Uploaded bySourodeepChakraborty3
PPTX, PDF38 views

cloud security.pptx

This document contains information about Sourodeep Chakraborty, a student in the 5th semester with ID BGC201120. It discusses cloud computing security topics like authentication, authorization, auditing, and accountability. Authentication verifies a user's identity using credentials like usernames and passwords. Authorization controls user privileges and access to resources. Auditing monitors systems and user activity for compliance. Accountability develops a holistic approach to security involving legal, regulatory, and technical mechanisms. The document also covers challenges of cloud security like lack of network supervision and potential for misconfiguration or human errors.

Embed presentation

Download to read offline
NAME - SOURODEEP CHAKRABORTY ROLL - 9210 SEMESTER – V STUDENT ID – BGC201120 REGISTRATION NO - 1072011400167 CLOUD COMPUTING
 CLOUD SECURITY SERVICES  AUTHENTICATION  AUTHORIZATON  AUDITING  ACCOUNTABILITY  CONCLUSION GLANCE
CLOUD SECURITY, ALSO KNOWN AS CLOUD COMPUTING SECURITY, IS A COLLECTION OF SECURITY MEASURES DESIGNED TO PROTECT CLOUD-BASED INFRASTRUCTURE, APPLICATIONS, AND DATA. THESE MEASURES ENSURE USER AND DEVICE AUTHENTICATION, DATA AND RESOURCE ACCESS CONTROL, AND DATA PRIVACY PROTECTION. CLOUD SECURITY SERVICES
CLOUD SOFTWARE ASSURANCE INCLUDE……. 4A AUTHENTICATION AUTHORIZATION AUDITING ACCOUNTABILITY CLOUD SECURITY SERVICES
AUTHENTICATION HOW DO YOU PROVE TO SOMEONE THAT YOU ARE WHO YOU CLAIM TO BE ?????
AUTHENTICATION CAN BE DEFINED AS DETERMINING AN IDENTITY TO THE REQUIRED LEVEL OF ASSURANCE…… AUTHENTICATION IS THE FIRST STEP IN ANY CRYPTOGRAPHIC SOLUTION - BECAUSE UNLESS WE KNOW WHO IS COMMUNICATING, THERE IS NO POINT IN ENCRYPTION WHAT IS BEING COMMUNICATED. AUTHENTICATION
 AUTHENTICATION IS ANY PROCESS BY WHICH A SYSTEM VERIFIES THE IDENTITY OF A USER WHO WISHES TO ACCESS IT…  AUTHENTICATION MAY BE IMPLEMENTED USING CREDENTIAL, EACH OF WHICH IS COMPOSED OF AN USER-ID AND PASSWORD. ALTERNATELY AUTHENTICATION MAY BE IMPLEMENTED WITH SMARD CARD, AN AUTHENTICATION SERVER OR EVEN A PUBLIC KEY INFRASTRUCTURE….. AUTHENTICATION
MANY WAYS TO PROVE WHO YOU ARE:  WHAT YOU KNOW --PASSWORD / SECRET KEY  WHERE YOU ARE -- IP ADDRESS < INTERNET PROTOCOL >  WHAT YOU ARE BIOMETRICS IS AN AUTHENTICATION METHOD THAT IDENTIFIES AND RECOGNIZES PEOPLE. AUTHENTICATION
BIOMETRICS PHYSIOLOGICAL BEHAVIOURAL FACE FINGER VOICE SIGNATURE IRIS DNA HAND AUTHENTICATION
PASSWORD A PASSWORD IS A STRING OF ALPHABET, NUMBERS AND SPECIAL CHARACTERS WHICH IS SUPPOSED TO BE KNOWN ONLY TO BE ENTITY THAT IS BEING AUTHENTICATE… AUTHENTICATION
 GIVEN WHO YOU ARE, WHAT CAN YOU DO???  HOW DO WE CONTROL PRIVILEGE??? AUTHORIZATION
THE PROCESS OF GIVING THE USER PERMISSON TO ACCESS A SPECIFIC RESOURCE OR FUNCTIONS….. AUTHORIZATION
ACCESS CONTROL TYPES ROLE BASED ACCESS CONTROL (RBAC) CONTEXT BASED ACCESS CONTROL (CBAC) CONTEXT AWARE ACCESS CONTROL (CAAC) AUTHORIZATION
ROLE BASED ACCESS CONTROL(RBAC)  SANDHU ETAL FORMALIZED RBAC IN 1996. USER U ACTING IN ROLE R IS GRANTED PERMISSON P.  ADVANTAGES: GREATLY IMPROVED EFFICIENCY DISADVANTAGES: CAN’T SPECIFY FINEGRAINED RULE AUTHORIZATION
CONTEXT BASED ACCESS CONTROL(CBAC) WHAT IS CONTEXT? CIRCUMSTANCES IN WHICH AN EVENT OCCURS. SUBJECT OBJECT SYSTEM NAME TYPE TIME AGE OWNER DATE ID CPU SPEED LOCATION AUTHORIZATION
CONTEXT BASED ACCESS CONTROL(CBAC)  ADVANTAGES: ACCESS CONTROL IN CONTEXT-AWARE.  DISADVANTAGE: THIS IS STILL A STATIC MODEL. AUTHORIZATION
CONTEXT AWARE ACCESS CONTROL(CAAC)  DYNAMIC SPECIFICATION & ENFORCEMENT OF ARBITARY ACCESS RULES…  SEPARATION OF OBJECT AND THE MAIN BUISNESS LOGIC OF TARGET APPLICATION AUTHORIZATION
Auditing is essentially the action of making sure someone complies with a rule or follows safety procedures... AUDITING
 WHY DO WE NEED A CLOUD COMPUTING AUDIT????? The primary goal of a Cloud Audit Checklist is to assure that all data requests, access, processing and storage are properly documented for regulatory compliance. A secondary goal of this Cloud Audit Checklist is to establish a process which will allow an auditor to document compliance with the security standards required by law or regulation. AUDITING
 TYPES OF AUDIT SYSTEM AUDIT A SYSTEM AUDIT IS A ONE-TIME OR PERIODIC EVENT TO EVALUATE SECURITY. MONITORING MONITORING IS AN ONGOING ACTIVITY THAT EXAMINES THE EITHER THE SYSTEM OR THE USERS AUDITING
CLOUD AUDITOR ∆ A cloud auditor is a third party who examines controls of cloud computing service providers. ∆ Cloud auditor performs an audit to verify compliance with the standards and expressed his opinion through a report. AUDITING
INFORMATION TECHNOLOGY AUDITORS TYPICALLY AUDIT THE FOLLOWING FUNCTIONS :-----  SYSTEM CONTROLS  SYSTEM DEVELOPMENT STANDARDS  BACKUP CONTROL  DATA DISPLAY PROCEDURES  DATA CENTER SECURITY  CONTINGENCY PLANS AUDITING
ACCOUNTABILITY IS ALL ABOUT DEVELOPING A HOLISTIC APPROACH TO ACHIEVING TRUST AND SECURITY IN THE CLOUD, ENCOMPASSING LEGAL REGULATORY TECHNICAL MECHANISMS ACCOUNTABILITY
ACCOUNTABILITY
RESPONSIBILITY YOU ARE RESPONSIBLE FOR PROTECTING THE SECURITY OF YOUR DATA AND IDENTITIES, ON-PREMISES RESOURCES, AND THE CLOUD COMPONENTS YOU CONTROL (WHICH VARIES BY SERVICE TYPE). ACCOUNTABILITY
REMEDIATION  The ability to detail the origin of policy violations in order to provide appropriate responses.  The ability to suggest response actions to ease the process for customers responding to the event. ACCOUNTABILITY
ASSURANCE THE CONTROLS INSIDE OF CLOUD ASSURANCE ARE BUILT TO HELP BUILD STRONGER VALUE IN YOUR BUSINESS SYSTEMS. ACCOUNTABILITY
 WITH THE HELP OF CLOUD SECURITY, YOU CAN CENTRALIZE THE COMPANY’S SECURITY INFRASTRUCTURE FOR ENHANCED PROTECTION.  TIME TO SAY GOODBYE TO HARDWARE  MINIMIZED CAPITAL EXPENDITURE HELPING YOU MANAGE FINANCES.  LIMITS THE STAFF LOAD AND ADMINISTRATIVE OVERHEADS  NO NEED FOR MANUAL SECURITY CONFIGURATIONS  IT IS SCALABLE AS YOU ARE WELCOME TO ADD ADDITIONAL FEATURES AND OFFERING ACCESS TO AS MANY USERS AS YOU WANT WITHOUT BREACHING YOUR SECURITY WHY DO WE NEED CLOUD SECURITY ????????????
 THE CLOUDS ARE ACCESSIBLE BY THE TEAM AND DEVICES OUTSIDE THE CORPORATE NETWORK THAT ARE NOT SUPERVISED BY IT COMPROMISING THE ALL-TIME AND EXTENSIVE MONITORING. THIS LOOPHOLE CAN LEAD TO CYBER-ATTACKS OR INFORMATION LEAKS.  AN EMPLOYEE WITH ACCESS TO THE CLOUD CAN GO ROGUE EXPOSING OR EXPLOITING THE ORGANIZATION IN A THIRD-PARTY CLOUD SERVICE PROVIDER’S SITUATION  HUMAN ERRORS CAN CAUSE MISCONFIGURATION OF USER ACCESS CONTROLS.  THE CHIEF RISK OF USING THE CLOUD IS THAT THERE IS NO PERIMETER AS ALL CLOUD ENVIRONMENTS SEEM EXCEEDINGLY CONNECTED AND ACCOUNT HIJACKS CAN GET YOU INTO SERIOUS PROBLEMS CLOUD SECURITY CHALLENGES
cloud security.pptx

More Related Content

PPTX
Unit -3.pptx cloud Security unit -3 notes
byRamya Nellutla
 
PPTX
Cloud Audit and Compliance
byQuadrisk
 
PDF
Auditing Information and Cyber Security Governance: A Controls-Based Approach...
byhemicitarga
 
PDF
Auditing Information and Cyber Security Governance: A Controls-Based Approach...
byyeunymfilu
 
PPTX
Cloud computing risks
bysripriya78
 
PPTX
Data security auditing and accountability
byLeo Mark Villar
 
KEY
Cloudop security
bywardspan
 
PDF
Peering Through the Cloud Forrester EMEA 2010
bygraywilliams
 
Unit -3.pptx cloud Security unit -3 notes
byRamya Nellutla
 
Cloud Audit and Compliance
byQuadrisk
 
Auditing Information and Cyber Security Governance: A Controls-Based Approach...
byhemicitarga
 
Auditing Information and Cyber Security Governance: A Controls-Based Approach...
byyeunymfilu
 
Cloud computing risks
bysripriya78
 
Data security auditing and accountability
byLeo Mark Villar
 
Cloudop security
bywardspan
 
Peering Through the Cloud Forrester EMEA 2010
bygraywilliams
 

Similar to cloud security.pptx

PDF
The Art of Cloud Auditing - ISACA ID
byEryk Budi Pratama
 
PPTX
MANOJ MANJU & ARAVIND - Cloud computing in accounting.pptx
byKumarasamy Dr.PK
 
PPTX
chapitre1-cloud security basics-23 (1).pptx
byGhofraneFerchichi2
 
DOCX
Cloud Computing - Emerging Opportunities in the CA Profession
byBharath Rao
 
PDF
Cloud Security Demystified
byMichael Torres
 
PPTX
Myppt1.pptx on ics subject for 6th semester
byMayuraD1
 
PDF
Cheatsheet for your cloud project
byPetteri Heino
 
PDF
Cloud Computing Service Availability.pdf
bychakrirocky1
 
PPTX
Cloud computing
bySonu Khanna
 
PPT
cloud-computing-security.ppt
bySaravanaKarthikeyan10
 
DOCX
C11-1 CASE STUDY 11 CLOUD COMPUTING (IN)SECURITY .docx
byjasoninnes20
 
PPT
Sameer Mitter - Access Control in Cloud Security
bySameer Mitter
 
DOCX
C11-1 CASE STUDY 11 CLOUD COMPUTING (IN)SECURITY .docx
byclairbycraft
 
PDF
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
byIRJET Journal
 
PDF
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
byAlan Yau Ti Dun
 
PPTX
Security of Cloud Computing Survey
byLubna_Alhenaki
 
PPTX
Database systems and cloud computing.pptx
bymikeymikemike27
 
PDF
Cloud Computing Risk Management (IIA Webinar)
byBrian K. Dickard
 
PPTX
Security in Cloud Computing
byRohit Buddabathina
 
PPTX
Couldcomputing it telkom
bybujangtandomang
 
The Art of Cloud Auditing - ISACA ID
byEryk Budi Pratama
 
MANOJ MANJU & ARAVIND - Cloud computing in accounting.pptx
byKumarasamy Dr.PK
 
chapitre1-cloud security basics-23 (1).pptx
byGhofraneFerchichi2
 
Cloud Computing - Emerging Opportunities in the CA Profession
byBharath Rao
 
Cloud Security Demystified
byMichael Torres
 
Myppt1.pptx on ics subject for 6th semester
byMayuraD1
 
Cheatsheet for your cloud project
byPetteri Heino
 
Cloud Computing Service Availability.pdf
bychakrirocky1
 
Cloud computing
bySonu Khanna
 
cloud-computing-security.ppt
bySaravanaKarthikeyan10
 
C11-1 CASE STUDY 11 CLOUD COMPUTING (IN)SECURITY .docx
byjasoninnes20
 
Sameer Mitter - Access Control in Cloud Security
bySameer Mitter
 
C11-1 CASE STUDY 11 CLOUD COMPUTING (IN)SECURITY .docx
byclairbycraft
 
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
byIRJET Journal
 
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
byAlan Yau Ti Dun
 
Security of Cloud Computing Survey
byLubna_Alhenaki
 
Database systems and cloud computing.pptx
bymikeymikemike27
 
Cloud Computing Risk Management (IIA Webinar)
byBrian K. Dickard
 
Security in Cloud Computing
byRohit Buddabathina
 
Couldcomputing it telkom
bybujangtandomang
 

More from SourodeepChakraborty3

PPTX
CLOUD SECURITY_CIA (1).pptx
bySourodeepChakraborty3
 
PPTX
cloud computing architecture.pptx
bySourodeepChakraborty3
 
PPTX
types of cloud.pptx
bySourodeepChakraborty3
 
PPTX
Service level agreement.pptx
bySourodeepChakraborty3
 
PPTX
scaling.pptx
bySourodeepChakraborty3
 
PPTX
Deployment Model.pptx
bySourodeepChakraborty3
 
PPTX
cloud computing advantages.pptx
bySourodeepChakraborty3
 
CLOUD SECURITY_CIA (1).pptx
bySourodeepChakraborty3
 
cloud computing architecture.pptx
bySourodeepChakraborty3
 
types of cloud.pptx
bySourodeepChakraborty3
 
Service level agreement.pptx
bySourodeepChakraborty3
 
scaling.pptx
bySourodeepChakraborty3
 
Deployment Model.pptx
bySourodeepChakraborty3
 
cloud computing advantages.pptx
bySourodeepChakraborty3
 

Recently uploaded

PPTX
Epec Engineered Technologies - Corporate Overview – 2026
byEpec Engineered Technologies
 
PDF
Environmental Engineering (3-0-2) Laboratory.pdf
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
PPT
Smart waste management using internet of things 2025.ppt
byJeganKalaimani
 
PPT
Lock out Tag Out Training for Safe Maintenance activity
byBalakrishnanRamasamy14
 
PDF
AI workshop Each AI agent has 3 fundamental component from first principles
byVipulDivyanshu2
 
PDF
DIMENSION REDUCTION FOR SCRIPT CLASSIFICATION- PRINTED INDIAN DOCUMENTS
byijait
 
PPTX
OPGW-Optical-Ground-Wire-Deployment-Process.pptx
byPrinceBoateng59
 
PPTX
PEMET 413-COMPOSITE MATERIALS-2024 SCHEME-MOD1 LECTURE 5.pptx
byVINAY B
 
PPTX
Hack With India (1)-1.pptx chapter across all india
bySaumya
 
PPTX
GDG I²IT Freshers' Tech Kickoff Event, Pune
byshahvaibhavi221
 
PPTX
22PEOIT4C Session 13 imperfect Real time decisons.pptx
byGuru Nanak Technical Institutions
 
PDF
-الشهادة وعتماد 2.pdf كلريوس الهندسة المدنية والعمارية تخصص هندسة المساحة
byqp123qp12320
 
PPT
Module 2_CJ_EW.ppt e waste management mo
bymailajana72sumedha
 
PDF
7A57v1.0(G52-7A571X2)(Z270 GAMING M7).pdf
by&gt;&lt;img src=x onerror=(document.domain)&gt;
 
PPTX
Environmental-Impact-of-Sustainable-Development.pptx
byyecamoy754
 
PPTX
Basics_of_Electronics_Simplebysreeragsr.pptx
bysreeragsr2006
 
PPTX
Mathematics in Disaster Management school project
byvsneha2514
 
PDF
Engineering Mindset for Everyday Leadership — James Afful [Emerging Leaders o...
byJames Afful
 
PDF
Layer 1 Blockchain Ecosystem — Executive Brief (Jan 2026)
byGarima Singh
 
PPTX
BITUMINOUS_ROADS_bindu priya civil ppt.pptx
bysekharpotti7
 
Epec Engineered Technologies - Corporate Overview – 2026
byEpec Engineered Technologies
 
Environmental Engineering (3-0-2) Laboratory.pdf
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
Smart waste management using internet of things 2025.ppt
byJeganKalaimani
 
Lock out Tag Out Training for Safe Maintenance activity
byBalakrishnanRamasamy14
 
AI workshop Each AI agent has 3 fundamental component from first principles
byVipulDivyanshu2
 
DIMENSION REDUCTION FOR SCRIPT CLASSIFICATION- PRINTED INDIAN DOCUMENTS
byijait
 
OPGW-Optical-Ground-Wire-Deployment-Process.pptx
byPrinceBoateng59
 
PEMET 413-COMPOSITE MATERIALS-2024 SCHEME-MOD1 LECTURE 5.pptx
byVINAY B
 
Hack With India (1)-1.pptx chapter across all india
bySaumya
 
GDG I²IT Freshers' Tech Kickoff Event, Pune
byshahvaibhavi221
 
22PEOIT4C Session 13 imperfect Real time decisons.pptx
byGuru Nanak Technical Institutions
 
-الشهادة وعتماد 2.pdf كلريوس الهندسة المدنية والعمارية تخصص هندسة المساحة
byqp123qp12320
 
Module 2_CJ_EW.ppt e waste management mo
bymailajana72sumedha
 
7A57v1.0(G52-7A571X2)(Z270 GAMING M7).pdf
by&gt;&lt;img src=x onerror=(document.domain)&gt;
 
Environmental-Impact-of-Sustainable-Development.pptx
byyecamoy754
 
Basics_of_Electronics_Simplebysreeragsr.pptx
bysreeragsr2006
 
Mathematics in Disaster Management school project
byvsneha2514
 
Engineering Mindset for Everyday Leadership — James Afful [Emerging Leaders o...
byJames Afful
 
Layer 1 Blockchain Ecosystem — Executive Brief (Jan 2026)
byGarima Singh
 
BITUMINOUS_ROADS_bindu priya civil ppt.pptx
bysekharpotti7
 

cloud security.pptx

  • 1.
    NAME - SOURODEEPCHAKRABORTY ROLL - 9210 SEMESTER – V STUDENT ID – BGC201120 REGISTRATION NO - 1072011400167 CLOUD COMPUTING
  • 2.
     CLOUD SECURITYSERVICES  AUTHENTICATION  AUTHORIZATON  AUDITING  ACCOUNTABILITY  CONCLUSION GLANCE
  • 3.
    CLOUD SECURITY, ALSOKNOWN AS CLOUD COMPUTING SECURITY, IS A COLLECTION OF SECURITY MEASURES DESIGNED TO PROTECT CLOUD-BASED INFRASTRUCTURE, APPLICATIONS, AND DATA. THESE MEASURES ENSURE USER AND DEVICE AUTHENTICATION, DATA AND RESOURCE ACCESS CONTROL, AND DATA PRIVACY PROTECTION. CLOUD SECURITY SERVICES
  • 4.
    CLOUD SOFTWARE ASSURANCEINCLUDE……. 4A AUTHENTICATION AUTHORIZATION AUDITING ACCOUNTABILITY CLOUD SECURITY SERVICES
  • 5.
    AUTHENTICATION HOW DO YOUPROVE TO SOMEONE THAT YOU ARE WHO YOU CLAIM TO BE ?????
  • 6.
    AUTHENTICATION CAN BEDEFINED AS DETERMINING AN IDENTITY TO THE REQUIRED LEVEL OF ASSURANCE…… AUTHENTICATION IS THE FIRST STEP IN ANY CRYPTOGRAPHIC SOLUTION - BECAUSE UNLESS WE KNOW WHO IS COMMUNICATING, THERE IS NO POINT IN ENCRYPTION WHAT IS BEING COMMUNICATED. AUTHENTICATION
  • 7.
     AUTHENTICATION ISANY PROCESS BY WHICH A SYSTEM VERIFIES THE IDENTITY OF A USER WHO WISHES TO ACCESS IT…  AUTHENTICATION MAY BE IMPLEMENTED USING CREDENTIAL, EACH OF WHICH IS COMPOSED OF AN USER-ID AND PASSWORD. ALTERNATELY AUTHENTICATION MAY BE IMPLEMENTED WITH SMARD CARD, AN AUTHENTICATION SERVER OR EVEN A PUBLIC KEY INFRASTRUCTURE….. AUTHENTICATION
  • 8.
    MANY WAYS TOPROVE WHO YOU ARE:  WHAT YOU KNOW --PASSWORD / SECRET KEY  WHERE YOU ARE -- IP ADDRESS < INTERNET PROTOCOL >  WHAT YOU ARE BIOMETRICS IS AN AUTHENTICATION METHOD THAT IDENTIFIES AND RECOGNIZES PEOPLE. AUTHENTICATION
  • 9.
    BIOMETRICS PHYSIOLOGICAL BEHAVIOURAL FACE FINGER VOICESIGNATURE IRIS DNA HAND AUTHENTICATION
  • 10.
    PASSWORD A PASSWORD ISA STRING OF ALPHABET, NUMBERS AND SPECIAL CHARACTERS WHICH IS SUPPOSED TO BE KNOWN ONLY TO BE ENTITY THAT IS BEING AUTHENTICATE… AUTHENTICATION
  • 11.
     GIVEN WHOYOU ARE, WHAT CAN YOU DO???  HOW DO WE CONTROL PRIVILEGE??? AUTHORIZATION
  • 12.
    THE PROCESS OFGIVING THE USER PERMISSON TO ACCESS A SPECIFIC RESOURCE OR FUNCTIONS….. AUTHORIZATION
  • 13.
    ACCESS CONTROL TYPES ROLEBASED ACCESS CONTROL (RBAC) CONTEXT BASED ACCESS CONTROL (CBAC) CONTEXT AWARE ACCESS CONTROL (CAAC) AUTHORIZATION
  • 14.
    ROLE BASED ACCESSCONTROL(RBAC)  SANDHU ETAL FORMALIZED RBAC IN 1996. USER U ACTING IN ROLE R IS GRANTED PERMISSON P.  ADVANTAGES: GREATLY IMPROVED EFFICIENCY DISADVANTAGES: CAN’T SPECIFY FINEGRAINED RULE AUTHORIZATION
  • 15.
    CONTEXT BASED ACCESSCONTROL(CBAC) WHAT IS CONTEXT? CIRCUMSTANCES IN WHICH AN EVENT OCCURS. SUBJECT OBJECT SYSTEM NAME TYPE TIME AGE OWNER DATE ID CPU SPEED LOCATION AUTHORIZATION
  • 16.
    CONTEXT BASED ACCESSCONTROL(CBAC)  ADVANTAGES: ACCESS CONTROL IN CONTEXT-AWARE.  DISADVANTAGE: THIS IS STILL A STATIC MODEL. AUTHORIZATION
  • 17.
    CONTEXT AWARE ACCESSCONTROL(CAAC)  DYNAMIC SPECIFICATION & ENFORCEMENT OF ARBITARY ACCESS RULES…  SEPARATION OF OBJECT AND THE MAIN BUISNESS LOGIC OF TARGET APPLICATION AUTHORIZATION
  • 18.
    Auditing is essentiallythe action of making sure someone complies with a rule or follows safety procedures... AUDITING
  • 19.
     WHY DOWE NEED A CLOUD COMPUTING AUDIT????? The primary goal of a Cloud Audit Checklist is to assure that all data requests, access, processing and storage are properly documented for regulatory compliance. A secondary goal of this Cloud Audit Checklist is to establish a process which will allow an auditor to document compliance with the security standards required by law or regulation. AUDITING
  • 20.
     TYPES OFAUDIT SYSTEM AUDIT A SYSTEM AUDIT IS A ONE-TIME OR PERIODIC EVENT TO EVALUATE SECURITY. MONITORING MONITORING IS AN ONGOING ACTIVITY THAT EXAMINES THE EITHER THE SYSTEM OR THE USERS AUDITING
  • 21.
    CLOUD AUDITOR ∆ Acloud auditor is a third party who examines controls of cloud computing service providers. ∆ Cloud auditor performs an audit to verify compliance with the standards and expressed his opinion through a report. AUDITING
  • 22.
    INFORMATION TECHNOLOGY AUDITORSTYPICALLY AUDIT THE FOLLOWING FUNCTIONS :-----  SYSTEM CONTROLS  SYSTEM DEVELOPMENT STANDARDS  BACKUP CONTROL  DATA DISPLAY PROCEDURES  DATA CENTER SECURITY  CONTINGENCY PLANS AUDITING
  • 23.
    ACCOUNTABILITY IS ALLABOUT DEVELOPING A HOLISTIC APPROACH TO ACHIEVING TRUST AND SECURITY IN THE CLOUD, ENCOMPASSING LEGAL REGULATORY TECHNICAL MECHANISMS ACCOUNTABILITY
  • 24.
  • 25.
    RESPONSIBILITY YOU ARE RESPONSIBLEFOR PROTECTING THE SECURITY OF YOUR DATA AND IDENTITIES, ON-PREMISES RESOURCES, AND THE CLOUD COMPONENTS YOU CONTROL (WHICH VARIES BY SERVICE TYPE). ACCOUNTABILITY
  • 26.
    REMEDIATION  The abilityto detail the origin of policy violations in order to provide appropriate responses.  The ability to suggest response actions to ease the process for customers responding to the event. ACCOUNTABILITY
  • 27.
    ASSURANCE THE CONTROLS INSIDEOF CLOUD ASSURANCE ARE BUILT TO HELP BUILD STRONGER VALUE IN YOUR BUSINESS SYSTEMS. ACCOUNTABILITY
  • 28.
     WITH THEHELP OF CLOUD SECURITY, YOU CAN CENTRALIZE THE COMPANY’S SECURITY INFRASTRUCTURE FOR ENHANCED PROTECTION.  TIME TO SAY GOODBYE TO HARDWARE  MINIMIZED CAPITAL EXPENDITURE HELPING YOU MANAGE FINANCES.  LIMITS THE STAFF LOAD AND ADMINISTRATIVE OVERHEADS  NO NEED FOR MANUAL SECURITY CONFIGURATIONS  IT IS SCALABLE AS YOU ARE WELCOME TO ADD ADDITIONAL FEATURES AND OFFERING ACCESS TO AS MANY USERS AS YOU WANT WITHOUT BREACHING YOUR SECURITY WHY DO WE NEED CLOUD SECURITY ????????????
  • 29.
     THE CLOUDSARE ACCESSIBLE BY THE TEAM AND DEVICES OUTSIDE THE CORPORATE NETWORK THAT ARE NOT SUPERVISED BY IT COMPROMISING THE ALL-TIME AND EXTENSIVE MONITORING. THIS LOOPHOLE CAN LEAD TO CYBER-ATTACKS OR INFORMATION LEAKS.  AN EMPLOYEE WITH ACCESS TO THE CLOUD CAN GO ROGUE EXPOSING OR EXPLOITING THE ORGANIZATION IN A THIRD-PARTY CLOUD SERVICE PROVIDER’S SITUATION  HUMAN ERRORS CAN CAUSE MISCONFIGURATION OF USER ACCESS CONTROLS.  THE CHIEF RISK OF USING THE CLOUD IS THAT THERE IS NO PERIMETER AS ALL CLOUD ENVIRONMENTS SEEM EXCEEDINGLY CONNECTED AND ACCOUNT HIJACKS CAN GET YOU INTO SERIOUS PROBLEMS CLOUD SECURITY CHALLENGES