SlideShare a Scribd company logo

CLOUD SECURITY.pptx

Download as PPTX, PDF
M
MrPrathapG

The document discusses cloud security architecture and covers the following topics: 1. Governance, risk management, and compliance to maintain effective security. 2. Implementing measures to minimize threats and vulnerabilities like maturity models and risk portfolios. 3. Ensuring proper user access and privileges through identity and access management. 4. Managing threats, vulnerabilities, compliance testing and penetration testing. 5. Securing servers, endpoints, networks and applications. 6. Managing the data lifecycle and protecting data and intellectual property. 7. Developing security policies and standards based on business requirements.

Technology
1 of 16
CLOUD SECURITY
Cloud Security Architecture
1.Governance,Risk Management and Compliance This deals with the identification and implementation of appropriate organizational structures, processes and controls to maintain effective information security governance , Risk Management and Compliance 2.Information Security Management This sub-domain deals with implementation of appropriate measurements like capability maturity models, capability mapping models, security architecture roadmaps, risk portfolios etc. to minimize or eliminate the impact that security related threats and vulnerabilities might have on an organization 3. Privilege Management Infrastructure This sub-domain is to ensure that the users have access and privileges required to execute their duties and responsibilities with Identity and Access Management functions like Identity Management, Authentication Services, Authorization Services and Privilege usage management. 4.Threat and Vulnerability Management It deals with core security such as vulnerability management, threat management, compliance testing and penetration testing 5.Infrastructure Protection Services The objective of this sub-domain is to secure server, End-point, Network and application layers 6. Data Protection This sub-domain deals with data lifecycle management, data leakage prevention, intellectual property protection with digital rights management, cryptographic services such as Key Management and PKI/Symmetric encryption 7.Policies and standards Security Policies and standards are derived from risk-based business requirements and exist at a number of different levels including Information Security Policy, Physical Security Policy.
1. SAML SAML stands for security assertion markup language which developed by OASIS. Authentication
2. Kerberos It is an open authentication protocol developed at MIT. It uses tickets for authenticating client to a service that communicate over an un-secure network. It provides mutual authentication-both client and the server authenticate with each other.
3.One time Password Authentication Mechanism in which a password is of single use for a single session or transaction only. OTP tokens are send through SMS. Time based OTP Algorithm - popular time synchronization based algorithm for generating OTP’s
Authorization OAuth OAuth is an open-standard authorization protocol or framework that describes how unrelated servers and services can safely allow authenticated access to their assets without actually sharing the initial, related, single logon credential. In authentication parlance, this is known as secure, third-party, user-agent, delegated authorization.
1. Symmetric Encryption - Same secret key is used for encryption and decryption. The secret key is shared between the sender and receiver. Symmetric encryption is best suited for securing data at rest since the data is accessed by the known entities from known locations. Popular symmetric encryption algorithms are: Advanced Encryption Standard (AES) - AES is the data encryption standard established by the US National Institute of Standards and Technology(NIST).It uses Rjindael cipher and is widely accepted encryption algorithm. It works with different key and block sizes. Twofish - It is a symmetric key block cipher with a block size of 128 bits and key size of 256 bits.It uses pre- computed key-dependent S-boxes and a relatively complex key schedule Blowfish - Blowfish has a 64-bit block size and a variable key length from 32 bits up to 448 bits. It is a 16-round Feistel cipher and uses large key-dependent S-boxes. Triple Data Encryption Standard(3DES)- It is a variant of Data Encryption Standard(DES). 3DES uses a key bundle comprising of 3 keys of 56 bits.In the first step DES is used to encrypt plaintext using the first key, then the data is decrypted using the second key and finally the third key is used to encrypt the data using DES. Serpent - It is symmetric key block cipher that uses a block size of 128 bits and supports a key size of 128 or 256 bits. The cipher is a 32-round substitution–permutation network operating on a block of four 32-bit words. Each round applies one of eight 4-bit to 4-bit S-boxes 32 times in parallel. RC6 - It is a symmetric key block cipher designed by RSA Security.RC6 has a block size of 128 bits and supports key sizes of 128, 192, and 256 bits up to 2040 bits. It may be parameterized to support a wide variety of word- lengths, key sizes, and number of rounds. MARS - It is a block cipher designed by IBM. It has a 128-bit block size and a variable key size of between 128 and 448 bits. It has a heterogeneous structure: several rounds of a cryptographic core are "jacketed" by unkeyed mixing rounds, together with key whitening.
Network Level Encryption is best suited for cases where the threats to data are at network or storage level . Network level encryption is performed when moving the data from a creation point to its destination using a specialized hardware that encrypts all incoming data in real time. Network level encryption is operating sysetm independent. Advantage of the network level encryption is that it is simple to implement and requires no changes on the existing data infrastructure. Keys are managed in hardware. Disadvantage is that it is least scalable of all levels- as data volumes increases, a single encryption appliance can become a bottleneck. Device Level It is performed on the disk controller or a storage. It is easy to implement and best suited for cases where the primary concern about data security is to protect data residing in storage media. Device level encryption is operating system, application, host and transport independent. Encryption is performed in hardware in this method. Device level encryption requires no changes in the existing data infrastructure. Disadvantage is that all data that is transmitted to and from the storage media is unencrypted.
Data Security - Securing Data at Motion
Identity and Access Management
Provider Cloud identity system Amazon Web Services Amazon IAM Microsoft Azure Azure Active Directory B2C Google Compute Cloud Cloud Identity IBM Cloud Cloud IAM
Provider Customer identity management system Amazon Web Services Amazon Cognito Microsoft Azure Azure Active Directory B2C Google Compute Cloud Firebase IBM Cloud Cloud Identity Auth0 Customer Identity Management Ping Customer Identity and Access Management Okta Customer Identity Management Oracle Oracle Identity Cloud Service ID management systems
Auditing Objectives : •Verify efficiency and compliance of identity and access management controls as per established access policies. •Verifying that the authorized users are granted access to data and services based on their roles. •Verify whether access policies are updated in a timely manner upon change in the roles of the users. •Verify whether the data protection policies are sufficient. •Assessment of support activities such as problem management. Auditing in Cloud Computing
•Define a Strategic IT Plan: The use of IT resources should align with company business strategies. When defining this objective, some key considerations should include whether IT investments are supported by a strong business case and what education will be required during the rollout of new IT investments. •Define the Information Architecture: The information architecture includes the network, systems, and security requirements needed to safeguard the integrity and security of information. Whether the information is at rest, in-transit or being processed. •Define the IT Processes, Organization, and Relationships: Creating processes that are documented, standardized, and repeatable creates for a more stable IT environment. Businesses should focus on creating policies and procedures that include organization structure, roles and responsibilities, system ownership, risk management, information security, segregation of duties, change management, incident management, and disaster recovery. •Communicate Management Aims and Direction: Management should make sure its policies, mission, and objectives are communicated across the organization. •Assess and Manage IT Risks: Management should document those risks that could affect the objectives of the company. These could include security vulnerabilities, laws and regulations, access to customers or other sensitive information, etc. •Identify Vendor Management Security Controls: As companies are relying on other vendors such as AWS to host their infrastructure or ADP for payroll processing, companies need to identify those risks that could affect the reliability, accuracy, and safety of sensitive information.
Auditing Objectives : •Verify efficiency and compliance of identity and access management controls as per established access policies. •Verifying that the authorized users are granted access to data and services based on their roles. •Verify whether access policies are updated in a timely manner upon change in the roles of the users. •Verify whether the data protection policies are sufficient. •Assessment of support activities such as problem management.

Recommended

Secure Channels Financal Institution Presentation
Secure Channels Financal Institution PresentationSecure Channels Financal Institution Presentation
Secure Channels Financal Institution Presentation
Richard Blech
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- org
Dharmalingam S
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
Pyingkodi Maran
 
Secure Cloud Reference Architecture
Secure Cloud Reference ArchitectureSecure Cloud Reference Architecture
Secure Cloud Reference Architecture
Mithilesh Kumar - AWS, VCP,ITIL,SSCA
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...
IJARIIT
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4
Mukesh Chinta
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
Pyingkodi Maran
 
Tci reference architecture_v2.0
Tci reference architecture_v2.0Tci reference architecture_v2.0
Tci reference architecture_v2.0
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 

Recommended

Secure Channels Financal Institution Presentation
Secure Channels Financal Institution PresentationSecure Channels Financal Institution Presentation
Secure Channels Financal Institution Presentation
Richard Blech
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- org
Dharmalingam S
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
Pyingkodi Maran
 
Secure Cloud Reference Architecture
Secure Cloud Reference ArchitectureSecure Cloud Reference Architecture
Secure Cloud Reference Architecture
Mithilesh Kumar - AWS, VCP,ITIL,SSCA
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...
IJARIIT
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4
Mukesh Chinta
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
Pyingkodi Maran
 
Tci reference architecture_v2.0
Tci reference architecture_v2.0Tci reference architecture_v2.0
Tci reference architecture_v2.0
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
Rishabh Gupta
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and Identity
FredBrandonAuthorMCP
 
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkEPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber Ark
Erni Susanti
 
Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd Iaetsd
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptx
TrongMinhHoang1
 
The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...
Kimberly Thomas
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
CCG
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
Primend
 
Ingres database and compliance
Ingres database and complianceIngres database and compliance
Ingres database and compliance
Actian Corporation
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Robert Crane
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
Techcello
 
Solve Big Data Security Issues
Solve Big Data Security IssuesSolve Big Data Security Issues
Solve Big Data Security Issues
Editor IJCATR
 
Paper id 27201448
Paper id 27201448Paper id 27201448
Paper id 27201448
IJRAT
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
Amazon Web Services
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
Ulf Mattsson
 
A Personal Privacy Data Protection Scheme for Encryption and Revocation of Hi...
A Personal Privacy Data Protection Scheme for Encryption and Revocation of Hi...A Personal Privacy Data Protection Scheme for Encryption and Revocation of Hi...
A Personal Privacy Data Protection Scheme for Encryption and Revocation of Hi...
Shakas Technologies
 
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET Journal
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 

More Related Content

Similar to CLOUD SECURITY.pptx

Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
Rishabh Gupta
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and Identity
FredBrandonAuthorMCP
 
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkEPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber Ark
Erni Susanti
 
Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd Iaetsd
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptx
TrongMinhHoang1
 
The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...
Kimberly Thomas
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
CCG
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
Primend
 
Ingres database and compliance
Ingres database and complianceIngres database and compliance
Ingres database and compliance
Actian Corporation
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Robert Crane
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
Techcello
 
Solve Big Data Security Issues
Solve Big Data Security IssuesSolve Big Data Security Issues
Solve Big Data Security Issues
Editor IJCATR
 
Paper id 27201448
Paper id 27201448Paper id 27201448
Paper id 27201448
IJRAT
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
Amazon Web Services
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
Ulf Mattsson
 
A Personal Privacy Data Protection Scheme for Encryption and Revocation of Hi...
A Personal Privacy Data Protection Scheme for Encryption and Revocation of Hi...A Personal Privacy Data Protection Scheme for Encryption and Revocation of Hi...
A Personal Privacy Data Protection Scheme for Encryption and Revocation of Hi...
Shakas Technologies
 
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET Journal
 

Similar to CLOUD SECURITY.pptx (20)

Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and Identity
 
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkEPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber Ark
 
Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptx
 
The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
 
Ingres database and compliance
Ingres database and complianceIngres database and compliance
Ingres database and compliance
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
Solve Big Data Security Issues
Solve Big Data Security IssuesSolve Big Data Security Issues
Solve Big Data Security Issues
 
Paper id 27201448
Paper id 27201448Paper id 27201448
Paper id 27201448
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
 
A Personal Privacy Data Protection Scheme for Encryption and Revocation of Hi...
A Personal Privacy Data Protection Scheme for Encryption and Revocation of Hi...A Personal Privacy Data Protection Scheme for Encryption and Revocation of Hi...
A Personal Privacy Data Protection Scheme for Encryption and Revocation of Hi...
 
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
 

Recently uploaded

Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 

Recently uploaded (20)

Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 

CLOUD SECURITY.pptx

  • 3. 1.Governance,Risk Management and Compliance This deals with the identification and implementation of appropriate organizational structures, processes and controls to maintain effective information security governance , Risk Management and Compliance 2.Information Security Management This sub-domain deals with implementation of appropriate measurements like capability maturity models, capability mapping models, security architecture roadmaps, risk portfolios etc. to minimize or eliminate the impact that security related threats and vulnerabilities might have on an organization 3. Privilege Management Infrastructure This sub-domain is to ensure that the users have access and privileges required to execute their duties and responsibilities with Identity and Access Management functions like Identity Management, Authentication Services, Authorization Services and Privilege usage management. 4.Threat and Vulnerability Management It deals with core security such as vulnerability management, threat management, compliance testing and penetration testing 5.Infrastructure Protection Services The objective of this sub-domain is to secure server, End-point, Network and application layers 6. Data Protection This sub-domain deals with data lifecycle management, data leakage prevention, intellectual property protection with digital rights management, cryptographic services such as Key Management and PKI/Symmetric encryption 7.Policies and standards Security Policies and standards are derived from risk-based business requirements and exist at a number of different levels including Information Security Policy, Physical Security Policy.
  • 4. 1. SAML SAML stands for security assertion markup language which developed by OASIS. Authentication
  • 5. 2. Kerberos It is an open authentication protocol developed at MIT. It uses tickets for authenticating client to a service that communicate over an un-secure network. It provides mutual authentication-both client and the server authenticate with each other.
  • 6. 3.One time Password Authentication Mechanism in which a password is of single use for a single session or transaction only. OTP tokens are send through SMS. Time based OTP Algorithm - popular time synchronization based algorithm for generating OTP’s
  • 7. Authorization OAuth OAuth is an open-standard authorization protocol or framework that describes how unrelated servers and services can safely allow authenticated access to their assets without actually sharing the initial, related, single logon credential. In authentication parlance, this is known as secure, third-party, user-agent, delegated authorization.
  • 8. 1. Symmetric Encryption - Same secret key is used for encryption and decryption. The secret key is shared between the sender and receiver. Symmetric encryption is best suited for securing data at rest since the data is accessed by the known entities from known locations. Popular symmetric encryption algorithms are: Advanced Encryption Standard (AES) - AES is the data encryption standard established by the US National Institute of Standards and Technology(NIST).It uses Rjindael cipher and is widely accepted encryption algorithm. It works with different key and block sizes. Twofish - It is a symmetric key block cipher with a block size of 128 bits and key size of 256 bits.It uses pre- computed key-dependent S-boxes and a relatively complex key schedule Blowfish - Blowfish has a 64-bit block size and a variable key length from 32 bits up to 448 bits. It is a 16-round Feistel cipher and uses large key-dependent S-boxes. Triple Data Encryption Standard(3DES)- It is a variant of Data Encryption Standard(DES). 3DES uses a key bundle comprising of 3 keys of 56 bits.In the first step DES is used to encrypt plaintext using the first key, then the data is decrypted using the second key and finally the third key is used to encrypt the data using DES. Serpent - It is symmetric key block cipher that uses a block size of 128 bits and supports a key size of 128 or 256 bits. The cipher is a 32-round substitution–permutation network operating on a block of four 32-bit words. Each round applies one of eight 4-bit to 4-bit S-boxes 32 times in parallel. RC6 - It is a symmetric key block cipher designed by RSA Security.RC6 has a block size of 128 bits and supports key sizes of 128, 192, and 256 bits up to 2040 bits. It may be parameterized to support a wide variety of word- lengths, key sizes, and number of rounds. MARS - It is a block cipher designed by IBM. It has a 128-bit block size and a variable key size of between 128 and 448 bits. It has a heterogeneous structure: several rounds of a cryptographic core are "jacketed" by unkeyed mixing rounds, together with key whitening.
  • 9. Network Level Encryption is best suited for cases where the threats to data are at network or storage level . Network level encryption is performed when moving the data from a creation point to its destination using a specialized hardware that encrypts all incoming data in real time. Network level encryption is operating sysetm independent. Advantage of the network level encryption is that it is simple to implement and requires no changes on the existing data infrastructure. Keys are managed in hardware. Disadvantage is that it is least scalable of all levels- as data volumes increases, a single encryption appliance can become a bottleneck. Device Level It is performed on the disk controller or a storage. It is easy to implement and best suited for cases where the primary concern about data security is to protect data residing in storage media. Device level encryption is operating system, application, host and transport independent. Encryption is performed in hardware in this method. Device level encryption requires no changes in the existing data infrastructure. Disadvantage is that all data that is transmitted to and from the storage media is unencrypted.
  • 10. Data Security - Securing Data at Motion
  • 11. Identity and Access Management
  • 12. Provider Cloud identity system Amazon Web Services Amazon IAM Microsoft Azure Azure Active Directory B2C Google Compute Cloud Cloud Identity IBM Cloud Cloud IAM
  • 13. Provider Customer identity management system Amazon Web Services Amazon Cognito Microsoft Azure Azure Active Directory B2C Google Compute Cloud Firebase IBM Cloud Cloud Identity Auth0 Customer Identity Management Ping Customer Identity and Access Management Okta Customer Identity Management Oracle Oracle Identity Cloud Service ID management systems
  • 14. Auditing Objectives : •Verify efficiency and compliance of identity and access management controls as per established access policies. •Verifying that the authorized users are granted access to data and services based on their roles. •Verify whether access policies are updated in a timely manner upon change in the roles of the users. •Verify whether the data protection policies are sufficient. •Assessment of support activities such as problem management. Auditing in Cloud Computing
  • 15. •Define a Strategic IT Plan: The use of IT resources should align with company business strategies. When defining this objective, some key considerations should include whether IT investments are supported by a strong business case and what education will be required during the rollout of new IT investments. •Define the Information Architecture: The information architecture includes the network, systems, and security requirements needed to safeguard the integrity and security of information. Whether the information is at rest, in-transit or being processed. •Define the IT Processes, Organization, and Relationships: Creating processes that are documented, standardized, and repeatable creates for a more stable IT environment. Businesses should focus on creating policies and procedures that include organization structure, roles and responsibilities, system ownership, risk management, information security, segregation of duties, change management, incident management, and disaster recovery. •Communicate Management Aims and Direction: Management should make sure its policies, mission, and objectives are communicated across the organization. •Assess and Manage IT Risks: Management should document those risks that could affect the objectives of the company. These could include security vulnerabilities, laws and regulations, access to customers or other sensitive information, etc. •Identify Vendor Management Security Controls: As companies are relying on other vendors such as AWS to host their infrastructure or ADP for payroll processing, companies need to identify those risks that could affect the reliability, accuracy, and safety of sensitive information.
  • 16. Auditing Objectives : •Verify efficiency and compliance of identity and access management controls as per established access policies. •Verifying that the authorized users are granted access to data and services based on their roles. •Verify whether access policies are updated in a timely manner upon change in the roles of the users. •Verify whether the data protection policies are sufficient. •Assessment of support activities such as problem management.