CU
Uploaded byChinatu Uzuegbu
38 views

Preventing Cloud Data Breaches.pdf

The document discusses cloud data security, emphasizing the responsibilities of both cloud service providers and customers in protecting data. With a significant increase in cloud adoption, organizations are increasingly concerned about security threats, requiring measures like data lifecycle management and risk assessment strategies. Key concepts include the shared responsibility model, service level agreements, and various security perspectives to combat potential breaches.

Embed presentation

Download to read offline
2023 Preventing Cloud Data Breaches Chinatu Uzuegbu Managing Cyber /Cloud Security Consultant RoseTech CyberCrime Solutions Limited
❖Content Contributor. ❖Security Congress Event Advisory Committee. ❖Chapters Advisory Committee(CAC). ❖Blogger. ❖Authorized Instructor. ❖Founding Past President , Nigeria Chapter. Volunteering VigiTrust Chartered Advisory Board. ❖Global Speaker, Mentor, Volunteer and Delegate. ❖Over 20 years wealth of experience as an IT/Cyber Security Professional Professional ❖CISSP, CCISO, CISM, CISA, CEH, Others. ❖Top 50 Women in Cyber Security , Africa, 2020. Educational ❖Honorary Doctorate, London Graduate School. ❖MSc. Information Systems Management, University of Liverpool. ❖Bsc. Computer Science/Maths, University of Port Harcourt. ❖Global Conference Speaker. ❖Global Ambassador. ❖Mentor. Chinatu Uzuegbu https://www.linkedin.com/in/chinatu-uzuegbu-67593119/ https://www.slideshare.net/Chinatu/presentations
The Cloud as The New Normal https://www.founderjar.com/cloud-computing-statistics/ Worldwide end-user spending on the public cloud has grown from US$ 410.9 billion in 2021 to US$ 591.79 billion in 2023. Retail (96.9%), media & entertainment (94.9%), and finance & banking (92.8%) are the top industry sectors with the highest cloud use. 31% of Organizations are leveraging on the Cloud to process over 75% of their Business Workloads as 2023 is ending. 47% of Organizations are considering the Cloud as their first line of adoption of technology before On- Premise Data Center. Microsoft Azure and Amazon Web Services are the leading cloud storage providers, with over 73% of organizations using them. 87% of organizations experienced business acceleration from their use of the cloud. 95% of organizations are extremely concerned about their security in the cloud environment
Preventing Cloud Data Breaches is Our Clarion Call! Combat Cloud Data Threats: The Concept of Cloud Computing Why is The Cloud The New Normal? Shared Responsibilities in the cloud The Concept of Security of The Cloud and Security in The Cloud Your Data as your most critical Asset Service Level Agreement/Contract Terms Overall Cloud Security Perspectives Obfuscation Perspective Identity and Access Mgmt Perspective Data-State perspective •Data LifeCycle Perspective. Securing Your Cloud Data : DREAD STRIDE
The Concept of Cloud Computing A Model for ubiquitous convenient On- demand Network Access from Shared Pool of Configurable Resources that could be rapidly provisioned and released with minimal management efforts or Service Providers Interactions. Please refer to slides(5-7) from the link below to learn more on the Concepts of Cloud Computing: https://www.slideshare.net/Chinatu/securing-the-clouds-proactivelyblackistechpptx
Why is The Cloud The New Normal? • Reduced Total Cost of Assets Ownership(Capital Expenditure). • Reduced Cost of Operating Expenditure. • Rapid Provisioning of Services(Speed). • On-Demand Self-Service. • Broad-band Network Access. • Rapid Elasticity. • Shared Pool of Resources(Servers, Networks, Host, OS, Applications, Databases, others). • Resource Scalability: Reservation, Limits, Shares. • Measured Services: Pay-as-Used. Please refer to slides(8-9) from the link below to learn more on the Concepts of Cloud Computing: https://www.slideshare.net/Chinatu/securing-the-clouds-proactivelyblackistechpptx
Shared Responsibilities in The Cloud The concept of Security of The Cloud and in The Cloud Physical Activity Networking Storage Servers Virtualization Applications Data Runtime Operating System Host Dev. Environment Premise (IT Env.) IaaS SaaS PaaS Customer Cloud Service Provider (Security of The Cloud) Cloud Service Customer (Security in The Cloud) CSC(Security in the cloud) Cloud Service Provider (Security of The Cloud) Cloud Service Provider (Security of The Cloud) Cloud Service Customer (Security in The Cloud)
The Concept of Security of The Cloud and Security in The Cloud • Security of The Cloud is the bother of The Cloud Service provider. • The Cloud Service Provider is ultimately responsible for the Physical Environment and Basic Infrastructures whatsoever. • The Cloud Service Provider remains the Data Processor as he processes the data on behalf of the Customer, data Owner based on endorsed terms and agreement. • The Security in The Cloud is the bother of The Cloud Service Customer or Subscriber. • In any situation or with any Cloud Service Model, the Customer or subscriber is ultimately responsible for Data and is the Data Owner or Data Controller. • The Customer remains liable to any breach or loss of Data due to Lack of due diligence. •Cases of Data Litigations and Breaches could be shared even though the Customer is ultimately Liable. •If the cloud Service Provider caused the breach or loss due to lack of due diligence, he would pay some percentage of the fine or sanction. Please refer to slides(11-18) from the link below to learn more on the Service Models and Deployment Models : https://www.slideshare.net/Chinatu/securing-the-clouds-proactivelyblackistechpptx
Your Cloud Data as your most critical Asset • The end-result of most of the subscriptions in the Cloud is for seamless Data Processing and Retrieval. • You could achieve this with any of the Cloud Service and Deployment Models of your choice even though your roles and responsibilities as a Cloud Service Customer could be more or less pending on the service Model. • Data Portability Measures must apply for seamless movement of Data from one platform to the other. • Ensuring threats such as Vendor Lock-in/Vendor lock-out are minimized is critical. • Seamless Inter-Operability Measures must apply to ensure seamless interactions and easy re-use of data as it flows through the platforms.
Service Level Agreement/Contract Terms • Your Service Level Agreement must measurable and quantifiable and clearly endorsed by all parties. • Your Contract Terms must be concise with roles, responsibilities and necessary operational level agreement defined in details. • Cloud Service Customers should understand that they are legally liable to any line of service not clearly defined in the contract and endorsed by ALL parties. • Ambiguous terms that could lead to embedding too many services into one could be liable to loss as a result of lack of due diligence in clearly distinguishing tasks by the Customer.
Securing Your Cloud Data: Data LifeCycle Perspective Security Measures That must apply: • Data Creation: Appropriate Data Classifications and Labels with a verifiable authoritative sources. • Data Storing: Good security principles that go with Data constraints and in-put validations. The best storage type and encryption algorithms . • Data-in-Use: Digital signatures with non-repudiation and time-stamp to ensure the Data is being used by the authorized parties that could not deny it at any time. • Data Sharing: Egress Monitoring with Data Loss Prevention(DLP) and Data Rights Mgmt. • Data Archival: Data Retention Policies, Back-up Policy, Data Recoverability, Data Resilience, Business Continuity Planning. • Data Disposal: Data Ramenesence in the Cloud, Cloud shredding techniques, overwriting, Crypto-shredding. Create Store U s e Share Archive D i s p o s e Data Phase Life- Cycle
Securing Your Cloud Data: Data-State perspective Three States of data: Data-in-Use Data-at-Rest Data-in-Transit Digital Signature Non-Repudiation Good log management practices, Data Masking Encryption, Good Data Storage Management Egress Monitoring, Data Loss Prevention(DLP) Data Rights Management End-to-end Encryption
Securing Your Cloud Data: Identity and Access Mgmt Perspective • The Provisioning and De- Provisioning Concept must apply with each Identity traceable to the authoritative source. • The concept of Identification, Authentication, Authorization and Accounting(IAAA) must apply. • The concepts of Least Privilege and Need to know must apply. • The Concept of Just-in- time must apply. • Privileged accounts must be managed with minimal authorization creeps and Escalation of privilege.
Securing Your Cloud Data: Obfuscation Perspective • Data masking • Data Tokenization • Data Anonymization • Data Encryption
Securing Your Cloud Data: Overall Cloud Security Perspectives • Copyrights • Trade Secrets • Trademarks • Patent • Logical Separation co- tenants data to minimize guest escape and host escape. • Continuous Audit • Data Privacy: ISO/IEC 2018. • Leverage on Cloud Frameworks starting from Cloud Security Alliance Consensus Assessment Initiative Questionnaire. • Service Organizational Reports(SOC2 and SOC 3). Our aim is to ensure Confidentiality of Cloud Data, Process Integrity, Availability of Cloud Data, Security and Privacy.
Combat Cloud Data Threats: STRIDE vs DREAD
Putting IT ALL Together • Securing Cloud Data is ongoing as the tools keep evolving. • However, paying close attention to your due diligence right from inception of adoption would go a long way in ensuring we are running with good security hygiene both of the Cloud and In the Cloud
THANK YOU

More Related Content

PPTX
Cloud computing - Assessing the Security Risks - Jared Carstensen
byjaredcarst
 
PDF
Cloud Security
byPyingkodi Maran
 
PPTX
Cloud security (domain11 14)
byMaganathin Veeraragaloo
 
PDF
Data Privacy And Security Issues In Cloud Computing.pdf
byCiente
 
DOCX
UNIT -V.docx
byRevathiparamanathan
 
PPTX
I am sharing 'Unit-2' with youuuuuu.PPTX
bypadhaipadhai639
 
PPT
Cloud computing security and privacy christian goire
bygoire
 
PPTX
Cloud computing and its security issues
byJyoti Srivastava
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
byjaredcarst
 
Cloud Security
byPyingkodi Maran
 
Cloud security (domain11 14)
byMaganathin Veeraragaloo
 
Data Privacy And Security Issues In Cloud Computing.pdf
byCiente
 
UNIT -V.docx
byRevathiparamanathan
 
I am sharing 'Unit-2' with youuuuuu.PPTX
bypadhaipadhai639
 
Cloud computing security and privacy christian goire
bygoire
 
Cloud computing and its security issues
byJyoti Srivastava
 

Similar to Preventing Cloud Data Breaches.pdf

PPTX
Unit-1_Cloud Security and Privacy with AWS.pptx
byPrathamAgarwal69
 
PPTX
Practical Security for the Cloud
byChirag Joshi, CISA, CISM, CRISC
 
PDF
Cloud Security
byPyingkodi Maran
 
PDF
cloud1_aggy.pdf
byAkhileshKumar241470
 
PPTX
Cloud Security and Privacy with AWS.pptx
byPrathamAgarwal69
 
PPTX
Aspects of data security
bySaranSwathi1
 
PDF
Cloud security snippets on the use case of the cloud
byalkabarala01
 
PPTX
Cloud Security 2014 AASNET
byFarrukh Shahzad
 
PDF
Fundamentals for Stronger Cloud Security2.pdf
byChinatu Uzuegbu
 
PPTX
Lecture Cloud Security.pptx
byShimoFcis
 
PDF
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
byIOSR Journals
 
PPTX
The Impact of Cloud: Cloud Computing Security and Privacy
byCharles Mok
 
PPTX
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
bysarah david
 
PPTX
Cloud Security: A matter of trust?
byMark Williams
 
PPTX
Securing The Clouds Proactively-BlackisTech.pptx
byChinatu Uzuegbu
 
PDF
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
byIRJET Journal
 
PPTX
Cloud security
byNiharika Varshney
 
PPTX
Data Confidentiality in Cloud Computing
byRitesh Dwivedi
 
PPTX
cloud computer security fundamentals Unit-5.pptx
bySuryaBasnet3
 
PDF
Various Security Issues and their Remedies in Cloud Computing
byINFOGAIN PUBLICATION
 
Unit-1_Cloud Security and Privacy with AWS.pptx
byPrathamAgarwal69
 
Practical Security for the Cloud
byChirag Joshi, CISA, CISM, CRISC
 
Cloud Security
byPyingkodi Maran
 
cloud1_aggy.pdf
byAkhileshKumar241470
 
Cloud Security and Privacy with AWS.pptx
byPrathamAgarwal69
 
Aspects of data security
bySaranSwathi1
 
Cloud security snippets on the use case of the cloud
byalkabarala01
 
Cloud Security 2014 AASNET
byFarrukh Shahzad
 
Fundamentals for Stronger Cloud Security2.pdf
byChinatu Uzuegbu
 
Lecture Cloud Security.pptx
byShimoFcis
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
byIOSR Journals
 
The Impact of Cloud: Cloud Computing Security and Privacy
byCharles Mok
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
bysarah david
 
Cloud Security: A matter of trust?
byMark Williams
 
Securing The Clouds Proactively-BlackisTech.pptx
byChinatu Uzuegbu
 
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
byIRJET Journal
 
Cloud security
byNiharika Varshney
 
Data Confidentiality in Cloud Computing
byRitesh Dwivedi
 
cloud computer security fundamentals Unit-5.pptx
bySuryaBasnet3
 
Various Security Issues and their Remedies in Cloud Computing
byINFOGAIN PUBLICATION
 

More from Chinatu Uzuegbu

PDF
Business Process Revamp is Paramount in 2024.pdf
byChinatu Uzuegbu
 
PDF
Securing The Clouds with The Standard Best Practices-1.pdf
byChinatu Uzuegbu
 
PDF
World Password Management Day, 2023.pdf
byChinatu Uzuegbu
 
PPTX
The Nigerian Cybersecurity Space-How Regulated Are We?
byChinatu Uzuegbu
 
PDF
Effectiveness of Cyber Security Awareness.pdf
byChinatu Uzuegbu
 
PDF
What The Cyber Entails-2.pdf
byChinatu Uzuegbu
 
PDF
What The Cyber Entails-1.pdf
byChinatu Uzuegbu
 
PDF
Combating Cyber Crimes Proactively.pdf
byChinatu Uzuegbu
 
PDF
Identity & Access Management Day 2022.pdf
byChinatu Uzuegbu
 
PDF
Combating cyber crimes chinatu
byChinatu Uzuegbu
 
PDF
Understanding Identity Management and Security.
byChinatu Uzuegbu
 
PDF
Practical approach to combating cyber crimes
byChinatu Uzuegbu
 
PPSX
Cyber Security Awareness Month 2017-Wrap-Up
byChinatu Uzuegbu
 
PPSX
Cyber Security Awareness Month 2017-Nugget 6
byChinatu Uzuegbu
 
PDF
Cyber crime (prohibition,prevention,etc)_act,_2015
byChinatu Uzuegbu
 
PPSX
Cyber Security Awareness Month 2017-Nugget 3
byChinatu Uzuegbu
 
PPSX
Cyber Security Awareness Month 2017- Nugget2
byChinatu Uzuegbu
 
PPSX
Cyber Security Awareness Month 2017
byChinatu Uzuegbu
 
Business Process Revamp is Paramount in 2024.pdf
byChinatu Uzuegbu
 
Securing The Clouds with The Standard Best Practices-1.pdf
byChinatu Uzuegbu
 
World Password Management Day, 2023.pdf
byChinatu Uzuegbu
 
The Nigerian Cybersecurity Space-How Regulated Are We?
byChinatu Uzuegbu
 
Effectiveness of Cyber Security Awareness.pdf
byChinatu Uzuegbu
 
What The Cyber Entails-2.pdf
byChinatu Uzuegbu
 
What The Cyber Entails-1.pdf
byChinatu Uzuegbu
 
Combating Cyber Crimes Proactively.pdf
byChinatu Uzuegbu
 
Identity & Access Management Day 2022.pdf
byChinatu Uzuegbu
 
Combating cyber crimes chinatu
byChinatu Uzuegbu
 
Understanding Identity Management and Security.
byChinatu Uzuegbu
 
Practical approach to combating cyber crimes
byChinatu Uzuegbu
 
Cyber Security Awareness Month 2017-Wrap-Up
byChinatu Uzuegbu
 
Cyber Security Awareness Month 2017-Nugget 6
byChinatu Uzuegbu
 
Cyber crime (prohibition,prevention,etc)_act,_2015
byChinatu Uzuegbu
 
Cyber Security Awareness Month 2017-Nugget 3
byChinatu Uzuegbu
 
Cyber Security Awareness Month 2017- Nugget2
byChinatu Uzuegbu
 
Cyber Security Awareness Month 2017
byChinatu Uzuegbu
 

Recently uploaded

PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PDF
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PPTX
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
December Patch Tuesday
byIvanti
 
PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
PPTX
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
API-First Architecture in Financial Systems
bycyy111112
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
December Patch Tuesday
byIvanti
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 

Preventing Cloud Data Breaches.pdf

  • 1.
    2023 Preventing Cloud DataBreaches Chinatu Uzuegbu Managing Cyber /Cloud Security Consultant RoseTech CyberCrime Solutions Limited
  • 2.
    ❖Content Contributor. ❖Security CongressEvent Advisory Committee. ❖Chapters Advisory Committee(CAC). ❖Blogger. ❖Authorized Instructor. ❖Founding Past President , Nigeria Chapter. Volunteering VigiTrust Chartered Advisory Board. ❖Global Speaker, Mentor, Volunteer and Delegate. ❖Over 20 years wealth of experience as an IT/Cyber Security Professional Professional ❖CISSP, CCISO, CISM, CISA, CEH, Others. ❖Top 50 Women in Cyber Security , Africa, 2020. Educational ❖Honorary Doctorate, London Graduate School. ❖MSc. Information Systems Management, University of Liverpool. ❖Bsc. Computer Science/Maths, University of Port Harcourt. ❖Global Conference Speaker. ❖Global Ambassador. ❖Mentor. Chinatu Uzuegbu https://www.linkedin.com/in/chinatu-uzuegbu-67593119/ https://www.slideshare.net/Chinatu/presentations
  • 3.
    The Cloud asThe New Normal https://www.founderjar.com/cloud-computing-statistics/ Worldwide end-user spending on the public cloud has grown from US$ 410.9 billion in 2021 to US$ 591.79 billion in 2023. Retail (96.9%), media & entertainment (94.9%), and finance & banking (92.8%) are the top industry sectors with the highest cloud use. 31% of Organizations are leveraging on the Cloud to process over 75% of their Business Workloads as 2023 is ending. 47% of Organizations are considering the Cloud as their first line of adoption of technology before On- Premise Data Center. Microsoft Azure and Amazon Web Services are the leading cloud storage providers, with over 73% of organizations using them. 87% of organizations experienced business acceleration from their use of the cloud. 95% of organizations are extremely concerned about their security in the cloud environment
  • 4.
    Preventing Cloud Data Breaches is OurClarion Call! Combat Cloud Data Threats: The Concept of Cloud Computing Why is The Cloud The New Normal? Shared Responsibilities in the cloud The Concept of Security of The Cloud and Security in The Cloud Your Data as your most critical Asset Service Level Agreement/Contract Terms Overall Cloud Security Perspectives Obfuscation Perspective Identity and Access Mgmt Perspective Data-State perspective •Data LifeCycle Perspective. Securing Your Cloud Data : DREAD STRIDE
  • 5.
    The Concept ofCloud Computing A Model for ubiquitous convenient On- demand Network Access from Shared Pool of Configurable Resources that could be rapidly provisioned and released with minimal management efforts or Service Providers Interactions. Please refer to slides(5-7) from the link below to learn more on the Concepts of Cloud Computing: https://www.slideshare.net/Chinatu/securing-the-clouds-proactivelyblackistechpptx
  • 6.
    Why is TheCloud The New Normal? • Reduced Total Cost of Assets Ownership(Capital Expenditure). • Reduced Cost of Operating Expenditure. • Rapid Provisioning of Services(Speed). • On-Demand Self-Service. • Broad-band Network Access. • Rapid Elasticity. • Shared Pool of Resources(Servers, Networks, Host, OS, Applications, Databases, others). • Resource Scalability: Reservation, Limits, Shares. • Measured Services: Pay-as-Used. Please refer to slides(8-9) from the link below to learn more on the Concepts of Cloud Computing: https://www.slideshare.net/Chinatu/securing-the-clouds-proactivelyblackistechpptx
  • 7.
    Shared Responsibilities inThe Cloud The concept of Security of The Cloud and in The Cloud Physical Activity Networking Storage Servers Virtualization Applications Data Runtime Operating System Host Dev. Environment Premise (IT Env.) IaaS SaaS PaaS Customer Cloud Service Provider (Security of The Cloud) Cloud Service Customer (Security in The Cloud) CSC(Security in the cloud) Cloud Service Provider (Security of The Cloud) Cloud Service Provider (Security of The Cloud) Cloud Service Customer (Security in The Cloud)
  • 8.
    The Concept ofSecurity of The Cloud and Security in The Cloud • Security of The Cloud is the bother of The Cloud Service provider. • The Cloud Service Provider is ultimately responsible for the Physical Environment and Basic Infrastructures whatsoever. • The Cloud Service Provider remains the Data Processor as he processes the data on behalf of the Customer, data Owner based on endorsed terms and agreement. • The Security in The Cloud is the bother of The Cloud Service Customer or Subscriber. • In any situation or with any Cloud Service Model, the Customer or subscriber is ultimately responsible for Data and is the Data Owner or Data Controller. • The Customer remains liable to any breach or loss of Data due to Lack of due diligence. •Cases of Data Litigations and Breaches could be shared even though the Customer is ultimately Liable. •If the cloud Service Provider caused the breach or loss due to lack of due diligence, he would pay some percentage of the fine or sanction. Please refer to slides(11-18) from the link below to learn more on the Service Models and Deployment Models : https://www.slideshare.net/Chinatu/securing-the-clouds-proactivelyblackistechpptx
  • 9.
    Your Cloud Dataas your most critical Asset • The end-result of most of the subscriptions in the Cloud is for seamless Data Processing and Retrieval. • You could achieve this with any of the Cloud Service and Deployment Models of your choice even though your roles and responsibilities as a Cloud Service Customer could be more or less pending on the service Model. • Data Portability Measures must apply for seamless movement of Data from one platform to the other. • Ensuring threats such as Vendor Lock-in/Vendor lock-out are minimized is critical. • Seamless Inter-Operability Measures must apply to ensure seamless interactions and easy re-use of data as it flows through the platforms.
  • 10.
    Service Level Agreement/ContractTerms • Your Service Level Agreement must measurable and quantifiable and clearly endorsed by all parties. • Your Contract Terms must be concise with roles, responsibilities and necessary operational level agreement defined in details. • Cloud Service Customers should understand that they are legally liable to any line of service not clearly defined in the contract and endorsed by ALL parties. • Ambiguous terms that could lead to embedding too many services into one could be liable to loss as a result of lack of due diligence in clearly distinguishing tasks by the Customer.
  • 11.
    Securing Your CloudData: Data LifeCycle Perspective Security Measures That must apply: • Data Creation: Appropriate Data Classifications and Labels with a verifiable authoritative sources. • Data Storing: Good security principles that go with Data constraints and in-put validations. The best storage type and encryption algorithms . • Data-in-Use: Digital signatures with non-repudiation and time-stamp to ensure the Data is being used by the authorized parties that could not deny it at any time. • Data Sharing: Egress Monitoring with Data Loss Prevention(DLP) and Data Rights Mgmt. • Data Archival: Data Retention Policies, Back-up Policy, Data Recoverability, Data Resilience, Business Continuity Planning. • Data Disposal: Data Ramenesence in the Cloud, Cloud shredding techniques, overwriting, Crypto-shredding. Create Store U s e Share Archive D i s p o s e Data Phase Life- Cycle
  • 12.
    Securing Your CloudData: Data-State perspective Three States of data: Data-in-Use Data-at-Rest Data-in-Transit Digital Signature Non-Repudiation Good log management practices, Data Masking Encryption, Good Data Storage Management Egress Monitoring, Data Loss Prevention(DLP) Data Rights Management End-to-end Encryption
  • 13.
    Securing Your CloudData: Identity and Access Mgmt Perspective • The Provisioning and De- Provisioning Concept must apply with each Identity traceable to the authoritative source. • The concept of Identification, Authentication, Authorization and Accounting(IAAA) must apply. • The concepts of Least Privilege and Need to know must apply. • The Concept of Just-in- time must apply. • Privileged accounts must be managed with minimal authorization creeps and Escalation of privilege.
  • 14.
    Securing Your CloudData: Obfuscation Perspective • Data masking • Data Tokenization • Data Anonymization • Data Encryption
  • 15.
    Securing Your CloudData: Overall Cloud Security Perspectives • Copyrights • Trade Secrets • Trademarks • Patent • Logical Separation co- tenants data to minimize guest escape and host escape. • Continuous Audit • Data Privacy: ISO/IEC 2018. • Leverage on Cloud Frameworks starting from Cloud Security Alliance Consensus Assessment Initiative Questionnaire. • Service Organizational Reports(SOC2 and SOC 3). Our aim is to ensure Confidentiality of Cloud Data, Process Integrity, Availability of Cloud Data, Security and Privacy.
  • 16.
    Combat Cloud DataThreats: STRIDE vs DREAD
  • 17.
    Putting IT ALLTogether • Securing Cloud Data is ongoing as the tools keep evolving. • However, paying close attention to your due diligence right from inception of adoption would go a long way in ensuring we are running with good security hygiene both of the Cloud and In the Cloud
  • 18.