White Paper: Cloud Security. Cloud Security
|
|
- Morgan Chambers
- 8 years ago
- Views:
Transcription
1 White Paper: Cloud Security Cloud Security
2
3 Introduction Due to the increase in available bandwidth and technological advances in the area of virtualisation, and the desire of IT managers to provide dynamically changing levels of service in the most cost effective way, the idea of cloud computing is something that is (has) become popular again. The concept is not a completely new one, in fact the historians will tell you that IBM were offering cloud based services (processing power for hire) back in the 1950s. However, as outlined above, and coupled with the unprecedented level of inter connectivity between organisations and people and their data, the advantages of cloud based computing have come to the fore. It is not without risk however. The idea of putting your key business data out in the cloud is something that puts a chill down many a c-level executive or business owner s back. Questions that come to mind immediately are very basic but also important to get answers to How secure is this data? Who will be able to have access to it? What if it s not available when I need it? Where is that data actually stored? What happens to my data if I need to change cloud providers? Etc. There are many questions that realistically need to be answered before you take the plunge, but by putting some thought into it and making decisions based on rational assessment process, should enable you to take advantage of the benefits offered by the cloud in a way that makes sense to you and is acceptable from a risk perspective. The aim of this article is to provide you with some of the tools you need to make an informed decision before you feel happy putting your data and business processes into the hands of a faceless stranger! Firstly it is important to put some definitions around information security and the cloud. Confidentiality, Integrity and Availability It is well documented that information security is all about maintaining the Confidentiality, Integrity and Availability (or CIA for short) of information. To have a compromise in any of these areas is to have a data security incident. There are many examples of data security breaches in the world today both at home and abroad. It is not uncommon to turn on the news and hear about the company that has left all of their clients sensitive financial details on a stolen laptop or to hear about a new virus or worm that is costing industry millions of Euros per day while it is out in the wild. These examples represent information security compromises and, interestingly enough, the types of controls available to prevent (or dramatically reduce the impact of) such incidents are readily available. It is important to realise that the various controls related to protecting information security in general are not fundamentally any different for protecting information that resides in the cloud. As such the basic tools that can be used to protect your information fall into three categories of controls as follows Administrative Controls (policies, procedures, standards, baselines, guidelines, contracts, user awareness etc) Technical Controls (firewalls, encryption, anti-virus, authentication, resilience, redundancy etc) Physical Controls (secure operating environments, security guards, CCTV, doors, locks, cages, fire suppression etc). Cloud Security Page 1
4 Your information security management program, if it is a healthy one, should be made up of any number of the above type of controls so that the high priority security issues have been addressed. To answer the questions of which controls are applicable to your environment, it is best to perform an assessment of the various risks that you are faced with, and to select the controls that help to minimise the risks that you have identified to an acceptable level. Conducting a risk assessment is one of the fundamental building blocks of implementing a systematic information security management program. Threats and Risks Given that we are looking at putting our data in the cloud, we are likely faced with a different set of risks than would usually be found within a normal IT environment. The table below lists some of the threats and risks pertinent to the cloud Top Cloud Security Risks ( ref. European Network and Information Security Agency Loss of Governance Lock-in (lack of data portability between cloud providers) Isolation Failure (compromises in shared platform security). Compliance Risks Management Interface Data Protection Insecure or incomplete data deletion Malicious Insider Top Cloud Threats (ref: The Cloud Security Alliance, Abuse and Nefarious Use of Cloud Computing Insecure Application Programming Interfaces Malicious Insiders Shared Technology Vulnerabilities Data Loss / Leakage Account, Service and Traffic Hijacking Unknown Risk Profile Cloud Deployment and Delivery To put some of these risks and threats into context, let us first put some definition around what we mean by the cloud. There are some key distinctions between the types of services available from the cloud and it is important to differentiate between the deployment and delivery models associated with each. It is generally accepted that cloud services are defined by the SPI model i.e. software-as-a-service (SAAS), platform-as-a-service (PAAS) and infrastructure-as-a-service (IAAS). For example, Google Apps could be considered as SAAS service, Microsoft s Azure Platform which allows application developers to design and deploy cloud ready applications would be considered a PAAS offering and any number of hosting partners can provide IAAS services, typically deployed on elastic platforms that allow for rapid scalability in terms of processing power, storage and bandwidth for example. Cloud Security Page 2
5 Key attributes / characteristics for each model are as follows: SAAS: Is a delivered solution, not that extensible or customisable by the customer, tends to have a high level of security built in (provider tends to bear the burden of security) PAAS: More extensible and customisable, allows developers to build their own apps, more extensible than SAAS and this extends to security controls which would offer customisation of controls. IAAS: Few application like features, huge extensibility and customisation offered extends to security. Customer more likely to have to manage their own security. It is also useful to consider the way in which your cloud is deployed. There are three main deployment models currently accepted as standard and these are: Public Cloud - your cloud based services are provided on a shared platform, the same platform is shared with others; Private Cloud - a dedicated infrastructure maintained and operated solely for your organisation by the cloud service provider; Hybrid Cloud - a combination of both public and private cloud delivery models. Obviously, the whole area of cloud based services is rapidly evolving, so the above concepts are not cast in stone but do provide a baseline to use when comparing service delivery mechanisms. So, when we are looking at the security issues related to the cloud, the first job at hand is really to define what is meant by the cloud. Is it (for example) a new business application being rolled out to your corporate sales force using a SAAS platform over a Public cloud delivery mechanism or; are you replacing your in-house managed web servers to a CSP (cloud service provider) who can handle the annual spikes in bandwidth and processing that occur at the same point every year, with their IAAS model, where you only pay for what you use. When we ascertain what the risks are, we can use an appropriate set of controls to manage these risks. Let us remember that when we are evaluating risks to information security, what we are looking at are risks related to compromises of information Confidentiality, Integrity and Availability. Cloud Security Page 3
6 Risk Mitigation Example If we take the example of SAAS where perhaps our sales team keep information related to key accounts in the cloud, it is reasonable to assume that, at some point, there may me some data loss or leakage from the cloud service provider. A simple example may be where deletion or alteration of records without a backup of the original content has occurred (probably one of the most common issues to plague computer users ever since computing began, never mind the cloud!). What about where unauthorised access occurs to data in the cloud, thereby resulting in a breach of data confidentiality or integrity. How can we use some of the established types of controls to help mitigate these issues Administrative Controls: Cloud Service Provider Contracts. o o We could contractually oblige our Service Provider to ensure that they provide adequate data backup and retention strategies. We could demand that they wipe persistent media before it is released in to the pool (thereby reducing the risk of inadvertent data leakage ) Policy and Awareness o We could enforce a strict access control policy and; o Ensure that our workforce are sufficiently aware of our polices (by providing awareness training) Technical Controls: Authentication o Encryption o o Implement Strong Access Control / Authentication Mechanisms Encrypt and protect the integrity of data in transit and at rest Implement strong encryption key generation, storage and management and destruction practises. The above list of controls are not exhaustive, but illustrate that there are intersections between the controls used to mitigate risks within a normal IT environment and that of a cloud based one. Cloud Security Page 4
7 Data Classification A key question to answer when considering the issues related to cloud based security is, what is the kind of data that you intend to put up in the cloud? When determining the kind of data that is in the cloud, what we really mean is, is how sensitive is this data and how critical is this data, what is this data actually worth. By answering these questions we are in-effect classifying the data. Data Classification is the cornerstone of ensuring that an appropriate amount of security is utilised to protect information assets. The key word here is appropriate ; this means not too much and not too little security. For example, you wouldn t spend a million Euros on a state of the art safe (think Tom Cruise, Mission Impossible) to protect something that is worth a few hundred Euros; conversely you wouldn t spend only a hundred Euros insuring that priceless diamond necklace. When Data Classification is performed it helps us to define several key characteristics that drive the security controls necessary. When considering the sensitivity of the data, this helps to determine the requirements necessary for ensuring the confidentiality of the data. We can ask questions such as who should have access to the data? If it is publically accessible data (like a bus timetable or TV listings for example) then the data may be classified as a public and not in the slightest bit confidential, and therefore not require any significant level of data security controls. On the other hand, the data could be the earnings report for the quarter and considered to be highly confidential (particularly if you are a publically quoted company) up until the day it is released to the stock market. In this case, the data may need additional levels of security, such as data encryption and strict access control measures in place. By using these two examples, of classifying the data s sensitivity, we can see that different controls and therefore different levels of security are required. However, in this case we can justify the cost of the controls implemented by performing a data classification process. In the same way that sensitivity is classified, it also pays to establish the criticality of the information. This can help to drive requirements in the key security (and cloud) area of availability. Questions to be asked here could be.is this data we are using considered to be highly critical to our operations? If so, then we need to ensure that this data is available for % of the time (this comes as at a cost) or is the data less critical, perhaps it is only needed a few times a month (for example when you are doing the monthly payroll). Payroll information is a good example, this is something that could be considered to be confidential but not that critical i.e. we could put more emphasis on ensuring that it remains confidential (perhaps by encrypting it and maintaining a strict access control policy) than on making sure that it is available 99% of the time. When considering the data that we want to put out in the cloud, we should perform a data classification exercise and determine if the type of cloud service is inherently capable of providing the necessary level of security required. Will the security controls in place be adequate to ensure that the sensitivity of the data is maintained and will the necessary controls be in place to ensure that we can access the data when we need it? Let s assume that we have performed our data classification process and established that the data to be processed is highly sensitive. Our cloud service provider is offering us a service that is based on a Shared SAAS platform. We have little or no control over the security of the service and to make matters worse, our Cloud Security Page 5
8 data is being hosted on a public platform. The risk averse amongst us, may argue that something as common as human error (maybe an administrator inadvertently give access to your data to a competitor) may be enough (if it were to occur) to have a significant impact on your business that it does not warrant the perceived cost savings benefits of putting that information in the cloud (at least for the type of service initially offered). Maybe another type of service is required; perhaps an SAAS service provided on a Private Cloud would adequately address the risk. Alternatively, maybe we should just hire the Infrastructure from the CSP and manage the application ourselves. We can customise the necessary controls to our hearts content; thereby ensuring adequate levels of security are available to address our perceived risks. The downside (assuming you see it like that) is that there is a higher cost associated with managing this security level. Conclusion It looks like the cloud is here to stay, the benefit are too compelling to ignore. Key issues that will continue to effect information security concerns are lack of cloud standards, the perceived loss of control of data, questions over the physical location of data, questions related to availability of service, questions related to the trustworthiness of the cloud service providers etc, indeed this could be a very long list. A comprehensive and systematic approach to information security management is required and this should underpinned by regular assessment and testing. It is important for organisations who are considering taking the plunge to perform a risk assessment and to perform a data classification process. These concepts will not be new to anyone who is currently implementing information security practises in line with accepted best practise methodologies such as ISO27001/2, CoBIT, PCI DSS etc. The type of information security controls that exist today that help organisations manage risk can readily be adopted and ported to cloud based computing systems. Cloud Security Page 6
9
10 About Espion Espion are Corporate Information specialists. We work with organisations across all industries and business functions to provide advice and assistance relating to the holistic compliance, protection and management requirements of their most valuable asset information. This allows our clients to focus on their core business and ultimately achieve greater success. Espion Headquaters Corrig Court, Corrig Road, Sandyford Industrial Estate, Dublin 18, Ireland +353 (01)
D. L. Corbet & Assoc., LLC
Demystifying the Cloud OR Cloudy with a Chance of Data D. L. Corbet & Assoc., LLC thelinuxguy@donet.com Why 'The Cloud' Common Clouds Considerations and Risk Why 'The Cloud' Distributed Very Large / Very
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationCloud computing: benefits, risks and recommendations for information security
Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation
More informationWHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?
WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber
More informationCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer
More informationyvette@yvetteagostini.it yvette@yvetteagostini.it
1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security and Challenges
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security and Challenges Agenda Overview of Information Security Management Information
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationCLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM
CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationHow To Protect Your Cloud Computing Resources From Attack
Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview
More informationCloud Computing and Records Management
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationFACING SECURITY CHALLENGES
24 July 2013 TimeTec Cloud Security FACING SECURITY CHALLENGES HEAD-ON - by Mr. Daryl Choo, Chief Information Officer, FingerTec HQ Cloud usage and trend Cloud Computing is getting more common nowadays
More informationCloud Computing Toolkit
DEPARTMENT OF INFORMATION STUDIES, ABERYSTWYTH UNIVERSITY Cloud Computing Toolkit Guidance for outsourcing information storage to the cloud Nicole Convery 26/08/2010 Toolkit to guide information professionals
More informationCloud, Community and Collaboration Airline benefits of using the Amadeus community cloud
Cloud, Community and Collaboration Airline benefits of using the Amadeus community cloud Index Index... 2 Overview... 3 What is cloud computing?... 3 The benefit to businesses... 4 The downsides of public
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationSTORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM
STORAGE SECURITY TUTORIAL With a focus on Cloud Storage Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members
More informationWeek 1 Assignment. William Slater. CYBR 615 Cybersecurity Governance and Compliance. Bellevue University
The Roles of the Internal Audit Team in Cloud Computing 1 Week 1 Assignment William Slater CYBR 615 Cybersecurity Governance and Compliance Bellevue University The Roles of the Internal Audit Team in Cloud
More informationCloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Policy Effective Date: July 28, 2015 1.0 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More informationThe Magazine for IT Security. May 2010. issue 3. sör alex / photocase.com
The Magazine for IT Security May 2010 sör alex / photocase.com free digital version made in Germany issue 3 Luiz Fotolia.com Clouds or storm clouds? Cloud Computing Security by Javier Moreno Molinero Gradually,
More informationDATA AND PAYMENT SECURITY PART 1
STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of
More informationMAXIMUM PROTECTION, MINIMUM DOWNTIME
MANAGED SERVICES MAXIMUM PROTECTION, MINIMUM DOWNTIME Get peace of mind with proactive IT support Designed to protect your business, save you money and give you peace of mind, Talon Managed Services is
More informationRecommendations for companies planning to use Cloud computing services
Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation
More informationWhat Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen
What Is The Cloud And How Can Your Agency Use It Tom Konop Mark Piontek Cathleen Christensen Video Computer Basics: What is the Cloud What is Cloud Computing Cloud Computing Basics The use of the word
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationT H E E D U C A T I O N C L O U D. Freedom... a true Cloud based solution for education!
T H E E D U C A T I O N C L O U D Freedom... a true Cloud based solution for education! Contents T H E E D U C A T I O N C L O U D What is Freedom? 04 Freedom... a Cloud based solution for education! High
More informationOverview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
More informationSecurity Issues in Cloud Computing
Security Issues in Cloud Computing Dr. A. Askarunisa Professor and Head Vickram College of Engineering, Madurai, Tamilnadu, India N.Ganesh Sr.Lecturer Vickram College of Engineering, Madurai, Tamilnadu,
More informationWhat Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.
What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model
More informationWhy SAAS makes sense: The benefits of Cloud Computing for Email Archiving
Why SAAS makes sense: The benefits of Cloud Computing for Email Archiving Confidentiality This document contains confidential material that is proprietary to Gradian Systems Ltd. The material, ideas, and
More informationBringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors
Bringing the Cloud into Focus A Whitepaper by CMIT Solutions and Cadence Management Advisors Table Of Contents Introduction: What is The Cloud?.............................. 1 The Cloud Benefits.......................................
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationCloud Storage: Where Does It Fit Into Tomorrow s IT?
Cloud Storage: Where Does It Fit Into Tomorrow s IT? Vincent Franceschini CTO Distributed Data Storage Solutions Hitachi Data Systems Corporation Vincent.Franceschini@hds.com Constant, increasing reliance
More informationCustomer Engagement & The Cloud
Customer Engagement & The Cloud Silverbear Membership Customer Engagement & The Cloud There has been a lot of talk and hype recently surrounding this new phenomenon called the Cloud". A lot of senior business
More informationRisks and Challenges
Cloud and Mobile Security: Risks and Challenges Chong Sau Wei (CISM) chong@scan associates.net General Manager Managed Security Services SCAN Associates Berhad Seminar e Kerajaan Negeri Pulau Pinang 14
More informationClick. Schedule. Relax.
Reliability and Security Reliability and Security: Twelve Essential Questions to Ask Online Employee Scheduling Providers about Reliability and Security 2003 ScheduleSource, Inc. All rights reserved. Table
More informationSecurity in the Cloud: Visibility & Control of your Cloud Service Providers
Whitepaper: Security in the Cloud Security in the Cloud: Visibility & Control of your Cloud Service Providers Date: 11 Apr 2012 Doc Ref: SOS-WP-CSP-0412A Author: Pierre Tagle Ph.D., Prashant Haldankar,
More informationInformation Security: Cloud Computing
Information Security: Cloud Computing Simon Taylor MSc CLAS CISSP CISMP PCIRM Director & Principal Consultant All Rights Reserved. Taylor Baines Limited is a Registered Company in England & Wales. Registration
More informationA COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012
A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES
More information<cloud> Secure Hosting Services
Global Resources... Local Knowledge Figtree offers the functionality of Figtree Systems Software without the upfront infrastructure investment. It is the preferred deployment solution for organisations
More informationData In The Cloud: Who Owns It, and How Do You Get it Back?
Data In The Cloud: Who Owns It, and How Do You Get it Back? Presented by Dave Millier, Soban Bhatti, and Oleg Sotnikov 2013 Sentry Metrics Inc. Agenda Reasons for Cloud Adoption How Did My Data Get There?
More informationCloud Security: An Independent Assessent
Cloud Security: An Independent Assessent A Quantix White Paper Dec 2010 Call us on: 0115 983 6200 Visit us on-line at: www.quantix-uk.com E-mail us at : enquiries@quantix-uk.com Why are people concerned
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationIs it Time to Trust the Cloud? Unpacking the Notorious Nine
Is it Time to Trust the Cloud? Unpacking the Notorious Nine Jonathan C. Trull, CISO, Qualys Cloud Security Alliance Agenda Cloud Security Model Background on the Notorious Nine Unpacking the Notorious
More informationCloud Services Overview
Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture
More informationNSTAC Report to the President on Cloud Computing: Cloud Computing Security Controls For NS/EP (Appendix E)
THE PRESIDENT S NATIONAL SECURITY TELECOMMUNICATIONS ADVISORY COMMITTEE Cloud Computing Security Controls For NS/EP (Appendix E) May 15, 2012 TABLE OF CONTENTS 1.0 CLOUD SECURITY ALLIANCE (CSA) CLOUD CONTROLS
More informationnext generation privilege identity management
next generation privilege identity management Nowadays enterprise IT teams are focused on adopting and supporting newer devices, applications and platforms to address business needs and keep up pace with
More informationEnterprise Global Security in an era of Hybrid Cloud and Smart Mobile
Enterprise Global Security in an era of Hybrid Cloud and Smart Mobile M. Asif Riaz, CISM, CISSP, CEH Agenda Users are demanding access to applications and services from wherever they are, whenever they
More informationCloud Computing in a Government Context
Cloud Computing in a Government Context Introduction There has been a lot of hype around cloud computing to the point where, according to Gartner, 1 it has become 'deafening'. However, it is important
More informationCloud Computing Flying High (or not) Ben Roper IT Director City of College Station
Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station What is Cloud Computing? http://www.agent-x.com.au/ Wikipedia - the use of computing resources (hardware and software)
More informationGuide. Email is vital - but it s not your business!
Email is vital - but it s not your business! Businesses around the world send around 100 billion emails every day and the volume shows no sign of abating any time soon. Indeed, according to research from
More informationCloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
More informationCloud Computing Risk and Rewards
Cloud Computing Risk and Rewards John Lazarine Vice President and Chief Audit Executive Mark Salamasick Director of Center for Internal Auditing For Dallas CPA Society Convergence 2013 May 8, 2013 John
More informationIT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.
IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT
More informationWhat Is BYOD? Challenges and Opportunities
Wor k s pac es Mobi l i t ysol ut i ons Bl uewi r esol ut i ons www. bl uewi r e. c o. uk What Is BYOD? Challenges and Opportunities What is BYOD How Secure is Your BYOD Environment? Bring your own device
More informationBuyer s Guide. Buyer s Guide to Secure Cloud. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.net
Buyer s Guide to Secure Cloud Buyer s Guide to Secure Cloud An executive guide to outsourcing IT infrastructure and data storage using Private Cloud as the foundation. Executives derive much confidence
More informationCloud Computing. Karan Saxena * & Kritika Agarwal**
Page29 Cloud Computing Karan Saxena * & Kritika Agarwal** *Student, Sir M. Visvesvaraya Institute of Technology **Student, Dayananda Sagar College of Engineering ABSTRACT: This document contains basic
More informationElectronic Records Storage Options and Overview
Electronic Records Storage Options and Overview www.archives.nysed.gov Objectives Understand the options for electronic records storage, including cloud-based storage Evaluate the options best suited for
More informationCloudDesk - Security in the Cloud INFORMATION
CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES
More informationSecurity Officer s Checklist in a Sourcing Deal
Security Officer s Checklist in a Sourcing Deal Guide Share Europe Ostend, May 9th 2014 Johan Van Mengsel IBM Distinguished IT Specialist IBM Client Abstract Sourcing deals creates opportunities and challenges.
More informationNew Risks in the New World of Emerging Technologies
New Risks in the New World of Emerging Technologies Victor Chu Client Technical Professional Identity, Security, and Compliance Management Software Group IBM Malaysia Risk it s NOT a four simple letter
More informationHow To Decide If You Should Move To The Cloud
Can security conscious businesses really adopt the Cloud safely? January 2014 1 Phone: 01304 814800 Fax: 01304 814899 info@ Contents Executive overview The varied Cloud security landscape How risk assessment
More informationA Comparison of PaaS clouds with a Detailed Reference to Security and Geoprocessing Services
A Comparison of PaaS clouds with a Detailed Reference to Security and Geoprocessing Services Department of Computer Science presented at the 1 st International Workshop on Pervasive Web Mapping, Geoprocessing
More informationInsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?
What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software
More informationAre you prepared for the BYOD (bring your own device) movement?
Are you prepared for the BYOD (bring your own device) movement? IRIS Service Management Guide www.irisfieldservice.com Are you prepared for the BYOD (bring your own device) movement? The trend towards
More information1 The intersection of IAM and the cloud
1 The intersection of IAM and the cloud Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Theory, practice, pros and cons with a focus on enterprise deployments of IAM and cloud
More informationHow To Choose A Cloud Computing Solution
WHITE PAPER How to choose and implement your cloud strategy INTRODUCTION Cloud computing has the potential to tip strategic advantage away from large established enterprises toward SMBs or startup companies.
More informationSecurity Issues In Cloud Computing And Their Solutions
Security Issues In Cloud Computing And Their Solutions Mr. Vinod K. Lalbeg Lecturer (Management), NWIMSR, Pune-1 & Ms. Anjali S. Mulik Lecturer (Management), NWIMSR, Pune-1 ABSTRACT Cloud Computing offers
More informationISSN: 2321-7782 (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies
ISSN: 2321-7782 (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies Research Paper Available online at: www.ijarcsms.com Analogous
More informationSecurity Considerations for Public Mobile Cloud Computing
Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea rdcaytiles@gmail.com 2 Research Institute of
More informationDean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage
Dean Bank Primary and Nursery School Secure Storage of Data and Cloud Storage January 2015 All school e-mail is disclosable under Freedom of Information and Data Protection legislation. Be aware that anything
More informationPDSA Special Report. Is your Company s Security at Risk
PDSA Special Report Introduction There is probably no such thing as a completely secure company. However, if you are not thinking about security in your company, you are running a big risk. We are not
More informationCloud Infrastructure Security
Cloud Infrastructure Security Dimiter Velev 1 and Plamena Zlateva 2 1 University of National and World Economy, UNSS - Studentski grad, 1700 Sofia, Bulgaria dvelev@unwe.acad.bg 2 Institute of Control and
More informationSecurity Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)
Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security
More informationManaging your Information Assets in the Cloud
Managing your Information Assets in the Cloud Nick Loy, Director, Portfolio Management Documents BancTec Certified Information Professional Enterprise Content Management Practioner Prior to BancTec, was
More informationCloud Computing: Risks and Auditing
IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG
More informationCloud Computing: Background, Risks and Audit Recommendations
Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For
More informationModule 1: Facilitated e-learning
Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1
More informationNAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC
Main Types of Cloud Environments: - Public Cloud: A service built on an external platform run by a cloud service provider such as IBM, Amazon Web Services or Microsoft Azure. Subscribers can get access
More informationEnrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------
w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------
More informationCopyright Sapphire Systems plc Not to be reproduced without the express consent of Sapphire Systems plc
1 Given the level of hype around cloud you d be forgiven for thinking it s a new phenomenon. In fact cloud solutions have been around since the 1990s in various forms, whether through a managed service
More information<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129
Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the
More informationTop Five Ways to Protect Your Network. A MainNerve Whitepaper
A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State
More informationHow to Turn the Promise of the Cloud into an Operational Reality
TecTakes Value Insight How to Turn the Promise of the Cloud into an Operational Reality By David Talbott The Lure of the Cloud In recent years, there has been a great deal of discussion about cloud computing
More informationMicrosoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10
Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between
More informationCLOUD COMPUTING GUIDELINES FOR LAWYERS
INTRODUCTION Legal practices are increasingly using cloud storage and software systems as an alternative to in-house data storage and IT programmes. The cloud has a number of advantages particularly flexibility
More informationVormetric Data Security Securing and Controlling Data in the Cloud
Vormetric Data Security Securing and Controlling Data in the Cloud Vormetric, Inc. Tel: 888.267.3732 Email: sales@vormetric.com www.vormetric.com Table of Contents Executive Summary.........................................................3
More informationData Protection Act 1998. Bring your own device (BYOD)
Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...
More informationLIVE CHAT CLOUD SECURITY Everything you need to know about live chat and communicating with your customers securely
LIVE CHAT CLOUD SECURITY Everything you need to know about live chat and communicating with your customers securely LIVE CHAT CLOUD SECURITY Introduction Security is a top priority online it is vital that
More informationClouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst
Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment
More information