Cloud Security Risk Agreements for Small Businesses

Size: px
Start display at page:

Download "Cloud Security Risk Agreements for Small Businesses"

Transcription

1 Isaac Potoczny-Jones Galois, Inc. Portland, OR ABSTRACT Cloud computing can be particularly beneficial to small businesses since it can decrease the total cost of ownership for IT systems. Unfortunately, one of the major barriers to adoption of cloud services is the perception that they are inherently less secure, exposing the organization to unacceptable risk. There are standard processes for managing security risk that can help businesses make trade-off decisions, but these processes currently cannot be applied to cloud computing since the security details of cloud services are not typically available to small businesses. This lack of information leads to a lack of trust: small businesses cannot evaluate the security of cloud services. This paper proposes an approach for cooperation between cloud vendors and small businesses based on the NIST Risk Management Framework. Security Risk Agreements would address the lack of trust so that small businesses can confidently adopt cloud services, benefiting both small businesses and cloud vendors. Categories and Subject Descriptors K.6.5 [Management of Computing and Information Systems]: Security and Protection. K.5.m [Legal Aspects of Computing]: Miscellaneous contracts. General Terms Legal Aspects, Security, Standardization. Keywords Cloud Security, Security Risk Agreement, Service Level Agreement, Risk Management Galois, Inc.

2 1. INTRODUCTION Cloud computing is the concept of offering remote network access to a set of IT resources [20], and it has the potential to be very valuable to small businesses since it can decrease the total cost of ownership of IT systems. However, one of the major barriers to adoption of cloud services is the perception that they are inherently less secure, exposing the organization to unacceptable risk [11]. This perception is based on the existence of vulnerabilities that are unique-to or amplified-by typical cloud-based architectural approaches and since cloud services are hosted remotely [16] [19] [20]. Risk-based security analyses such as NIST s Risk Management Framework [23] are a widely-adopted method for making security decisions. Such a risk-based analysis of cloud services would allow a small business to make cost-benefit decisions about whether to deploy cloud services since they could analyze the vulnerabilities and implement security controls. However, the security details of cloud services are not typically available to a small business. This lack of information leads to a lack of trust: small businesses cannot evaluate the security of cloud services. This paper proposes that cloud service providers should offer a Security Risk Agreement (SRA), which is a kind of Service Level Agreement (SLA) tailored to providing small businesses the information they need to evaluate whether a certain cloud service will meet their security requirements. Increased trust will increase adoption, benefiting both the business and the cloud vendors. This type of agreement would address the widespread lack of trust in cloud security through an explicit and mutual understanding, based on a widely-adopted risk framework. 2. BENEFITS TO SMALL BUSINESSES Cloud computing is gaining attention since it is believed that it increases flexibility and decreases the cost of IT services. NIST defines cloud computing as, a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction [20]. The US federal Chief Information Officer Vivek Kundra has argued that cloud computing is economical, flexible, can be rapidly implemented, can improve consistency in service, can be more energy efficient, and can increase an organization's ability to focus on its mission since it can spend less time and fewer resources on information technology [18]. For example, small Internet-based businesses which cannot predict their bandwidth, storage, and CPU utilization might appreciate the flexibility that services like Amazon's EC2 system provide since they can automatically scale based on the required usage. Furthermore, services like Google Docs can provide capabilities, like word processing, that are enhanced with collaborative aspects since multiple users can modify a document simultaneously. For small user bases such cloud-based services are often free. Cloud vendors and NIST both argue that cloud computing has some security advantages, and indeed can be more secure in some cases since, for instance cloud vendors have dedicated security teams [20]. For instance, Google has deployed multi-factor authentication [9] which increases the security of the login process. All of these elements should make cloud computing attractive to small businesses, since they can save on investment in IT and security specialists Galois, Inc. Page 2 of 8

3 3. CLOUD RISK MANAGEMENT As with any technology, such benefits are partly offset by the existence of risks, and in particular for cloud computing, security tops the list of concerns for most organizations [11]. Risk-based security analyses are a widely-adopted method for making security decisions and are required for federal systems covered by FISMA [23] and health-care related systems covered by HIPAA [29]. A risk-based analysis of cloud services would allow a small business to make cost-benefit decisions about whether to deploy cloud services since they explicitly weigh the impact of potential security problems against the cost of mitigating those problems. Processes for managing security risk have been developed by a number of organizations, but these processes are of limited applicability in cloud computing, since cloud vendors do not supply risk information about their services. One risk analysis process is the Risk Management Framework (RMF) which is outlined in detail in NIST's documentation [23] and involves understanding the impact of a loss of Confidentiality, Integrity, or Availability (CIA) to an organization's data or systems. The impact of such a loss is categorized as low, moderate, or high, depending on the reputation, financial, and human costs of an event. For instance, a high impact security event might involve the loss of human life [21]. Based on this impact assessment, the process goes on to define steps for identifying vulnerabilities, selecting and deploying security controls to manage those vulnerabilities, and ongoing assessment and monitoring of their effectiveness. When an organization stores its data in a cloud-based system, that system becomes a part of its IT infrastructure since a CIA failure in a cloud system would impact that organization's data. Furthermore, the cost savings of cloud computing can be offset by the level of risk it imposes. Therefore, a small business's cost/benefit analysis should include a risk analysis of those systems before moving the organization's data to them. 4. VULNERABILITIES AND SHARING Cloud computing involves a number of vulnerabilities that are not present in traditional environments where an organization physically controls its own computing resources and does not share hardware or software resources with other organizations or the general public. The level of sharing between customers can vary greatly depending on the service. For the sake of argument, let's say that for a given level of sharing, there is some possibility that a malicious individual is sharing resources with an organization that wishes to protect its data. A greater level of sharing implies a higher degree of risk (all other things being equal) since the pool of users is more likely to include malicious users. Small businesses, whose resources are subject to a high degree of sharing, are therefore subject to high risk. This section outlines different sharing models (which are not mutually exclusive) and related vulnerabilities: 4.1. Cloud Deployment Types NIST defines three categories of cloud deployments: private, community, and public, and these each imply different types of sharing [20]. Private clouds are those that are owned or leased by an enterprise, and so involve the least amount of sharing. These are likely outside the scope of what a small business can afford, so will not be discussed further. Community clouds are those that are shared by a set of organizations with some mutual trust. For example, Google's Apps for Government system has a separate cloud for organizations that are required to be FISMA compliant [12]. This addresses a vulnerability that Mell & Grance point out: that data stored in the cloud could be subject to foreign governments' legal actions [20]. Google addresses this by storing government data only within the US [17], but it doesn't make that guarantee for public cloud customers like small businesses Galois, Inc. Page 3 of 8

4 Public clouds are available to the general public and so involve the most sharing. These are the types of systems that most small businesses would use. The following sections outline other sharing models and related vulnerabilities that can apply to private, community, or public clouds. These vulnerabilities are probably more likely to have an impact in public clouds since they have a larger user pool, some of which might include malicious users Multi-Tenant vs. Dedicated Tenant Multi-tenant architectures allow multiple customers to use the same database and application instances [5]. Although there are mitigations, such architectures can lead to SQL injection vulnerabilities where malicious users issue queries against the database holding sensitive information. Furthermore, errors in access control enforcement can lead to inadvertent disclosure of data [26]. Dedicated tenant services host only a single customer, and so some such vulnerabilities might be more difficult, but this can come at the cost of performance Virtualization Vulnerabilities Virtualized systems run multiple virtual machines on a single physical host, and Gartner argues that such virtualized servers will be more vulnerable than physical servers for the next few years as organizations learn more about securing their systems [10]. One vulnerability is that confidential information can be leaked when a malicious user is able to execute a virtual machine on the same Local Area Network. For instance, researchers have demonstrated the ability to estimate traffic rates, perform side-channel attacks in order to extract key material, and use timing channels to send covert data between machines [27]. Another vulnerability is that if a malicious user is running a virtual machine on the same physical machine, there's some potential that they can execute some code that will give them control over the operating system that is executing all of the virtual machines. This has been demonstrated in practice [28] General Vulnerability Classes Other vulnerabilities are not necessarily specific to the method of deployment. Mell and Grance outline several general classes of security challenges [20] which include: Customers must trust the cloud vendor s security model. For instance, errors in the cryptographic implementation of cloud services could result in a loss of confidentiality of customer data as in [25]. In order to trust the cloud vendor s security model, customers first need to understand the security claims made by the cloud vendor. For instance, the Dropbox cloud storage service has come under criticism for how it expressed security claims about its use of encryption, leading some customers to believe their data was cryptographically protected from Dropbox insiders [30] and resulting in an FTC complaint [31]. Customers cannot necessarily respond to audit findings, for instance, when a Linux vulnerability affecting EC2 was discovered [3] administrators could not address the issue until Amazon released corrected kernels [24]. Customers can have trouble obtaining support for investigations, for instance, if a security expert wishes to test their own EC2 service for vulnerabilities, they must request permission from Amazon, and certain types of testing are not permitted since it would affect other customers' shared resources [4]. Proprietary implementations cannot be examined by the customer, for instance, one of the above vulnerabilities was visible to the public, and so was discovered by a customer, demonstrating the strength of transparency [25]. Customers lose physical control of the IT systems, for instance, data hosted in a foreign country is subject to their laws. Even laws in the US are unfavorable since, as is pointed out in [6], cloud vendors can be subpoenaed for a customer's data, whereas if they stored the data themselves, a warrant would be required, which has a higher burden of proof Galois, Inc. Page 4 of 8

5 5. BARRIERS TO RISK-BASED ANALYSIS Thus far this paper has outlined cloud computing's potential benefits to small businesses, the necessity for small businesses to perform risk-based security analyses for cloud services, and the vulnerabilities that cloud computing is subject to. In order for small businesses and cloud vendors to reap the benefits of a shift to cloud services without small businesses having to sacrifice their ability to perform such analysis, cloud vendors should provide service-level agreements that include risk-based guarantees about the level of security of their infrastructure. Cloud vendors understand the necessity of risk analysis, at least in their engagements with the US federal government. Google and Microsoft both already provide FISMA compliant cloud services for government clients [8] [12], which involves risk-based analysis, but no such commitment is made to the general public. Cloud vendors also provide SLAs relating to performance and availability, and these agreements have reimbursement clauses which offer financial guarantees [2] [14], but no such guarantee is provided with regard to confidentiality and integrity. Cloud vendors also recognize the importance of conveying the security of their infrastructure [1] [7] [15], likely because they understand that security is a major barrier to adoption. However, while these assurances are some comfort, they do not come with a guarantee, and are insufficient for risk management. 6. SECURITY RISK AGREEMENTS (SRAs) When a small business adopts cloud computing, they are outsourcing part of their IT infrastructure, and they therefore also must outsource some aspects of their risk management. A Security Risk Agreement should include principles of transparency and communication between the cloud vendor and the small business, the definition of security incidents and their severity, what level of guarantee the vendor is offering against incidents, and the consequences of a loss of confidentiality or integrity (availability being well defined in current SLAs). With that in mind, this section briefly outlines the steps of the Risk Management Framework [23] and what roles the small business and the cloud vendor play in each step. Step 1: Categorize the information system. In this step, the small business acts as the Information Owner/Steward and identifies the impact of a loss of confidentiality, integrity, or availability for its data: low, moderate, or high. The cloud vendor acts as the Information System Owner and will declare what level of impact their system can be authorized to handle. Some cloud vendors might only be trusted to handle low-impact data, but can potentially provide this service at a lower cost than a vendor who can handle moderate- or high-impact data. Steps 2-3: Select and implement security controls. In these steps the set of security controls (mitigations) from NIST [22] are selected and implemented by a combination of the cloud vendor and the small business. NIST divides security controls into a number of families, and within each family, some controls will be more naturally the accountability of the business and some of the cloud vendor. Since each business has unique security needs, each will likely want to identify a baseline set of must-have security controls and select vendors which are known to implement those security controls. Furthermore, the business might be required to implement some security controls in order to make up for a lack of controls from the cloud service (e.g. implementing encryption in the transport layer to make up for the lack of a virtual private network). For each family of security controls, one party bears the primary accountability for selecting and implementing the controls from that category, and that accountability is summarized in Table Galois, Inc. Page 5 of 8

6 Table 1. Proposed Primary Accountability for NIST Security Control Families Primary Accountability Falls To The small business The cloud vendor A neutral third party Accountability is split roughly equally Families of Security Control awareness and training, planning, personnel security, and system and services acquisition configuration management, contingency planning, identification and authentication, incident response, maintenance, physical and environmental protection, system and communications protection, and system and information integrity security assessment access control, audit and accountability, media protection, and risk assessment Step 4: Assess the effectiveness of the security controls. NIST emphasizes the importance of the independence of a security assessor. Since this assessment can largely be shared among all the customers of a cloud service, and since the details of some identified weaknesses (arguably) should not be made known to the general public, a neutral third party should be available to assess the controls and to communicate the high-level results, including the level of residual risk, to the small businesses. Furthermore, businesses must be permitted to perform their own assessments since they might have unique security concerns. Step 5: Authorize the information system. The cloud vendor should provide a plan to its customers to correct any weaknesses. The small business must be accountable for determining the level of risk to the organization and determining if that level of risk is acceptable. Step 6: Monitor security controls. Ongoing monitoring is the shared responsibility of the cloud vendor, the small business, and the security assessor. A security impact analysis of proposed changes must be performed by the cloud vendor and reported to the small business so that the business can assess the impact of that change on its corporate risk. Furthermore, businesses should be notified in advance of any change in security and either have the option to opt-out of a change or be given time to transition to a different vendor. 7. CONCLUSION At the same time that cloud computing is becoming ubiquitous, computer security is increasingly a concern for all businesses large and small. However, current service-level agreements between small businesses and cloud vendors do not allow for risk-based analysis of security by those businesses. This paper discusses both the value and the vulnerabilities of the shift to cloud computing and argues for a new practice in cloud business arrangements: the Security Risk Agreement. Such agreements will provide both parties with a clear understanding of their roles and accountabilities to one-another. This will help to avoid the kinds of mismatched expectations about security controls that can hurt both cloud service providers and their customers, as was the case regarding technical details of Dropbox s encryption. This paper provides an initial overview of the roles of each party in the context of NIST's Risk Management Framework. Security Risk Agreements address the major barrier to adoption of cloud computing: business's trust that their data will be handled with an appropriate level of security Galois, Inc. Page 6 of 8

7 8. REFERENCES [1] Adams, S Microsoft s Cloud Infrastructure FISMA Certified. FutureFed. [2] Amazon Amazon S3 SLA. Amazon Web Service [3] Amazon Linux kernel vulnerability in certain EC2 AMIs. Amazon Web Services. amis/. [4] Amazon. Penetration testing [policy]. Amazon Web Services. [5] Bezemer, C. P. and Zaidman, A Multi-tenant SaaS applications: maintenance dream or nightmare?. Proceedings of the Joint ERCIM Workshop on Software Evolution (EVOL) and International Workshop on Principles of Software Evolution (IWPSE), New York, NY, USA, pp [6] Brenner, S. W Cybercrime and the U.S. criminal justice system. in Handbook of information security, vol. 2, H. Bidogli, Ed. NY, NY: John Wiley & Sons, Inc. [7] Dropbox How secure is Dropbox? https://www.dropbox.com/help/27. [8] Estberg, M Microsoft s cloud infrastructure receives FISMA approval. Global foundation services blog. [9] Feigenbaum, E A more secure cloud for millions of Google Apps users. Official Google Enterprise Blog. [10] Gartner Gartner says 60 percent of virtualized servers will be less secure than the physical servers they replace through [11] Gens, F Cloud Services User Survey, pt.2: Top Benefits & Challenges. [12] Google. FISMA-certified cloud applications for government. Google Apps for business. [13] Google. Google Apps for business online agreement [14] Google. Google Apps service level agreement. [15] Google. Software-as-a-service has built-in security advantages. Google Apps for business. [16] Gruschka, N and Jensen, M Attack Surfaces: A Taxonomy for Attacks on Cloud Services. Proceedings of the 2010 IEEE 3rd International Conference on Cloud Computing, Washington, DC, USA, pp [17] Krishnan, K Introducing Google Apps for Government. Official Google Blog. [18] Kundra, V State of Public Sector Cloud Computing. Chief Information Officers Council. [19] Li, H. C., Liang, P. H, Yang, J. M, and Chen, S. J Analysis on Cloud-Based Security Vulnerability Assessment. E-Business Engineering, IEEE International Conference on, Los Alamitos, CA, USA, 2010, vol. 0, pp Galois, Inc. Page 7 of 8

8 [20] Mell, P and Grance, T Effectively and securely using the cloud computing paradigm. [21] National Institute of Standards and Technology Federal Information Processing Standards Publication, Standards for Security Categorization of Federal Information and Information Systems (FIPS PUB 199). [22] National Institute of Standards and Technology Recommended Security Controls for Federal Information Systems and Organizations (SP Revision 3). [23] National Institute of Standards and Technology Guide for applying the risk management framework to federal information systems (SP ). [24] ObReiman Kernel vulnerability affects EC2: NULL pointer dereference. AWS Developer Forums https://forums.aws.amazon.com/message.jspa?messageid= [25] Percival C AWS signature version 1 is insecure. Daemonic Dispatches. [26] Rane, P. Securing SaaS Applications. Information Systems Security.http://www.infosectoday.com/Articles/Securing_SaaS_Applications.htm. [27] Ristenpart, T., Tromer, E., Shacham, H., and Savage, S Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. Proceedings of the 16th ACM conference on Computer and communications security. New York, NY, USA, pp [28] Secunia Xen multiple vulnerabilities advisories. Secunia security. [29] Scholl, M. et al An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. National Institute of Standards and Technology. [30] Soghoian, C How Dropbox sacrifices user privacy for cost savings. Slight paranoia: [31] Soghoian, C In the matter of Dropbox, Inc. Request for investigation and complaint for injunctive relief. FTC Complaint. [32] Wojtczuk, R Subverting the Xen hypervisor Galois, Inc. Page 8 of 8

Security Considerations for Public Mobile Cloud Computing

Security Considerations for Public Mobile Cloud Computing Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea rdcaytiles@gmail.com 2 Research Institute of

More information

Seeing Though the Clouds

Seeing Though the Clouds Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May-2015 1681 ISSN 2229-5518

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May-2015 1681 ISSN 2229-5518 International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May-2015 1681 Software as a Model for Security in Cloud over Virtual Environments S.Vengadesan, B.Muthulakshmi PG Student,

More information

Cloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University

Cloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University Cloud Computing: Opportunities, Challenges, and Solutions Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University What is cloud computing? What are some of the keywords? How many of you cannot

More information

A Secure System Development Framework for SaaS Applications in Cloud Computing

A Secure System Development Framework for SaaS Applications in Cloud Computing A Secure System Development Framework for SaaS Applications in Cloud Computing Eren TATAR, Emrah TOMUR AbstractThe adoption of cloud computing is ever increasing through its economical and operational

More information

Architectural Implications of Cloud Computing

Architectural Implications of Cloud Computing Architectural Implications of Cloud Computing Grace Lewis Research, Technology and Systems Solutions (RTSS) Program Lewis is a senior member of the technical staff at the SEI in the Research, Technology,

More information

ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services

ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better

More information

ITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING

ITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING ITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute

More information

Security & Trust in the Cloud

Security & Trust in the Cloud Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer

More information

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013 CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street

More information

CIT 668: System Architecture

CIT 668: System Architecture CIT 668: System Architecture Cloud Security Topics 1. The Same Old Security Problems 2. Virtualization Security 3. New Security Issues and Threat Model 4. Data Security 5. Amazon Cloud Security Data Loss

More information

Multi Tiered Security and Privacy- Enhancing Multi-cloud Environment

Multi Tiered Security and Privacy- Enhancing Multi-cloud Environment Multi Tiered Security and Privacy- Enhancing Multi-cloud Environment Akanksha Rana 1, Srinivas Arukonda 2 1 M.Tech Student, Computer Science Department, Galgotias University, India 2 Assistant Professor,

More information

Cloud Computing. What is Cloud Computing?

Cloud Computing. What is Cloud Computing? Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited

More information

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014 Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System

More information

Data Protection: From PKI to Virtualization & Cloud

Data Protection: From PKI to Virtualization & Cloud Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

CLOUD COMPUTING. DAV University, Jalandhar, Punjab, India. DAV University, Jalandhar, Punjab, India

CLOUD COMPUTING. DAV University, Jalandhar, Punjab, India. DAV University, Jalandhar, Punjab, India CLOUD COMPUTING 1 Er. Simar Preet Singh, 2 Er. Anshu Joshi 1 Assistant Professor, Computer Science & Engineering, DAV University, Jalandhar, Punjab, India 2 Research Scholar, Computer Science & Engineering,

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

Framework for Cloud Usability

Framework for Cloud Usability Published in proceedings of HCI International 2015 Framework for Cloud Usability Brian Stanton 1, Mary Theofanos 1, Karuna P Joshi 2 1 National Institute of Standards and Technology, Gaithersburg, MD,

More information

Addressing Data Security Challenges in the Cloud

Addressing Data Security Challenges in the Cloud Addressing Data Security Challenges in the Cloud Coordinate Security. The Need for Cloud Computing Security A Trend Micro White Paper July 2010 I. INTRODUCTION Enterprises increasingly recognize cloud

More information

Keywords: Cloud; Security; privacy; multi-cloud; Application Partitioning; Tier Partitioning; Data Partitioning; Multi-party Computation.

Keywords: Cloud; Security; privacy; multi-cloud; Application Partitioning; Tier Partitioning; Data Partitioning; Multi-party Computation. An Secure Data Storage Multi Cloud Architecture Mr. Gajendrasing Chandel, Mr.Rajkumar R. Yadav Assistant Professor, Student M.Tech 2 nd Year Computer Science & Engineering, SSSIST, Sehor ABSTRACT In recent

More information

EXIN Cloud Computing Foundation

EXIN Cloud Computing Foundation Sample Questions EXIN Cloud Computing Foundation Edition April 2013 Copyright 2013 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing

More information

Clinical Trials in the Cloud: A New Paradigm?

Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

A Survey on Cloud Security Issues and Techniques

A Survey on Cloud Security Issues and Techniques A Survey on Cloud Security Issues and Techniques Garima Gupta 1, P.R.Laxmi 2 and Shubhanjali Sharma 3 1 Department of Computer Engineering, Government Engineering College, Ajmer Guptagarima09@gmail.com

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Cloud Computing Dr. A. Askarunisa Professor and Head Vickram College of Engineering, Madurai, Tamilnadu, India N.Ganesh Sr.Lecturer Vickram College of Engineering, Madurai, Tamilnadu,

More information

FACING SECURITY CHALLENGES

FACING SECURITY CHALLENGES 24 July 2013 TimeTec Cloud Security FACING SECURITY CHALLENGES HEAD-ON - by Mr. Daryl Choo, Chief Information Officer, FingerTec HQ Cloud usage and trend Cloud Computing is getting more common nowadays

More information

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST Future of Cloud Computing Irena Bojanova, Ph.D. UMUC, NIST No Longer On The Horizon Essential Characteristics On-demand Self-Service Broad Network Access Resource Pooling Rapid Elasticity Measured Service

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments IJSTE - International Journal of Science Technology & Engineering Volume 1 Issue 10 April 2015 ISSN (online): 2349-784X A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining

More information

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013 SRG Security Services Technology Report Cloud Computing and Drop Box April 2013 1 Cloud Computing In the Industry Introduction to Cloud Computing The term cloud computing is simply the use of computing

More information

KEY TERMS FOR SERVICE LEVEL AGREEMENTS TO SUPPORT CLOUD FORENSICS

KEY TERMS FOR SERVICE LEVEL AGREEMENTS TO SUPPORT CLOUD FORENSICS Chapter 12 KEY TERMS FOR SERVICE LEVEL AGREEMENTS TO SUPPORT CLOUD FORENSICS Keyun Ruan, Joshua James, Joe Carthy and Tahar Kechadi Abstract As the adoption of cloud services increases, the importance

More information

Customer Security Issues in Cloud Computing

Customer Security Issues in Cloud Computing Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320 088X IJCSMC, Vol. 2, Issue.

More information

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS *Dr Umesh Sehgal, #Shalini Guleria *Associate Professor,ARNI School of Computer Science,Arni University,KathagarhUmeshsehgalind@gmail.com

More information

Securing the Microsoft Cloud

Securing the Microsoft Cloud Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from

More information

Cloud models and compliance requirements which is right for you?

Cloud models and compliance requirements which is right for you? Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,

More information

Strategies for assessing cloud security

Strategies for assessing cloud security IBM Global Technology Services Thought Leadership White Paper November 2010 Strategies for assessing cloud security 2 Securing the cloud: from strategy development to ongoing assessment Executive summary

More information

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud

More information

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services Ronnie D. Caytiles and Byungjoo Park * Department of Multimedia Engineering, Hannam University

More information

SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING

SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING Karin Bernsmed, Martin Gilje Jaatun SINTEF Information and Communication Technology, Trondheim, Norway Karin.Bernsmed@sintef.no, Martin.G.Jaatun@sintef.no

More information

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 Cloud Basics Cloud Basics The interesting thing about cloud computing is that we've redefined cloud computing to include everything

More information

Cloud Computing: The Next Computing Paradigm

Cloud Computing: The Next Computing Paradigm Cloud Computing: The Next Computing Paradigm Ronnie D. Caytiles 1, Sunguk Lee and Byungjoo Park 1 * 1 Department of Multimedia Engineering, Hannam University 133 Ojeongdong, Daeduk-gu, Daejeon, Korea rdcaytiles@gmail.com,

More information

Managing PHI in the Cloud Best Practices

Managing PHI in the Cloud Best Practices Managing PHI in the Cloud Best Practices Executive Whitepaper Recent advances in both Cloud services and Data Loss Prevention (DLP) technology have substantially improved the ability of healthcare organizations

More information

Security Issues In Cloud Computing and Countermeasures

Security Issues In Cloud Computing and Countermeasures Security Issues In Cloud Computing and Countermeasures Shipra Dubey 1, Suman Bhajia 2 and Deepika Trivedi 3 1 Department of Computer Science, Banasthali University, Jaipur, Rajasthan / India 2 Department

More information

Mobile Cloud Computing Security Considerations

Mobile Cloud Computing Security Considerations 보안공학연구논문지 (Journal of Security Engineering), 제 9권 제 2호 2012년 4월 Mobile Cloud Computing Security Considerations Soeung-Kon(Victor) Ko 1), Jung-Hoon Lee 2), Sung Woo Kim 3) Abstract Building applications

More information

Information Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University.

Information Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University. Information Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University P a g e 1 P a g e 2 Table of Contents Abstract... 3 Introduction... 3 Previous

More information

CloudCheck Compliance Certification Program

CloudCheck Compliance Certification Program CloudCheck Compliance Certification Program Ensure Your Cloud Computing Environment is Secure with CloudCheck Certification Organizations today are increasingly relying on a combination of private and/or

More information

Cloud Computing Security: Risks and Threats

Cloud Computing Security: Risks and Threats Cloud Computing Security: Risks and Threats Abstract: Now a days, cloud computing has become a significant technology trend. The cloud computing technology benefits include cost savings, high availability

More information

Cloud-Security: Show-Stopper or Enabling Technology?

Cloud-Security: Show-Stopper or Enabling Technology? Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics

More information

CLOUD SECURITY SECURITY ASPECTS IN GEOSPATIAL CLOUD. Guided by Prof. S. K. Ghosh Presented by - Soumadip Biswas

CLOUD SECURITY SECURITY ASPECTS IN GEOSPATIAL CLOUD. Guided by Prof. S. K. Ghosh Presented by - Soumadip Biswas CLOUD SECURITY SECURITY ASPECTS IN GEOSPATIAL CLOUD Guided by Prof. S. K. Ghosh Presented by - Soumadip Biswas PART 1 A brief Concept of cloud Issues in cloud Security Issues A BRIEF The Evolution Super

More information

Get Confidence in Mission Security with IV&V Information Assurance

Get Confidence in Mission Security with IV&V Information Assurance Get Confidence in Mission Security with IV&V Information Assurance September 10, 2014 Threat Landscape Regulatory Framework Life-cycles IV&V Rigor and Independence Threat Landscape Continuously evolving

More information

Chapter 19 Cloud Computing for Multimedia Services

Chapter 19 Cloud Computing for Multimedia Services Chapter 19 Cloud Computing for Multimedia Services 19.1 Cloud Computing Overview 19.2 Multimedia Cloud Computing 19.3 Cloud-Assisted Media Sharing 19.4 Computation Offloading for Multimedia Services 19.5

More information

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management

More information

Cloud Computing Technology

Cloud Computing Technology Cloud Computing Technology The Architecture Overview Danairat T. Certified Java Programmer, TOGAF Silver danairat@gmail.com, +66-81-559-1446 1 Agenda What is Cloud Computing? Case Study Service Model Architectures

More information

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances -

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - 45 min Webinar: November 14th, 2014 The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - www.cunesoft.com Rainer Schwarz Cunesoft Holger Spalt ivigilance 2014 Cunesoft GmbH PART

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

A Survey on Security Issues and Security Schemes for Cloud and Multi-Cloud Computing

A Survey on Security Issues and Security Schemes for Cloud and Multi-Cloud Computing International Journal of Emerging Engineering Research and Technology Volume 3, Issue 5, May 2015, PP 1-7 ISSN 2349-4395 (Print) & ISSN 2349-4409 (Online) A Survey on Security Issues and Security Schemes

More information

Cloud Computing and its Security in Higher Education

Cloud Computing and its Security in Higher Education Cloud Computing and its Security in Higher Education Samir Tout stout@emich.edu School of Technology Studies, Information Assurance Eastern Michigan University (EMU) William Sverdlik wsverdlik@emich.edu

More information

Flying into the Cloud: Do You Need a Navigator? Services. Colin R. Chasler Vice President Solutions Architecture Dell Services Federal Government

Flying into the Cloud: Do You Need a Navigator? Services. Colin R. Chasler Vice President Solutions Architecture Dell Services Federal Government Services Flying into the Cloud: Do You Need a Navigator? Colin R. Chasler Vice President Solutions Architecture Dell Services Federal Government Table of Contents Executive Summary... 3 Current IT Challenges...

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

Top 10 Cloud Risks That Will Keep You Awake at Night

Top 10 Cloud Risks That Will Keep You Awake at Night Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com

More information

Module 1: Facilitated e-learning

Module 1: Facilitated e-learning Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1

More information

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Taking a Deeper Look at the Cloud: Solution or Security Risk? LoyCurtis Smith East Carolina University TAKING A DEEPER LOOK AT THE CLOUD:

More information

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National

More information

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012 A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES

More information

Cloud Courses Description

Cloud Courses Description Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,

More information

GAO INFORMATION SECURITY. Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing. Report to Congressional Requesters

GAO INFORMATION SECURITY. Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing. Report to Congressional Requesters GAO United States Government Accountability Office Report to Congressional Requesters May 2010 INFORMATION SECURITY Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing GAO-10-513

More information

Securing the Cloud Infrastructure

Securing the Cloud Infrastructure EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy

More information

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data

More information

WHITEPAPER. Data Security for Office 365 Balancing control & usability

WHITEPAPER. Data Security for Office 365 Balancing control & usability WHITEPAPER Data Security for Office 365 Balancing control & usability Contents Executive Summary... 2 Top Security Issues for Office 365... 4 Compelled Disclosures... 4 Unauthorized Sharing... 4 External

More information

Overview. FedRAMP CONOPS

Overview. FedRAMP CONOPS Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,

More information

Index Terms: Cloud Computing, Third Party Auditor, Threats In Cloud Computing, Dynamic Encryption.

Index Terms: Cloud Computing, Third Party Auditor, Threats In Cloud Computing, Dynamic Encryption. Secure Privacy-Preserving Cloud Services. Abhaya Ghatkar, Reena Jadhav, Renju Georgekutty, Avriel William, Amita Jajoo DYPCOE, Akurdi, Pune ghatkar.abhaya@gmail.com, jadhavreena70@yahoo.com, renjug03@gmail.com,

More information

Tableau Online Security in the Cloud

Tableau Online Security in the Cloud Tableau Online Security in the Cloud Author: Ellie Fields Senior Director, Product Marketing, Tableau Software June 2013 p2 Tableau Software understands that data is among the most strategic and important

More information

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,

More information

yvette@yvetteagostini.it yvette@yvetteagostini.it

yvette@yvetteagostini.it yvette@yvetteagostini.it 1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work

More information

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

Cloud Computing: Contracting and Compliance Issues for In-House Counsel International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,

More information

MDE Opportunities in Multi-Tenant Cloud Applications

MDE Opportunities in Multi-Tenant Cloud Applications MDE Opportunities in Multi-Tenant Cloud Applications Mohammad Abu Matar 1 and Jon Whittle 2 1 Etisalat British Telecom Innovation Center Khalifa University of Science, Technology and Research Abu Dhabi,

More information

Esri Managed Cloud Services and FedRAMP

Esri Managed Cloud Services and FedRAMP Federal GIS Conference February 9 10, 2015 Washington, DC Esri Managed Cloud Services and FedRAMP Erin Ross & Michael Young Agenda Esri Managed Services Program Overview Example Deployments New FedRAMP

More information

Architectural Principles for Secure Multi-Tenancy

Architectural Principles for Secure Multi-Tenancy Architectural Principles for Secure Multi-Tenancy John Linn, Office of the CTO, RSA, The Security Division of EMC John Field, Office of the CTO, EMC Also adapting prior content by Burt Kaliski DIMACS Workshop

More information

CLOUD COMPUTING. When It's smarter to rent than to buy

CLOUD COMPUTING. When It's smarter to rent than to buy CLOUD COMPUTING When It's smarter to rent than to buy Is it new concept? Nothing new In 1990 s, WWW itself Grid Technologies- Scientific applications Online banking websites More convenience Not to visit

More information

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING 1. K.SURIYA Assistant professor Department of Computer Applications Dhanalakshmi Srinivasan College of Arts and Science for Womren Perambalur Mail: Surik.mca@gmail.com

More information

CLOUD COMPUTING SECURITY CONCERNS

CLOUD COMPUTING SECURITY CONCERNS CLOUD COMPUTING SECURITY CONCERNS ABSTRACT ASMA GULAM MOHAMED Saveetha School of Engineering Cloud computing is set of resources including data storage, programs and hardware offered through the Internet.

More information

Executive s Guide to Cloud Access Security Brokers

Executive s Guide to Cloud Access Security Brokers Executive s Guide to Cloud Access Security Brokers Contents Executive s Guide to Cloud Access Security Brokers Contributor: Amy Newman 2 2 Why You Need a Cloud Access Security Broker 5 You Can t Achieve

More information

Cloud Computing 159.735. Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

Cloud Computing 159.735. Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009 Cloud Computing 159.735 Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009 Table of Contents Introduction... 3 What is Cloud Computing?... 3 Key Characteristics...

More information

Cloud Computing For Distributed University Campus: A Prototype Suggestion

Cloud Computing For Distributed University Campus: A Prototype Suggestion Cloud Computing For Distributed University Campus: A Prototype Suggestion Mehmet Fatih Erkoç, Serhat Bahadir Kert mferkoc@yildiz.edu.tr, sbkert@yildiz.edu.tr Yildiz Technical University (Turkey) Abstract

More information

Can Nuclear Installations and Research Centres Adopt Cloud Computing Platform?

Can Nuclear Installations and Research Centres Adopt Cloud Computing Platform? Can Nuclear Installations and Research Centres Adopt Cloud Computing Platform? Ameer PICHAN, Dr. Sie Teng SOH, A/Prof Mihai LAZARESCU School of Electrical Engineering and Computing, Curtin University,

More information

A Review on Cloud Computing Vulnerabilities

A Review on Cloud Computing Vulnerabilities A Review on Cloud Computing Vulnerabilities Ms. Sugandha Nandedkar, Ms.Sangeeta Kakarwal Asst.Prof., Department of Computer Science and Engineering, DIEMS /Dr. BAMU, Aurangabad, MH, India. Prof. and HOD,

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Database Management System as a Cloud Service

Database Management System as a Cloud Service Database Management System as a Cloud Service Yvette E. Gelogo 1 and Sunguk Lee 2 * 1 Society of Science and Engineering Research Support, Korea vette_mis@yahoo.com 2 Research Institute of Industrial Science

More information

Cloud Computing: Risks and Auditing

Cloud Computing: Risks and Auditing IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG

More information

FedRAMP Standard Contract Language

FedRAMP Standard Contract Language FedRAMP Standard Contract Language FedRAMP has developed a security contract clause template to assist federal agencies in procuring cloud-based services. This template should be reviewed by a Federal

More information

Cloud Security & Risk. Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com

Cloud Security & Risk. Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com Cloud Security & Risk Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com Agenda About Compass Overcast - Cloud Overview Thunderheads - Risks in the Cloud The Silver Lining - Security Approaches

More information

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment

More information