Cloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014

Size: px
Start display at page:

Download "Cloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014"

Transcription

1 Cloud Security Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014

2 Agenda Introduction Security Assessment for Cloud Secure Cloud Infrastructure Security by each Service Model Electronic Government Agency (Public Organization), Thailand (EGA) Cloud Security Alliance (CSA)

3 INTRODUCTION TO CLOUD

4 NIST Model of Cloud Computing

5 Cloud Service Model Based on Demand of Cloud consumer & Supply of Cloud provider XaaS : Everything as a Service

6 Multi-Tenancy Managed by Customer Managed by Vendor Traditional IaaS PaaS SaaS Application Application Application Application Data Data Data Data API/Runtime API/Runtime API/Runtime API/Runtime Middleware Middleware Middleware Middleware OS OS OS OS Virtualization Virtualization Virtualization Virtualization Server Server Server Server Storage Storage Storage Storage Network Network Network Network

7 Deployment Model Public/Private/Hybrid/Community Based on Trusted/Untrusted accessible and consume. Multi-Tenancy Concept Infrastructure Managed/Owned/Located

8 General Cloud Architecture Self Service Management Service Management Service Catalog CMDB API/Interoperability/Portability Mgt. Virtualization Orchestration/Configuration Provision Management Security/Risk Management Risk/Compliance Control Identity/Access Mgt. Configuration Mgt. SLA Mgt. Performance/Capacity/ Availability Monitoring/Incident Storage Virtualization Computing Network Encryption Mgt. Auditing and Assessment Intrusion Mgt. Hardening Physical/Data Center 8

9 SECURITY ASSESSMENT FOR CLOUD

10 - Data Lose/Confidential/Protection - Multi-tenancy problem - Vulnerability of Cloud Infra: Hypervisor, Cloud software, API - Availability - Access Control/Authorization - Location of Data/Physical Security - Legislation, Law, Compliance, Standard Risk of Cloud Computing

11 Know Categorize asset of Cloud service Before start ISMS (Information Security Management System) Recommend : based on process; write the flow. Base on data/information/transaction/processing/ Function/Application classification concept Define Asset : CPS asset, Your asset / Owner/Category/Dependency/Value

12 Sample of Asset Matrix 12

13 Define your ISMS to protect your asset on Cloud service Define Scope Define ISMS Policy/Procedure Risk Assessment and Risk Management Define Methodology Identify Risk Analyze and Evaluate Risk Address Risk/Risk Treatment Choose security control Management Approval and Resource Statement of Applicability Amazon Web Services: Overview of Security Processes per.pdf

14 Define your ISMS to protect your asset on Cloud service [Cont.] Threat : not only hacker Cloud provider, Muti-tenancy, supply chain, 3 party, outsourcing. External standard and compliance. Vulnerability : based on cloud technology and architecture Virtualization API/Cloud Solution Risk: Threat x Vulnerability x Exposure x Impact x Likelihood and more The Notorious Nine: Cloud Computing Top Threats in 2013 ; CSA https://cloudsecurityalliance.org/download/the-notorious-nine-cloud-computing-top-threats-in- 2013/ Cloud Computing Risk Assessment ; enisa

15 Overall Cloud Risk Management Sketch Data Flow (Withou t Cloud) Identify Asset Evaluate Asset Map to Deploym ent Model Map to Service Model Sketch Data Flow (With Cloud) Documen t Helps you make early risk decisions on cloud usage, and is not a replacement for a full risk management. 15

16 Questions for Asset Evaluating Step How would we be harmed if the asset became public and widely distributed? How would we be harmed if an employee of our cloud provider accessed the asset? How would we be harmed if the process or function was manipulated by an outsider? How would we be harmed if the process or function failed to provide expected results? How would we be harmed if the information/data was unexpectedly changed? How would we be harmed if the asset was unavailable for a period of time? 16

17 SECURE CLOUD INFRASTRUCTURE

18 Secure Cloud Infrastructure Network Security Infrastructur e Component /Architectur e Security Management Plane Security Hypervisor Security

19 1. General Cloud Architecture Self Service Management Service Management Service Catalog CMDB API/Interoperability/Portability Mgt. Virtualization Orchestration/Configuration Provision Management Security/Risk Management Risk/Compliance Control Identity/Access Mgt. Configuration Mgt. SLA Mgt. Performance/Capacity/ Availability Monitoring/Incident Storage Virtualization Computing Network Encryption Mgt. Auditing and Assessment Intrusion Mgt. Hardening Physical/Data Center 19

20 1. General Cloud Architecture Self Service Management Service Management Service Catalog CMDB Configuration Mgt. API/Interoperability/Portability Mgt. Security In-depth ; Provision Hardening; Management Patch ; Configuration Best Practice and Virtualization monitoring. Virtualization Orchestration/Configuration Security/Risk Management Risk/Compliance Control Identity/Access Mgt. Encryption Mgt. SLA Mgt. Performance/Capacity/ Availability Monitoring/Incident Storage Computing Network Auditing and Assessment Intrusion Mgt. Hardening Physical/Data Center 20

21 2. Network Security Use separate physical networks Isolate the cloud networks from the normal LAN Prevent MAC address spoofing (to prevent spoofing and man-in-the-middle attacks) Restrict network access to the Cloud Management Server Strictly control access to Management network to protect sensitive control data Use Firewall/IDS/IPS IDS = Intrusion Detection System, IPS = Intrusion Prevention System

22 Zoning your Network Use trust/availability zones to segregate networks Network Pool A Net Pool B Network Pool C Storage Pool A General Zone Storage Pool C Secure Zone

23 Sample : vcloud Physical Deployment Diagram

24 Sample : vcloud Logical Deployment Diagram

25 3. Management Plane Key Functions Provisioning VMs Starting/stopping VMs Configuring resource pools for VMs Compute Storage Network (VLANs) Authentication Access Control Logging/Monitoring

26 3. Management Plane Security Restrict network access to Management Plane Strictly control access to Management network to protect sensitive control data Use Firewall to protect Management network Limit authorized persons with privileges to access Management Plane Enable Management Plane s logging and perform regular review Use secure remote access to Management Plane, e.g. SSH

27 4. Hypervisor Security Hardening Hypervisor OS Patch and Update Service and Feature Restrict Restrict on Administrative Interface : SSH, Web, CLI Network Access Control User Access Control Monitoring Hypervisor Backup and Restore Guest OS isolation : Assign own resources for each Guest OS Based on security level

28 Security Baseline Every system, OS, Application should have security baseline. Best security baseline is Production s Security Guideline. Example: vsphere Security Guideline vsphere Security Hardening Guide

29 Security Baseline Tools Control Compliance Tools VMware Compliance Checker for vsphere https://my.vmware.com/web/vmware/evalcenter?p=co mpliance-chk&lp=default

30

31 SECURITY BY EACH SERVICE MODEL

32 Security by Each Service Model The lower down the stack the cloud service provider stops, the more security capabilities and management consumers are responsible for implementing and managing themselves.

33 IaaS Security: Where to Start Firewall with restrictive policy Communications Encryption Network Zoning Protect Access Keys Virtual Machine Host Security

34 PaaS Security: Where to Start App Logging Communications Encryption, e.g. SSL Good Security Test for App Good App Design Your Application Limited Network Access to App

35 SaaS Security: Where to Start Security Settings in Software Communications Encryption, e.g. SSL, if possible Software used Data Backup

36 About EGA Electronic Government Agency (Public Organization) Thailand, founded 2011 Under supervision of the Ministry of Information and Technology and Communication Technology of Thailand Responsibilities of promoting and supporting the development of e-government services Developing e-government system the best supports Thailand ICT development Center for driving the e-government service development Enabling Complete & Secure e-government

37 G-Cloud (Government Cloud Service) Manages Cloud Enterprise Architecture development for use as a development model for other government organizations Offers Infrastructure as a Service (IaaS) and Software as a Service (SaaS), Plans to provide Platform as a Service (PaaS) in 2015 Works with the private sectors to develop IT system for Government agencies on G-Cloud in order to promote local software industry and increase national competitiveness

38 G-Cloud Model Secure Internet

39 About the Cloud Security Alliance Global, not-for-profit organization, founded 2009 Over 58,000 individual members, 200 corporate members, 75 chapters world wide Geographically divided into Americas, EMEA and APAC regions to meet strategic objectives Established with the aim of bringing trust to the cloud Develop a global trusted cloud ecosystem Building best practices and standards for next-gen IT Grounded in an agile philosophy, rapid development of applied research that supports all activities To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.

40 CCSK Certificate of Cloud Security Knowledge Benchmark of cloud security competency Measures mastery of CSA guidance and ENISA cloud risks whitepaper Understand cloud issues Look for the CCSKs at cloud providers, consulting partners Online web-based examination

41 CSA STAR Registry CSA STAR (Security, Trust and Assurance Registry) Public Registry of Cloud Provider self assessments Based on Consensus Assessments Initiative Questionnaire Provider may substitute documented Cloud Controls Matrix compliance Voluntary industry action promoting transparency Free market competition to provide quality assessments Provider may elect to provide assessments from third parties

42

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute

More information

Global Efforts to Secure Cloud Computing. Jason Witty President, Cloud Security Alliance Chicago

Global Efforts to Secure Cloud Computing. Jason Witty President, Cloud Security Alliance Chicago Global Efforts to Secure Cloud Computing Jason Witty President, Cloud Security Alliance Chicago Cloud: Ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart

More information

Global Efforts to Secure Cloud Computing

Global Efforts to Secure Cloud Computing April 2012 Global Efforts to Secure Cloud Computing Jim Reavis Executive Director Cloud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

! Global Efforts to Secure! Cloud Computing

! Global Efforts to Secure! Cloud Computing ay 2012! Global Efforts to Secure! Cloud Computing Jim Reavis Executive Director loud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute

More information

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing

More information

Assessing Risks in the Cloud

Assessing Risks in the Cloud Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research

More information

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns

More information

SECURING HEALTH INFORMATION IN THE CLOUD. Feisal Nanji, Executive Director, Techumen feisal@techumen.com

SECURING HEALTH INFORMATION IN THE CLOUD. Feisal Nanji, Executive Director, Techumen feisal@techumen.com SECURING HEALTH INFORMATION IN THE CLOUD Feisal Nanji, Executive Director, Techumen feisal@techumen.com Conflict of Interest Disclosure Feisal Nanji, MPP, CISSP Has no real or apparent conflicts of interest

More information

Cloud Courses Description

Cloud Courses Description Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?

More information

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson

More information

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012 Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters

More information

EAaaS Cloud Security Best Practices

EAaaS Cloud Security Best Practices EAaaS Cloud Security Best Practices A Technical White Paper by Sennovate Inc Jan 2013 EAaaS Cloud Security Best Practices Page 1 Introduction: Cloud security is an ever evolving subject that is difficult

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

Cloud Computing Security Issues

Cloud Computing Security Issues Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,

More information

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST Future of Cloud Computing Irena Bojanova, Ph.D. UMUC, NIST No Longer On The Horizon Essential Characteristics On-demand Self-Service Broad Network Access Resource Pooling Rapid Elasticity Measured Service

More information

THE BLUENOSE SECURITY FRAMEWORK

THE BLUENOSE SECURITY FRAMEWORK THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program

More information

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility

More information

Healthcare: La sicurezza nel Cloud October 18, 2011. 2011 IBM Corporation

Healthcare: La sicurezza nel Cloud October 18, 2011. 2011 IBM Corporation Healthcare: La sicurezza nel Cloud October 18, 2011 Cloud Computing Tests The Limits Of Security Operations And Infrastructure Security and Privacy Domains People and Identity Data and Information Application

More information

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Char Sample Security Engineer, Carnegie Mellon University CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk

More information

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways

More information

Lecture 02b Cloud Computing II

Lecture 02b Cloud Computing II Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,

More information

Security Considerations for Cloud Computing. Steve Ouzman Security Engineer

Security Considerations for Cloud Computing. Steve Ouzman Security Engineer Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview

More information

Cloud Courses Description

Cloud Courses Description Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Trend Micro Cloud Protection

Trend Micro Cloud Protection A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to

More information

Securing the Service Desk in the Cloud

Securing the Service Desk in the Cloud TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,

More information

David.Balka@chi.frb.org 2009 STREAM FRBC

David.Balka@chi.frb.org 2009 STREAM FRBC Virtualization ti Dave Balka David.Balka@chi.frb.org Examination Elements Architecture Management Processes Integrity Availability Security 2 Datacenter Consolidation 3 What is Virtualization A framework

More information

A hole in the cloud: Is cloud secure?

A hole in the cloud: Is cloud secure? A hole in the cloud: Is cloud secure? N. Vijaykumar Infosys Technologies Limited, Bangalore presented at Security in cloud is a key challenge! 70% 60% 50% 40% 30% 20% 10% 0% Data integrity tampering Hacker

More information

Intro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved.

Intro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved. Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security

More information

Virtual Private Cloud-as-a-Service: Extend Enterprise Security Policies to Public Clouds

Virtual Private Cloud-as-a-Service: Extend Enterprise Security Policies to Public Clouds What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their

More information

Cloud Models and Platforms

Cloud Models and Platforms Cloud Models and Platforms Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF A Working Definition of Cloud Computing Cloud computing is a model

More information

Dispelling the Myths about Cloud Computing Security

Dispelling the Myths about Cloud Computing Security Dispelling the Myths about Cloud Computing Security security is no longer an hinderance to the cloud! Leo F. Howell, CISSP CISA CCSK Knowledge MYTH we are all talking about the same cloud Discussion cloud

More information

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics

More information

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management

More information

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING 1. K.SURIYA Assistant professor Department of Computer Applications Dhanalakshmi Srinivasan College of Arts and Science for Womren Perambalur Mail: Surik.mca@gmail.com

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP SOLUTION BRIEF PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP The benefits of cloud computing are clear and compelling: no upfront investment, low ongoing costs, flexible capacity and fast application

More information

Running Mission-Critical Enterprise Applications in Private and Hybrid Cloud Environments

Running Mission-Critical Enterprise Applications in Private and Hybrid Cloud Environments Running Mission-Critical Enterprise Applications in Private and Hybrid Cloud Environments Working in Partnership Today s Presenters Working in Partnership Paul Calvert IT Services Solution Line Director

More information

Cloud Security:Threats & Mitgations

Cloud Security:Threats & Mitgations Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer

More information

Governance and Control in the Cloud. Infrastructure as a Service

Governance and Control in the Cloud. Infrastructure as a Service 1 Governance and Control in the Cloud Infrastructure as a Service Cows 2 The Triumph of the Utility 3 Our Discussion 4 How we ll talk about Governance and Controls today Not an IT-assurance methodology

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

A view from the Cloud Security Alliance peephole

A view from the Cloud Security Alliance peephole A view from the Cloud Security Alliance peephole Cloud One million new mobile devices - each day! Social Networking Digital Natives State Sponsored Cyberattacks? Organized Crime? Legal Jurisdiction & Data

More information

Cloud Security Training Days 3 and 4 Syllabus

Cloud Security Training Days 3 and 4 Syllabus November 2012 Intrinsec Security Technologies Cloud Security Training Days 3 and 4 Syllabus A Hands-On Companion Course to Cloud Security Alliance Training. Page 2 To Order Call: 1-855-732-3348 Day 3 Contents

More information

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad

More information

Security Lessons Learned: Enterprise Adoption of Cloud Computing

Security Lessons Learned: Enterprise Adoption of Cloud Computing SESSION ID: CDS-R03 Security Lessons Learned: Enterprise Adoption of Cloud Computing Jim Reavis Chief Executive Officer Cloud Security Alliance @cloudsa Agenda What we are going to cover The current &

More information

CompTIA Cloud+ 9318; 5 Days, Instructor-led

CompTIA Cloud+ 9318; 5 Days, Instructor-led CompTIA Cloud+ 9318; 5 Days, Instructor-led Course Description The CompTIA Cloud+ certification validates the knowledge and best practices required of IT practitioners working in cloud computing environments,

More information

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend: CompTIA Cloud+ Length: 5 Days Who Should Attend: Project manager, cloud computing services Cloud engineer Manager, data center SAN Business analyst, cloud computing Summary: The CompTIA Cloud+ certification

More information

NCTA Cloud Architecture

NCTA Cloud Architecture NCTA Cloud Architecture Course Specifications Course Number: 093019 Course Length: 5 days Course Description Target Student: This course is designed for system administrators who wish to plan, design,

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

Restricted Document. Pulsant Technical Specification

Restricted Document. Pulsant Technical Specification Pulsant Technical Specification Title Pulsant Government Virtual Server IL2 Department Cloud Services Contributors RR Classification Restricted Version 1.0 Overview Pulsant offer two products based on

More information

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control SESSION ID: CSV-W02 Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control David Etue VP, Business Development, Identity and Data Protection Gemalto @djetue Cloud and Virtualization Are

More information

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II AWS Security CJ Moses Deputy Chief Information Security Officer Security is Job Zero! Overview Security Resources Certifications Physical Security Network security Geo-diversity and Fault Tolerance GovCloud

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Cloud Computing Dr. A. Askarunisa Professor and Head Vickram College of Engineering, Madurai, Tamilnadu, India N.Ganesh Sr.Lecturer Vickram College of Engineering, Madurai, Tamilnadu,

More information

yvette@yvetteagostini.it yvette@yvetteagostini.it

yvette@yvetteagostini.it yvette@yvetteagostini.it 1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work

More information

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding

More information

Becoming a Cloud Services Broker. Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013

Becoming a Cloud Services Broker. Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013 Becoming a Cloud Services Broker Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013 Hybrid delivery for the future Traditional IT Evolving current state Future Information

More information

Secure Identity in Cloud Computing

Secure Identity in Cloud Computing Secure Identity in Cloud Computing Michelle Carter The Aerospace Corporation March 20, 2013 The Aerospace Corporation 2013 All trademarks, service marks, and trade names are the property of their respective

More information

Cloud Security Alliance: Industry Efforts to Secure Cloud Computing

Cloud Security Alliance: Industry Efforts to Secure Cloud Computing Cloud Security Alliance: Industry Efforts to Secure Cloud Computing Jim Reavis, Executive Director September, 2010 Cloud: Dawn of a New Age Art Coviello - the most overhyped, underestimated phenomenon

More information

White Paper How Noah Mobile uses Microsoft Azure Core Services

White Paper How Noah Mobile uses Microsoft Azure Core Services NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah

More information

Accenture Cloud Enterprise Services

Accenture Cloud Enterprise Services BMC User Forum 2011 Accenture Cloud Enterprise Services Martin Jureit, Accenture GmbH Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Agenda Accenture Cloud Enterprise

More information

Intel IT Cloud 2013 and Beyond. Name Title Month, Day 2013

Intel IT Cloud 2013 and Beyond. Name Title Month, Day 2013 Intel IT Cloud 2013 and Beyond Name Title Month, Day 2013 Legal Notices This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Intel and the

More information

Securing the Virtual Environment

Securing the Virtual Environment Securing the Virtual Environment January 13, 2012 Nathaniel C. Gravel, CISA, CISM, CRISC Director Information Security Practice GraVoc Associates, Inc. Founded in 1994 Located in Peabody, MA Organized

More information

Cloud Security Overview

Cloud Security Overview UT DALLAS Erik Jonsson School of Engineering & Computer Science Cloud Security Overview Murat Kantarcioglu Outline Current cloud security techniques Amazon Web services Microsoft Azure Cloud Security Challengers

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Cloud-Security: Show-Stopper or Enabling Technology?

Cloud-Security: Show-Stopper or Enabling Technology? Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics

More information

Commercial Software Licensing

Commercial Software Licensing Commercial Software Licensing CHAPTER 12: Prepared by DoD ESI January 2013 Chapter Overview Most software licenses today are either perpetual or subscription. Perpetual licenses involve software possession

More information

How to procure a secure cloud service

How to procure a secure cloud service How to procure a secure cloud service Dr Giles Hogben European Network and Information Security Agency Security in the cloud contracting lifecycle Can cloud meet your security requirements Choose the provider

More information

Fundamental Concepts and Models

Fundamental Concepts and Models Fundamental Concepts and Models 1 1. Roles and Boundaries Could provider The organization that provides the cloud based IT resources Cloud consumer An organization (or a human) that has a formal contract

More information

White Paper: AirSembly Datacenter Architecture Models

White Paper: AirSembly Datacenter Architecture Models White Paper: AirSembly Datacenter Architecture Models AirSembly Version 1.6 August 2015 Abstract: This white paper outlines different scenarios in which AirSembly can be configured. It presents common

More information

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro Udo_Schneider@trendmicro.de 26.03.2013

More information

Cloud Services. May 28 th, 2014 Athens, Greece

Cloud Services. May 28 th, 2014 Athens, Greece Cloud Services May 28 th, 2014 Athens, Greece Cloud Services? Cloud services and PT PT is Virtualization technology and delivery leader Well known as storage & data protection integrator Chosen by RedHat

More information

How Data-Centric Protection Increases Security in Cloud Computing and Virtualization

How Data-Centric Protection Increases Security in Cloud Computing and Virtualization How Data-Centric Protection Increases Security in Cloud Computing and Virtualization Executive Overview Cloud services and virtualization are driving significant shifts in IT spending and deployments.

More information

Security Considerations for the Cloud

Security Considerations for the Cloud June 6, 2012 Security Considerations for the Cloud Presented by: Mac McMillan CEO CynergisTek, Inc. Chair, HIMSS Privacy & Security Policy Task Force 1 2012 NIST/OCR Conference Agenda Threat Implications

More information

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc. Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value

More information

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud

More information

INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET) Introduction to Cloud Security. Taniya

INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET) Introduction to Cloud Security. Taniya INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET) International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 6464(Print)

More information

Cloud Essentials for Architects using OpenStack

Cloud Essentials for Architects using OpenStack Cloud Essentials for Architects using OpenStack Course Overview Start Date 18th December 2014 Duration 2 Days Location Dublin Course Code SS906 Programme Overview Cloud Computing is gaining increasing

More information

Emerging Approaches in a Cloud-Connected Enterprise: Containers and Microservices

Emerging Approaches in a Cloud-Connected Enterprise: Containers and Microservices Emerging Approaches in a -Connected Enterprise: Containers and Microservices Anil Karmel Co-Founder and CEO, C2 Labs Co-Chair, NIST Security Working Group akarmel@c2labs.com @anilkarmel Emerging Technologies

More information

GRC Stack Research Sponsorship

GRC Stack Research Sponsorship GRC Stack Research Sponsorship Overview Achieving Governance, Risk Management and Compliance (GRC) goals requires appropriate assessment criteria, relevant control objectives and timely access to necessary

More information

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities

More information

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud Simone Brunozzi, AWS Technology Evangelist, APAC Fortress in the Cloud AWS Cloud Security Model Overview Certifications & Accreditations Sarbanes-Oxley (SOX) compliance ISO 27001 Certification PCI DSS

More information

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise

More information

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility. FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer

More information

Logically Securing a Public Cloud Service

Logically Securing a Public Cloud Service SESSION ID: CIN-W07 Logically Securing a Public Cloud Service Tim Mather CISO Cadence Design Systems @mather_tim Disclaimer: AWS (Amazon Web Services) is referenced in this presentation extensively, only

More information

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments H Y T RUST: S OLUTION B RIEF Solve the Nosy Neighbor Problem in Multi-Tenant Environments Summary A private cloud with multiple tenants such as business units of an enterprise or customers of a cloud service

More information

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted. Cloud Computing Topics 1. What is the Cloud? 2. What is Cloud Computing? 3. Cloud Service Architectures 4. History of Cloud Computing 5. Advantages of Cloud Computing 6. Disadvantages of Cloud Computing

More information

Cloud Security: An Independent Assessent

Cloud Security: An Independent Assessent Cloud Security: An Independent Assessent A Quantix White Paper Dec 2010 Call us on: 0115 983 6200 Visit us on-line at: www.quantix-uk.com E-mail us at : enquiries@quantix-uk.com Why are people concerned

More information

Trust but Verify. Vincent Campitelli. VP IT Risk Management

Trust but Verify. Vincent Campitelli. VP IT Risk Management Trust but Verify Vincent Campitelli VP IT Risk Management McKesson Corporation Trust but Verify Cloud Security 3 Agenda Cloud Defined Cloud Opportunities Cloud Challenges What s Different? How to Verify

More information

Cloud Computing Risk and Rewards

Cloud Computing Risk and Rewards Cloud Computing Risk and Rewards John Lazarine Vice President and Chief Audit Executive Mark Salamasick Director of Center for Internal Auditing For Dallas CPA Society Convergence 2013 May 8, 2013 John

More information

vcloud Suite Architecture Overview and Use Cases

vcloud Suite Architecture Overview and Use Cases vcloud Suite Architecture Overview and Use Cases vcloud Suite 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Cloud Computing. Bringing the Cloud into Focus

Cloud Computing. Bringing the Cloud into Focus Cloud Computing Bringing the Cloud into Focus November 2011 Introduction Ken Cochrane CEO, IT/NET Partner, KPGM Performance and Technology National co-leader IT Advisory Services KPMG Andrew Brewin Vice

More information