Vladimir Jirasek, profile picture
Uploaded byVladimir Jirasek
PPTX, PDF28,938 views

Cloud security and security architecture

This document discusses security architecture in cloud computing. It provides an overview of cloud risk assessments and how they differ from traditional assessments. It also compares cloud security architectures to traditional security architectures. Finally, it outlines the key domains covered by the Cloud Security Alliance, including governance, operations, and others.

Embed presentation

Downloaded 1,194 times
Security architecture and Cloud computing, are these mutually exclusive? (Introduction to Cloud Security Guidance)
Agenda  Cloud risk assessment x compared to traditional risk assessments  Cloud security architectures x compared to security architectures  CSA domains Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
Cloud risk assessment Identify Context assets establishment Map the data Evaluate flows assets Risk Risk communication assessment Evaluate Map to Cloud Cloud deployments models and Risk treatment models Providers Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
Cloud model Broad network Rapid elasticity Measured On-demand access service service Resource pooling Software as a Platform as a Infrastructure Service (SaaS) Service (SaaS) as a Service (SaaS) Publi Private Hybrid Community c Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
Cloud computing deployment models Infrastructure Infrastructure Infrastructure Accessible and managed by owned by located consumed by Third party Third party Public Off-premise Untrusted provider provider Organisation Organisation On-premise Private/ o Trusted Community r 3rd party 3rdparty Off-Premise provider provider Both Organisation Both Organisation Both On-Premise Trusted & Hybrid & Third party & Third party & Off-Premise Untrusted provider provider Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
Cloud model maps to Security model Cloud model GRC Business continuity SIEM Data security Identity, Access Direct map Cryptography Application sec. Host security Network security Physical security Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
Responsibilities for areas in security model compared to delivery models Provider responsible Customer responsible GRC Business continuity SIEM Identity, Access Cryptography Data security Application sec. Host security Network security Physical security IaaS PaaS SaaS IaaS PaaS SaaS Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
Cloud Security Domains Governance Operational  Governance and Enterprise Risk  Traditional Security, Business Management Continuity and Disaster Recovery  Legal Issues: Contracts and Electronic  Data Center Operations Discovery  Incident Response, Notification and  Compliance and Audit Remediation  Information Management and Data  Application Security Security  Encryption and Key Management  Portability and Interoperability  Identity and Access Management  Virtualization  Security as a Service Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
Cloud Security Alliance supports number of projects related to cloud Get involved at https://cloudsecurityalliance.org/resea rch/https://cloudsecurityalliance.org.uk Copyright © 2012 Cloud Security Alliance
How to manage cloud security • Have a cloud security standard • What to do on an Enterprise level • Before your Cloud project • During your Cloud project How to drive out the • BAU 'seven deadly sins' of cloud computing - new Information Security • Exit from the Cloud provider Forum report • Risks cannot be outsourced • Manage lock-in and exit up-front – especially in SaaS Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
Contact Help us secure cloud computing – Get involved • http://cloudsecurityalliance.org.uk • info@cloudsecurityalliance.org.uk • LinkedIn: http://www.linkedin.com/groups/Cloud- Security-Alliance-UK-Chapter-3745837 • Twitter: @CSAUKResearch Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
Thank you! www.cloudsecurityalliance.org

More Related Content

PPTX
Cloud Security
byAWS User Group Bengaluru
 
PDF
Cloud Security: A New Perspective
byWen-Pai Lu
 
PPTX
Cloud Computing Security
byNinh Nguyen
 
PPTX
Cloud Security
byAWS User Group Bengaluru
 
PPTX
Cloud computing and Cloud security fundamentals
byViresh Suri
 
PPTX
Multi cloud security architecture
byMaganathin Veeraragaloo
 
PPT
Cloud security
byTushar Kayande
 
PDF
Cyber Security and Cloud Computing
byKeet Sugathadasa
 
Cloud Security
byAWS User Group Bengaluru
 
Cloud Security: A New Perspective
byWen-Pai Lu
 
Cloud Computing Security
byNinh Nguyen
 
Cloud Security
byAWS User Group Bengaluru
 
Cloud computing and Cloud security fundamentals
byViresh Suri
 
Multi cloud security architecture
byMaganathin Veeraragaloo
 
Cloud security
byTushar Kayande
 
Cyber Security and Cloud Computing
byKeet Sugathadasa
 

What's hot

PPTX
Cloud security Presentation
byAjay p
 
PPTX
Cloud security ppt
byVenkatesh Chary
 
PPTX
cloud security ppt
byDevyani Vaidya
 
PPTX
Cloud security
byNiharika Varshney
 
PPTX
Cloud computing security issues and challenges
byDheeraj Negi
 
PDF
Cloud security
byn|u - The Open Security Community
 
PPTX
Public cloud
byDr.Neeraj Kumar Pandey
 
PPT
Security Issues of Cloud Computing
byFalgun Rathod
 
PDF
Microsoft Azure Security Overview
byAlert Logic
 
PPTX
Cloud Computing Security
byNithin Raj
 
PPTX
Cloud Computing- components, working, pros and cons
byAmritpal Singh Bedi
 
PPTX
Cloud Computing For Beginners | Cloud Computing Explained | Cloud Computing T...
bySimplilearn
 
PPTX
Data storage security in cloud computing
bySonali Jain
 
PPTX
Introduction of Cloud computing
byRkrishna Mishra
 
PPTX
Microsoft Active Directory.pptx
bymasbulosoke
 
PDF
introduction to Azure Sentinel
byRobert Crane
 
PPTX
Identity and Access Management Introduction
byAidy Tificate
 
PPT
Benefits of Cloud Computing
byKNOWARTH - Software Development Company
 
PPTX
Wazuh Security Platform
byPituphong Yavirach
 
PPTX
Aws ppt
byRamyaG50
 
Cloud security Presentation
byAjay p
 
Cloud security ppt
byVenkatesh Chary
 
cloud security ppt
byDevyani Vaidya
 
Cloud security
byNiharika Varshney
 
Cloud computing security issues and challenges
byDheeraj Negi
 
Cloud security
byn|u - The Open Security Community
 
Public cloud
byDr.Neeraj Kumar Pandey
 
Security Issues of Cloud Computing
byFalgun Rathod
 
Microsoft Azure Security Overview
byAlert Logic
 
Cloud Computing Security
byNithin Raj
 
Cloud Computing- components, working, pros and cons
byAmritpal Singh Bedi
 
Cloud Computing For Beginners | Cloud Computing Explained | Cloud Computing T...
bySimplilearn
 
Data storage security in cloud computing
bySonali Jain
 
Introduction of Cloud computing
byRkrishna Mishra
 
Microsoft Active Directory.pptx
bymasbulosoke
 
introduction to Azure Sentinel
byRobert Crane
 
Identity and Access Management Introduction
byAidy Tificate
 
Benefits of Cloud Computing
byKNOWARTH - Software Development Company
 
Wazuh Security Platform
byPituphong Yavirach
 
Aws ppt
byRamyaG50
 

Similar to Cloud security and security architecture

PPTX
Enterprise Security in Hybrid Cloud ISACA-SV 2012
bySymosis Security (Previously C-Level Security)
 
PPTX
2012 10 cloud security architecture
byVladimir Jirasek
 
PDF
Cloud Security - Made simple
bySameer Paradia
 
PPTX
Enterprise Security in Cloud
byLenin Aboagye
 
PDF
Cloud Security Alliance - Guidance
bySubra Kumaraswamy CISSP CISM
 
PDF
IBM Point of View: Security and Cloud Computing
byIBM India Smarter Computing
 
PDF
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
byptaglephd
 
PPTX
HIX Reusability
bycommed
 
PDF
Resarch paper i cloud computing
byBharat Gupta
 
PDF
null Bangalore meet - Cloud Computing and Security
byn|u - The Open Security Community
 
PDF
Security of,for & by cloud
byLakshmi Subramanian
 
PDF
Enterprise Strategy for Cloud Security
byBob Rhubart
 
PPTX
The Move to the Cloud for Regulated Industries
bydirkbeth
 
PDF
Neupart Isaca April 2012
byLars Neupart
 
PDF
Intel Cloud Summit ODCA - NAB Customer presentation
byIntelAPAC
 
PDF
Security in a Cloudy Architecture
byBob Rhubart
 
PDF
IBM Point of view -- Security and Cloud Computing (Tivoli)
byIBM India Smarter Computing
 
PDF
Gartner Catalyst Savvis Cloud API Case Study
byCA API Management
 
PPTX
Testing cloud services - EuroSTAR
byJeroen Mengerink
 
PDF
Simple cloud security explanation
byindianadvisory
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
bySymosis Security (Previously C-Level Security)
 
2012 10 cloud security architecture
byVladimir Jirasek
 
Cloud Security - Made simple
bySameer Paradia
 
Enterprise Security in Cloud
byLenin Aboagye
 
Cloud Security Alliance - Guidance
bySubra Kumaraswamy CISSP CISM
 
IBM Point of View: Security and Cloud Computing
byIBM India Smarter Computing
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
byptaglephd
 
HIX Reusability
bycommed
 
Resarch paper i cloud computing
byBharat Gupta
 
null Bangalore meet - Cloud Computing and Security
byn|u - The Open Security Community
 
Security of,for & by cloud
byLakshmi Subramanian
 
Enterprise Strategy for Cloud Security
byBob Rhubart
 
The Move to the Cloud for Regulated Industries
bydirkbeth
 
Neupart Isaca April 2012
byLars Neupart
 
Intel Cloud Summit ODCA - NAB Customer presentation
byIntelAPAC
 
Security in a Cloudy Architecture
byBob Rhubart
 
IBM Point of view -- Security and Cloud Computing (Tivoli)
byIBM India Smarter Computing
 
Gartner Catalyst Savvis Cloud API Case Study
byCA API Management
 
Testing cloud services - EuroSTAR
byJeroen Mengerink
 
Simple cloud security explanation
byindianadvisory
 

More from Vladimir Jirasek

PPTX
Security models for security architecture
byVladimir Jirasek
 
PPTX
Meaningfull security metrics
byVladimir Jirasek
 
PPTX
Secure your cloud applications by building solid foundations with enterprise ...
byVladimir Jirasek
 
PPTX
Integrating Qualys into the patch and vulnerability management processes
byVladimir Jirasek
 
PDF
Information Risk Security model and metrics
byVladimir Jirasek
 
PDF
Vulnerability management - beyond scanning
byVladimir Jirasek
 
PPTX
Federation For The Cloud Opportunities For A Single Identity
byVladimir Jirasek
 
PPT
Mobile phone as Trusted identity assistant
byVladimir Jirasek
 
PPTX
C-Level tools for Cloud security
byVladimir Jirasek
 
PPTX
Securing mobile population for White Hats
byVladimir Jirasek
 
PPTX
Mobile security summit - 10 mobile risks
byVladimir Jirasek
 
PPT
Qualys Webex 24 June 2008
byVladimir Jirasek
 
PPTX
CAMM presentation for Cyber Security Gas and Oil june 2011
byVladimir Jirasek
 
KEY
Security architecture for LSE 2009
byVladimir Jirasek
 
PDF
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
byVladimir Jirasek
 
PPTX
Vulnerability Management @ DevSecOps London Gathering
byVladimir Jirasek
 
Security models for security architecture
byVladimir Jirasek
 
Meaningfull security metrics
byVladimir Jirasek
 
Secure your cloud applications by building solid foundations with enterprise ...
byVladimir Jirasek
 
Integrating Qualys into the patch and vulnerability management processes
byVladimir Jirasek
 
Information Risk Security model and metrics
byVladimir Jirasek
 
Vulnerability management - beyond scanning
byVladimir Jirasek
 
Federation For The Cloud Opportunities For A Single Identity
byVladimir Jirasek
 
Mobile phone as Trusted identity assistant
byVladimir Jirasek
 
C-Level tools for Cloud security
byVladimir Jirasek
 
Securing mobile population for White Hats
byVladimir Jirasek
 
Mobile security summit - 10 mobile risks
byVladimir Jirasek
 
Qualys Webex 24 June 2008
byVladimir Jirasek
 
CAMM presentation for Cyber Security Gas and Oil june 2011
byVladimir Jirasek
 
Security architecture for LSE 2009
byVladimir Jirasek
 
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
byVladimir Jirasek
 
Vulnerability Management @ DevSecOps London Gathering
byVladimir Jirasek
 

Recently uploaded

PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PPTX
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PPTX
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PPTX
Kanban India 2025 | Daksh Gupta | Modeling the Models, Generative AI & Kanban
byLeanKanbanIndia
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
API-First Architecture in Financial Systems
bycyy111112
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
Kanban India 2025 | Daksh Gupta | Modeling the Models, Generative AI & Kanban
byLeanKanbanIndia
 

Cloud security and security architecture

  • 1.
    Security architecture andCloud computing, are these mutually exclusive? (Introduction to Cloud Security Guidance)
  • 2.
    Agenda  Cloud risk assessment x compared to traditional risk assessments  Cloud security architectures x compared to security architectures  CSA domains Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
  • 3.
    Cloud risk assessment Identify Context assets establishment Map the data Evaluate flows assets Risk Risk communication assessment Evaluate Map to Cloud Cloud deployments models and Risk treatment models Providers Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
  • 4.
    Cloud model Broad network Rapid elasticity Measured On-demand access service service Resource pooling Software as a Platform as a Infrastructure Service (SaaS) Service (SaaS) as a Service (SaaS) Publi Private Hybrid Community c Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
  • 5.
    Cloud computing deployment models Infrastructure Infrastructure Infrastructure Accessible and managed by owned by located consumed by Third party Third party Public Off-premise Untrusted provider provider Organisation Organisation On-premise Private/ o Trusted Community r 3rd party 3rdparty Off-Premise provider provider Both Organisation Both Organisation Both On-Premise Trusted & Hybrid & Third party & Third party & Off-Premise Untrusted provider provider Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
  • 6.
    Cloud model mapsto Security model Cloud model GRC Business continuity SIEM Data security Identity, Access Direct map Cryptography Application sec. Host security Network security Physical security Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
  • 7.
    Responsibilities for areasin security model compared to delivery models Provider responsible Customer responsible GRC Business continuity SIEM Identity, Access Cryptography Data security Application sec. Host security Network security Physical security IaaS PaaS SaaS IaaS PaaS SaaS Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
  • 8.
    Cloud Security Domains Governance Operational  Governance and Enterprise Risk  Traditional Security, Business Management Continuity and Disaster Recovery  Legal Issues: Contracts and Electronic  Data Center Operations Discovery  Incident Response, Notification and  Compliance and Audit Remediation  Information Management and Data  Application Security Security  Encryption and Key Management  Portability and Interoperability  Identity and Access Management  Virtualization  Security as a Service Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
  • 9.
    Cloud Security Alliancesupports number of projects related to cloud Get involved at https://cloudsecurityalliance.org/resea rch/https://cloudsecurityalliance.org.uk Copyright © 2012 Cloud Security Alliance
  • 10.
    How to managecloud security • Have a cloud security standard • What to do on an Enterprise level • Before your Cloud project • During your Cloud project How to drive out the • BAU 'seven deadly sins' of cloud computing - new Information Security • Exit from the Cloud provider Forum report • Risks cannot be outsourced • Manage lock-in and exit up-front – especially in SaaS Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
  • 11.
    Contact Help us securecloud computing – Get involved • http://cloudsecurityalliance.org.uk • info@cloudsecurityalliance.org.uk • LinkedIn: http://www.linkedin.com/groups/Cloud- Security-Alliance-UK-Chapter-3745837 • Twitter: @CSAUKResearch Copyright © 2012 Cloud Security Alliance https://cloudsecurityalliance.org.uk
  • 12.
    Thank you! www.cloudsecurityalliance.org

Editor's Notes

  • #12 Do visit the websiteDo join the LinkedIn Groups – you will receive regular email updates