud is a democracy.”
  • 4. Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models In Simple English, I can get my data when I want, over some kind of network, and even though the data might be coming from different places and my computing power shared with others, somehow the back end is going to scale up or down to fulfill my needs, and interestingly, bills me for only what I use.
  • 5. On-Demand • Unilaterally provision computing capabilities as needed automatically, without requiring human interaction with a Self-Service service provider Resource • The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model Pooling • Shared pools are assigned and reallocated as per requirement • Upgrade? More memory required? New software version? Rapid Elasticity Incompatibility with current version? • “The Cloud Almighty” has it all… Broad Network • Available over the network and accessed through standard Access mechanisms Measured • Metering capability • Resource usage can be monitored, controlled, and reported — Service providing transparency for both the provider and consumer
  • 6. •Servers and Network •Cloud OS and Platforms •User gets the software as connections. •All the user needs is to a web service. •User needs to install put up his applications. •Eg : Google Docs, Office Required OS and Platform •Eg : Windows Hyper V 365, Amazon S3 and Applications.(some Cloud, Amazon EC2 vendors provide OS) •Eg: Windows Azure Infrastructure Platform as a Software as a as a Service Service Service [IaaS] [PaaS] [SaaS] Processor Runtime Application Operating Memory API Web Service System Storage Web Server Web UI
  • 7. Public Cloud Community Cloud Private Cloud Hybrid Cloud
  • 8.
  • 9. Compute Storage Database Transaction
  • 10. • Scale vs. Cost • Lack of Control Pros Cons • Multiplatform • Reliability support Issues • Encapsulated • Lock In Change • Data out of Management Premises • Next-Gen • Security Architecture
  • 11. “They're certainly a threat, and would be easy to make malicious.” “The technology demands of the cybersecurity adviser's job are relatively trivial..”
  • 12. * Cloud is a relatively newer technology. So, its security domains are not fully known. * Cloud based Security Risks => CRISKS * Hardware * Data * Applications * (in short, everything in the cloud) Some major security Issues are discussed in the following slides
  • 13.
  • 14. Any kind of intentional and un-intentional malicious activity carried out or executed on a shared platform may affect the other tenants and associated stake holders. • Eg : Blocking of IP Ranges, Confiscation of resources etc • Sudden increase in the resource usage by one application can drastically affect the performance and availability of other applications shared in the same cloud infrastructure.
  • 15. Bankruptcy and catastrophes does not come with an early warning. • Such a run-on-the-cloud may lead to acquisitions or mergers. • Sudden take over can result in a deviation from the agreed Terms of Use & License Agreement which may lead to a Lock- In situation.
  • 16. Migrating from cloud is difficult, as different cloud providers use various OS n middleware and APIs • Also, sudden change of provider policies may make the user stuck with the cloud. • The user may want to quit, but he cannot as his data is in the cloud. • Lock-In Situation
  • 17. Handled by the Provider • User rarely has information about the protection facilities. • Prevent unauthorized access by the priviledged employees of Service Provider
  • 18. The service provider may be following good security procedures, but it is not visible to the customers and end users. • May be due to security reasons. • End user questions remains un-answered: • how the data is backed up, who back up the data,whether the cloud service provider does it or has they outsourced to some third party,
  • 19. Confidential data remains confidential. • The information deleted by the customer may be available to the cloud solution provider as part of their regular backups. • Insecure and inefficient deletion of data where true data wiping is not happening, exposing the sensitive information to other cloud users.
  • 20. Vulnerabilities applicable to programs running in the conventional systems & networks are also applicable to cloud infrastructure. • It also requires application security measures (application- level firewalls) be in place in the production environment.
  • 21. The cloud provider maintains logs of none/some/all of the cloud activities • The end user has no access to these logs,neither are they aware of what exactly are being logged.
  • 22. Security testing is a process to determine that an information system protects data and maintains functionality as intended. • Cloud security testing is futile, due to the following reasons.  Permission Issues  If a user traverse through unauthorised areas of a cloud, he may reach a black hole.  An application is tested today and found vulnerable or not, how do you know that the app tested tomorrow is the same one that was tested yesterday?
  • 23. “Who protects my data?” “Are we to skip on-site inspections, discoverability, and complex encryption schemes..”
  • 24. Although Cloud can be considered a failure in terms of Security, there are still many takers for it. • This is mainly due to the Multi-tenancy(cost sharing) aspect. • A risk based approach needs to be adopted, after considering the profit and loss involved in moving the assets to the cloud. An RA Framework is presented in the coming slides…
  • 25. Map the Evaluate asset to Cloud Sketch the Identify Evaluate Existing Service Potential the Asset The Asset cloud Models and Data Flow Deployment Providers Models
  • 26. Map the Evaluate asset to Cloud Sketch the Identify Evaluate Existing Service Potential the Asset The Asset cloud Models and Data Flow Deployment Providers Models • Assets can be Data or Applications. Choose which all needs to be migrated to the cloud. • In cloud, data and application need not reside at the same location. • Thus,even parts of functions can be shifted to the cloud. • Make the choice based upon current data usage, and potential data usage.
  • 27. Map the Evaluate asset to Cloud Sketch the Identify Evaluate Existing Service Potential the Asset The Asset cloud Models and Data Flow Deployment Providers Models • Determine how Important and sensitive the asset is to the organisation. • In short, evaluate the asset on the basis of Confidentiality and availability.
  • 28. Map the Evaluate asset to Cloud Sketch the Identify Evaluate Existing Service Potential the Asset The Asset cloud Models and Data Flow Deployment Providers Models • Determine which deployment model is good for the organizational requirement • Decide whether the organization can accept the risks implicit to the various deployment models (private, public, community, or hybrid).
  • 29. Map the Evaluate asset to Cloud Sketch the Identify Evaluate Existing Service Potential the Asset The Asset cloud Models and Data Flow Deployment Providers Models • Determine which service deployment model is good for the organizational requirement • Decide whether the organization is competent enough to implement the extra layers (in case of IaaS or PaaS)
  • 30. Map the Evaluate asset to Cloud Sketch the Identify Evaluate Existing Service Potential the Asset The Asset cloud Models and Data Flow Deployment Providers Models • Required to analyse how and when data will move In and Out the cloud..
  • 31. “They're certainly a threat, and would be easy to make malicious.” “Quiet as the forest”
  • 32. DEFINITION: “The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.” Cloud Forensics refers to the usage of Digital Forensics Science in Cloud computing models.
  • 33. Cloud forensics is more cost effective than conventional Digital forensic methodologies. • In case a cloud need to be shut down for data collection,it can be implemented with very less extra work (transfering data to another data center within the same cloud) • Forensics may be implemented as a Cloud Service.
  • 34. Legal Regulations Legal & regulatory requirements and compliances may be lacking in the location(s) where the data is actually stored. Record Retention Policies There exists no standardized logging format for the cloud. Each provider logs in different formats, making log crunching for forensics difficult in case of Cloud. Identity Management There exists no proper KYC norms in case of Cloud Providers. Anyone with a credit card can purchase a cloud account.
  • 35. Continously Overwriten Logs The cloud keeps working, and its logs are replicated and overwritten continously. So it poses a great challenge to the forensic scientist to spot the state of the log file at the time of an attempted crime.. Admissibility Along with finding the evidence, the scientist must also prove it to a legal non technical person. This part is worser than the real forensics process. Privacy Someone hacked something somewhere. Why should a Forensic guy check the data that i have put in my cloud ..?
  • 36.
  • 37. • Cloud is changing the way systems and services are provided and utilized. • The more informed IT departments are about the cloud, the better the position they will be in when making decisions about deploying, developing, and maintaining systems in the cloud. • With so many different cloud deployment and service models, and their hybrid permutations - no list of security controls can cover all these circumstances. • Cloud has just crossed its inception states, and Researches on cloud security are still going on.
  • 38. • Use a Risk Assesment framework before data is put on the cloud. • Cloud forensics, being younger than Cloud computing, has very less to offer as of now. • Watch your activities, keep in touch with your cloud service provider, read the user manual carefully.
  • 39. Cloud Security Alliance, a non Profit Cloud Evangelists Group https://cloudsecurityalliance.org/ • Microsoft Corporation, Windows Azure http://www.microsoft.com/windowsazure • IEEE Paper “Cloud Computing: The impact on digital forensic investigations “ • IEEE Paper “Cloud computing: Forensic challenges for law enforcement “ • Cyber Forensics by Albert J Marcella and Robert greenfield
  • 40.
  • 41. Drop me a mail : govindmaheswaran@gmail.com