Security in the Cloud an end to end Problem
|
|
|
- Annabel Griffith
- 8 years ago
- Views:
Transcription
1 ID WORLD Abu Dhabi March 2012 Cloud Computing & Mobile Applications Dr. Andrew Jones Programme Chair for Information Security Khalifa University of Science, Technology and Research, Abu Dhabi Security in the Cloud an end to end Problem Organized by: Conference Host:
2 Security in a Changing World ID WORLD, Abu Dhabi 2012 Dr. A Jones MBE MSc. MBCS CITP M.Inst.ISP Program Chair, Information Security MSc Andrew.Jones@Kustar.ac.ae
3 Agenda Current Situation Problems The New Environment Cloud Security Issues Cloud Security Challenges Law Enforcement in the Cloud
4 Current Situation State of Constant Change Data migration to the Cloud Access migration to smart handheld devices Advanced Persistent Threat (APT) P4
5 The Problems Greater Reliance on Technology Range of Applications Cloud Computing Increasing levels of Crime The cost of Cybercrime P5
6 Greater Reliance on Technology This conference is about the Security of Technology Just within this conference we are discussing: RFID Secure ID Health Border Control Transportation Cloud P6
7 Range of Applications Types of Cloud Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Software as a service (SaaS) An ever increasing range of applications. P7
8 Cloud Computing Benefits of savings on Capital Expenditure and Flexibility Where is your data stored? What does your SLA allow you to check Trusted third parties Forensics in the Cloud Access to logs/storage periods P8
9 Increasing levels of Crime Information theft continues to represent the highest external cost, followed by the costs associated with business disruption. All industries fall victim to cybercrime, but to different degrees Information theft represents the highest external cost In 50 organizations that were benchmarked they each experienced an average of 1.4 successful attacks per organization each week. This was a 44% increase in successful attacks over the previous year. P9
10 The cost of Cybercrime At $388bn, cybercrime is more than 100 times the annual expenditure of UNICEF ($3.65 billion) 14 adults suffered from cybercrime every second Cybercrime cost online adults in 24 countries a total of $114bn in cash in 12 months 72% of Adults in the UAE have been victims of Cybercrime P10 Norton 2011 Cybercrime report
11 The New Environment Before data was distributed held in corporate systems Now it is held in large centres has critical mass and there are fewer, richer targets Cyber criminals will exploit the richer targets Cyber criminals will exploit the cloud to create Crimeware-as-a-Service (CaaS) - cyber criminals can easily harvest botnets via common cloud applications The Google Attack P11
12 Cloud Security Issues Where is your data stored? Security controls managed by the service provider What does your SLA allow you to check Forensics in the Cloud Access to logs/storage periods Organized crime groups might set up their own cloud to launder the proceeds of crime. The (criminal) cloud operators could warn their clients if police request data. If information is stored in jurisdictions where privacy laws are lax, personal and sensitive information may be at risk. P12
13 Cloud Security Challenges Security is only as strong as the weakest link in the chain With Cloud Computing, the chain has now got longer and includes: the cloud host, the certificate authority, Corporate IT department, power users, application service providers. P13
14 Policing the Cloud Computing Environment The movement and storage of large volumes of data into the cloud is having a major impact on law enforcement and investigations. The criminal, the evidence and the victim less likely to be in the same jurisdiction. International legal treaties and mutual legal assistance agreements not yet in place. P14
15 An Asia Pacific View John Lawler, Chief Executive of the Australian Crime Commission, said: that while the cloud offers numerous benefits, there are significant vulnerabilities with the technology that could lead to exploitation by organised crime. If we know anything about organised crime networks it is that they see this [cloud computing] and any future technological change as being ripe with the potential for profit, We know this because history tells us that the growth of organised crime has mirrored the growth of a more globalised world. P15
16 P16 Thank you