Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Security architecture and Cloudcomputing, are these mutually              exclusive? (Introduction to Cloud Security Guida...
Agenda   Cloud risk assessment x compared to traditional risk    assessments   Cloud security architectures x compared t...
Cloud risk assessment                      Identify                                                            Context    ...
Cloud modelBroad network   Rapid elasticity                 Measured                 On-demand   access                   ...
Cloud computing deployment    models              Infrastructure    Infrastructure                     Infrastructure     ...
Cloud model maps to Security model  Cloud model                                                                           ...
Responsibilities for areas in securitymodel compared to delivery models       Provider responsible                        ...
Cloud Security Domains              Governance                                                    Operational   Governanc...
Cloud Security Alliance supports numberof projects related to cloud                           Get involved at             ...
How to manage cloud security•   Have a cloud security standard    •   What to do on an Enterprise level    •   Before your...
ContactHelp us secure cloud computing – Get involved• http://cloudsecurityalliance.org.uk• info@cloudsecurityalliance.org....
Thank you!        www.cloudsecurityalliance.org
Upcoming SlideShare
Loading in …5
×

Cloud security and security architecture

24,916 views

Published on

Presentation that I gave at ISC2 SecureLondon conference in London on 11th December 2012.

Published in: Technology
  • Dating direct: ❶❶❶ http://bit.ly/369VOVb ❶❶❶
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Sex in your area is here: ♥♥♥ http://bit.ly/369VOVb ♥♥♥
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Cloud security and security architecture

  1. Security architecture and Cloudcomputing, are these mutually exclusive? (Introduction to Cloud Security Guidance)
  2. Agenda Cloud risk assessment x compared to traditional risk assessments Cloud security architectures x compared to security architectures CSA domains Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
  3. Cloud risk assessment Identify Context assets establishmentMap the data Evaluate flows assets Risk Risk communication assessment Evaluate Map to Cloud Cloud deployments models and Risk treatment models Providers Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
  4. Cloud modelBroad network Rapid elasticity Measured On-demand access service service Resource poolingSoftware as a Platform as a InfrastructureService (SaaS) Service (SaaS) as a Service (SaaS)Publi Private Hybrid Community c Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
  5. Cloud computing deployment models Infrastructure Infrastructure Infrastructure Accessible and managed by owned by located consumed by Third party Third partyPublic Off-premise Untrusted provider provider Organisation Organisation On-premisePrivate/ o TrustedCommunity r 3rd party 3rdparty Off-Premise provider provider Both Organisation Both Organisation Both On-Premise Trusted &Hybrid & Third party & Third party & Off-Premise Untrusted provider provider Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
  6. Cloud model maps to Security model Cloud model GRC Business continuity SIEM Data security Identity, Access Direct map Cryptography Application sec. Host security Network security Physical security Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
  7. Responsibilities for areas in securitymodel compared to delivery models Provider responsible Customer responsible GRC Business continuity SIEM Identity, Access Cryptography Data security Application sec. Host security Network security Physical securityIaaS PaaS SaaS IaaS PaaS SaaS Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
  8. Cloud Security Domains Governance Operational Governance and Enterprise Risk  Traditional Security, Business Management Continuity and Disaster Recovery Legal Issues: Contracts and Electronic  Data Center Operations Discovery  Incident Response, Notification and Compliance and Audit Remediation Information Management and Data  Application Security Security  Encryption and Key Management Portability and Interoperability  Identity and Access Management  Virtualization  Security as a Service Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
  9. Cloud Security Alliance supports numberof projects related to cloud Get involved at https://cloudsecurityalliance.org/resea rch/https://cloudsecurityalliance.org.uk Copyright © 2012 Cloud Security Alliance
  10. How to manage cloud security• Have a cloud security standard • What to do on an Enterprise level • Before your Cloud project • During your Cloud project How to drive out the • BAU seven deadly sins of cloud computing - new Information Security • Exit from the Cloud provider Forum report• Risks cannot be outsourced• Manage lock-in and exit up-front – especially in SaaS Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
  11. ContactHelp us secure cloud computing – Get involved• http://cloudsecurityalliance.org.uk• info@cloudsecurityalliance.org.uk• LinkedIn: http://www.linkedin.com/groups/Cloud- Security-Alliance-UK-Chapter-3745837• Twitter: @CSAUKResearch Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
  12. Thank you! www.cloudsecurityalliance.org

×