Cloud Security. Let s Open the Box. Abu Shohel Ahmed ahmed.shohel@ericsson.com NomadicLab, Ericsson Research
|
|
- Ashley Stephens
- 8 years ago
- Views:
Transcription
1 t Cloud Security Let s Open the Box t Abu Shohel Ahmed ahmed.shohel@ericsson.com NomadicLab, Ericsson Research
2 Facts about Ericsson Ericsson is a world-leading provider of telecommunication equipment and services More then 40 percent of mobile traffic passes through Ericsson network Ericsson is the 5 th largest software company in the world Ericsson AB Lecture on Cloud Security at Aalto Page 2
3 Why ericsson in cloud For Clouds: - It is difficult to optimize the cost of Computation, Networking and Storage at the same time ( Revision of Brewer s CAP theorem) - MNO s can play a key role to optimize the Networking Figure from Ericsson Ericsson AB Lecture on Cloud Security at Aalto Page 3
4 Dark days of cloud Ericsson AB Lecture on Cloud Security at Aalto Page 4
5 Ericsson AB Lecture on Cloud Security at Aalto Page 5
6 Ericsson AB Lecture on Cloud Security at Aalto Page 6
7 Ericsson AB Lecture on Cloud Security at Aalto Page 7
8 Ericsson AB Lecture on Cloud Security at Aalto Page 8
9 We are not talking about Virtualization security Trusted Computing Base Every details of Cloud Security Ericsson AB Lecture on Cloud Security at Aalto Page 9
10 Today s talk about Security in General, Is cloud security different? What process you should consider before cloud adoption? Major Threats against cloud Discussion on two focus areas: - Identity and access management - Governance and Compliance Ericsson AB Lecture on Cloud Security at Aalto Page 10
11 Security engineering Ericsson AB Lecture on Cloud Security at Aalto Page 11
12 Security engineering is building systems which remains dependable in the face of malice, error, or mischance The goal is to provide critical assurance Ericsson AB Lecture on Cloud Security at Aalto Page 12
13 Security engineering framework Policy Mechanism Incentives Assurance Ericsson AB Lecture on Cloud Security at Aalto Page 13
14 Security engineering for cloud evaluation Scenario 1 Ericsson AB Lecture on Cloud Security at Aalto Page 14
15 Bob s blog Requirements - Ensure uptime - No sensitive content - Simple user authentication - Monitor the traffic - Low cost Ericsson AB Lecture on Cloud Security at Aalto Page 15
16 Cloud provider a 99% uptime Simple user authn/z No sensitive content Load balancer User/password, access control IDS system Attacker: No data and monetary Incentives Site defacement Assurance: Availability moderate Access control moderate Monitoring - moderate Ericsson AB Lecture on Cloud Security at Aalto Page 16
17 Scenario 2 Ericsson AB Lecture on Cloud Security at Aalto Page 17
18 A hospital system Requirements Patients record are strictly confidential A nurse can access patient s data of her ward who stayed in last 30 days Doctors need strict assurance for life critical data e.g., medical and drug history Strict assurance for critical system Ericsson AB Lecture on Cloud Security at Aalto Page 18
19 Cloud provider b Granular AuthN/Z data privacy & confidentiality data integrity Constant availability Multi-level and multi-lateral Auth, XACML, VM hardening Encrypted disk, anonymizer, inference control Digital signature policy Replicas, DR, caching, Load balancer IDS system Attacker: Personal data acquisition Assurance: Access control strict Privacy & confidentiality strict Integrity Strict Availability - Strict Ericsson AB Lecture on Cloud Security at Aalto Page 19
20 Evaluation Requirements Cloud Provider A Cloud Provider B Assurance Assurance: Availability moderate Access control moderate Monitoring - ok Assurance: Access control strict Privacy & confidentiality strict Integrity Strict Availability - Strict Deployment model Public Private / Public with VM hardening Accessible and consumed by Un-trusted Trusted SPI SaaS IaaS Ericsson AB Lecture on Cloud Security at Aalto Page 20
21 Security considerations before Cloud adoption Ericsson AB Lecture on Cloud Security at Aalto Page 21
22 Security is a Balance between benefits and RISK Security depends on how much risks we like to take in comparison to economic benefits. Economic Benefits Risk So how will we proceed? See Next Slides Ericsson AB Lecture on Cloud Security at Aalto Page 22
23 Step 1 Define assets, resources, and information being managed Who manages and owns them and how Which security controls are in place Identify your compliance requirements Define the risk you can tolerate Ericsson AB Lecture on Cloud Security at Aalto Page 23
24 Step 2: choose cloud model Ref: Cloud Cube, Jericho Forum Ericsson AB Lecture on Cloud Security at Aalto Page 24
25 Step 3: Find the gap Ref: Security Guidance for Critical Areas of Focus in Cloud Computing V3.0 Ericsson AB Lecture on Cloud Security at Aalto Page 25
26 Threats in cloud Ericsson AB Lecture on Cloud Security at Aalto Page 26
27 Cloud security alliance - TOP Threats in Cloud Abuse and Nefarious use of cloud Insecure Interfaces and APIs Malicious Insiders Shared Technology (Isolation) Issue Data Loss or Leakage Account or Service hacking Unknown risk profile Source: Ericsson AB Lecture on Cloud Security at Aalto Page 27
28 # Nefarious use of Cloud Recommendations: 1. Strict registration 2. Enhanced monitoring Ericsson AB Lecture on Cloud Security at Aalto Page 28
29 # Insecure interfaces and APIs Recommendations: 1. Analyze CSP s security 2. Strong access control 3. Understand API dependency chain Ericsson AB Lecture on Cloud Security at Aalto Page 29
30 # Malicious Insider Recommendations: 1. Strict supply chain 2. Multi-level and Multi-lateral security Photo credit: /Tackling-data-theft-from-insiders Ericsson AB Lecture on Cloud Security at Aalto Page 30
31 # Shared Technology issues Recommendations: 1. Strong access control 2. Perform vulnerability scanning 3. Monitor environment Ericsson AB Lecture on Cloud Security at Aalto Page 31
32 # Data loss Recommendations: 1. Strong API access control 2. Encrypt the data 3. Data protection design Ericsson AB Lecture on Cloud Security at Aalto Page 32
33 Ericsson AB Lecture on Cloud Security at Aalto Page 33
34 Identity, entitlement and access management Identity and Access Management (IAM) should provide controls for assured identities and access management. Ericsson AB Lecture on Cloud Security at Aalto Page 34
35 Identity management Identification Authentication Authorization Who are you Prove it Here is the resource An identifier that can be used to uniquely recognize a principal The process to verify the identity of a principal The granting of rights and capabilities to the principal by the system Ericsson AB Lecture on Cloud Security at Aalto Page 35
36 OLD school of IAM Ericsson AB Lecture on Cloud Security at Aalto Page 36
37 What s new in cloud IAM system The changing business need requires a new identity perimeter for the cloud Ericsson AB Lecture on Cloud Security at Aalto Page 37
38 OLD school vs. NEW school Old School New School Enterprise Centric Access Control List Directory Server Authen6ca6on Principal Centric Resource Centric Rule Based Access Authen6ca6on Rou6ng Ericsson AB Lecture on Cloud Security at Aalto Page 38
39 Symetrical Symmetrical Evolving Jericho Authoriza6on Model Principal Iden6ty, Access Request Updates Access Control Enforcement Func6on Access Rules Resource Resource Labels Decision Cache Access Rules Rela6vely Dynamic Audit Logs Request, Iden6ty, Rules, Access Control Decision Func6on Decision Decision Support Informa6on Verified Rules Verified Environmental, Resource, & Principal Iden6fiers Rela6vely Sta6c Ref: Jericho Forum Ericsson AB Lecture on Cloud Security at Aalto Page 39 Rules Policy Admin
40 Recommendation Support for SSO & federation ( e.g., OpenID, SAML, OAuth) Identity attributes need to be consumed from multiple sources Support for granular authorization (e.g., XACML) Support for standard provisioning languages ( e.g., through SPML) Be careful about sensitive personal data (SPI) Reuse identity rather than create new one Ericsson AB Lecture on Cloud Security at Aalto Page 40
41 ERICSSON in Cloud identity: OpeniD with gba for cloud Authentication OpenStack" Telecom Nodes" Nova! KeyStone! Dashboard! OpenID provider & NAF! Browser! HSS! BSF! SIM enabled! A prototype based on 3GPP defined 'OpenID with GBA' to integrate federated and secure SIMbased authentication to the IaaS management layer. User! Ericsson AB Lecture on Cloud Security at Aalto Page 41
42 Governance, risk management and compliance Ericsson AB Lecture on Cloud Security at Aalto Page 42
43 Why GRC is important in Cloud Lack of user control Dynamic allocation means resource is not known beforehand Separation of logical and physical entities Location independence Ericsson AB Lecture on Cloud Security at Aalto Page 43
44 Compliance in Cloud Can I assess trust in a cloud provider? Is there a way to automatically verify trust in real time? Is there an easy way to expose this information? Ericsson AB Lecture on Cloud Security at Aalto Page 44
45 CSA GRC stack Description Common technique and nomenclature to request and receive evidence and affirma6on of current cloud service opera6ng circumstances from cloud providers Common interface and namespace to automate the Audit, Asser6on, Assessment, and Assurance (A6) of cloud environments Industry- accepted ways to document what security controls exist Fundamental security principles in specifying the overall security needs of a cloud consumers and assessing the overall security risk of a cloud provider Ericsson AB Lecture on Cloud Security at Aalto Page 45
46 An approach for Compliance monitoring Ericsson AB Lecture on Cloud Security at Aalto Page 46
47 Take away Security in cloud is not that different, rather risk has changed or new risk has emerged Always evaluate the risk of your assets before transition towards cloud Remember, Attackers will exploit the threat Access control and compliance are important for cloud adoption Do design your system based on customer need, but don t forget security. Ericsson AB Lecture on Cloud Security at Aalto Page 47
48 References 1. cloud_cube_model_v1.0.pdf 2. csathreats.v1.0.pdf 3. Chapter 1, Chapter 9, Ross Anderson, Security Engineering 4. Domain 1, Domain 12, Security Guidance For Critical Areas of Focus in Cloud Computing V3.0, CSA 5. OpenID authentication as a service in OpenStack, 7th International Conference on Information Assurance and Security (IAS), CSA - Cloud Control Matrix, cloudsecurityalliance.org/research/ccm/ Ericsson AB Lecture on Cloud Security at Aalto Page 48
49
Security Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationCloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
More informationCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer
More informationBringing Cloud Security Down to Earth. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com
Bringing Cloud Security Down to Earth Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Agenda About Nemertes Cloud Dynamics and Adoption Assessing Risk of Cloud Services
More informationSecurity Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)
Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationHow To Protect Your Cloud Computing Resources From Attack
Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview
More informationSECURE CLOUD COMPUTING
Outline SECURE CLOUD COMPUTING Introduction (of many buzz words) References What is Cloud Computing Cloud Computing Infrastructure Security Cloud Storage and Data Security Identity Management in the Cloud
More informationCAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST
CENTER FOR ADVANCED SECURITY TRAINING 618 Designing and Implementing Cloud Security About EC-Council Center of Advanced Security Training () The rapidly evolving information security landscape now requires
More informationCloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
More informationCloud Computing and Telecommunications: Business OPPORTUNITIES, Technologies and Experimental setup
Cloud Computing and Telecommunications: Business OPPORTUNITIES, Technologies and Experimental setup András Vajda, Stephan Baucke, Daniel Catrein, Calin Curescu, Joacim Halén, James Kempf, Yves Lemieux,
More informationAPIs The Next Hacker Target Or a Business and Security Opportunity?
APIs The Next Hacker Target Or a Business and Security Opportunity? SESSION ID: SEC-T07 Tim Mather VP, CISO Cadence Design Systems @mather_tim Why Should You Care About APIs? Amazon Web Services EC2 alone
More informationCLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM
CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material
More informationCloud Security & Standardization. Markku Siltanen Tietoturvakonsultti CISA, CGEIT, CRISC
0 Copyright 2011 FUJITSU Cloud Security & Standardization Markku Siltanen Tietoturvakonsultti CISA, CGEIT, CRISC Cloud computing 1 Copyright 2011 FUJITSU Characteristics of cloud 2 Copyright 2011 FUJITSU
More informationCloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 18th December 2014 Duration 2 Days Location Dublin Course Code SS906 Programme Overview Cloud Computing is gaining increasing
More informationDynamic Security for the Hybrid Cloud
Dynamic Security for the Hybrid Cloud Marc van Zadelhoff, VP Strategy, Marketing and Product Management, IBM Security Nataraj Nagaratnam, Distinguished Engineer and CTO Security Solutions, IBM Security
More informationSecurity in the Green Cloud
Security in the Green Cloud Smart and Green infrastructure symposium 2011 Prague May 19 th 2011 Steinthor Bjarnason sbjarnas@cisco.com 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
More informationSecurity Best Practices Overview
Software Version, page 1 Cisco Modeling Labs Client, page 1 Cisco Modeling Labs Server, page 2 Linux-based Operating System, page 2 OpenStack Security Overview, page 3 Software Version The recommendations
More informationCloud security architecture
ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide
More informationCloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102
Cloud Standards Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102 2011 IBM Corporation Agenda Overview on Cloud Standards Identity and Access Management Discussion 2 Overview on Cloud
More informationA Secure Authenticate Framework for Cloud Computing Environment
A Secure Authenticate Framework for Cloud Computing Environment Nitin Nagar 1, Pradeep k. Jatav 2 Abstract Cloud computing has an important aspect for the companies to build and deploy their infrastructure
More informationCloud Security: Critical Threats and Global Initiatives
Cloud Security: Critical Threats and Global Initiatives Richard Zhao, Founder and Board Member of CSA-GCC Chief Strategy Officer, NSFOCUS Sept. 2010 What is Cloud Computing? Compute as a utility: third
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationCloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5. www.kc-class.eu
Cloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5 www.kc-class.eu 1 1 Outline Cloud computing General overview Deployment and service models Security issues Threats
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationSoftware and Cloud Security
1 Lecture 12: Software and Cloud Security 2 Lecture 12 : Software and Cloud Security Subjects / Topics : 1. Standard ISO/OSI security services 2. Special problems, specific for software components and
More informationNew Risks in the New World of Emerging Technologies
New Risks in the New World of Emerging Technologies Victor Chu Client Technical Professional Identity, Security, and Compliance Management Software Group IBM Malaysia Risk it s NOT a four simple letter
More informationCloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
More informationD. L. Corbet & Assoc., LLC
Demystifying the Cloud OR Cloudy with a Chance of Data D. L. Corbet & Assoc., LLC thelinuxguy@donet.com Why 'The Cloud' Common Clouds Considerations and Risk Why 'The Cloud' Distributed Very Large / Very
More informationResidual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.)
Organizational risks 1 Lock-in Risk of not being able to migrate easily from one provider to another 2 Loss of Governance Control and influence on the cloud providers, and conflicts between customer hardening
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationEvaluating IaaS security risks
E-Guide This expert tip examines the risks organizations need to be aware of when evaluating IaaS solutions, and highlights the key architectural and process components of access management services that
More informationSecurity Issues in Cloud Computing
Security Issues in Cloud Computing Dr. A. Askarunisa Professor and Head Vickram College of Engineering, Madurai, Tamilnadu, India N.Ganesh Sr.Lecturer Vickram College of Engineering, Madurai, Tamilnadu,
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationCloud, and Digital Iden1ty Management (DIM) Exis1ng DIMs and their Limita1ons Our Goals World of Group Signatures SPICE!
Cloud, and Digital Iden1ty Management (DIM) Exis1ng DIMs and their Limita1ons Our Goals World of Group Signatures SPICE! Simple Showcase 2 Cloud compu1ng has been envisioned as the next- genera1on architecture
More informationCloud Security. Securing what you can t touch. Presentation to Malaysia Government Cloud Computing Forum 2012-04-05 HUAWEI TECHNOLOGIES CO., LTD.
2012-04-05 Cloud Security Securing what you can t touch www.huawei.com www.huawei.com Presentation to Malaysia Government Cloud Computing Forum HUAWEI TECHNOLOGIES CO., LTD. Why worry about cloud security?
More informationFrom 0 to Secure in 1 Minute APPSEC IL 2015. Moshe Ferber CCSK, CCSP
From 0 to Secure in 1 Minute APPSEC IL 2015 Moshe Ferber CCSK, CCSP #About Information security professional for over 20 years Popular industry speaker & lecturer (DefCon, BlackHat, Infosec and more) Co-Contributor
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationKantara Initiative Workshop. Identity as Security Glue for the Cloud. Matthew Gardiner CA Inc. & Chris Sharp MEDecision. Title of Presentation
Kantara Initiative Workshop Title of Presentation Identity as Security Glue for the Cloud Matthew Gardiner CA Inc. & Chris Sharp MEDecision Identity is Central to Cloud Security & Management 2 3 The Cloud
More informationCloud Security Framework (CSF): Gap Analysis & Roadmap
Cloud Security Framework (CSF): Gap Analysis & Roadmap Contributors: Suren Karavettil, Bhumip Khasnabish Ning So, Gene Golovinsky, Meng Yu & Wei Yinxing Please send comments & suggestions to Suren Karavettil
More informationA Survey on Cloud Security Issues and Techniques
A Survey on Cloud Security Issues and Techniques Garima Gupta 1, P.R.Laxmi 2 and Shubhanjali Sharma 3 1 Department of Computer Engineering, Government Engineering College, Ajmer Guptagarima09@gmail.com
More informationSecure Identity in Cloud Computing
Secure Identity in Cloud Computing Michelle Carter The Aerospace Corporation March 20, 2013 The Aerospace Corporation 2013 All trademarks, service marks, and trade names are the property of their respective
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationSECURITY ANALYSIS OF CLOUD COMPUTING
Anju Chhibber* Dr. Sunil Batra** International Journal of Advanced Research in SECURITY ANALYSIS OF CLOUD COMPUTING Abstract: Cloud computing is a model that uses the concept of utility computing that
More informationSTORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM
STORAGE SECURITY TUTORIAL With a focus on Cloud Storage Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members
More informationData Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
More informationPublic Cloud Security: Surviving in a Hostile Multitenant Environment
Public Cloud Security: Surviving in a Hostile Multitenant Environment SESSION ID: EXP-R01 Mark Russinovich Technical Fellow Windows Azure, Microsoft @markrussinovich The Third Computing Era Security Could
More informationBlending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access
Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Vikas Jain Director, Product Management Intel Corporation Jesper Tohmo CTO, Nordic Edge (an Intel company) Session ID:
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationCourse: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems
Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding
More informationCloud Security Framework (CSF): Gap Analysis & Roadmap
Cloud Security Framework (CSF): Gap Analysis & Roadmap Contributors: Suren Karavettil, Bhumip Khasnabish Ning So, Gene Golovinsky, Meng Yu & Wei Yinxing Please send comments & suggestions to Suren Karavettil
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationBuilding an Effec.ve Cloud Security Program
Building an Effec.ve Cloud Security Program Laura Posey Senior Security Strategist, Microso3 Corpora6on Co- Chair, CSA CAIQ Programming Chair, NY Metro CSA Chapter Is Cloud worth it? Yes! Pla?orm for Innova.on
More informationSecurity Architecture for Cloud Computing Platform
Security Architecture for Cloud Computing Platform SANJAYA DAHAL Master of Science Thesis Stockholm, Sweden 2012 TRITA-ICT-EX-2012:291 Abstract Cloud computing is an innovation of existing technology
More informationFrom Zero to Secure in 1 Minute
From Zero to Secure in 1 Minute Securing IaaS Nir Valtman & Moshe Ferber Black Hat Asia 2015 About us Moshe Ferber Nir Valtman Passionate about information security. Involved in numerous startups and initiatives
More informationAutomated Security Compliance Tool for the Cloud
Automated Security Compliance Tool for the Cloud Kazi Wali Ullah Master in Security and Mobile Computing Submission date: June 2012 Supervisor: Danilo Gligoroski, ITEM Co-supervisor: Tuomas Aura, Aalto
More informationArnab Roy Fujitsu Laboratories of America and CSA Big Data WG
Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG 1 The Big Data Working Group (BDWG) will be identifying scalable techniques for data-centric security and privacy problems. BDWG s investigation
More informationAddressing Security for Hybrid Cloud
Addressing Security for Hybrid Cloud Sreekanth Iyer Executive IT Architect IBM Cloud (CTO Office) Email : sreek.iyer@in.ibm.com Twitter: @sreek Blog: http://ibm.co/sreek July 18, 2015 Cloud is rapidly
More informationSecure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services
Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro Udo_Schneider@trendmicro.de 26.03.2013
More informationAuditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A
Brochure More information from http://www.researchandmarkets.com/reports/2213812/ Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A Description: The auditor's guide to ensuring
More informationhttp://www.cisjournal.org Security Framework for Cloud Computing Environment: A Review Ayesha Malik, Muhammad Mohsin Nazir
Security Framework for Cloud Computing Environment: A Review Ayesha Malik, Muhammad Mohsin Nazir Department of Computer Science Lahore College for Women University, Lahore, Pakistan. ayesha_sadaqat@yahoo.com,
More informationmanaging SSO with shared credentials
managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout
More informationPrivacy + Security + Integrity
Privacy + Security + Integrity Docufree Corporation Data Security Checklist Security by Design Docufree is very proud of our security record and our staff works diligently to maintain the greatest levels
More informationService Oriented Networks Security. David Brossard, M.Eng, SCEA Senior Security Researcher, BT Innovate Globecom 2008
Service Oriented Networks Security David Brossard, M.Eng, SCEA Senior Security Researcher, BT Innovate Globecom 2008 While empowering new business models, SON leads to a proliferation of application networks
More informationPRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY
PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY Shane Weeden IBM Session ID: CLD-W01 Session Classification: Advanced Agenda Cloud security
More informationData Security and Healthcare
Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population
More informationSecure and control how your business shares files using Hightail
HIGHTAIL FOR ENTERPRISE: SECURITY OVERVIEW Secure and control how your business shares files using Hightail Information the lifeblood of any business is potentially placed at risk every time digital files
More informationExtending APS Packages with Single Sign On. Brian Spector, CEO, CertiVox / Gene Myers, VP Engineering, CertiVox
Extending APS Packages with Single Sign On Brian Spector, CEO, CertiVox / Gene Myers, VP Engineering, CertiVox Introducing APS 2.0 A Platform for Integration APS Dynamic UI HTML5 Extensibility Certified
More informationComplete Web Application Security. Phase1-Building Web Application Security into Your Development Process
Complete Web Application Security Phase1-Building Web Application Security into Your Development Process Table of Contents Introduction 3 Thinking of security as a process 4 The Development Life Cycle
More informationCloud Computing & Collaboration
Sponsored by Cloud Computing & Collaboration The security implications for this new Web paradigm Please note the audio line will remain silent until 5 minutes before broadcast Sponsored by Event Housekeeping
More informationCloud Computing: What needs to Be Validated and Qualified. Ivan Soto
Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data
More informationLogically Securing a Public Cloud Service
SESSION ID: CIN-W07 Logically Securing a Public Cloud Service Tim Mather CISO Cadence Design Systems @mather_tim Disclaimer: AWS (Amazon Web Services) is referenced in this presentation extensively, only
More informationCloud and Security (Cloud hacked via Cloud) Lukas Grunwald
Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald About DN-Systems Global Consulting and Technology Services Planning Evaluation Auditing Operates own Security Lab Project Management Integral
More informationOPENIAM ACCESS MANAGER. Web Access Management made Easy
OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access
More informationThreat Modeling. 1. Some Common Definition (RFC 2828)
Threat Modeling Threat modeling and analysis provides a complete view about the security of a system. It is performed by a systematic and strategic way for identifying and enumerating threats to a system.
More informationManaging for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud
Deploying and Managing Private Clouds The Essentials Series Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud sponsored by Managing for the Long Term: Keys to
More informationGetting Real with Policies for Software Defined Infrastructure. Manish Dave Principal Engineer, Intel IT
Getting Real with Policies for Software Defined Infrastructure Manish Dave Principal Engineer, Intel IT Manish Dave, Principal Engineer, Intel IT Network Security Architect @ Intel IT 15+ years of experience
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationH Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments
H Y T RUST: S OLUTION B RIEF Solve the Nosy Neighbor Problem in Multi-Tenant Environments Summary A private cloud with multiple tenants such as business units of an enterprise or customers of a cloud service
More informationTop Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America
1 Top Ten Security and Privacy Challenges for Big Data and Smartgrids Arnab Roy Fujitsu Laboratories of America 2 User Roles and Security Concerns [SKCP11] Users and Security Concerns [SKCP10] Utilities:
More informationSERENA SOFTWARE Serena Service Manager Security
SERENA SOFTWARE Serena Service Manager Security 2014-09-08 Table of Contents Who Should Read This Paper?... 3 Overview... 3 Security Aspects... 3 Reference... 6 2 Serena Software Operational Security (On-Demand
More informationTIT E IS A. Social Media. Soziale Netze und IT Sicherheit. Herausforderung? Chance? Alfred Bach Solution Strategist ALPS WE CAN IN BO
TIT E Social Media IS A QUES Soziale Netze und IT Sicherheit Herausforderung? Chance? Alfred Bach Solution Strategist ALPS WE CAN ANSW IN BO 1.43B social network users by 2012¹ 305B mobile app downloads
More informationAccelerate Mobile App Delivery: API Security for DevOps
Accelerate Mobile App Delivery: API Security for DevOps Brad Kramer Sr. Business Technology Architect NY State Government 12/18/2013 2013 CA. All rights reserved. Can YOU Meet the Business Demand for Innovation?
More informationWebsite Security: It s Not all About the Hacker Anymore
Website Security: It s Not all About the Hacker Anymore Mike Smart Sr. Manager, Products and Solutions Trust Services & Website Security Website Security 1 Website Security Challenges Evolving Web Use
More informationSecure Cloud Computing
Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for
More informationEffective End-to-End Cloud Security
Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of
More informationSecurity & Cloud Services IAN KAYNE
Security & Cloud Services IAN KAYNE CloudComponents CLOUD SERVICES Dynamically scalable infrastructure, services and software based on broad network accessibility NETWORK ACCESS INTERNAL ESTATE CloudComponents
More informationKey Enablers for the Cloud Service Broker: Identity, Privacy, and Security
Key Enablers for the Cloud Service Broker: Identity, Privacy, and Security OMG Telecom Cloud Workshop Dec 6, 2010 David F. Chen Lead Principal-Technical Architect Ecosystem & Innovation, AT&T, Inc. Footer
More informationEAaaS Cloud Security Best Practices
EAaaS Cloud Security Best Practices A Technical White Paper by Sennovate Inc Jan 2013 EAaaS Cloud Security Best Practices Page 1 Introduction: Cloud security is an ever evolving subject that is difficult
More informationPICO Compliance Audit - A Quick Guide to Virtualization
WHITE PAPER August 2011 Passing Compliance Audit: Virtualize PCI-compliant Workloads with the Help of HyTrust and Trend Micro Deep Security HYTRUST AND TREND MICRO DEEP SECURITY TOC Contents Virtualization
More informationThe Magazine for IT Security. May 2010. issue 3. sör alex / photocase.com
The Magazine for IT Security May 2010 sör alex / photocase.com free digital version made in Germany issue 3 Luiz Fotolia.com Clouds or storm clouds? Cloud Computing Security by Javier Moreno Molinero Gradually,
More informationCloud Database Storage Model by Using Key-as-a-Service (KaaS)
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 4 Issue 7 July 2015, Page No. 13284-13288 Cloud Database Storage Model by Using Key-as-a-Service (KaaS) J.Sivaiah
More informationTop 10 Cloud Risks That Will Keep You Awake at Night
Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com
More informationIs it Time to Trust the Cloud? Unpacking the Notorious Nine
Is it Time to Trust the Cloud? Unpacking the Notorious Nine Jonathan C. Trull, CISO, Qualys Cloud Security Alliance Agenda Cloud Security Model Background on the Notorious Nine Unpacking the Notorious
More informationAssessing Risks in the Cloud
Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research
More informationCloud Security: An Independent Assessent
Cloud Security: An Independent Assessent A Quantix White Paper Dec 2010 Call us on: 0115 983 6200 Visit us on-line at: www.quantix-uk.com E-mail us at : enquiries@quantix-uk.com Why are people concerned
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationGlinda Cummings World Wide Tivoli Security Product Manager
Featured Speaker IBM Security Solutions! Glinda Cummings World Wide Tivoli Security Product Manager 2010 IBM Corporation IBM Security Solutions! How IBM defines Cloud Computing IBM Security Solutions!
More information