The Magazine for IT Security. May issue 3. sör alex / photocase.com

Size: px
Start display at page:

Download "The Magazine for IT Security. May 2010. issue 3. sör alex / photocase.com"

Transcription

1 The Magazine for IT Security May 2010 sör alex / photocase.com free digital version made in Germany issue 3

2 Luiz Fotolia.com Clouds or storm clouds? Cloud Computing Security by Javier Moreno Molinero Gradually, cloud computing is becoming a reality for CIOs. The possibility of outsourcing services that until now were considered strategic, such as or ERP applications, is taking shape thanks to services like Google Apps and SalesForce.com. IT infrastructure is also turning to the cloud through the instantiation of virtual machines on services like Amazon's EC2 or Microsoft Azure. In this article, the cloud computing phenomenon will be analyzed, giving special emphasis to threats and vulnerabilities that apply to the services offered from the cloud. Introduction Cloud computing has definitively come, or rather has come back, to stay in the information technology world. Companies of all sizes and sectors are at least looking at various online solutions on the market. Some of these companies have already migrated their relevant processes like , CRM and ERP applications or even storage solutions to cloud services like Google Apps, Salesforce.com, Zoho or DropBox. Similarly, a lot of new application developments are based on infrastructure or platforms offered form the cloud like for example Amazon EC2 or Microsoft Azure. The business case of these types of solutions is pleasantly satisfactory as far as cost savings and investments are concerned, because the cloud services providers profit from economies of scale in order to offer prices hardly equalled by traditional solutions. However, from an information security point of view, a number of questions arise about the various threats facing the cloud and the data stored in it. Where are the data physically? Under what jurisdiction? Are my data on the same server as my competitors data? How can I be sure that my competitors do not gain access to my data? What happens to my data when I unsubscribe from a cloud service? How do I ensure that my data is removed? What level of service do I have? If that level is not met, against whom and how can I claim? The cloud is accessible worldwide - would my business information therefore not be more secure in my own CPD? In the first sections of this article, the origin of cloud computing, its main features, its three service models and its three deployments models are described. Having laid the main foundations of this new approach to outsourcing, the main risks and benefits of this model of computing are described. Cloud Computing Definition Cloud computing is not a new technology, but a new way of using current technological resources. Basically, the cloud is the provision of technological services of all kinds ( , storage, office tools, CRM,...) immediately and on demand. Cloud computing allows the use of technological resources unpublished until now because of the flexibility it provides. The main features of cloud computing are: 1. High level of abstraction 2. On demand 3. Cost reduction resulting from economies of scale 4. Flexibility and scalability 5. Pay per use 6. Almost instant provision Depending on the functionality of the service being provided from the cloud, there are three service models in cloud computing 1 : Software As a Service (SaaS) The customer uses applications that are run by the cloud infrastructure provider. Access to these applications is established, in most cases, through a web browser and the Internet. The user control over the application is limited to the configuration of small specific characteristics of the service. This is the model in which the user transfers almost the entire responsibility for IT security to the service provider. 35

3 Platform As a Service (PaaS) In this model, customers can deploy their applications on the cloud provider s infrastructure. These applications will be developed in any language supported by the cloud provider. The customer has total control of the application configuration. However, changes to the operating system configuration, network configuration or storage system are not allowed. Infrastructure As a Service (IaaS) In this model, the customer has the opportunity to acquire (rent) processing, storage, network resources and/or any other type of technological infrastructure, so it can deploy its own software on this infrastructure. Such software can include anything from applications to operating systems. The user does not control the underlying technology infrastructure, but has total control over the network configuration, operating system and applications. In this model, IT security responsibility is transferred almost entirely to the customer. Figure 2 below demonstrates the details of this classification: the middleware layer, and finally the IAAS model includes the entire infrastructure. If the cloud service customer contracts just a few levels of the stack and furthermore, if these levels are located at the bottom, the cloud service provider will not be responsible for the security of the systems employed by the client. Conversely, if the customer hires many layers covering many levels of the stack, the risk will be transferred to the service provider. The above is the key point for managing security in cloud computing models. The main drawback of IT risk transfer to providers is that this will limit the flexibility and features in the cloud services contracted. Another aspect of the stack levels of cloud computing are the various interfaces that appear at the top level of each of the models. APIs (in IAAS), Integration & Middleware (in PAAS) and Modality & Presentation Platform Presentation (in SaaS) are levels that act as intermediaries between the user's client (web browser) and the cloud computing services provider. The following chart shows examples of services for these three models: Software as Service (SAAS) Platform as a Service (PAAS) Infrasturcture as a Service (IAAS) Cloud services can also be classified according to their service model: a) Public: Available to any company or individual. Normally these cloud services are published on the Internet. The chart above shows a stack in which the components for the cloud computing architecture are classified. SaaS is seen as including all elements of the stack, the model PAAS includes even b) Private: Cloud computing services are accessible only through private networks built specifically for this purpose. c) Partner: The providers offer cloud service to a limited and well-defined set of customers. 36

4 Weakness In Cloud Security Cloud computing represents a major challenge for service providers, for its customers and, of course, for external attackers. Thousands of gigabytes of information from different customers are held in one place and are exposed to the Internet. This "candy" is very sweet for hundreds of malicious users eager for success and fame in the underground. If the customer data of a company are a target for any industrial spy, imagine how sweet the customer data from thousands of companies exposed to the Internet are. This is exactly what happened to the most famous online CRMs: SalesForce.com. Security is one aspect that must be taken into account when taking services from the cloud. The adoption of cloud computingbased technologies is unstoppable, but precautions should be taken to avoid that the potential cost savings do not result in a security threat. IT security will play an important role in the deployment of cloud computing. In fact, according to a study by IDC in August , security is the biggest challenge faced by IT managers wanting to adopt solutions and services hosted in the cloud. According to a report developed by ENISA 4 at the end of 2009, threats of cloud computing can be classified as follows: a) IT governance lost The customer hiring a cloud computing service gives part of their IT infrastructure governance to the provider. In this case the service level agreement (SLA) plays a crucial role in insuring the customer. b) Provider deadlock There is currently not a great variety of cloud service providers. Customers can experience considerable difficulties in trying to change their cloud computing service provider. c) Isolation failure Sharing resources is one of the most important features of cloud computing. Multiple clients can, for example, be sharing the same physical server. If the privacy of customers is not good enough, "invasions" among customers could occur. d) Compliance risks By outsourcing certain services and core processes, compliance with legislative data protection laws and regulatory standards like PCI DSS and ISO can get very complicated. The service providers can impose constraints on conducting audits of their infrastructure. e) Publication of management interfaces The management interfaces of the services contracted, for example in a SaaS model, are published directly on the Internet. This increases the risks substantially compared with traditional systems in which management interfaces are accessible only from internal networks. f) Data protection For the customer of cloud computing services, data protection is difficult. It is very hard to secure the data which can be found distributed in multiple locations. Ensuring that data is handled properly is also complicated because the control over data transfers is outside the scope of the owner. g) Unsafe or incomplete data deletion Historically, secure deletion of data has been a very complex issue which consisted of developing a series of processes to ensure that there is no copy of the data in any location. The reuse of hardware resources is very common in the computing cloud. A new customer can, for example, be assigned a storage section in which, until recently, data from another customer was held. This can result in the risk of loss of confidentiality, if the previous data has not been deleted securely and thoroughly. h) Malicious users Cloud computing needs high user profiles for its administration. A system administrator will have comprehensive privileges over different resources from different customers. A malicious user who successfully compromises the system security and captures an administrator session will obtain access to many customers information- Benefits In Cloud Security Although cloud computing introduces a high number of threats to the security of information, there are a number of benefits that can potentially reduce IT risks of this new computing model 5. The following technical arguments can be used to reduce the impact on IT security adoption that cloud computing involves: a) Pre-hardening Cloud service providers will gain experience in IT security management. This will allow their systems to harden off. The customer, by hiring a cloud service, will find an environment properly secured and tested from the start. b) Data centralization Although the congregation of resources at one location is a security risk, it also means lower costs for the perimeter security and physical access control. Several systems and/or customers housed in the same physical location can share physical and perimeter security. c) Economies of scale focus on security elements Elements of information security management like patch management, system hardening or filters implementation require far less investment in cloud computing because these resources are shared among several customers. d) Fast incident response Several cloud services customers can share a computer incident response team or system; this security service probably could not be established individually for each customer due to the high costs involved. In view of an incident which has affected the availability of customer systems, a service pro- 37

5 vider or even the customer may relocate their systems and/or services to another part of the cloud infrastructure which has not been compromised. e) Security as a value added to service A sense of panic has grown among potential customers of cloud computing in relation to their security. This can be used by providers as a golden opportunity to create value in their services. Those providers that are capable of implementing security measures appropriate to their cloud services, deliver added value that will convince more customers. f) Logs storage and management Logs storage and management have always had processing performance and storage management as major impediments. Both obstacles are overcome thanks to the pay per use feature of the cloud services. Never again will customers have to worry about major investments in storage, because as fast as logs are generated, the necessary storage will be contracted to the cloud service provider. > About the author Javier Moreno is Computer Science Engineer at the Polytechnic University of Madrid and MBA by IEN-CEPADE. Since 2008, he has been Account Manager at Internet Security Auditors, a company dedicated exclusively to Information Security. The main projects that Javier is involved in are related to Ethical Hacking, ISO 27001, PCI DSS, Risk Analysis, Forensics, and Information Security Governance. Previously, Javier worked for two years as Project Manager at Telefonica Group. g) Facility to conduct audits The implementation of automatic tools such as those used for pentests is greatly facilitated in a cloud computing environment. Similarly, the implementation of manual vulnerability detection could also be developed more effectively if we know that all clients are in the same environment with certain characteristics and with the same security settings. Conclusions The cloud computing phenomenon is unstoppable. Many IT managers are wary of security management required for cloud computing. However, these risks are outweighed by the cost savings that cloud computing brings. The cost savings is the argument favored by CEOs and CFOs, and CISOs will have to solve the various risks related to cloud computing security. Cloud computing is not a new technology, but a new way of doing things in information technology. Resisting change is always difficult, so specialists in information security will have to accompany the development of cloud computing, in order to allow IT users to benefit from the great advantages that cloud computing offers. References 1 Wikipedia Cloud Computing 2 Security Guidance for Critical Areas of Focus in Cloud Computing April Cloud Security Alliance. 3 IDC Enterprise Panel, August Cloud Computing - Benefits and recommendations for information Security - November European Network and Information Security Agency (ENISA) 5 CloudSecurity.org 38

yvette@yvetteagostini.it yvette@yvetteagostini.it

yvette@yvetteagostini.it yvette@yvetteagostini.it 1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work

More information

Cloud computing: benefits, risks and recommendations for information security

Cloud computing: benefits, risks and recommendations for information security Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation

More information

Cloud Computing An Auditor s Perspective

Cloud Computing An Auditor s Perspective Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,

More information

Cloud Security Who do you trust?

Cloud Security Who do you trust? Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud

More information

NCTA Cloud Architecture

NCTA Cloud Architecture NCTA Cloud Architecture Course Specifications Course Number: 093019 Course Length: 5 days Course Description Target Student: This course is designed for system administrators who wish to plan, design,

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Welcome. Panel. Cloud Computing New Challenges in Data Integrity and Security 13 November 2014

Welcome. Panel. Cloud Computing New Challenges in Data Integrity and Security 13 November 2014 Welcome Cloud Computing New Challenges in Data Integrity and Security 13 November 2014 Panel Tracy Lampula, Associate Director of GIS Compliance, Vertex Pharmaceuticals William Sanborn, Director of Information

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

Cloud Courses Description

Cloud Courses Description Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

ENISA Cloud Computing Security Strategy

ENISA Cloud Computing Security Strategy ENISA Cloud Computing Security Strategy Dr Giles Hogben European Network and Information Security Agency (ENISA) What is Cloud Computing? Isn t it just old hat? What is cloud computing ENISA s understanding

More information

Security Issues In Cloud Computing And Their Solutions

Security Issues In Cloud Computing And Their Solutions Security Issues In Cloud Computing And Their Solutions Mr. Vinod K. Lalbeg Lecturer (Management), NWIMSR, Pune-1 & Ms. Anjali S. Mulik Lecturer (Management), NWIMSR, Pune-1 ABSTRACT Cloud Computing offers

More information

Cloud Computing Technology

Cloud Computing Technology Cloud Computing Technology The Architecture Overview Danairat T. Certified Java Programmer, TOGAF Silver danairat@gmail.com, +66-81-559-1446 1 Agenda What is Cloud Computing? Case Study Service Model Architectures

More information

Cloud Computing 159.735. Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

Cloud Computing 159.735. Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009 Cloud Computing 159.735 Submitted By : Fahim Ilyas (08497461) Submitted To : Martin Johnson Submitted On: 31 st May, 2009 Table of Contents Introduction... 3 What is Cloud Computing?... 3 Key Characteristics...

More information

A Hotel in the Cloud. Bruno Albietz. bruno.albietz@ehl.ch 079 308 3056

A Hotel in the Cloud. Bruno Albietz. bruno.albietz@ehl.ch 079 308 3056 A Hotel in the Cloud Bruno Albietz bruno.albietz@ehl.ch 079 308 3056 Cloud Computing: Any interest for the hospitality industry? The new paradigm for hosting and delivering services over the internet?

More information

Cloud Computing. Key Considerations for Adoption. Abstract. Ramkumar Dargha

Cloud Computing. Key Considerations for Adoption. Abstract. Ramkumar Dargha Cloud Computing Key Considerations for Adoption Ramkumar Dargha Abstract Cloud Computing technology and services have been witnessing quite a lot of attention for the past couple of years now. We believe

More information

Cloud computing an insight

Cloud computing an insight Cloud computing an insight Overview IT infrastructure is changing according the fast-paced world s needs. People in the world want to stay connected with Work / Family-Friends. The data needs to be available

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

Cloud Courses Description

Cloud Courses Description Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

Cloud Computing. Chapter 1 Introducing Cloud Computing

Cloud Computing. Chapter 1 Introducing Cloud Computing Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization

More information

Cloud Computing. Chapter 1 Introducing Cloud Computing

Cloud Computing. Chapter 1 Introducing Cloud Computing Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization

More information

Security Considerations for Cloud Computing. Steve Ouzman Security Engineer

Security Considerations for Cloud Computing. Steve Ouzman Security Engineer Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview

More information

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Cloud Computing: The atmospheric jeopardy Unique Approach Unique Solutions Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Background Cloud computing has its place in company computing strategies,

More information

ICSA Labs Risk and Privacy Cloud Computing Series Part I : Balancing Risks and Benefits of Public Cloud Services for SMBs

ICSA Labs Risk and Privacy Cloud Computing Series Part I : Balancing Risks and Benefits of Public Cloud Services for SMBs ICSA Labs Risk and Privacy Cloud Computing Series Part I : Balancing Risks and Benefits of Public Cloud Services for SMBs The security challenges cloud computing presents are formidable, including those

More information

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS *Dr Umesh Sehgal, #Shalini Guleria *Associate Professor,ARNI School of Computer Science,Arni University,KathagarhUmeshsehgalind@gmail.com

More information

Data Centers and Cloud Computing. Data Centers

Data Centers and Cloud Computing. Data Centers Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing 1 Data Centers Large server and storage farms 1000s of servers Many TBs or PBs of data Used by Enterprises

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Securely Outsourcing to the Cloud: Five Key Questions to Ask

Securely Outsourcing to the Cloud: Five Key Questions to Ask WHITE PAPER JULY 2014 Securely Outsourcing to the Cloud: Five Key Questions to Ask Russell Miller Tyson Whitten CA Technologies, Security Management 2 WHITE PAPER: SECURELY OUTSOURCING TO THE CLOUD: FIVE

More information

Cloud Computing. Cloud computing:

Cloud Computing. Cloud computing: Cloud computing: Cloud Computing A model of data processing in which high scalability IT solutions are delivered to multiple users: as a service, on a mass scale, on the Internet. Network services offering:

More information

Security & Trust in the Cloud

Security & Trust in the Cloud Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer

More information

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?

More information

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts.

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts. Tufts University Department of Computer Science COMP 116 Introduction to Computer Security Fall 2014 Final Project Investigating Security Issues in Cloud Computing Guocui Gao Guocui.gao@tufts.edu Mentor:

More information

Cloud Security Who do you trust?

Cloud Security Who do you trust? Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc. Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value

More information

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Abstract 1. INTRODUCTION

Abstract 1. INTRODUCTION Abstract CLOUD COMPUTING GauravBawa & Sheena Girdhar DAV Institute of Engineering and Technology, Jalandhar Email: gaurav.daviet@yahoo.com, sheenagirdhar@gmail.com Contact Numbers: 09417614654,09914658188

More information

SaaS, PaaS & TaaS. By: Raza Usmani

SaaS, PaaS & TaaS. By: Raza Usmani SaaS, PaaS & TaaS By: Raza Usmani SaaS - Introduction Software as a service (SaaS), sometimes referred to as "on-demand software. software and its associated data are hosted centrally (typically in the

More information

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected

More information

Cloud Computing - Starting Points for Privacy and Transparency

Cloud Computing - Starting Points for Privacy and Transparency Computing - Starting Points for Privacy and Transparency Ina Schiering Ostfalia University of Applied Science Wolfenbüttel, Germany IFIP Summerschool: Privacy and Identity Management for Life, Helsingborg,

More information

Case Studies: Protecting Sensitive Data in

Case Studies: Protecting Sensitive Data in Case Studies: Protecting Sensitive Data in C.J. Radford Vice President, Cloud September 18, 2014 Contact: @cjrad; cradford@vormetric.com Agenda Data Security Challenges Top Considerations for Data Centric

More information

Expert Reference Series of White Papers. 10 Security Concerns for Cloud Computing

Expert Reference Series of White Papers. 10 Security Concerns for Cloud Computing Expert Reference Series of White Papers 10 Security Concerns for Cloud Computing 1-800-COURSES www.globalknowledge.com 10 Security Concerns for Cloud Computing Michael Gregg, Global Knowledge Instructor,

More information

Cloud Data Security and the Insider Threat

Cloud Data Security and the Insider Threat Cloud Data Security and the Insider Threat Sol Cates CSO @solcates scates@vormetric.com Copyright 2014 Vormetric, Inc. All rights reserved. A bit about me InfoSec for ~ 18 years Currently have 4 jobs Infrastructure

More information

Data Centers and Cloud Computing. Data Centers. MGHPCC Data Center. Inside a Data Center

Data Centers and Cloud Computing. Data Centers. MGHPCC Data Center. Inside a Data Center Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing Data Centers Large server and storage farms 1000s of servers Many TBs or PBs of data Used by Enterprises

More information

SECURE CLOUD COMPUTING

SECURE CLOUD COMPUTING Outline SECURE CLOUD COMPUTING Introduction (of many buzz words) References What is Cloud Computing Cloud Computing Infrastructure Security Cloud Storage and Data Security Identity Management in the Cloud

More information

CloudCheck Compliance Certification Program

CloudCheck Compliance Certification Program CloudCheck Compliance Certification Program Ensure Your Cloud Computing Environment is Secure with CloudCheck Certification Organizations today are increasingly relying on a combination of private and/or

More information

How Data-Centric Protection Increases Security in Cloud Computing and Virtualization

How Data-Centric Protection Increases Security in Cloud Computing and Virtualization How Data-Centric Protection Increases Security in Cloud Computing and Virtualization Executive Overview Cloud services and virtualization are driving significant shifts in IT spending and deployments.

More information

Information Security: Cloud Computing

Information Security: Cloud Computing Information Security: Cloud Computing Simon Taylor MSc CLAS CISSP CISMP PCIRM Director & Principal Consultant All Rights Reserved. Taylor Baines Limited is a Registered Company in England & Wales. Registration

More information

Digital Forensics. Lab 10: Cloud Computing & the Future of Digital Forensics

Digital Forensics. Lab 10: Cloud Computing & the Future of Digital Forensics Digital Forensics Lab 10: Cloud Computing & the Future of Digital Forensics Today's Topics Cloud Computing Overview Applications of Cloud Computing Impact of CC to Digital Forensics Future of Digital Forensics

More information

Implementing & Developing Cloud Computing on Web Application

Implementing & Developing Cloud Computing on Web Application Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 2, February 2014,

More information

Contents. What is Cloud Computing? Why Cloud computing? Cloud Anatomy Cloud computing technology Cloud computing products and market

Contents. What is Cloud Computing? Why Cloud computing? Cloud Anatomy Cloud computing technology Cloud computing products and market Cloud Computing Contents What is Cloud Computing? Why Cloud computing? Cloud Anatomy Cloud computing technology Cloud computing products and market What is Cloud Computing? Definitions: Cloud computing

More information

Cloud Computing for SCADA

Cloud Computing for SCADA Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry

More information

Overview. The Cloud. Characteristics and usage of the cloud Realities and risks of the cloud

Overview. The Cloud. Characteristics and usage of the cloud Realities and risks of the cloud Overview The purpose of this paper is to introduce the reader to the basics of cloud computing or the cloud with the aim of introducing the following aspects: Characteristics and usage of the cloud Realities

More information

Cloud Computing. Chapter 1 Introducing Cloud Computing

Cloud Computing. Chapter 1 Introducing Cloud Computing Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization

More information

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING 1. K.SURIYA Assistant professor Department of Computer Applications Dhanalakshmi Srinivasan College of Arts and Science for Womren Perambalur Mail: Surik.mca@gmail.com

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

CLOUD COMPUTING SECURITY ISSUES

CLOUD COMPUTING SECURITY ISSUES CLOUD COMPUTING SECURITY ISSUES Florin OGIGAU-NEAMTIU IT Specialist The Regional Department of Defense Resources Management Studies, Brasov, Romania The term cloud computing has been in the spotlights

More information

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical

More information

Cloud Computing. By the end of 2013, more than 75% of UK businesses will be using at least one type of cloud service. (Source: Cloud Industry Forum)

Cloud Computing. By the end of 2013, more than 75% of UK businesses will be using at least one type of cloud service. (Source: Cloud Industry Forum) Cloud Computing What if you could access all the computing power you need without actually owning it? That is the promise of cloud computing a new approach to IT for businesses large and small alike. Cloud

More information

INTRODUCTION TO CLOUD COMPUTING

INTRODUCTION TO CLOUD COMPUTING INTRODUCTION TO CLOUD COMPUTING EXISTING PROBLEMS Application Platform Hardware CONTENTS What is cloud computing Key technologies enabling cloud computing Hardware Internet technologies Distributed computing

More information

Oracle Applications and Cloud Computing - Future Direction

Oracle Applications and Cloud Computing - Future Direction Oracle Applications and Cloud Computing - Future Direction February 26, 2010 03:00 PM 03:40 PM Presented By Subash Krishnaswamy skrishna@astcorporation.com Vijay Tirumalai vtirumalai@astcorporation.com

More information

Emerging Approaches in a Cloud-Connected Enterprise: Containers and Microservices

Emerging Approaches in a Cloud-Connected Enterprise: Containers and Microservices Emerging Approaches in a -Connected Enterprise: Containers and Microservices Anil Karmel Co-Founder and CEO, C2 Labs Co-Chair, NIST Security Working Group akarmel@c2labs.com @anilkarmel Emerging Technologies

More information

The Sumo Logic Solution: Security and Compliance

The Sumo Logic Solution: Security and Compliance The Sumo Logic Solution: Security and Compliance Introduction With the number of security threats on the rise and the sophistication of attacks evolving, the inability to analyze terabytes of logs using

More information

CUMULUX WHICH CLOUD PLATFORM IS RIGHT FOR YOU? COMPARING CLOUD PLATFORMS. Review Business and Technology Series www.cumulux.com

CUMULUX WHICH CLOUD PLATFORM IS RIGHT FOR YOU? COMPARING CLOUD PLATFORMS. Review Business and Technology Series www.cumulux.com ` CUMULUX WHICH CLOUD PLATFORM IS RIGHT FOR YOU? COMPARING CLOUD PLATFORMS Review Business and Technology Series www.cumulux.com Table of Contents Cloud Computing Model...2 Impact on IT Management and

More information

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways

More information

The Cloud at Crawford. Evaluating the pros and cons of cloud computing and its use in claims management

The Cloud at Crawford. Evaluating the pros and cons of cloud computing and its use in claims management The Cloud at Crawford Evaluating the pros and cons of cloud computing and its use in claims management The Cloud at Crawford Wikipedia defines cloud computing as Internet-based computing, whereby shared

More information

Cloud-Security: Show-Stopper or Enabling Technology?

Cloud-Security: Show-Stopper or Enabling Technology? Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics

More information

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT

More information

Cloud Computing in the Enterprise An Overview. For INF 5890 IT & Management Ben Eaton 24/04/2013

Cloud Computing in the Enterprise An Overview. For INF 5890 IT & Management Ben Eaton 24/04/2013 Cloud Computing in the Enterprise An Overview For INF 5890 IT & Management Ben Eaton 24/04/2013 Cloud Computing in the Enterprise Background Defining the Cloud Issues of Cloud Governance Issue of Cloud

More information

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics

More information

Logically Securing a Public Cloud Service

Logically Securing a Public Cloud Service SESSION ID: CIN-W07 Logically Securing a Public Cloud Service Tim Mather CISO Cadence Design Systems @mather_tim Disclaimer: AWS (Amazon Web Services) is referenced in this presentation extensively, only

More information

A study of Cloud Computing Ecosystem

A study of Cloud Computing Ecosystem EIS A study of Cloud Computing Ecosystem Vikram Gawande Juan Mario Álvarez Aguilar The Tuck School at Dartmouth 10/11/2010 About Cloud Computing: Cloud computing is a model for enabling convenient, on-demand

More information

Introduction to Cloud Computing

Introduction to Cloud Computing Introduction to Cloud Computing Rohit Thakral rohit@targetintegration.com +353 1 886 5684 About Rohit Expertise Sales/Business Management Helpdesk Management Open Source Software & Cloud Expertise Running

More information

The Cloud, Virtualization, and Security

The Cloud, Virtualization, and Security A Cloud: Large groups of remote servers that are networked to allow centralized, shared data storage and online access to computer services or resources A Cloud: Large groups of remote servers that are

More information

Cloud Computing Paradigm Shift. Jan Šedivý

Cloud Computing Paradigm Shift. Jan Šedivý Cloud Computing Paradigm Shift Jan Šedivý Business expectations Improving business processes Reducing enterprise costs Increasing the use of information/analytics Improving enterprise workforce effectiveness

More information

Cloud Security and Privacy

Cloud Security and Privacy Cloud Security and Privacy Tim Brown Vice President and Chief Architect Security Management CA, Inc. July 2009 Agenda > The Evolution to Cloud computing > Opportunities for the Customer and the Vendor

More information

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012 A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES

More information

Cloud Security and Managing Use Risks

Cloud Security and Managing Use Risks Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access

More information

Some thoughts about cloud computing risks. Andris Soroka 28 th of January, 2015 Riga, Latvia

Some thoughts about cloud computing risks. Andris Soroka 28 th of January, 2015 Riga, Latvia Some thoughts about cloud computing risks Andris Soroka 28 th of January, 2015 Riga, Latvia Role of DSS in Cyber-security Development in Baltics Cyber-Security Awareness Raising Technology and knowledge

More information

ISSN: 2321-7782 (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies

ISSN: 2321-7782 (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies ISSN: 2321-7782 (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies Research Paper Available online at: www.ijarcsms.com Analogous

More information

BEDIFFERENT ACE G E R M A N Y. aras.com. Copyright 2012 Aras. All Rights Reserved.

BEDIFFERENT ACE G E R M A N Y. aras.com. Copyright 2012 Aras. All Rights Reserved. Copyright 2012 Aras. All Rights Reserved. BEDIFFERENT ACE G E R M A N Y Copyright 2012 Aras. All Rights Reserved. ACE Germany Leveraging the Cloud Rob McAveney Director of Product Management Aras Corp

More information

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com IJCSIT, Volume 1, Issue 5 (October, 2014) e-issn: 1694-2329 p-issn: 1694-2345 A STUDY OF CLOUD COMPUTING MODELS AND ITS FUTURE Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India

More information

White Paper: Cloud Security. Cloud Security

White Paper: Cloud Security. Cloud Security White Paper: Cloud Security Cloud Security Introduction Due to the increase in available bandwidth and technological advances in the area of virtualisation, and the desire of IT managers to provide dynamically

More information

Cloud Computing. Chapter 1 Introducing Cloud Computing

Cloud Computing. Chapter 1 Introducing Cloud Computing Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization

More information

Privacy, Security and Identity in the Cloud. Giles Hogben ENISA

Privacy, Security and Identity in the Cloud. Giles Hogben ENISA Privacy, Security and Identity in the Cloud Giles Hogben ENISA What s new about Cloud Computing? Isn t it just old hat? Larry Ellison, CEO, Oracle The interesting thing about cloud computing is that we

More information

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted. Cloud Computing Topics 1. What is the Cloud? 2. What is Cloud Computing? 3. Cloud Service Architectures 4. History of Cloud Computing 5. Advantages of Cloud Computing 6. Disadvantages of Cloud Computing

More information

Cloud Computing Secured. Thomas Mitchell CISSP. A Technical Communication

Cloud Computing Secured. Thomas Mitchell CISSP. A Technical Communication Cloud Computing Secured Thomas Mitchell CISSP A Technical Communication Abstract With the migration to Cloud Computing underway in many organizations IT infrastructure, this will cause a paradigm shift

More information

CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST

CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST CENTER FOR ADVANCED SECURITY TRAINING 618 Designing and Implementing Cloud Security About EC-Council Center of Advanced Security Training () The rapidly evolving information security landscape now requires

More information

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages Ivan Zapevalov 2 Outline What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages 3 What is cloud computing? 4 What is cloud computing? Cloud computing is the

More information

Cloud Computing and Amazon Web Services

Cloud Computing and Amazon Web Services Cloud Computing and Amazon Web Services Gary A. McGilvary edinburgh data.intensive research 1 OUTLINE 1. An Overview of Cloud Computing 2. Amazon Web Services 3. Amazon EC2 Tutorial 4. Conclusions 2 CLOUD

More information

Achieving Compliance with the PCI Data Security Standard

Achieving Compliance with the PCI Data Security Standard Achieving Compliance with the PCI Data Security Standard June 2006 By Alex Woda, MBA, CISA, QDSP, QPASP This article describes the history of the Payment Card Industry (PCI) data security standards (DSS),

More information

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions

More information

Cloud Infrastructure Security

Cloud Infrastructure Security Cloud Infrastructure Security Dimiter Velev 1 and Plamena Zlateva 2 1 University of National and World Economy, UNSS - Studentski grad, 1700 Sofia, Bulgaria dvelev@unwe.acad.bg 2 Institute of Control and

More information

CHAPTER 8 CLOUD COMPUTING

CHAPTER 8 CLOUD COMPUTING CHAPTER 8 CLOUD COMPUTING SE 458 SERVICE ORIENTED ARCHITECTURE Assist. Prof. Dr. Volkan TUNALI Faculty of Engineering and Natural Sciences / Maltepe University Topics 2 Cloud Computing Essential Characteristics

More information

Architectural Implications of Cloud Computing

Architectural Implications of Cloud Computing Architectural Implications of Cloud Computing Grace Lewis Research, Technology and Systems Solutions (RTSS) Program Lewis is a senior member of the technical staff at the SEI in the Research, Technology,

More information

Vormetric Data Security Securing and Controlling Data in the Cloud

Vormetric Data Security Securing and Controlling Data in the Cloud Vormetric Data Security Securing and Controlling Data in the Cloud Vormetric, Inc. Tel: 888.267.3732 Email: sales@vormetric.com www.vormetric.com Table of Contents Executive Summary.........................................................3

More information