An overview of the shared responsibility model that is typically adopted by cloud providers and its impact on the way that Jisc members should build secure solutions in public cloud.
On December 10th Thomas Länger from University of Lausanne presented PRISMACLOUD project during the 6th International Conference on eDemocracy
Citizen rights in the world of the new computing paradigms in Athens, Greece.
PRISMACLOUD generated considerable interest among the participants!
In shared infrastructures such as clouds, sensitive or regulated data—including run-time and archived data—must be properly segregated from unauthorized users. Database and system administrators may have access to multiple clients’ data, and the location of stored data in a cloud may change rapidly. Compliance requirements such as Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA) and others may need to be met. This webinar will discuss how to help protect cloud-based customer information and intellectual property from both external and internal threats.
View the On-demand webinar: https://www2.gotomeeting.com/register/187735186
One of the most important parts of the cloud is security. Your data is protected by both advanced threat protection and redundancy from cloud to cloud backup.
Congresso Sociedade Brasileira de Computação CSBC2016 Porto Alegre (Brazil)
Workshop on Cloud Networks & Cloudscape Brazil
João Gondim, Luis Pacheco and Priscila Solis (University of Brasilia, Brazil)
Unpublished, novel research work related to the latest challenges, technologies, solutions and techniques related to networking within the cloud and to the efficient and effective cloud deployment and hosting of the various emerging applications and services.
Effective solutions related to the placement, sizing, bursting, and migration of compute, storage, and data resources within the cloud network(s) become critical to the deployment of elastic and agile applications.
On December 10th Thomas Länger from University of Lausanne presented PRISMACLOUD project during the 6th International Conference on eDemocracy
Citizen rights in the world of the new computing paradigms in Athens, Greece.
PRISMACLOUD generated considerable interest among the participants!
In shared infrastructures such as clouds, sensitive or regulated data—including run-time and archived data—must be properly segregated from unauthorized users. Database and system administrators may have access to multiple clients’ data, and the location of stored data in a cloud may change rapidly. Compliance requirements such as Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA) and others may need to be met. This webinar will discuss how to help protect cloud-based customer information and intellectual property from both external and internal threats.
View the On-demand webinar: https://www2.gotomeeting.com/register/187735186
One of the most important parts of the cloud is security. Your data is protected by both advanced threat protection and redundancy from cloud to cloud backup.
Congresso Sociedade Brasileira de Computação CSBC2016 Porto Alegre (Brazil)
Workshop on Cloud Networks & Cloudscape Brazil
João Gondim, Luis Pacheco and Priscila Solis (University of Brasilia, Brazil)
Unpublished, novel research work related to the latest challenges, technologies, solutions and techniques related to networking within the cloud and to the efficient and effective cloud deployment and hosting of the various emerging applications and services.
Effective solutions related to the placement, sizing, bursting, and migration of compute, storage, and data resources within the cloud network(s) become critical to the deployment of elastic and agile applications.
Cloud computing security issues .what is cloud computing, cloud clients, disadvantages of clouds, security issues, value of data, threat model and solutions.
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale
Businesses who want to stay ahead of the curve and achieve maximum efficiency and consistency are adopting cloud infrastructure. Keeping up with dynamic cloud environments, achieving scalable, automated, flexible, and secure cloud infrastructures means increased business agility. But how can you manage security as you migrate to cloud infrastructures?
Join Rishi Vaish, VP of Product at RightScale & Amrit Williams, CTO at CloudPassage as they discuss:
1. Recent findings from RightScale's State of the Cloud survey
2. Why hybrid cloud is the standard of choice
3. Three strategies for existing cloud server workloads
4. Benefits and security challenges of migrating to cloud infrastructures
5. Choosing a hybrid strategy - management and security practices to get the utmost resource flexibility
How does Cloud Hosting help with Data Security?HTS Hosting
Are you concerned about the security of your data while acquiring a web hosting plan for your newly established website? Then, it is advised that you choose cloud hosting for your company. In this presentation, we have explored the significance of cloud hosting in terms of data security.
Global Cyber Attacks Stats
What is Computing Security?
Cloud Computing, Models and Security Demystified
New Security Challenges of Cloud Computing
Security Dimensions – The CIA Triad
Scope of Cloud Computing Security
Security Challenge Eco-system
Vulnerabilities, Threats and Exposure Points
Attacks – Modes and Types
The Notorious Nine – Cloud Security Threats
Methods of Defence
Tenets of Security Control
Security Life Cycle
Cloud Security Components and Governance
Tiered Cloud Security Handling Framework
Bottom-line
Take-aways
Cloud Computing Security Organization Assessments Service Categories Responsi...SlideTeam
This complete deck covers various topics and highlights important concepts. It has PPT slides which cater to your business needs. This complete deck presentation emphasizes Cloud Computing Security Organisation Assessments Service Categories Responsibility and has templates with professional background images and relevant content. This deck consists of total of twelve slides. Our designers have created customizable templates, keeping your convenience in mind. You can edit the colour, text and font size with ease. Not just this, you can also add or delete the content if needed. Get access to this fully editable complete presentation by clicking the download button below. https://bit.ly/3cmXz7E
This presentation will give complete information regarding security issues related to cloud computing. To learn cloud computing fill up a simple form.
http://bit.ly/aDegGN
Cloud Security & Cloud Encryption Explained by Porticor the industry leader in Cloud Data Security. Learn from Porticor the issues for cloud security and how to protect your data in the cloud. Learn more about cloud security at http://www.porticor.com
This presentation includes cloud security overview, Could Security Access Broker, CASB's four pillars, proxy and API deployment mode and advantage and limitation of deployment modes
Cloud computing security issues .what is cloud computing, cloud clients, disadvantages of clouds, security issues, value of data, threat model and solutions.
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale
Businesses who want to stay ahead of the curve and achieve maximum efficiency and consistency are adopting cloud infrastructure. Keeping up with dynamic cloud environments, achieving scalable, automated, flexible, and secure cloud infrastructures means increased business agility. But how can you manage security as you migrate to cloud infrastructures?
Join Rishi Vaish, VP of Product at RightScale & Amrit Williams, CTO at CloudPassage as they discuss:
1. Recent findings from RightScale's State of the Cloud survey
2. Why hybrid cloud is the standard of choice
3. Three strategies for existing cloud server workloads
4. Benefits and security challenges of migrating to cloud infrastructures
5. Choosing a hybrid strategy - management and security practices to get the utmost resource flexibility
How does Cloud Hosting help with Data Security?HTS Hosting
Are you concerned about the security of your data while acquiring a web hosting plan for your newly established website? Then, it is advised that you choose cloud hosting for your company. In this presentation, we have explored the significance of cloud hosting in terms of data security.
Global Cyber Attacks Stats
What is Computing Security?
Cloud Computing, Models and Security Demystified
New Security Challenges of Cloud Computing
Security Dimensions – The CIA Triad
Scope of Cloud Computing Security
Security Challenge Eco-system
Vulnerabilities, Threats and Exposure Points
Attacks – Modes and Types
The Notorious Nine – Cloud Security Threats
Methods of Defence
Tenets of Security Control
Security Life Cycle
Cloud Security Components and Governance
Tiered Cloud Security Handling Framework
Bottom-line
Take-aways
Cloud Computing Security Organization Assessments Service Categories Responsi...SlideTeam
This complete deck covers various topics and highlights important concepts. It has PPT slides which cater to your business needs. This complete deck presentation emphasizes Cloud Computing Security Organisation Assessments Service Categories Responsibility and has templates with professional background images and relevant content. This deck consists of total of twelve slides. Our designers have created customizable templates, keeping your convenience in mind. You can edit the colour, text and font size with ease. Not just this, you can also add or delete the content if needed. Get access to this fully editable complete presentation by clicking the download button below. https://bit.ly/3cmXz7E
This presentation will give complete information regarding security issues related to cloud computing. To learn cloud computing fill up a simple form.
http://bit.ly/aDegGN
Cloud Security & Cloud Encryption Explained by Porticor the industry leader in Cloud Data Security. Learn from Porticor the issues for cloud security and how to protect your data in the cloud. Learn more about cloud security at http://www.porticor.com
This presentation includes cloud security overview, Could Security Access Broker, CASB's four pillars, proxy and API deployment mode and advantage and limitation of deployment modes
The most trusted, proven enterprise-class Cloud:Closer than you think Uni Systems S.M.S.A.
The Big Decision – What, when, and why?
Enterprises are aware that the Cloud is changing IT, but security and performance remain a concern. Each cloud model has potential risks: reliability, adaptability, application compatibility, efficiency, scaling, lock- in, security and compliance. Companies must select an enterprise cloud solution to suit a complex mix of applications; these decisions require great care. Uni Systems’ Uni|Cloud was built to be enterprise class. The essential reason that many businesses today are using Uni Systems Cloud for their enterprise IT, is because it offers the only enterprise-class cloud solution in the Greek market, designed for mission-critical applications, coupled with application performance SLAs and security built for the enterprise, combined with cloud efficiency and consumption-based pricing/chargeback.
Niloufer Tamboly and Mallik Prasad presented 'Securing The Journey To The Cloud' at the first (ISC)2 New Jersey Chapter meeting.
Chapter officers:
Gurdeep Kaur, President
Niloufer Tamboly, Membership Chair
Mallik Prasad, Secretary
Anthony Nelson, Treasurer
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhShah Sheikh
ISACA Journal Publication Volume 5 written by Shah Sheikh - published in Q4 2013. Based on the Cloud Security Alliance Framework whitepaper titled "Does your Cloud have a Secure Lining?"
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
The magnitude of the migration effort to the Cloud, the complexity of both customized apps and Cloud environments, and the requirement for ongoing app-level monitoring suggests the need for what Gartner calls a “programmable security infrastructure capable of supporting security policy ‘toolchains’.”
cloud computing is a growing field in computer science. This ppt can help the beginners understand it. contains information about PaaS, Iaas, SaaS and other concepts of Cloud Computing.It also contains a video on cloud computing.
This presentation gives a detailed overview about Cloud Computing, its features and challenges faced by it in the market. It gives an insight into cloud security and privacy issues and its measures.
What are the pros and cons of using cloud applications.pdfAnil
Using cloud applications offers several advantages, but it also comes with certain drawbacks. Here are some pros and cons of using cloud applications:
Pros:
1. Flexibility and scalability: Cloud applications provide the flexibility to scale resources up or down based on demand, allowing organizations to efficiently manage their computing resources and accommodate fluctuating workloads.
2. Cost savings: Cloud applications eliminate the need for organizations to invest in on-premises infrastructure and hardware, reducing upfront costs. Additionally, they typically follow a pay-as-you-go model, where businesses only pay for the resources they consume, leading to potential cost savings.
3. Accessibility and collaboration: Cloud applications can be accessed from anywhere with an internet connection, enabling remote work and collaboration among team members across different locations. This improves productivity and facilitates real-time collaboration on projects.
4. Automatic updates and maintenance: Cloud application providers handle software updates and maintenance, ensuring that users have access to the latest features and security patches without the need for manual intervention from the organization's IT team.
5. Data backup and disaster recovery: Cloud applications often provide built-in data backup and disaster recovery mechanisms, protecting valuable business data from loss or damage. This helps organizations to quickly recover from unforeseen events and minimize downtime.
Cons:
1. Internet dependency: Cloud applications require a stable internet connection to function properly. If the internet connection is unreliable or experiences downtime, it can disrupt access to cloud applications and impact productivity.
2. Data security concerns: Storing sensitive data in the cloud raises security concerns, as organizations must trust the cloud provider to maintain robust security measures. Data breaches and unauthorized access to cloud-stored data can have severe consequences, so organizations must carefully consider the security protocols of their chosen cloud provider.
3. Vendor lock-in: Migrating to a specific cloud application or provider may create dependency and make it challenging to switch to an alternative solution in the future. This vendor lock-in can limit flexibility and potentially increase costs if the organization decides to transition to a different platform.
4. Performance and latency: Cloud applications rely on internet connectivity, and the performance can be affected by factors such as network congestion and latency. This may lead to slower response times or decreased performance compared to on-premises solutions, particularly for applications that require high-speed data processing or real-time interactions.
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
Deployment of using cloud services as a new approach to keep people's platforms, Infrastructure and applications has become an important issue in the world of communications technology. This is a very useful paradigm for humans to obtain their essential needs simpler, faster ,more flexible, and safer than before. But there are many concerns about this system challenge. Security is the most important challenge for cloud systems. In this paper we design and explain the procedure of implementation of a new method for cloud services based on multi clouds on our platform which supplies security and privacy more than other clouds. We introduce some confidentiality and security methods in each layer to have a secure access to requirements. The architecture of our method and the implementation of method on our selected platform for each layer are introduced in this paper.
Design and implement a new cloud security method based on multi clouds on ope...csandit
Deployment of using cloud services as a new approach to keep people's platforms,
Infrastructure and applications has become an important issue in the world of communications
technology. This is a very useful paradigm for humans to obtain their essential needs simpler,
faster ,more flexible, and safer than before. But there are many concerns about this system
challenge. Security is the most important challenge for cloud systems. In this paper we design
and explain the procedure of implementation of a new method for cloud services based on multi
clouds on our platform which supplies security and privacy more than other clouds. We
introduce some confidentiality and security methods in each layer to have a secure access to
requirements. The architecture of our method and the implementation of method on our selected
platform for each layer are introduced in this paper.
Similar to Shared responsibility - a model for good cloud security (20)
An introduction to the OCRE Cloud Framework - an EU-compliant procurement framework for cloud infrastructure as a service (IaaS), platform as a service (PaaS) and associated software as a service (SaaS).
Building the modern institution: how Jisc can support your cloud-based digita...Andy Powell
Building the Modern Institution (a nod to Microsoft's use of the term 'Modern Workplace') requires a complete digital transformation of the way HE and FE organisations work. Whilst this is highly likely to also require significant migration to the public cloud, the primary challenges will be around leadership and culture more than around technology.
Developing a Cloud Based Infrastructure to Transform Working Practices and Se...Andy Powell
Digital transformation is a leadership challenge. Not a technology challenge. Start with why. What do you want to achieve. A move to public cloud will be a likely consequence - but is not, in itself, a driver for change.
IT : Strategy, management and DIY in HE - a breakout group summaryAndy Powell
A report summarising two breakout sessions run at the Association of Heads of University Administration (AHUA) 2013 Autumn Conference in Nottingham, held during September 2013.
The breakout sessions were run by Stephen Butcher and Andy Powell of Eduserv and involved a total of around 35 senior managers at UK HE institutions. The intention was to investigate why HEIs tend to adopt a DIY approach to IT services.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
2. Mohamed Hammady, CTO
Sky
2 Shared responsibility - a model for good cloud security
“We have decided to build our data lake on
Google Cloud Platform. This is a key component
of our internal data factory transformation
programme. One of the deliverables of this
programme, which is very ambitious, is to join up
all available data in a customer-centric way. This
will allow us to progressively personalise every
customer interaction to make it quicker and more
relevant to the individual customer need.”
3. David Rogers, Head of Architecture and Security
Ministry of Justice
3 Shared responsibility - a model for good cloud security
“As we started to create more and more digital services AWS
became a platform for us. We started to automate the way
we were delivering these services into the cloud. We started
to consolidate the way we were working with the cloud, such
as thru our deployment pipeline and thru monitoring and
logging. What emerged was the use of that platform very
consistently across digital services for around 19 or 20
services.”
4. “We now have a unified API as a basis for designing, testing, and
deploying the next generation of machine learning and digital
services in the hospital for our young patients. This will also enable
rapid and easier collaboration with our international paediatric
hospital partners to share specialised tools to improve patient
outcomes and experience.”
“Partnering with Microsoft on the Azure API for Fast Healthcare
Interoperability Resources (FHIR) allows us to scale out and
accelerate our customers’ use of [data]. The managed service is a
great additional component […] bringing research and innovation
closer to clinical impact.”
Professor Neil Sebire, Chief Research Information Officer
Great Ormond Street Hospital
Rodrigo Barnes, CTO
Aridhia
4 Shared responsibility - a model for good cloud security
5. Darryl West, Group CIO
HSBC
5 Shared responsibility - a model for good cloud security
“HSBC is no different to most other global
enterprises. We tried for many years to build data
centres, to provision infrastructure, to buy products
and to run it all ourselves. But we decided about 18
months ago that we ought to focus on what we are
great at, which is customer experience and
focusing on our customers and partnering with
people like Google to do all the heavy lifting on
infrastructure.”
6. Scene setting
• Three big players in the market (yes, there are others as
well!)
• All with similar directions of travel
• Global presence (10s or 100s of data centres)
• Typically organised into Regions, Availability Zones and
Edge locations
• Service portfolio that extends well beyond traditional IaaS
• … including big data, container platforms, serverless,
database as a service, IoT, ML, AI, …
• All three talk about a shared responsibility model for
security
6 Shared responsibility - a model for good cloud security
7. Threat, what threat?
1. Data breaches
2. Data loss
3. Account / service compromise
4. Insecure API
5. Denial of service
6. Insider threat
7. Abuse of cloud services
8. Insufficient due diligence
9. Shared tech vulnerabilities
7 Shared responsibility - a model for good cloud security
8. Shared responsibility
8 Shared responsibility - a model for good cloud security
Application design, identity & access management
Operating system, network & firewall configuration
Data at rest (on-prem) Data at rest (in cloud) Data in transit
Software
Hardware / global infrastructure
Regions Availability zones Edge locations
Compute Database NetworkingStorage
Security in the
cloud (your
responsibility)
Security of the
cloud (cloud
provider’s
responsibility)
9. Confidentiality, Integrity, Availability
• Is access to my data restricted to the people I want to see it?
• Can I tell if my data has been tampered with?
• Can the right people get access if they need to?
9 Shared responsibility - a model for good cloud security
Confidentiality
• Access control
• Encryption
• Firewalling
Integrity
• Encryption
• Audit logs
Availability
• Global scale
• Account/subscription
config
• DDoS protection
10. Basic building blocks
• Regions and availability zones
• Virtual Private Clouds (VPCs) and subnets
• Security groups & Network Access Control Lists (firewalls)
• Identity and access management (cloud platform level and operating system)
• Logging of all API access
• Encryption of data at rest (option to bring your own keys and use HSM in the
cloud) including for database as a service options
• Encryption of data in transit
• DDoS protection at platform level (and WAF and DDoS available as extras,
usually bundled into edge-based CDN)
10 Shared responsibility - a model for good cloud security
11. Connectivity
• Most of your cloud usage is going
to be hybrid
• Connectivity will be critical, as will
securing your data in transit
• All the cloud providers provide
dedicated private connectivity
options
• However, Janet has extremely good peering arrangements
• For connectivity requirements up to 1.5Gbps bandwidth, just use Janet
• For hybrid requirements, secure data in transit using a site-to-site VPN
irrespective of whether you use Janet or not
11 Shared responsibility - a model for good cloud security
12. Infrastructure as Code
• All the major cloud suppliers support
infrastructure as code (IaC)
• CloudFormation, ARM Templates, Cloud
Deployment Manager
• And you can also use third-party tooling such
as Terraform
• Repeatable and re-usable deployments
• Manage your infrastructure in a code repository
• Helps to prevent accidental deployments of
insecure infrastructure
12 Shared responsibility - a model for good cloud security
13. Security Information and Event Management (SIEM)
13 Shared responsibility - a model for good cloud security
• Native SIEM tooling is emerging from the major cloud vendors (e.g. Sentinel on
Azure)
• However, your SIEM requirements are likely to be hybrid (and may be multi-
cloud)
• All the major SIEM vendors will
provide integration with cloud
platform logging
• Note that Jisc is partnered with
Splunk in order to provide a
hosted Splunk platform
14. Auto-remediation
• All cloud vendors now support serverless
• Small software ‘functions’ run on demand, typically
triggered by an API event or by a timer
• Use this approach to auto-run remediation code
• E.g. to automatically (and instantly) close down a
security group that allows world access to SSH or
RDP or to take a copy of a compromised VM, prior
to deletion, so that it can be spun up in an isolated
environment for later analysis
• Also look at Security Orchestration, Automation and
Response (SOAR) tools, e.g. CloudCustodian
14 Shared responsibility - a model for good cloud security
15. Third-party tooling
• Our experience is that some native tooling can be limited, especially with early
releases
• Your existing security approaches can almost always be stretched into the cloud
• Either by buying them from the marketplace
• … or by layering them in-front of cloud services
• For example, we often use Imperva Cloud WAF as an alternative to the native
WAF solutions provided by the cloud vendors
• We also use CloudCheckr for billing recommendations, security posture analysis,
and compliance status
15 Shared responsibility - a model for good cloud security
17. Are you well architected?
17 Shared responsibility - a model for good cloud security
18. Summary – 5 take-aways
1. Understand the shared responsibility model. Where does the cloud provider’s
responsibility end and yours start? How does this apply to IaaS, PaaS and
SaaS? How does this affect your compliance?
2. Use the basic building blocks to create highly resilient and secure solutions -
don’t forget the basics… firewalls, anti-malware and backups
3. It’s your data - secure it at rest (on-prem and in the cloud) and in transit -
encryption is your friend
4. If necessary, use existing security tooling to complement
what the cloud provider gives you
5. Defend in depth - follow best-practice guidance including
the NCSC 14 cloud security principles
18 Shared responsibility - a model for good cloud security
19. Arguably, AWS, Microsoft and Google
are now the biggest security companies
in the world
Questions?
Andy Powell, Jisc
@andypowe11
andy.powell@jisc.ac.uk
20. Additional reading
• AWS Compliance Programs
• Azure Compliance
• Google Compliance Resource Center
• AWS Well-Architected
• Pillars of a great Azure architecture
• Google Infrastructure Security Design Overview
• Azure Security and Compliance UK OFFICIAL Blueprint
• Standardized Architecture for UK-OFFICIAL on AWS
• NCSC Cloud security guidance
20 Shared responsibility - a model for good cloud security