SlideShare a Scribd company logo

Securing Data in the Cloud - GISEC2017

Download as PPTX, PDF
Sohaib Mahmood
Sohaib Mahmood

Spoke on Securing Data in the Cloud at GISEC on 23rd May 2017. Touched on the trends, perceptions, and various controls to protect data. Finally, discussed various approaches to secure data in the cloud

1 of 20
Securing Data in the Cloud By Sohaib Mahmood (CISSP, SABSA, CCSK, CRISC) Lead Security Consultant
Founding Partners • Alibaba Cloud was established in 2009, with R & D centers and operations in Hangzhou, Beijing and Silicon Valley. Alibaba Cloud is a strategic business unit of Alibaba Group. • Alibaba Cloud’s goal is to create the world's leading cloud computing services platform. Alibaba Cloud is committed to creating a public, open cloud computing services platform. • Alibaba Cloud provides a cloud platform for 20+ Alibaba business units in addition to serving over 2,300,000 customers. • Meraas was established to make a positive contribution to the National economy • By creating a portfolio of investments in various industry sectors, Meraas seeks to generate long term wealth enhancement to the economic and social development of Dubai. • In order to capitalize on opportunities in Dubai and beyond, Meraas is pioneering several initiatives in various macroeconomic sectors including: • Retail • Leisure & Entertainment • Hospitality • Food & Beverage •Healthcare •Residential •Technology
Overview of Cloud Computing
01 Cloud SaaS Software as a Service Application and information clouds. Use provider’s applications over a network, cloud provider examples are Google Apps, Salesforce . 03 Cloud IaaS Infrastructure as a Service Infrastructure clouds. Rent processing, storage, network capacity Examples are Alibaba Cloud, AWS 02 Cloud PaaS Platform as a Service Development clouds. Deploy customer-created applications to a cloud, cloud provider examples Windows Azure, Google App Engine Cloud Computing Models
Can Clouds be Secure? “Public cloud workloads can be at least as secure as those in your own data center, likely better.” Neil McDonald – Garter Security and Risk Management Summit London Sept 2015
Cloud Security is a Shared Responsibility Compute Storage Networking Cloud InfraCloud Infra Data Security Server Side Encryption Client-side Encryption Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customers Security and compliance IN the Cloud Security OF the Cloud Cloud Service Provider SaaS •CSP owns application •Client owns data and access rights IaaS/PaaS • CSP owns network and hypervisors • Client owns “above the hypervisor”
Treacherous 12 - Cloud Computing Top Threats 1. Data Breaches 2. Weak Identity, Credential and Access Management 3. Insecure APIs 4. System and Application Vulnerabilities 5. Account Hijacking 6. Malicious Insiders 7. Advanced Persistent Threats (APTs) 8. Data Loss 9. Insufficient Due Diligence 10. Abuse and Nefarious Use of Cloud Services 11. Denial of Service 12. Shared Technology Issues By Cloud Security Alliance
Trends in Cloud Data Security & Governance Perception about Cloud Data Governance Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
Trends in Cloud Data Security & Governance Primary Types of Data Stored in the cloud 2016 v 2014 Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
Trends in Cloud Data Security & Governance How Data is protected in the cloud - 2016 v 2014 Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
Trends in Cloud Data Security & Governance Use of Data De identification tools to secure data in the cloud Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
Trends in Cloud Data Security & Governance How Encryption is applied - 2016 v 2014 Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
Traditional Data States Apply in Clouds too… TEXT HERE Data At Rest Cloud Storage Encryption. Different Cloud Storage types will require different data at rest encryption requirements Data In Motion When Data travels between cloud consumer environment & service provider or WITHIN cloud service provider environment . Data In Use Most critical area of the lot as it poses privacy, compliance and security challenges. Typical Application usages are Banking Application, advanced data analytics CRM etc. Data In Motion
Cloud Concerns in Data Context Oversharing of sensitive data Administrative Oversight Compliance & Regulated Data Data Sovereignty Cloud Sprawl (Cloud to Cloud Sharing)
Data At Rest There are various Encryption controls available with pros and cons  File/Folder Encryption  Full Disk Encryption  Full Virtual Machine Encryption  Special Encryption (DB, Email)
Data In Motion Encryption of Data in Motion needs to be considered in two places • Between Cloud Service Provide & Consumer Environment • Within CSP internal environment Various Controls Available  TLS/SSL  VPN  Virtual Private Computing (VPC)
Data In Use  Most challenging case because of the nature of cloud and processing applications  Need to satisfy compliance, data residency and sovereignty requirements Controls Available  Encryption (Format Preserving Encryption)  Tokenization  Masking
Approaches to Data Governance, Security & Privacy  Ask your service Provider lots of questions. Due Diligence  Data Classification  Evolving traditional Data Controls like DLP & Data Access Governance to protect Cloud Data making use of emerging technologies like CASB  Policies Enforcement  Leverage mitigating controls like Access Controls (MFA) to cater for Cloud data  Data De-identification  Compliance Enforcement  User Awareness & Coaching
What Future Holds?  Mobile Device Accessing Cloud Data  Internet of Things Data  Smart Cities  Cyber incidents (Ransomware) impacting cloud adoption
THANK YOU www.yvolv.ae CorporatePresentation(c) YVOLVLLC,2016

Recommended

Cloud computing risks
Cloud computing risksCloud computing risks
Cloud computing risks
sripriya78
 
Cloud computing risk assesment presentation
Cloud computing risk assesment presentationCloud computing risk assesment presentation
Cloud computing risk assesment presentation
Ahmad El Tawil
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management
Padma Jella
 
4.5.cloud security
4.5.cloud security4.5.cloud security
4.5.cloud security
DrRajapraveenkN
 
O365Con18 - Big Data - Sasha Fredrich
O365Con18 - Big Data - Sasha FredrichO365Con18 - Big Data - Sasha Fredrich
O365Con18 - Big Data - Sasha Fredrich
NCCOMMS
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Standards Customer Council
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365
Dock 365
 
Where's My Data? Managing the Data Residency Challenge
Where's My Data? Managing the Data Residency ChallengeWhere's My Data? Managing the Data Residency Challenge
Where's My Data? Managing the Data Residency Challenge
Cloud Standards Customer Council
 

Recommended

Cloud computing risks
Cloud computing risksCloud computing risks
Cloud computing risks
sripriya78
 
Cloud computing risk assesment presentation
Cloud computing risk assesment presentationCloud computing risk assesment presentation
Cloud computing risk assesment presentation
Ahmad El Tawil
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management
Padma Jella
 
4.5.cloud security
4.5.cloud security4.5.cloud security
4.5.cloud security
DrRajapraveenkN
 
O365Con18 - Big Data - Sasha Fredrich
O365Con18 - Big Data - Sasha FredrichO365Con18 - Big Data - Sasha Fredrich
O365Con18 - Big Data - Sasha Fredrich
NCCOMMS
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Standards Customer Council
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365
Dock 365
 
Where's My Data? Managing the Data Residency Challenge
Where's My Data? Managing the Data Residency ChallengeWhere's My Data? Managing the Data Residency Challenge
Where's My Data? Managing the Data Residency Challenge
Cloud Standards Customer Council
 
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and Frontiers
Gokul Alex
 
Cloud security
Cloud securityCloud security
Cloud security
BikashPokharel3
 
Data Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for StandardsData Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for Standards
Cloud Standards Customer Council
 
Cloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing CapabilitiesCloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing Capabilities
SusanneT
 
Impact of Cloud Computing on Healthcare v2.0
Impact of Cloud Computing on Healthcare v2.0Impact of Cloud Computing on Healthcare v2.0
Impact of Cloud Computing on Healthcare v2.0
Cloud Standards Customer Council
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
Michael Torres
 
what is cloud security(Basics)
what is cloud security(Basics)what is cloud security(Basics)
what is cloud security(Basics)
Santhosh Kumar
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
Teja Babu
 
Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)
InTechnology Managed Services (part of Redcentric)
 
IT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business ProblemsIT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business Problems
Brooke Bordelon
 
Intro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance CenterIntro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance Center
Craig Jahnke
 
Microsoft Azure Rights Management
Microsoft Azure Rights ManagementMicrosoft Azure Rights Management
Microsoft Azure Rights Management
David J Rosenthal
 
5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority
Okta-Inc
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
ForgeRock
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Robert Crane
 
Cloud Managed Services: Cloud Infrastructure
Cloud Managed Services: Cloud InfrastructureCloud Managed Services: Cloud Infrastructure
Cloud Managed Services: Cloud Infrastructure
The TNS Group
 
OpenText SIE Integration Slideshare
OpenText SIE Integration SlideshareOpenText SIE Integration Slideshare
OpenText SIE Integration Slideshare
OpenText
 
CloudWALL Profile ENG
CloudWALL Profile ENGCloudWALL Profile ENG
CloudWALL Profile ENG
CloudWALL Italia
 
Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)
Moshe Ferber
 
Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?
Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?
Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?
Viana Labs
 
Guide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureGuide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azure
Abdul Khan
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125
Gabor Bokor
 

More Related Content

What's hot

Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and Frontiers
Gokul Alex
 
Cloud security
Cloud securityCloud security
Cloud security
BikashPokharel3
 
Data Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for StandardsData Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for Standards
Cloud Standards Customer Council
 
Cloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing CapabilitiesCloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing Capabilities
SusanneT
 
Impact of Cloud Computing on Healthcare v2.0
Impact of Cloud Computing on Healthcare v2.0Impact of Cloud Computing on Healthcare v2.0
Impact of Cloud Computing on Healthcare v2.0
Cloud Standards Customer Council
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
Michael Torres
 
what is cloud security(Basics)
what is cloud security(Basics)what is cloud security(Basics)
what is cloud security(Basics)
Santhosh Kumar
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
Teja Babu
 
Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)
InTechnology Managed Services (part of Redcentric)
 
IT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business ProblemsIT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business Problems
Brooke Bordelon
 
Intro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance CenterIntro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance Center
Craig Jahnke
 
Microsoft Azure Rights Management
Microsoft Azure Rights ManagementMicrosoft Azure Rights Management
Microsoft Azure Rights Management
David J Rosenthal
 
5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority
Okta-Inc
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
ForgeRock
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Robert Crane
 
Cloud Managed Services: Cloud Infrastructure
Cloud Managed Services: Cloud InfrastructureCloud Managed Services: Cloud Infrastructure
Cloud Managed Services: Cloud Infrastructure
The TNS Group
 
OpenText SIE Integration Slideshare
OpenText SIE Integration SlideshareOpenText SIE Integration Slideshare
OpenText SIE Integration Slideshare
OpenText
 
CloudWALL Profile ENG
CloudWALL Profile ENGCloudWALL Profile ENG
CloudWALL Profile ENG
CloudWALL Italia
 
Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)
Moshe Ferber
 
Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?
Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?
Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?
Viana Labs
 

What's hot (20)

Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and Frontiers
 
Cloud security
Cloud securityCloud security
Cloud security
 
Data Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for StandardsData Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for Standards
 
Cloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing CapabilitiesCloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing Capabilities
 
Impact of Cloud Computing on Healthcare v2.0
Impact of Cloud Computing on Healthcare v2.0Impact of Cloud Computing on Healthcare v2.0
Impact of Cloud Computing on Healthcare v2.0
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
 
what is cloud security(Basics)
what is cloud security(Basics)what is cloud security(Basics)
what is cloud security(Basics)
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
 
Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)
 
IT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business ProblemsIT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business Problems
 
Intro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance CenterIntro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance Center
 
Microsoft Azure Rights Management
Microsoft Azure Rights ManagementMicrosoft Azure Rights Management
Microsoft Azure Rights Management
 
5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
 
Cloud Managed Services: Cloud Infrastructure
Cloud Managed Services: Cloud InfrastructureCloud Managed Services: Cloud Infrastructure
Cloud Managed Services: Cloud Infrastructure
 
OpenText SIE Integration Slideshare
OpenText SIE Integration SlideshareOpenText SIE Integration Slideshare
OpenText SIE Integration Slideshare
 
CloudWALL Profile ENG
CloudWALL Profile ENGCloudWALL Profile ENG
CloudWALL Profile ENG
 
Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)
 
Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?
Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?
Private Cloud vs Public Cloud vs Hybrid Cloud – Which is best?
 

Similar to Securing Data in the Cloud - GISEC2017

Guide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureGuide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azure
Abdul Khan
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125
Gabor Bokor
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
promediakw
 
Govern and Protect Your End User Information
Govern and Protect Your End User InformationGovern and Protect Your End User Information
Govern and Protect Your End User Information
Denodo
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
Sweta Kumari Barnwal
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Standards Customer Council
 
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksLions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
SAP Ariba
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing present
James Sutter
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
Moshe Ferber
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
Scalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
patmisasi
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
Company concern risk migration
Company concern risk migrationCompany concern risk migration
Company concern risk migration
Raj Raj
 
Cloud Computing (Lecture 1 & 2).pptx
Cloud Computing (Lecture 1 & 2).pptxCloud Computing (Lecture 1 & 2).pptx
Cloud Computing (Lecture 1 & 2).pptx
MuhammadArslan799356
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 
Cloud computing- Benefits,Future and Challenges
Cloud computing- Benefits,Future and Challenges Cloud computing- Benefits,Future and Challenges
Cloud computing- Benefits,Future and Challenges
RohitKumar3153
 
10 security concerns cloud computing
10 security concerns cloud computing10 security concerns cloud computing
10 security concerns cloud computing
Hossam Zein
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Norm Barber
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
UnifyCloud
 
Cloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itCloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving it
Hentsū
 

Similar to Securing Data in the Cloud - GISEC2017 (20)

Guide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureGuide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azure
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
 
Govern and Protect Your End User Information
Govern and Protect Your End User InformationGovern and Protect Your End User Information
Govern and Protect Your End User Information
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
 
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksLions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing present
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
Company concern risk migration
Company concern risk migrationCompany concern risk migration
Company concern risk migration
 
Cloud Computing (Lecture 1 & 2).pptx
Cloud Computing (Lecture 1 & 2).pptxCloud Computing (Lecture 1 & 2).pptx
Cloud Computing (Lecture 1 & 2).pptx
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
 
Cloud computing- Benefits,Future and Challenges
Cloud computing- Benefits,Future and Challenges Cloud computing- Benefits,Future and Challenges
Cloud computing- Benefits,Future and Challenges
 
10 security concerns cloud computing
10 security concerns cloud computing10 security concerns cloud computing
10 security concerns cloud computing
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 
Cloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itCloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving it
 

Recently uploaded

Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Zilliz
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Zilliz
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
TIPNGVN2
 

Recently uploaded (20)

Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
 

Securing Data in the Cloud - GISEC2017

  • 1. Securing Data in the Cloud By Sohaib Mahmood (CISSP, SABSA, CCSK, CRISC) Lead Security Consultant
  • 2. Founding Partners • Alibaba Cloud was established in 2009, with R & D centers and operations in Hangzhou, Beijing and Silicon Valley. Alibaba Cloud is a strategic business unit of Alibaba Group. • Alibaba Cloud’s goal is to create the world's leading cloud computing services platform. Alibaba Cloud is committed to creating a public, open cloud computing services platform. • Alibaba Cloud provides a cloud platform for 20+ Alibaba business units in addition to serving over 2,300,000 customers. • Meraas was established to make a positive contribution to the National economy • By creating a portfolio of investments in various industry sectors, Meraas seeks to generate long term wealth enhancement to the economic and social development of Dubai. • In order to capitalize on opportunities in Dubai and beyond, Meraas is pioneering several initiatives in various macroeconomic sectors including: • Retail • Leisure & Entertainment • Hospitality • Food & Beverage •Healthcare •Residential •Technology
  • 3. Overview of Cloud Computing
  • 4. 01 Cloud SaaS Software as a Service Application and information clouds. Use provider’s applications over a network, cloud provider examples are Google Apps, Salesforce . 03 Cloud IaaS Infrastructure as a Service Infrastructure clouds. Rent processing, storage, network capacity Examples are Alibaba Cloud, AWS 02 Cloud PaaS Platform as a Service Development clouds. Deploy customer-created applications to a cloud, cloud provider examples Windows Azure, Google App Engine Cloud Computing Models
  • 5. Can Clouds be Secure? “Public cloud workloads can be at least as secure as those in your own data center, likely better.” Neil McDonald – Garter Security and Risk Management Summit London Sept 2015
  • 6. Cloud Security is a Shared Responsibility Compute Storage Networking Cloud InfraCloud Infra Data Security Server Side Encryption Client-side Encryption Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customers Security and compliance IN the Cloud Security OF the Cloud Cloud Service Provider SaaS •CSP owns application •Client owns data and access rights IaaS/PaaS • CSP owns network and hypervisors • Client owns “above the hypervisor”
  • 7. Treacherous 12 - Cloud Computing Top Threats 1. Data Breaches 2. Weak Identity, Credential and Access Management 3. Insecure APIs 4. System and Application Vulnerabilities 5. Account Hijacking 6. Malicious Insiders 7. Advanced Persistent Threats (APTs) 8. Data Loss 9. Insufficient Due Diligence 10. Abuse and Nefarious Use of Cloud Services 11. Denial of Service 12. Shared Technology Issues By Cloud Security Alliance
  • 8. Trends in Cloud Data Security & Governance Perception about Cloud Data Governance Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
  • 9. Trends in Cloud Data Security & Governance Primary Types of Data Stored in the cloud 2016 v 2014 Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
  • 10. Trends in Cloud Data Security & Governance How Data is protected in the cloud - 2016 v 2014 Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
  • 11. Trends in Cloud Data Security & Governance Use of Data De identification tools to secure data in the cloud Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
  • 12. Trends in Cloud Data Security & Governance How Encryption is applied - 2016 v 2014 Courtesy: Gemalto Cloud Data Security Report 2016 In 2016, Survey was held globally from respondents who have adopted cloud in one form or another
  • 13. Traditional Data States Apply in Clouds too… TEXT HERE Data At Rest Cloud Storage Encryption. Different Cloud Storage types will require different data at rest encryption requirements Data In Motion When Data travels between cloud consumer environment & service provider or WITHIN cloud service provider environment . Data In Use Most critical area of the lot as it poses privacy, compliance and security challenges. Typical Application usages are Banking Application, advanced data analytics CRM etc. Data In Motion
  • 14. Cloud Concerns in Data Context Oversharing of sensitive data Administrative Oversight Compliance & Regulated Data Data Sovereignty Cloud Sprawl (Cloud to Cloud Sharing)
  • 15. Data At Rest There are various Encryption controls available with pros and cons  File/Folder Encryption  Full Disk Encryption  Full Virtual Machine Encryption  Special Encryption (DB, Email)
  • 16. Data In Motion Encryption of Data in Motion needs to be considered in two places • Between Cloud Service Provide & Consumer Environment • Within CSP internal environment Various Controls Available  TLS/SSL  VPN  Virtual Private Computing (VPC)
  • 17. Data In Use  Most challenging case because of the nature of cloud and processing applications  Need to satisfy compliance, data residency and sovereignty requirements Controls Available  Encryption (Format Preserving Encryption)  Tokenization  Masking
  • 18. Approaches to Data Governance, Security & Privacy  Ask your service Provider lots of questions. Due Diligence  Data Classification  Evolving traditional Data Controls like DLP & Data Access Governance to protect Cloud Data making use of emerging technologies like CASB  Policies Enforcement  Leverage mitigating controls like Access Controls (MFA) to cater for Cloud data  Data De-identification  Compliance Enforcement  User Awareness & Coaching
  • 19. What Future Holds?  Mobile Device Accessing Cloud Data  Internet of Things Data  Smart Cities  Cyber incidents (Ransomware) impacting cloud adoption

Editor's Notes

  1. 4 years ago in meetings we were being told the cloud was insecure, very boring Lets change this quote around “If you do it right, the public cloud can be more secure than your own datacentre” That is the key, that is what today is about – how do you do it right
  2. All of these threats affect Data directly or indirectly. Some affect availability, some integrity and some confidentiality
  3. Oversharing - Users may accidentally share sensitive content such as source code, confidential information, or client records too broadly (i.e., with the whole company or publicly). Users may also re-share content with unexpected consequences, leading to risky exposure, and financial liability for the organization.  Administrative Oversight - Due to the challenges of managing data repositories, organizations may inadvertently share data with employees or contractors who have left the company or discover inherited folder permissions that are inappropriate. Without proper monitoring, such oversights can risk data exposure.  Compliance & Regulated data - Cloud apps pose a special concern with compliance regulated data. Are users uploading customer or employee personally identifiable information (PII) or consumer payment card information (PCI) into cloud apps? If so, how is this content being shared and secured? Inappropriate sharing of such content may lead to compliance violations and financial penalties.  Data Sovereignty - Corporations with a global footprint increasingly find themselves grappling with strict data residency and sovereignty challenges that require certain types of data to remain within a defined geographic border. How do organizations ensure use of this restricted data is not violating corporate policies or applicable regulations? Smart Cities Example Cloud Sprawl - In addition to tracking what users are uploading or downloading from cloud apps, there are also cloud-to-cloud transactions that may expose corporations to liability. Box and office 365 example
  4. There are pros and cons of each control and method Processing Speed, Cost (Talk about Format Preserving Encryption FPE), Many Cloud Security Provider provide basic encryption. P
  5. There are pros and cons of each control and method Processing Speed, Cost (Talk about Format Preserving Encryption FPE), Many Cloud Security Provider provide basic encryption. P
  6. Data in motion and at rest have provided cornerstone for encryption solution but encryption in use go against the basic premise of the first two. Data has to stay protected