Puneet Kukreja, profile picture
Uploaded byPuneet Kukreja
PPTX, PDF615 views

CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -

The document discusses the challenges and opportunities in cloud security, emphasizing the need for governance, compliance, and integration across multiple services. It outlines the shared responsibility model and highlights the importance of upskilling in cloud management. Additionally, it presents a case study with various cloud service contracts and potential data breach risks.

Embed presentation

Downloaded 34 times
www.cloudsec.com | #CLOUDSEC Enabling Cloud Security – It’s more than just ticking a box
#CLOUDSEC Thecloudlandscape Source: https://steveblank.files.wordpress.com/2011/02/bessemercloudscape.jpg
Side Activities at Venue “Opportunities and Challenges”
#CLOUDSEC Cloudopportunities Flexibility On-demand Services Rapid Deployment AutomationScalability Availability Lower TCO
#CLOUDSEC Cloudchallenges Talent & Expertise Security Managing Multiple Services Compliance Cost Management Governance and Control Integration
“Why cloud hurts”
#CLOUDSEC Theclassiccontracts Requirements Evaluations Selection DeploymentAdoption Optimisation Renewal
#CLOUDSEC Standalone services SLA based services model Business workflow integration Legacy infrastructure integration Data protection and management Source: https://www.simple-talk.com/iwritefor/articlefiles/cloud/2011/11/cloud-service-model.png
#CLOUDSEC CSA shared responsibility model
#CLOUDSEC Organisational implications • Clarity around scope and the primary motivation of moving to the cloud • Changes to governance models and decision making • Knowledge of cloud architecture, virtualization, multiple technology platforms • Challenge of standardised processes supporting seamless integration across multiple systems • Changing skillset from technology management to vendor management • Upskilling on effective cloud-based systems management
#CLOUDSEC http://cloudacademy.com/blog/wp-content/uploads/2014/07/CMS-in-VPC.jpg
#CLOUDSEC Controls and Questions 295 Supporting Questions 133 Control Areas 16 Control Domains • Model for enabling active governance • Enables cloud architecture discussions for business outputs • Moves cloud decisions from audit assessment to a risk based outcomes
“A tale of three instances”
#CLOUDSEC Three cloud projects • IaaS contracts • PaaS contracts • SaaS Contracts • Finance • HR Services • Collaboration • CRM • Business Intelligence Global Bank Healthcare Provider Government Department Complete Set 295 Questions133 Areas16 Domains 295 Questions 133 Areas 16 Domains • IaaS contracts • PaaS contracts • SaaS Contracts • Finance • HR Services • Collaboration • Document Mgmt. • CRM • GovCloud • SaaS Contracts • Document Mgmt. • Collaboration • CRM
#CLOUDSEC TheTwelve Data Breaches Access Management Account Hijacking System Vulnerabilities Insufficient Due Diligence Insecure Interface Malicious Insider Advanced Persistent Threat Tech Vulnerabilities Data Loss Services Abuse Denial of Service
Puneet Kukreja Partner, Cyber Advisory Deloitte, Australia @iPuneetKukreja

More Related Content

PPTX
What the auditor need to know about cloud computing
byMoshe Ferber
 
PPTX
Cloud security for financial services
byMoshe Ferber
 
PDF
null Bangalore meet - Cloud Computing and Security
byn|u - The Open Security Community
 
PPTX
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
byPatrick Sklodowski
 
PDF
Security OF The Cloud
byMark Nunnikhoven
 
PPTX
Cloud risk and business continuity v21
byJorge Sebastiao
 
PPTX
Securing virtual workload and cloud
byHimani Singh
 
PDF
Tour to Azure Security Center
byLalit Rawat
 
What the auditor need to know about cloud computing
byMoshe Ferber
 
Cloud security for financial services
byMoshe Ferber
 
null Bangalore meet - Cloud Computing and Security
byn|u - The Open Security Community
 
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
byPatrick Sklodowski
 
Security OF The Cloud
byMark Nunnikhoven
 
Cloud risk and business continuity v21
byJorge Sebastiao
 
Securing virtual workload and cloud
byHimani Singh
 
Tour to Azure Security Center
byLalit Rawat
 

What's hot

PDF
Azure 101: Shared responsibility in the Azure Cloud
byPaulo Renato
 
PDF
Best Practices in Cloud Security
byAlert Logic
 
PPTX
Improving Application Security With Azure
bySoftchoice Corporation
 
PPTX
Security in the cloud Workshop HSTC 2014
byAkash Mahajan
 
PPTX
Securing Your CI Pipeline with HashiCorp Vault - P2
byAshnikbiz
 
PPTX
Azure security
byLalit Rawat
 
PDF
Govern Your Cloud: The Foundation for Success
byAlert Logic
 
PPTX
cloud security ppt
byDevyani Vaidya
 
PPT
Cloud Security Alliance's GRC Stack Overview
byValdez Ladd MBA, CISSP, CISA,
 
PPTX
Securing Applications in the Cloud
bySecurity Innovation
 
PPTX
Azure Security Fundamentals
byLorenzo Barbieri
 
PPTX
Cyber Ranges: A New Approach to Security
bySecurity Innovation
 
PPTX
CSS 17: NYC - Protecting your Web Applications
byAlert Logic
 
PPTX
#ALSummit: Realities of Security in the Cloud
byAlert Logic
 
PPTX
CSS 17: NYC - Building Secure Solutions in AWS
byAlert Logic
 
PPTX
Venom vulnerability Overview and a basic demo
byAkash Mahajan
 
PPTX
Building multi tenant highly secured applications on .net for any cloud - dem...
bykanimozhin
 
PPTX
Techcello hp-arch workshop
bykanimozhin
 
PPTX
CSA Presentation - Software Defined Perimeter
byVishwas Manral
 
Azure 101: Shared responsibility in the Azure Cloud
byPaulo Renato
 
Best Practices in Cloud Security
byAlert Logic
 
Improving Application Security With Azure
bySoftchoice Corporation
 
Security in the cloud Workshop HSTC 2014
byAkash Mahajan
 
Securing Your CI Pipeline with HashiCorp Vault - P2
byAshnikbiz
 
Azure security
byLalit Rawat
 
Govern Your Cloud: The Foundation for Success
byAlert Logic
 
cloud security ppt
byDevyani Vaidya
 
Cloud Security Alliance's GRC Stack Overview
byValdez Ladd MBA, CISSP, CISA,
 
Securing Applications in the Cloud
bySecurity Innovation
 
Azure Security Fundamentals
byLorenzo Barbieri
 
Cyber Ranges: A New Approach to Security
bySecurity Innovation
 
CSS 17: NYC - Protecting your Web Applications
byAlert Logic
 
#ALSummit: Realities of Security in the Cloud
byAlert Logic
 
CSS 17: NYC - Building Secure Solutions in AWS
byAlert Logic
 
Venom vulnerability Overview and a basic demo
byAkash Mahajan
 
Building multi tenant highly secured applications on .net for any cloud - dem...
bykanimozhin
 
Techcello hp-arch workshop
bykanimozhin
 
CSA Presentation - Software Defined Perimeter
byVishwas Manral
 

Similar to CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -

PDF
Cloud Security - Kloudlearn
byKloudLearn
 
PPTX
Cloud Security By Dr. Anton Ravindran
byGSTF
 
PDF
Csa Summit 2017 - Un viaje seguro hacia la nube
byCSA Argentina
 
PPT
Cloud Computing Security Issues
byDiscover Cloud Computing
 
PDF
How Secure Is Cloud
byWilliam Lam
 
PPTX
HKCS CCSIG Cloud Executive Forum keynote
byCharles Mok
 
PPTX
Cloud Computing Security Essentials for beginners
byssuser1e89a0
 
PPTX
Cloud Security Essentials 2.0 at RSA
byShannon Lietz
 
PDF
Cloud Computing and Security - by KLC Consulting
bykylelai
 
PPT
cloud-computing-security.ppt
bySaravanaKarthikeyan10
 
PDF
Securing your telco cloud
byOPNFV
 
PPTX
CLOUD SECURITY 117 presentation diploma ppt
bypateljainil1607
 
PDF
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
bySafeNet
 
PPTX
Transforming cloud security into an advantage
byMoshe Ferber
 
PDF
Cloud Perspectives - Ottawa Seminar - Oct 6
byScalar Decisions
 
PDF
Securing Your Cloud With Check Point's vSEC
byCheck Point Software Technologies
 
PPT
Your clouds must be transparent - an intro to Cloud Security Alliance
byDavid Jones
 
PPT
Cloud computing security
byAkhila Param
 
PDF
Lecture27 cc-security2
byAnkit Gupta
 
PPTX
Cloudtrust 091204053223 Phpapp01
bymcguireb
 
Cloud Security - Kloudlearn
byKloudLearn
 
Cloud Security By Dr. Anton Ravindran
byGSTF
 
Csa Summit 2017 - Un viaje seguro hacia la nube
byCSA Argentina
 
Cloud Computing Security Issues
byDiscover Cloud Computing
 
How Secure Is Cloud
byWilliam Lam
 
HKCS CCSIG Cloud Executive Forum keynote
byCharles Mok
 
Cloud Computing Security Essentials for beginners
byssuser1e89a0
 
Cloud Security Essentials 2.0 at RSA
byShannon Lietz
 
Cloud Computing and Security - by KLC Consulting
bykylelai
 
cloud-computing-security.ppt
bySaravanaKarthikeyan10
 
Securing your telco cloud
byOPNFV
 
CLOUD SECURITY 117 presentation diploma ppt
bypateljainil1607
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
bySafeNet
 
Transforming cloud security into an advantage
byMoshe Ferber
 
Cloud Perspectives - Ottawa Seminar - Oct 6
byScalar Decisions
 
Securing Your Cloud With Check Point's vSEC
byCheck Point Software Technologies
 
Your clouds must be transparent - an intro to Cloud Security Alliance
byDavid Jones
 
Cloud computing security
byAkhila Param
 
Lecture27 cc-security2
byAnkit Gupta
 
Cloudtrust 091204053223 Phpapp01
bymcguireb
 

Recently uploaded

PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
PDF
apidays Paris 2025 | API Layer7 Security: Real-World Use Cases (BBVA & Nexi)
byapidays
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PDF
final.pdf
byomarbishtawi04
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PPTX
Critique Prompting: The Secret to High-Quality AI Outputs
bySemantic SEO BD
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
apidays Paris 2025 | API Layer7 Security: Real-World Use Cases (BBVA & Nexi)
byapidays
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
final.pdf
byomarbishtawi04
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
Critique Prompting: The Secret to High-Quality AI Outputs
bySemantic SEO BD
 
apidays New York 2025 | AI in Application Security
byapidays
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
Workflow and decision Automation with Flowable
bychakib ch
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 

CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -

Editor's Notes

  • #9 – SLA between provider and user defines the provider responsibility and guarantee – Providers undergo certification – Standard business model
  • #10 Cloud is abou consolidation and aggregation of resources.
  • #11 Cloud is abou consolidation and aggregation of resources.
  • #12 Diagram we have Infrastructure Tier, Web Tier, Database Tier, Cache Tier and Deployment & Management Tiers
  • #13 Cloud is abou consolidation and aggregation of resources.
  • #15 Cloud is abou consolidation and aggregation of resources.