SlideShare a Scribd company logo

Cloud Security - Reality or Illusion

Download as PPTX, PDF
Srinivas Thimmaiah
Srinivas Thimmaiah

Trying to understand the possible cloud risks

Internet
1 of 20
Cloud Security Reality or Illusion By:Srinivas Thimmaiah Date: 11 Mar 2017 Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 1
About me Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 2 An seasoned Information Security professional, speaker & blogger having around 13+ years of rich and insightful work experience in the areas of Information Security Assurance, Governance, Risk Management, BCM, Supplier Management, Awareness, IT Security, operational excellence and also in influencing team members and management. CISM, ISO 27001 certified, CISCO certified Information Security & IT Security experienced professional.
Agenda  Cloud Ecosystem  Whatis Cloud computing  Cloudservices  Deploymentmodels  Cloud adoption trends 2017  Cloud Risks  Conclusion Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 3
CloudEcosystem Cloud computing is the delivery of computing services—servers, storage, databases, networking, software, analytics and more—over the Internet (“the cloud”). Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 4 Source: Microsoft Rapid Elasticity Broad Network Access Measure service On-demand self-service Resource pooling Characteristics of Cloud Computing
CloudEcosystem Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 5 Cloud Service Models Infrastructure as a Service Platform as a Service Software as a Service Application platform or middleware as a service on which developers can build and deploy custom applications Compute, storage, IT infra as a service, rather than as dedicated capability End-user applications delivered as a service rather than on-premises software SaaS (consume) PaaS (build) IaaS (host)
CloudEcosystem Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 6 Public Private CommunityHybrid Cloud Deployment Models
CloudEcosystem Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 7 Public Private CommunityHybrid Cloud Deployment Models  Provisioned by general public  Exists on the premise of the cloud provider  May be owned, managed by business, government or a combination Organizations Google Zoho Salesforce Microsoft AmazonYahoo Rackspace
Public Private CommunityHybrid CloudEcosystem Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 8 Cloud Deployment Models  Provisioned for single organization  May exist on or off site  May be managed by organization or outsourced
CloudEcosystem Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 9 Public Private Community Cloud Hybrid  Provisioned for exclusive use by a specific community  May be managed by one or more of the community organizations  May be managed by community organization or outsourced Cloud Deployment Models Community of Organizations
CloudEcosystem Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 10 Public Private CommunityHybrid  Combination of two or more distinct cloud infrastructures Cloud Deployment Models Public Cloud Private Cloud Organization
Cloudadoptiontrends of2017 Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 11 Source: Rightscale 2016 State of the Cloud Report Public Cloud Private Cloud Hybrid Cloud Any Cloud 88% 89% 89% 63% 77% 72% 58% 71% 67% 93% 95% 95%
CloudRisks Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 12 Risks Policy & Organization Risks Technical Risks Legal Risks Generic Risks Source: csaguide
CloudRisks Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 13 Lock-in Loss of governance Compliance challenges Loss of business reputation due to cotenant activities Cloud service termination or failure Cloud provider acquisition Supply chain failure Policy & Organization risks Source: csaguide
CloudRisks Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 14 Resource exhaustion (under or over provisioning) Isolation failure Cloud provider malicious insider – abuse of high privilege roles Management interface compromise (manipulation, availability of infrastructure) Intercepting data in transit Insecure of ineffective deletion of data Data leakage on up/download, intra-cloud Distributed denial of service (DDOS) Economic denial of service (EDOS) Loss of encryption keys Undertaking malicious probes or scans Compromise server engine Technical risks Source: csaguide
CloudRisks Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 15 Risk from changes of jurisdiction Licensing risks Data protection risks Subpoena and e-discovery Legal risks Source: csaguide
CloudRisks Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 16 Modifying network traffic Privilege escalation Loss or compromise of security logs Network management (i.e, network congestion/mis-connection/non-optimal use) Backup lost, stolen Unauthorized access to premises Natural disaster Theft of computer equipment Network breaks Social engineering attacks Loss or compromise of operational logs Generic risks Source: csaguide
Conclusion Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 17  Effective onboarding process  Vendor analysis  Risk management  Contract Management  Justification for cloud adoption  Re-visit the services  Monitoring the services Source: From Body to Spirit; From Illusion to Reality
Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 18
Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 19
Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 20 https://www.google.co.in/search?q=road+with+car&biw=1920&bih=935&source=lnms&tbm=isch&sa=X&ved= 0ahUKEwiGx- W6va_SAhVI_iwKHULgBTwQ_AUIBigB#tbm=isch&q=cloud+security+icon&*&imgrc=QnwqNekhOpC6-M: https://www.google.co.in/search?q=road+with+car&biw=1920&bih=935&source=lnms&tbm=isch&sa=X&ved= 0ahUKEwiGx- W6va_SAhVI_iwKHULgBTwQ_AUIBigB#tbm=isch&q=cars+on+highway&*&imgrc=WRHPKYuTO2knwM: References

Recommended

Annoyance to Annihilation: Assessing Privacy Risk
Annoyance to Annihilation: Assessing Privacy RiskAnnoyance to Annihilation: Assessing Privacy Risk
Annoyance to Annihilation: Assessing Privacy RiskProtecture Ltd
 
Security Insights for Mission-Critical Networks
Security Insights for Mission-Critical NetworksSecurity Insights for Mission-Critical Networks
Security Insights for Mission-Critical NetworksForcepoint LLC
 
Embracing the Millennial Tsunami
Embracing the Millennial TsunamiEmbracing the Millennial Tsunami
Embracing the Millennial TsunamiForcepoint LLC
 
Maintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps ScatterMaintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps ScatterForcepoint LLC
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
Cloudy with a Chance of...Visibility, Accountability & Security
Cloudy with a Chance of...Visibility, Accountability & SecurityCloudy with a Chance of...Visibility, Accountability & Security
Cloudy with a Chance of...Visibility, Accountability & SecurityForcepoint LLC
 
Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...
Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...
Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...Veritas Technologies LLC
 
David Smith gfke 2014
David Smith gfke 2014David Smith gfke 2014
David Smith gfke 2014innovationoecd
 

Recommended

Annoyance to Annihilation: Assessing Privacy Risk
Annoyance to Annihilation: Assessing Privacy RiskAnnoyance to Annihilation: Assessing Privacy Risk
Annoyance to Annihilation: Assessing Privacy RiskProtecture Ltd
 
Security Insights for Mission-Critical Networks
Security Insights for Mission-Critical NetworksSecurity Insights for Mission-Critical Networks
Security Insights for Mission-Critical NetworksForcepoint LLC
 
Embracing the Millennial Tsunami
Embracing the Millennial TsunamiEmbracing the Millennial Tsunami
Embracing the Millennial TsunamiForcepoint LLC
 
Maintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps ScatterMaintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps ScatterForcepoint LLC
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
Cloudy with a Chance of...Visibility, Accountability & Security
Cloudy with a Chance of...Visibility, Accountability & SecurityCloudy with a Chance of...Visibility, Accountability & Security
Cloudy with a Chance of...Visibility, Accountability & SecurityForcepoint LLC
 
Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...
Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...
Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...Veritas Technologies LLC
 
David Smith gfke 2014
David Smith gfke 2014David Smith gfke 2014
David Smith gfke 2014innovationoecd
 
7. Big data proposal to go lean in public
7. Big data proposal to go lean in public7. Big data proposal to go lean in public
7. Big data proposal to go lean in publicMrsAlways RigHt
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architectureVladimir Jirasek
 
The benefits of police and industry investigation - NPCC Conference
The benefits of police and industry investigation - NPCC ConferenceThe benefits of police and industry investigation - NPCC Conference
The benefits of police and industry investigation - NPCC ConferenceDinis Cruz
 
Nils Puhlmann Ncoic Slides
Nils Puhlmann Ncoic SlidesNils Puhlmann Ncoic Slides
Nils Puhlmann Ncoic SlidesGovCloud Network
 
Best cybersecurity services for organizations
Best cybersecurity services for organizationsBest cybersecurity services for organizations
Best cybersecurity services for organizationswilsonconsulting1
 
Serverless Security Workflows - cyber talks - 19th nov 2019
Serverless Security Workflows - cyber talks - 19th nov 2019Serverless Security Workflows - cyber talks - 19th nov 2019
Serverless Security Workflows - cyber talks - 19th nov 2019Dinis Cruz
 
Modern security using graphs, automation and data science
Modern security using graphs, automation and data scienceModern security using graphs, automation and data science
Modern security using graphs, automation and data scienceDinis Cruz
 
JNeiditz NLJ Trailblazers 2016
JNeiditz NLJ Trailblazers 2016JNeiditz NLJ Trailblazers 2016
JNeiditz NLJ Trailblazers 2016Jon Neiditz
 
An Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial ServicesAn Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial ServicesForcepoint LLC
 
JoTechies - Azure Cloud Security
JoTechies - Azure Cloud SecurityJoTechies - Azure Cloud Security
JoTechies - Azure Cloud SecurityJoTechies
 
JoTechies - Infrastructure as a Service IaaS
JoTechies - Infrastructure as a Service IaaSJoTechies - Infrastructure as a Service IaaS
JoTechies - Infrastructure as a Service IaaSJoTechies
 
CISO Application presentation - Babylon health security
CISO Application presentation - Babylon health securityCISO Application presentation - Babylon health security
CISO Application presentation - Babylon health securityDinis Cruz
 
Cybersecurity Service Provider
Cybersecurity Service ProviderCybersecurity Service Provider
Cybersecurity Service ProviderVishvendra Saini
 
Netpluz Managed Cyber Security
Netpluz Managed Cyber Security Netpluz Managed Cyber Security
Netpluz Managed Cyber Security Netpluz Asia Pte Ltd
 
Worry free security breach - Gemalto
Worry free security breach - GemaltoWorry free security breach - Gemalto
Worry free security breach - GemaltoHarry Gunns
 
DDoS mitigation at Jisc
DDoS mitigation at JiscDDoS mitigation at Jisc
DDoS mitigation at JiscJisc
 
Jason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAJason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAVeritas Technologies LLC
 
Wilson Consulting Group
Wilson Consulting GroupWilson Consulting Group
Wilson Consulting Groupwilsonconsulting1
 
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...Kenneth de Brucq
 
Fish Net Security Overview
Fish Net Security OverviewFish Net Security Overview
Fish Net Security Overviewtbeckwith
 
CIO - The top 3 challenges
CIO - The top 3 challengesCIO - The top 3 challenges
CIO - The top 3 challengesSrinivas Thimmaiah
 
Ransomware - Friend or Foe
Ransomware - Friend or FoeRansomware - Friend or Foe
Ransomware - Friend or FoeSrinivas Thimmaiah
 

More Related Content

What's hot

7. Big data proposal to go lean in public
7. Big data proposal to go lean in public7. Big data proposal to go lean in public
7. Big data proposal to go lean in publicMrsAlways RigHt
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architectureVladimir Jirasek
 
The benefits of police and industry investigation - NPCC Conference
The benefits of police and industry investigation - NPCC ConferenceThe benefits of police and industry investigation - NPCC Conference
The benefits of police and industry investigation - NPCC ConferenceDinis Cruz
 
Nils Puhlmann Ncoic Slides
Nils Puhlmann Ncoic SlidesNils Puhlmann Ncoic Slides
Nils Puhlmann Ncoic SlidesGovCloud Network
 
Best cybersecurity services for organizations
Best cybersecurity services for organizationsBest cybersecurity services for organizations
Best cybersecurity services for organizationswilsonconsulting1
 
Serverless Security Workflows - cyber talks - 19th nov 2019
Serverless Security Workflows - cyber talks - 19th nov 2019Serverless Security Workflows - cyber talks - 19th nov 2019
Serverless Security Workflows - cyber talks - 19th nov 2019Dinis Cruz
 
Modern security using graphs, automation and data science
Modern security using graphs, automation and data scienceModern security using graphs, automation and data science
Modern security using graphs, automation and data scienceDinis Cruz
 
JNeiditz NLJ Trailblazers 2016
JNeiditz NLJ Trailblazers 2016JNeiditz NLJ Trailblazers 2016
JNeiditz NLJ Trailblazers 2016Jon Neiditz
 
An Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial ServicesAn Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial ServicesForcepoint LLC
 
JoTechies - Azure Cloud Security
JoTechies - Azure Cloud SecurityJoTechies - Azure Cloud Security
JoTechies - Azure Cloud SecurityJoTechies
 
JoTechies - Infrastructure as a Service IaaS
JoTechies - Infrastructure as a Service IaaSJoTechies - Infrastructure as a Service IaaS
JoTechies - Infrastructure as a Service IaaSJoTechies
 
CISO Application presentation - Babylon health security
CISO Application presentation - Babylon health securityCISO Application presentation - Babylon health security
CISO Application presentation - Babylon health securityDinis Cruz
 
Cybersecurity Service Provider
Cybersecurity Service ProviderCybersecurity Service Provider
Cybersecurity Service ProviderVishvendra Saini
 
Worry free security breach - Gemalto
Worry free security breach - GemaltoWorry free security breach - Gemalto
Worry free security breach - GemaltoHarry Gunns
 
DDoS mitigation at Jisc
DDoS mitigation at JiscDDoS mitigation at Jisc
DDoS mitigation at JiscJisc
 
Jason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAJason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAVeritas Technologies LLC
 
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...Kenneth de Brucq
 
Fish Net Security Overview
Fish Net Security OverviewFish Net Security Overview
Fish Net Security Overviewtbeckwith
 

What's hot (20)

7. Big data proposal to go lean in public
7. Big data proposal to go lean in public7. Big data proposal to go lean in public
7. Big data proposal to go lean in public
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architecture
 
The benefits of police and industry investigation - NPCC Conference
The benefits of police and industry investigation - NPCC ConferenceThe benefits of police and industry investigation - NPCC Conference
The benefits of police and industry investigation - NPCC Conference
 
Nils Puhlmann Ncoic Slides
Nils Puhlmann Ncoic SlidesNils Puhlmann Ncoic Slides
Nils Puhlmann Ncoic Slides
 
Best cybersecurity services for organizations
Best cybersecurity services for organizationsBest cybersecurity services for organizations
Best cybersecurity services for organizations
 
Serverless Security Workflows - cyber talks - 19th nov 2019
Serverless Security Workflows - cyber talks - 19th nov 2019Serverless Security Workflows - cyber talks - 19th nov 2019
Serverless Security Workflows - cyber talks - 19th nov 2019
 
Modern security using graphs, automation and data science
Modern security using graphs, automation and data scienceModern security using graphs, automation and data science
Modern security using graphs, automation and data science
 
JNeiditz NLJ Trailblazers 2016
JNeiditz NLJ Trailblazers 2016JNeiditz NLJ Trailblazers 2016
JNeiditz NLJ Trailblazers 2016
 
An Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial ServicesAn Inside-Out Approach to Security in Financial Services
An Inside-Out Approach to Security in Financial Services
 
JoTechies - Azure Cloud Security
JoTechies - Azure Cloud SecurityJoTechies - Azure Cloud Security
JoTechies - Azure Cloud Security
 
JoTechies - Infrastructure as a Service IaaS
JoTechies - Infrastructure as a Service IaaSJoTechies - Infrastructure as a Service IaaS
JoTechies - Infrastructure as a Service IaaS
 
CISO Application presentation - Babylon health security
CISO Application presentation - Babylon health securityCISO Application presentation - Babylon health security
CISO Application presentation - Babylon health security
 
Cybersecurity Service Provider
Cybersecurity Service ProviderCybersecurity Service Provider
Cybersecurity Service Provider
 
Netpluz Managed Cyber Security
Netpluz Managed Cyber Security Netpluz Managed Cyber Security
Netpluz Managed Cyber Security
 
Worry free security breach - Gemalto
Worry free security breach - GemaltoWorry free security breach - Gemalto
Worry free security breach - Gemalto
 
DDoS mitigation at Jisc
DDoS mitigation at JiscDDoS mitigation at Jisc
DDoS mitigation at Jisc
 
Jason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAJason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEA
 
Wilson Consulting Group
Wilson Consulting GroupWilson Consulting Group
Wilson Consulting Group
 
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
 
Fish Net Security Overview
Fish Net Security OverviewFish Net Security Overview
Fish Net Security Overview
 

Viewers also liked

Technology Enhanced Learning and Innovative pedagogy
Technology Enhanced Learning and Innovative pedagogyTechnology Enhanced Learning and Innovative pedagogy
Technology Enhanced Learning and Innovative pedagogyDavid Biggins
 
3Com 1694-210-050-2.00
3Com 1694-210-050-2.003Com 1694-210-050-2.00
3Com 1694-210-050-2.00savomir
 
Italialaiset maaliskuu
Italialaiset maaliskuuItalialaiset maaliskuu
Italialaiset maaliskuuLaila Bröcker
 
3Com 03-0172-300
3Com 03-0172-3003Com 03-0172-300
3Com 03-0172-300savomir
 
Compresor de archivos mzf
Compresor de archivos mzfCompresor de archivos mzf
Compresor de archivos mzfMaria Zas
 
Evaluation Question 2
Evaluation Question 2Evaluation Question 2
Evaluation Question 2j7ralph
 
200701041325040.leng4bu1al
200701041325040.leng4bu1al200701041325040.leng4bu1al
200701041325040.leng4bu1alDamarys Morin
 
Medicina röbotica
Medicina röboticaMedicina röbotica
Medicina röboticaDidi Platas
 

Viewers also liked (14)

CIO - The top 3 challenges
CIO - The top 3 challengesCIO - The top 3 challenges
CIO - The top 3 challenges
 
Ransomware - Friend or Foe
Ransomware - Friend or FoeRansomware - Friend or Foe
Ransomware - Friend or Foe
 
Da vincicode
Da vincicodeDa vincicode
Da vincicode
 
Technology Enhanced Learning and Innovative pedagogy
Technology Enhanced Learning and Innovative pedagogyTechnology Enhanced Learning and Innovative pedagogy
Technology Enhanced Learning and Innovative pedagogy
 
3Com 1694-210-050-2.00
3Com 1694-210-050-2.003Com 1694-210-050-2.00
3Com 1694-210-050-2.00
 
Buscar v, filtros y macros
Buscar v, filtros y macrosBuscar v, filtros y macros
Buscar v, filtros y macros
 
Edukits
EdukitsEdukits
Edukits
 
Italialaiset maaliskuu
Italialaiset maaliskuuItalialaiset maaliskuu
Italialaiset maaliskuu
 
Question 1
Question 1Question 1
Question 1
 
3Com 03-0172-300
3Com 03-0172-3003Com 03-0172-300
3Com 03-0172-300
 
Compresor de archivos mzf
Compresor de archivos mzfCompresor de archivos mzf
Compresor de archivos mzf
 
Evaluation Question 2
Evaluation Question 2Evaluation Question 2
Evaluation Question 2
 
200701041325040.leng4bu1al
200701041325040.leng4bu1al200701041325040.leng4bu1al
200701041325040.leng4bu1al
 
Medicina röbotica
Medicina röboticaMedicina röbotica
Medicina röbotica
 

Similar to Cloud Security - Reality or Illusion

Business Continuity and app Security
Business Continuity and app Security Business Continuity and app Security
Business Continuity and app Security Cristian Garcia G.
 
Webinar bitglass - complete deck-2
Webinar bitglass - complete deck-2Webinar bitglass - complete deck-2
Webinar bitglass - complete deck-2Bitglass
 
Improving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & SecurityImproving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & SecurityDoug Copley
 
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...Capgemini
 
Cloud Computing - True Vision Technologies
Cloud Computing - True Vision TechnologiesCloud Computing - True Vision Technologies
Cloud Computing - True Vision TechnologiesScottperrone
 
Hybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdfHybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdfmanoharparakh
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
Strengthen Cloud Security
Strengthen Cloud SecurityStrengthen Cloud Security
Strengthen Cloud SecurityLora O'Haver
 
Security Concerns in Cloud Computing
Security Concerns in Cloud ComputingSecurity Concerns in Cloud Computing
Security Concerns in Cloud Computingijtsrd
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigmfanc1985
 
2017 Cloud Computing Primer
2017 Cloud Computing Primer2017 Cloud Computing Primer
2017 Cloud Computing PrimerRajesh Math
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01promediakw
 
Pat Gelsinger - Welcome
Pat Gelsinger - WelcomePat Gelsinger - Welcome
Pat Gelsinger - Welcomescoopnewsgroup
 
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats Craig Thornton
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14L S Subramanian
 
Why Cloud Security Matters in Today's Business World
Why Cloud Security Matters in Today's Business WorldWhy Cloud Security Matters in Today's Business World
Why Cloud Security Matters in Today's Business WorldCiente
 
benefits of cloud computing course
benefits of cloud computing coursebenefits of cloud computing course
benefits of cloud computing coursesndshkgowda
 
2017 Security Report Presentation
2017 Security Report Presentation2017 Security Report Presentation
2017 Security Report Presentationixiademandgen
 

Similar to Cloud Security - Reality or Illusion (20)

Business Continuity and app Security
Business Continuity and app Security Business Continuity and app Security
Business Continuity and app Security
 
Webinar bitglass - complete deck-2
Webinar bitglass - complete deck-2Webinar bitglass - complete deck-2
Webinar bitglass - complete deck-2
 
Improving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & SecurityImproving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & Security
 
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...
 
Cloud Computing - True Vision Technologies
Cloud Computing - True Vision TechnologiesCloud Computing - True Vision Technologies
Cloud Computing - True Vision Technologies
 
Hybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdfHybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdf
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
 
Strengthen Cloud Security
Strengthen Cloud SecurityStrengthen Cloud Security
Strengthen Cloud Security
 
Security Concerns in Cloud Computing
Security Concerns in Cloud ComputingSecurity Concerns in Cloud Computing
Security Concerns in Cloud Computing
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
 
2017 Cloud Computing Primer
2017 Cloud Computing Primer2017 Cloud Computing Primer
2017 Cloud Computing Primer
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
 
Pat Gelsinger - Welcome
Pat Gelsinger - WelcomePat Gelsinger - Welcome
Pat Gelsinger - Welcome
 
cloud1_aggy.pdf
cloud1_aggy.pdfcloud1_aggy.pdf
cloud1_aggy.pdf
 
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14
 
Why Cloud Security Matters in Today's Business World
Why Cloud Security Matters in Today's Business WorldWhy Cloud Security Matters in Today's Business World
Why Cloud Security Matters in Today's Business World
 
benefits of cloud computing course
benefits of cloud computing coursebenefits of cloud computing course
benefits of cloud computing course
 
2017 Security Report Presentation
2017 Security Report Presentation2017 Security Report Presentation
2017 Security Report Presentation
 

Recently uploaded

Call Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our Escorts
Call Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our EscortsCall Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our Escorts
Call Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our Escortsindian call girls near you
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
象限策略:Google Workspace 与 Microsoft 365 对业务的影响 .pdf
象限策略:Google Workspace 与 Microsoft 365 对业务的影响 .pdf象限策略:Google Workspace 与 Microsoft 365 对业务的影响 .pdf
象限策略:Google Workspace 与 Microsoft 365 对业务的影响 .pdfkeithzhangding
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663Call Girls Mumbai
 

Recently uploaded (20)

Call Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our Escorts
Call Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our EscortsCall Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our Escorts
Call Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our Escorts
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
Vip Call Girls Aerocity ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Aerocity ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Aerocity ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Aerocity ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
象限策略:Google Workspace 与 Microsoft 365 对业务的影响 .pdf
象限策略:Google Workspace 与 Microsoft 365 对业务的影响 .pdf象限策略:Google Workspace 与 Microsoft 365 对业务的影响 .pdf
象限策略:Google Workspace 与 Microsoft 365 对业务的影响 .pdf
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
 

Cloud Security - Reality or Illusion

  • 1. Cloud Security Reality or Illusion By:Srinivas Thimmaiah Date: 11 Mar 2017 Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 1
  • 2. About me Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 2 An seasoned Information Security professional, speaker & blogger having around 13+ years of rich and insightful work experience in the areas of Information Security Assurance, Governance, Risk Management, BCM, Supplier Management, Awareness, IT Security, operational excellence and also in influencing team members and management. CISM, ISO 27001 certified, CISCO certified Information Security & IT Security experienced professional.
  • 3. Agenda  Cloud Ecosystem  Whatis Cloud computing  Cloudservices  Deploymentmodels  Cloud adoption trends 2017  Cloud Risks  Conclusion Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 3
  • 4. CloudEcosystem Cloud computing is the delivery of computing services—servers, storage, databases, networking, software, analytics and more—over the Internet (“the cloud”). Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 4 Source: Microsoft Rapid Elasticity Broad Network Access Measure service On-demand self-service Resource pooling Characteristics of Cloud Computing
  • 5. CloudEcosystem Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 5 Cloud Service Models Infrastructure as a Service Platform as a Service Software as a Service Application platform or middleware as a service on which developers can build and deploy custom applications Compute, storage, IT infra as a service, rather than as dedicated capability End-user applications delivered as a service rather than on-premises software SaaS (consume) PaaS (build) IaaS (host)
  • 6. CloudEcosystem Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 6 Public Private CommunityHybrid Cloud Deployment Models
  • 7. CloudEcosystem Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 7 Public Private CommunityHybrid Cloud Deployment Models  Provisioned by general public  Exists on the premise of the cloud provider  May be owned, managed by business, government or a combination Organizations Google Zoho Salesforce Microsoft AmazonYahoo Rackspace
  • 8. Public Private CommunityHybrid CloudEcosystem Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 8 Cloud Deployment Models  Provisioned for single organization  May exist on or off site  May be managed by organization or outsourced
  • 9. CloudEcosystem Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 9 Public Private Community Cloud Hybrid  Provisioned for exclusive use by a specific community  May be managed by one or more of the community organizations  May be managed by community organization or outsourced Cloud Deployment Models Community of Organizations
  • 10. CloudEcosystem Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 10 Public Private CommunityHybrid  Combination of two or more distinct cloud infrastructures Cloud Deployment Models Public Cloud Private Cloud Organization
  • 11. Cloudadoptiontrends of2017 Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 11 Source: Rightscale 2016 State of the Cloud Report Public Cloud Private Cloud Hybrid Cloud Any Cloud 88% 89% 89% 63% 77% 72% 58% 71% 67% 93% 95% 95%
  • 12. CloudRisks Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 12 Risks Policy & Organization Risks Technical Risks Legal Risks Generic Risks Source: csaguide
  • 13. CloudRisks Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 13 Lock-in Loss of governance Compliance challenges Loss of business reputation due to cotenant activities Cloud service termination or failure Cloud provider acquisition Supply chain failure Policy & Organization risks Source: csaguide
  • 14. CloudRisks Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 14 Resource exhaustion (under or over provisioning) Isolation failure Cloud provider malicious insider – abuse of high privilege roles Management interface compromise (manipulation, availability of infrastructure) Intercepting data in transit Insecure of ineffective deletion of data Data leakage on up/download, intra-cloud Distributed denial of service (DDOS) Economic denial of service (EDOS) Loss of encryption keys Undertaking malicious probes or scans Compromise server engine Technical risks Source: csaguide
  • 15. CloudRisks Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 15 Risk from changes of jurisdiction Licensing risks Data protection risks Subpoena and e-discovery Legal risks Source: csaguide
  • 16. CloudRisks Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 16 Modifying network traffic Privilege escalation Loss or compromise of security logs Network management (i.e, network congestion/mis-connection/non-optimal use) Backup lost, stolen Unauthorized access to premises Natural disaster Theft of computer equipment Network breaks Social engineering attacks Loss or compromise of operational logs Generic risks Source: csaguide
  • 17. Conclusion Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 17  Effective onboarding process  Vendor analysis  Risk management  Contract Management  Justification for cloud adoption  Re-visit the services  Monitoring the services Source: From Body to Spirit; From Illusion to Reality
  • 18. Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 18
  • 19. Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 19
  • 20. Srinivas Thimmaiah | Cloud Security | 11 Mar 2017 Page 20 https://www.google.co.in/search?q=road+with+car&biw=1920&bih=935&source=lnms&tbm=isch&sa=X&ved= 0ahUKEwiGx- W6va_SAhVI_iwKHULgBTwQ_AUIBigB#tbm=isch&q=cloud+security+icon&*&imgrc=QnwqNekhOpC6-M: https://www.google.co.in/search?q=road+with+car&biw=1920&bih=935&source=lnms&tbm=isch&sa=X&ved= 0ahUKEwiGx- W6va_SAhVI_iwKHULgBTwQ_AUIBigB#tbm=isch&q=cars+on+highway&*&imgrc=WRHPKYuTO2knwM: References