CLOUD COMPUTING SECURITY: HOW RISKS AND THREATS ARE AFFECTING CLOUD ADOPTION DECISIONS. A Thesis. Presented to the. Faculty of

Size: px
Start display at page:

Download "CLOUD COMPUTING SECURITY: HOW RISKS AND THREATS ARE AFFECTING CLOUD ADOPTION DECISIONS. A Thesis. Presented to the. Faculty of"

Transcription

1 CLOUD COMPUTING SECURITY: HOW RISKS AND THREATS ARE AFFECTING CLOUD ADOPTION DECISIONS A Thesis Presented to the Faculty of San Diego State University In Partial Fulfillment of the Requirements for the Degree Master of Business Administration by Takahiko Kajiyama Fall 2012

2

3 iii Copyright 2012 by Takahiko Kajiyama All Rights Reserved

4 iv DEDICATION This thesis is dedicated to my father, who worked hard to support his son s and daughters educational endeavors. May he rest in peace.

5 v The ancient Romans built their greatest masterpieces of architecture for wild beasts to fight in. Voltaire

6 vi ABSTRACT OF THE THESIS Cloud Computing Security: How Risks and Threats Are Affecting Cloud Adoption Decisions by Takahiko Kajiyama Master of Business Administration San Diego State University, 2012 Many IT professionals would agree that cloud computing is the most revolutionary information delivery model since the introduction of the Internet. For corporate management and decision makers, cloud computing brings many financial and functional benefits as well as serious security concerns that may threaten business continuity and corporate reputation. The definition of cloud computing is still blurry in a large part, because of the magnitude of the security risks and the virtually unlimited amount of information being published. The purpose of this research is to assess how cloud security risks and threats most commonly discussed today are affecting current and prospective cloud users decisions on adoption. In this research, both practitioner and academic literature was reviewed in order to incorporate views from both sides on cloud security, as well as technology white papers, government reports, and recent market and security articles. Then an online survey targeting current and prospective cloud users was conducted, and real-life driving and resisting forces of cloud adoption were assessed. The survey posed questions about a variety of security risks, and even though the respondents indicated concerns about these risks, none of them were voted as a show stopper in cloud adoption. Furthermore, the majority of respondents were confident with their cloud service providers protection mechanism, while being well aware of the existence of the risk.

7 vii TABLE OF CONTENTS PAGE ABSTRACT... vi LIST OF TABLES...x LIST OF FIGURES... xi ACKNOWLEDGEMENTS... xiii CHAPTER 1 INTRODUCTION...1 Background...1 Research Question...3 Methodology and Sources PRACTITIONER LITERATURE REVIEW...5 Cloud Services and Models...5 Service Providers and Users...7 Security Standards and Compliance Organizations...9 Non-Regulatory Organizations...9 Significance of Security Standards and Compliance...10 Recent Cloud Data Breach Incidents...11 Epsilon Service Nasdaq Directors Desk The 2011 GAO Report...14 Security Benefits Security Risks RESEARCH LITERATURE REVIEW...18 New versus Traditional Security Concerns...18 New Security Threats and Vulnerabilities...18 Side Channeling Shared Ecosystem and Fate Sharing Vendor Lock-In... 23

8 API Changes Abuse and Nefarious Use Traditional Security Threats and Vulnerabilities...26 Cross-Site Scripting SQL Injection Flaws Access Control Weaknesses Cross-Site Request Forgery Buffer Overflow Attacks HTTP Header Manipulation, Hidden Field Manipulation, and Cookie Manipulation Botnets Other Traditional Security Threats and Vulnerabilities Other Cloud-Specific Concerns...37 Regulatory Compliances Risk Assessment Security as a Service (SECaaS) Cloud Security Best Practices...39 Vendor Selection Service Level Agreement (SLA) Physical Isolation Data Protection Transmission Data Protection Storage and Encryption Virtual Machine Security Auditing Other Considerations in Cloud Adoption SURVEY METHODOLOGY...48 Creation and Distribution...48 Data Collection and Responses...49 Data Analysis Methodology DATA ANALYSIS...52 Introduction...52 Survey Results and Findings...52 viii

9 ix Current Cloud Usage Primary Drivers and Concerns for Cloud Adoption Security Risk and Threat Awareness Risks and Threats Affecting Cloud Adoption Decisions Defensive Measures DISCUSSION...75 Cloud Benefits and Concerns...75 Cloud Adoption Obstacles and Show Stoppers...76 Avoiding Costly Defensive Measures...78 Research Limitations and Shortcomings CONCLUSION...80 REFERENCES...82 APPENDIX SURVEY QUESTIONS AND RESPONSES...87

10 x LIST OF TABLES PAGE Table 1. Likert Scale to Numeric Point Conversion...50 Table 2. T-Test Result: Minimizing Software Licensing Fees as Benefit Expected to Gain by Adopting Cloud...57 Table 3. Q18: Your Cloud Resources Can Be Used as a Platform for Launching Attacks, Hosting Spams and Malware, Software Exploits Publishing, and for Many Other Unethical Purposes...62 Table 4. Q19: Unauthorized Users, such as Hackers and Malicious Insiders, May Gain Access to Your System Due to Flawed Hypervisor, Insecure Cryptography, and So On...63 Table 5. Q20: Vendor-Provided Cloud Apis with Weak Authentication May Jeopardize the Confidentiality, Integrity, and Availability...63 Table 6. Q21: Shared Resources May Affect Your System s Performance and Business Continuity...63 Table 7. Q22: Physical Location of Your Data Is Unknown...63 Table 8. Q23: Your Data May Not Be Recoverable When an Unforeseen Event Takes Place...63 Table 9. Q24: Your Systems May Be Disrupted Entirely When an Unforeseen Event Takes Place...64 Table 10. Q25: Your Service Provider May Not Be Compliant with Regulatory Standards, Including the Internal Control, Compliance, and Internal Security Procedures...64 Table 11. Q26: When a Security Breach Takes Place, There May Be Little or No Forensic Evidence Available...64 Table 12. Q27: Unauthorized Access and Data Leakage Will Always Remain as a Possibility, No Matter How Much Effort You Put Into Cloud Security...64 Table 13. Q28: There Will Be Unknown Risks and Threats as Attackers Continue to Invent New Attacking Methods...64 Table 14. T-Test Result: Unrecoverable Data as a Risk Factor...67 Table 15. T-Test Result: Non-Regulatory Compliant Provider as a Risk Factor...69 Table 16. T-Test Result: Replication of Backup in One or More Cloud Storage...74

11 xi LIST OF FIGURES PAGE Figure 1. The cloud computing stack...6 Figure 2. The cloud scales: Amazon S3 growth...8 Figure 3. Xen hypervisor architecture...20 Figure 4. The traffic signature associated with running SU in a SSH session...21 Figure 5. Relationships of the cloud API and other key cloud components...25 Figure 6. Sample web application error exposing C# source code, framework version, and source code file path on development machine Figure 7. Actual web application error on Chase.com, exposing the database server name Figure 8. Botnet infection methods...35 Figure 9. General botnet spread...36 Figure 10. Overview of the Cloud Adoption Toolkit...46 Figure 11. Cloud computing usage by type Figure 12. SaaS adoption by organization size Figure 13. SaaS adoption by organization type Figure 14. Cloud provider selection Figure 15. Cloud provider overall satisfaction Figure 16. Primary drivers for cloud adoption Figure 17. Primary drivers for cloud adoption by organization size Figure 18. Primary drivers for cloud adoption by organization type Figure 19. Primary concerns for cloud adoption Figure 20. Primary concerns for cloud adoption by organization size Figure 21. Primary concerns for cloud adoption by organization type Figure 22. Security issue awareness Figure 23. More concerned with malicious insiders Figure 24. Provider security confidence Figure 25. Existence of escalation channel Figure 26. On-premise is more secure than cloud....61

12 xii Figure 27. Cloud readiness for mission-critical applications...62 Figure 28. Cloud will be more secure in the future Figure 29. Cloud security risk effects Figure 30. Unrecoverable data as a risk factor, by organization size Figure 31. Unrecoverable data as a risk factor, by organization type Figure 32. Non-regulatory compliant provider as a risk factor, by organization size Figure 33. Non-regulatory compliant provider as a risk factor, by organization type Figure 34. Cloud security defensive measures in place Figure 35. Periodic data backup and restore tests performed, by organization size Figure 36. Periodic data backup and restore tests performed, by organization type Figure 37. Data encryption usage by organization size Figure 38. Data encryption usage by organization type Figure 39. Replication of backup in one or more cloud storage, by organization size Figure 40. Replication of backup in one or more cloud storage, by organization type....73

13 xiii ACKNOWLEDGEMENTS My heartfelt gratitude to Dr. Murray Jennex for continuous and sincere guidance throughout this project, and for sharing most valuable ideas. His professional and academic assistance made this research project much more efficient and rewarding. I am very grateful for his support, and for his willingness to spend his valuable time guiding me. My sincere thanks to Dr. Theo Addo for his valuable suggestions, indispensable recommendations, and continuous encouragement. Special thanks to Dr. Chris Paolini for being a part of my thesis committee, and for thought provoking ideas. My gratitude to Ms. Laura Dieken for helping me with my written English, and for providing constructive comments and encouragement. I would like to thank all my fellow MBA classmates and faculty stuff for inspiring ideas and memorable time in the program.

14 1 CHAPTER 1 INTRODUCTION BACKGROUND From time to time, great innovations are brought to us without wholly new discoveries or technological breakthroughs. Electric vehicles are a combination of existing auto body frames and electric motor technologies. The Internet is merely networked computer devices and resources on a global scale. It is about how existing and mature technologies and knowledge are mixed then advanced, introducing valuable and innovative products and services into our life. Similarly, cloud computing is nothing but a new information delivery model that utilizes existing technologies and resources. Since the introduction of Amazon s S3 (Simple Storage Service) and EC2 (Elastic Compute Cloud) in 2006, cloud computing has been generally welcomed as a cost-effective and flexible alternative to procuring and maintaining hardware and software in-house. According to a Gartner s cloud-based services study released in June 2010, the cloud services market is expected to maintain strong growth through 2014 (Pettey & Tudor, 2009). The study also states that by that time, worldwide cloud service revenue is expected to reach $148.8 billion, which easily surpasses the 2011 revenues of two software giants Microsoft and Oracle combined ($69.94 billion and $35.6 billion, respectively; Bond & Hellinger, 2011; Statista, 2012). On the surface, cloud computing seems to increase IT agility by eliminating many of the wearying tasks and responsibilities that IT departments manage these days. IT departments have been integrated so deeply into core businesses that most business operations would halt without the services and infrastructures that IT teams maintain. Furthermore, the fundamental challenges and responsibilities of IT will never stop expanding, as business and regulatory requirements become more complex, stronger protections from security threats become virtually mandatory, and technologies themselves become more ubiquitous, hence skill- and time-intensive. Therefore, traditional IT teams are frequently forced to devote a large portion of their time and budgets to tasks that are not

15 2 directly tied to revenues, or added-values that are clearly visible to top management. For example, installing security patches on an ERP (Enterprise Resource Planning) system does not bring any new functionalities or benefits to users; however it does require hours of planning and testing before the patches are implemented. According to a report prepared by CFO Research Services, many mid-size companies spend more than $1 million annually to update and maintain their EPR systems (CFO Research Services, 2009). Outsourcing the entire or even partial IT infrastructure and placing resources in the cloud is therefore an attractive alternative, especially for small- to mid-size organizations that cannot afford to allocate a large share of budget for projects that do not generate revenues. The technological advancements in processor performance, virtualization, and fast and reliable network connectivity are all positive driving forces for businesses adopting the cloud computing model. The cloud computing model also makes economic sense for many organizations because it allows rapid application development and deployment by utilizing tools and platforms that are already in-place, tested, and proven to be functional. However, the rapid growth of the cloud market has also raised serious concerns regarding data security and governance, and these are considered to be major barriers to broader adoption. According to a survey conducted by the 1105 Government Information Group in January 2012, more than 50% of respondents indicated that the current cloud solutions are not secure enough due to potential data loss and leakage, lack of strong identity authentication and credential management, ambiguous data ownership, and physical location of data possibly being outside the U.S. border. Many believe that these security concerns will eventually diminish; however the same survey also revealed that more respondents, 60% in 2012 versus 54% in 2011, mentioned cloud computing security risks are greater than on-premises security risks (Brocade Communications Systems, Inc., 2012). For the reasons above, and despite its inexorable growth and popularity, cloud computing continues to be one of the most controversial trends in the IT industry. The situation is similar to when LASIK (Laser-Assisted in Situ Keratomileusis) was introduced nearly two decades ago: Extraordinary risks in the event of an unfavorable outcome but remarkable benefits when successful, therefore creating groups of early adopters and those who waited fearing the unknown risks. Even today, the success ratio is extremely high but still not 100%, leaving some patients with fears and doubts. Similarly, with cloud computing,

16 3 there are already many organizations which have successfully adopted the new computing model and are enjoying its benefits, but unknown security risks are still preventing others from making the commitment. Even though a number of regulatory and non-regulatory organizations are attempting to structure more streamlined and standardized methods for building secure cloud environments, many technical and non-technical hurdles still exist. RESEARCH QUESTION The purpose of this thesis is to assess how security risk factors are affecting the existing and prospective cloud users cloud usage strategies. Organizations hosting mission-critical applications and data in clouds are no longer considered to be early adopters. Are they simply betting that financial benefits will surpass security risks, or are they confident that cloud providers are capable of assuring an equal or higher level of security than on-premise systems? Examining real-world users opinions on risks and threats most commonly discussed in practitioner and academic literature is beneficial to organizations considering adding cloud to their IT portfolio. For management, the largest problem of cloud adoption today is a mass of uncertainty in decision making. Security being the top obstacle, other factors such as cost control, availability, and vendor lock-in require extensive research and analysis which is likely to produce less than definitive indicators for decision making. For the cloud model to be proven, or disproven, worthy of trust for an organization, claims made by cloud service providers and IT journalists are not sufficient. Instead, cloud adoption decisions should be made (1) by evaluating the current cloud service offerings, financial and technical benefits, and security concerns, and then (2) by studying real world examples that present how organizations are weighting these benefits and risks. METHODOLOGY AND SOURCES This thesis, through the examination of published materials and studies, analyzes existing issues along with available countermeasures in order to evaluate the overall assurance level of cloud security. Academic literature and security publications as sited are the main sources of material used for this research. Online resources and technical whitepapers will also be referenced to a

17 4 certain degree in order to present and analyze latest trends in cloud computing, regulatory standards, and research conducted by institutions and government agencies. In addition, in order to assess various perspective views of cloud computing security, a survey targeting IT professionals and managers, specifically current and prospective cloud users, was conducted. The survey respondents were recruited on EDUCAUSE ListServ, Meetup, Google Groups, and Facebook Groups over a period of five weeks. Two primary goals of the survey were (1) to assess how security concerns have affected or will affect the respondents decision on adopting cloud, and (2) to perform positive and normative analyses on how companies are guarding their assets in cloud as compared to the best practices recommended by security experts.

18 5 CHAPTER 2 PRACTITIONER LITERATURE REVIEW CLOUD SERVICES AND MODELS Essential resources consumed by households and businesses, such as water, gas, and electricity, are made available in a virtualized manner: These resources are readily available through faucets and outlets, and their sources and delivery mechanisms are not of interest to resource consumers. Cloud computing introduced the same concept to information technology. With the cloud computing model, software, platforms, and infrastructures are made available as web services through the Internet, and cloud service consumers are not aware of the physical location where these services are performed. Companies obtain hardware and software resources as services from cloud service providers, as opposed to as physical assets. Every service provider and standard organization defines cloud computing slightly differently. For example, the National Institute of Standards and Technology (NIST) defines cloud computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction (Mell & Grance, 2011, p. 2). Just as application software can be divided into multiple classes based on various criteria such as categories and intended user types, cloud computing can also be divided into several service types and deployment models. Buyya, Broberg, and Gościński (2011) divide cloud computing services into three classes: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (Figure 1). Infrastructure as a Service (IaaS) is the lowest level of separation between what consumers could expect and the resources that are readily available for them to utilize. This service class offers raw computing, networking, and storage services that enable cloud consumers to build custom services and applications. The cloud provider controls the physical resources, and the cloud consumer controls anything above, such as operating systems and development tools. Platform as a Service (PaaS) takes the separation higher in the stack and is an environment where applications which are ready to be developed or deployed are

19 6 Figure 1. The cloud computing stack. Source: Buyya, R., Broberg, J., & Gościński, A. (2011). Cloud computing: Principles and paradigms. Hoboken, NJ: Wiley. offered by the cloud provider. The cloud consumer utilizes the provided platform, such as Java programming language and Oracle databases, without worrying about the underlying details such as software and hardware dependencies and configurations. Software as a Service (SaaS) moves the separation even higher in the stack where the cloud consumer is simply an end-user of applications that the cloud provider hosts. The majority of free cloud services, such as web-based and word processing, can be categorized as this type of service class. The model virtually eliminates the software maintenance for end users and simplifies the testing and deployment procedures for the software developers. Cloud computing can also be categorized by deployment models: Private, community, public, and hybrid. Private clouds are dedicated, in-house clouds that do not allow access from external networks. Companies and schools host their own private clouds that are accessed only by internal users. Private clouds maintain the ease of access to services using the same web service protocols, yet maintain the data confidentiality by making the services visible only to internal users. Community clouds are deployed in a way that multiple organizations share and operate the cloud cooperatively. For example, multiple schools within a region operating a single cloud for sharing library catalogs with a single search interface used by all students attending these schools. Public clouds are either free or paid clouds that are accessible to anyone in the public. The public cloud is the most commonly used model. Many of the popular cloud

20 7 services, such as web-based and paid services offered by service providers like Amazon, are deployed as public clouds. Hybrid clouds consist of one or more private clouds and one or more public clouds, both managed by a single organization. This deployment type is chosen primarily for scalability and cost-efficiency. For example, a company keeping sensitive data internal, and outsourcing other non-critical workloads to a public service provider. SERVICE PROVIDERS AND USERS For each service class, most prominent cloud service providers include: Infrastructure as a Service Amazon AWS GoGrid IBM SmartCloud Joyent Rackspace Verizon Platform as a Service Google App Engine Microsoft Windows Azure Oracle Public Cloud Software as a Service Google Apps Microsoft Office 365 Oracle Public Cloud Salesforce.com The online retail giant Amazon is one of the pioneers of cloud computing, and is by far the most successful cloud service provider today. The company s cloud computing platform, Amazon Web Services (AWS), consists of a collection of web services and is steps ahead in service maturity and customer awareness with aggressive pricing strategies (Search Cloud Computing, 2010). Amazon is heavily betting on cloud computing to be the default platform for running most business applications in the future, and is continuously adding more capacity to its data centers (Robinson, 2012). At the end of the first quarter 2012, as

21 8 Figure 2 illustrates, Amazon s S3 cloud storage housed over 905 billion objects, with 1 billion being added daily (Amazon, 2012). Figure 2. The cloud scales: Amazon S3 growth. Source: Amazon. (2012, April). Amazon web services blog: Amazon S3-905 billion objects and 650,000 requests/second. Retrieved from /04/amazon-s3-905-billion-objects-and requestssecond.html. Users of AWS vary in size and industry. AWS is an attractive platform for small startups with limit IT budgets and resources. Amazon client list also includes large financial institutions and pharmaceuticals companies, the types of companies that demand the highest level of security for their data. For example, Pfizer has set up its worldwide research and development facility within Amazon Virtual Private Cloud, which handles various computation tasks such as large-scale data analysis, research projects, clinical analytics, and modeling (Amazon, n.d.d). Google is another key player in cloud computing. Unlike Amazon s platform offerings, Google s App Engine provides application development and hosting environments. Applications built on App Engine are sandboxed, and run across multiple servers hosted in Google-managed data centers. For example, Best Buy has developed a web browser plugin called Giftag, a free tool that lets users create a wish list from any online retailers, and share it with others. The development team initially developed the server-side Java application on another platform, and then re-platformed and re-launched the system on Google App Engine in just 10 weeks (Bendt, 2009).

22 9 SECURITY STANDARDS AND COMPLIANCE ORGANIZATIONS As concern over the cloud security keeps rising, it has become critical for cloud service providers to present and demonstrate their ability to safeguard customer data. The most common means to accomplish this is to obtain trustworthy security certifications and audits for prospective customers. This type of assurance has become almost mandatory rather than mere marketing incentives. For example, in an effort to attract customers with various requirements, Amazon s AWS has obtained and offers a variety of industry-recognized certifications, accreditations, and audits: SOC 1/SSAE 16/ISAE 3402, PCI DSS Level 1, ISO 27001, ITAR, FISMA Moderate, FIPS 140-2, and SAS 70 Type II (Amazon, n.d.a). At present the security standards and regulatory organizations that have the most direct effect on cloud computing security are PCI DSS, FISMA, and HIPAA. PCI DSS (Payment Card Industry Data Security Standard) provides a framework for cloud providers to host applications that require a robust payment card data security process (Security Standards Council, n.d.). In other words, by choosing a PCI DSS-compliant cloud provider, developers can easily build applications with a secure credit card payment system without using a third party merchant account provider. FISMA (Federal Information Security Management Act) requires federal agencies to develop, document, and implement an agency-wide program to provide information security for the information and information systems (National Institute of Standards and Technology [NIST], 2012). FISMA accredited cloud providers would auto-comply with the regulations that federal agencies are required to follow for data security. HIPAA (Health Insurance Portability and Accountability Act) requires every healthcare provider and organization that handles PHI (protected healthcare information) to adhere strict information security guidelines that assure the protection of patient privacy. Even though HIPAA does not directly impose these guidelines on cloud providers, if a company chooses to store protected healthcare information in cloud, the service provider must either be HIPAA-compliant or provide secure infrastructure and policies that satisfy the HIPAA standards and requirements. NON-REGULATORY ORGANIZATIONS There are non-profit organizations that aim to build a common ground for cloud computing security. These organizations are non-regulatory; however, they have extensive influence on cloud computing security. The most widely recognized organizations are CSA and NIST.

23 10 CSA (Cloud Security Alliance) is a non-profit organization that was officially formed in December 2008, in response to the emerging popularity of cloud computing. CSA consists of a large number of corporate and affiliate members such as Accenture, Amazon, McAfee, Microsoft, and Oracle. CSA s primary objective is to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing (Cloud Security Alliance, n.d., p. 1). CSA provides a variety of security education programs and certifications, such as PCI DSS and GRC (Governance, Risk Management & Compliance) training and CCSK (Certificate of Cloud Security Knowledge). NIST (National Institute of Standards and Technology) is a non-regulatory government agency with in the U.S. Department of Commerce. NIST was originally founded as the National Bureau of Standards in 1901, and it was the first physical science research laboratory owned by the federal government. The agency is also known to be a measurement standard laboratory, with a mission to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life (NIST, 2008, para. 2). Specifically for cloud computing, NIST primarily aims to provide thought leadership and guidance around the cloud computing paradigm to catalyze its use within industry and government (NIST, 2010, para. 3). SIGNIFICANCE OF SECURITY STANDARDS AND COMPLIANCE IT security in general has experienced intense changes over the past decade. Computerized tasks and processes have created increasing vulnerabilities in the workplace, networked devices have introduced new threat paths, and the ever-growing volume of personal and financial information stored in binary form has triggered waves of privacy concerns from organizations as well as individuals. The electronic giant Sony and the world s largest tech-security company RSA Security experienced massive security breaches in Seeing these systems in a private, closed environment being victims of online attacks, it is natural for one to wonder why cloud services would be any more secure. To mitigate these concerns, cloud service providers are taking a great effort to build secure platforms that meet today s strict security standards. These standards, however, have very little effect on the protection customers receive: The standards are merely a measurement of level of assurance that the certifications entail. For example, applications hosted in a HIPAA-compliant cloud platform still could face security breaches if the application s architecture and deployment are not handled with a full understanding of the

FACING SECURITY CHALLENGES

FACING SECURITY CHALLENGES 24 July 2013 TimeTec Cloud Security FACING SECURITY CHALLENGES HEAD-ON - by Mr. Daryl Choo, Chief Information Officer, FingerTec HQ Cloud usage and trend Cloud Computing is getting more common nowadays

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Keyword: Cloud computing, service model, deployment model, network layer security.

Keyword: Cloud computing, service model, deployment model, network layer security. Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging

More information

SERENA SOFTWARE Serena Service Manager Security

SERENA SOFTWARE Serena Service Manager Security SERENA SOFTWARE Serena Service Manager Security 2014-09-08 Table of Contents Who Should Read This Paper?... 3 Overview... 3 Security Aspects... 3 Reference... 6 2 Serena Software Operational Security (On-Demand

More information

Security Considerations for Public Mobile Cloud Computing

Security Considerations for Public Mobile Cloud Computing Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea rdcaytiles@gmail.com 2 Research Institute of

More information

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts.

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts. Tufts University Department of Computer Science COMP 116 Introduction to Computer Security Fall 2014 Final Project Investigating Security Issues in Cloud Computing Guocui Gao Guocui.gao@tufts.edu Mentor:

More information

With Eversync s cloud data tiering, the customer can tier data protection as follows:

With Eversync s cloud data tiering, the customer can tier data protection as follows: APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical

More information

Overview. The Cloud. Characteristics and usage of the cloud Realities and risks of the cloud

Overview. The Cloud. Characteristics and usage of the cloud Realities and risks of the cloud Overview The purpose of this paper is to introduce the reader to the basics of cloud computing or the cloud with the aim of introducing the following aspects: Characteristics and usage of the cloud Realities

More information

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National

More information

Achieve Economic Synergies by Managing Your Human Capital In The Cloud

Achieve Economic Synergies by Managing Your Human Capital In The Cloud Achieve Economic Synergies by Managing Your Human Capital In The Cloud By Orblogic, March 12, 2014 KEY POINTS TO CONSIDER C LOUD S OLUTIONS A RE P RACTICAL AND E ASY TO I MPLEMENT Time to market and rapid

More information

Top 10 Risks in the Cloud

Top 10 Risks in the Cloud A COALFIRE PERSPECTIVE Top 10 Risks in the Cloud by Balaji Palanisamy, VCP, QSA, Coalfire March 2012 DALLAS DENVER LOS ANGELES NEW YORK SEATTLE Introduction Business leaders today face a complex risk question

More information

A Survey on Cloud Security Issues and Techniques

A Survey on Cloud Security Issues and Techniques A Survey on Cloud Security Issues and Techniques Garima Gupta 1, P.R.Laxmi 2 and Shubhanjali Sharma 3 1 Department of Computer Engineering, Government Engineering College, Ajmer Guptagarima09@gmail.com

More information

Analyzing HTTP/HTTPS Traffic Logs

Analyzing HTTP/HTTPS Traffic Logs Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it The Cloud Threat Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it This white paper outlines the concerns that often prevent midsized enterprises from taking advantage of the Cloud.

More information

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION

More information

Cloud-Security: Show-Stopper or Enabling Technology?

Cloud-Security: Show-Stopper or Enabling Technology? Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics

More information

The Cloud at Crawford. Evaluating the pros and cons of cloud computing and its use in claims management

The Cloud at Crawford. Evaluating the pros and cons of cloud computing and its use in claims management The Cloud at Crawford Evaluating the pros and cons of cloud computing and its use in claims management The Cloud at Crawford Wikipedia defines cloud computing as Internet-based computing, whereby shared

More information

QuickBooks Online: Security & Infrastructure

QuickBooks Online: Security & Infrastructure QuickBooks Online: Security & Infrastructure May 2014 Contents Introduction: QuickBooks Online Security and Infrastructure... 3 Security of Your Data... 3 Access Control... 3 Privacy... 4 Availability...

More information

WHITEPAPER. Data Security for Office 365 Balancing control & usability

WHITEPAPER. Data Security for Office 365 Balancing control & usability WHITEPAPER Data Security for Office 365 Balancing control & usability Contents Executive Summary... 2 Top Security Issues for Office 365... 4 Compelled Disclosures... 4 Unauthorized Sharing... 4 External

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Can Cloud Database PaaS Solutions Replace In-House Systems?

Can Cloud Database PaaS Solutions Replace In-House Systems? Can Cloud Database PaaS Solutions Replace In-House Systems? Abstract: With the advent of Platform-as-a-Service as a viable alternative to traditional database solutions, there is a great deal of interest

More information

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

GAO INFORMATION SECURITY. Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing. Report to Congressional Requesters

GAO INFORMATION SECURITY. Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing. Report to Congressional Requesters GAO United States Government Accountability Office Report to Congressional Requesters May 2010 INFORMATION SECURITY Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing GAO-10-513

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency logo The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency Understanding the Multiple Levels of Security Built Into the Panoptix Solution Published: October 2011

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility. FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer

More information

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

Cloud Computing for SCADA

Cloud Computing for SCADA Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry

More information

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad

More information

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide

More information

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

THE SECURITY OF HOSTED EXCHANGE FOR SMBs THE SECURITY OF HOSTED EXCHANGE FOR SMBs In the interest of security and cost-efficiency, many businesses are turning to hosted Microsoft Exchange for the scalability, ease of use and accessibility available

More information

PCI DSS Reporting WHITEPAPER

PCI DSS Reporting WHITEPAPER WHITEPAPER PCI DSS Reporting CONTENTS Executive Summary 2 Latest Patches not Installed 3 Vulnerability Dashboard 4 Web Application Protection 5 Users Logging into Sensitive Servers 6 Failed Login Attempts

More information

Building Energy Security Framework

Building Energy Security Framework Building Energy Security Framework Philosophy, Design, and Implementation Building Energy manages multiple subsets of customer data. Customers have strict requirements for regulatory compliance, privacy

More information

Information Security Services

Information Security Services Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected

More information

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

Assessing Risks in the Cloud

Assessing Risks in the Cloud Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research

More information

White Paper How Noah Mobile uses Microsoft Azure Core Services

White Paper How Noah Mobile uses Microsoft Azure Core Services NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah

More information

WALKME WHITEPAPER. WalkMe Architecture

WALKME WHITEPAPER. WalkMe Architecture WALKME WHITEPAPER WalkMe Architecture Introduction WalkMe - the Enterprise Class Guidance and Engagement Platform - drives users to action as they use software or websites. WalkMe is used by Enterprises

More information

3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance

3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance 3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security

More information

ICSA Labs Risk and Privacy Cloud Computing Series Part I : Balancing Risks and Benefits of Public Cloud Services for SMBs

ICSA Labs Risk and Privacy Cloud Computing Series Part I : Balancing Risks and Benefits of Public Cloud Services for SMBs ICSA Labs Risk and Privacy Cloud Computing Series Part I : Balancing Risks and Benefits of Public Cloud Services for SMBs The security challenges cloud computing presents are formidable, including those

More information

The Business Case for Security Information Management

The Business Case for Security Information Management The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

Capturing the New Frontier:

Capturing the New Frontier: Capturing the New Frontier: How Software Security Unlocks the Power of Cloud Computing Executive Summary Cloud computing is garnering a vast share of IT interest. Its promise of revolutionary cost savings

More information

International Research Journal of Engineering and Technology (IRJET) e-issn: 2395-0056. Volume: 02 Issue: 05 Aug-2015 www.irjet.net p-issn: 2395-0072

International Research Journal of Engineering and Technology (IRJET) e-issn: 2395-0056. Volume: 02 Issue: 05 Aug-2015 www.irjet.net p-issn: 2395-0072 Fear of Cloud Vinnakota Saran Chaitanya 1, G. Harshavardhan Reddy 2 1 UG Final year student, Department of Computer Science and Engineering, G. Pulla Reddy Engineering College, Andhra Pradesh, India 2

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

20 th Year of Publication. A monthly publication from South Indian Bank. www.sib.co.in

20 th Year of Publication. A monthly publication from South Indian Bank. www.sib.co.in To kindle interest in economic affairs... To empower the student community... Open YAccess www.sib.co.in ho2099@sib.co.in A monthly publication from South Indian Bank 20 th Year of Publication Experience

More information

An Introduction to Cloud Computing Concepts

An Introduction to Cloud Computing Concepts Software Engineering Competence Center TUTORIAL An Introduction to Cloud Computing Concepts Practical Steps for Using Amazon EC2 IaaS Technology Ahmed Mohamed Gamaleldin Senior R&D Engineer-SECC ahmed.gamal.eldin@itida.gov.eg

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

GAO. INFORMATION SECURITY Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing

GAO. INFORMATION SECURITY Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing GAO For Release on Delivery Expected at 10:00 a.m. EDT Thursday, July 1, 2010 United States Government Accountability Office Testimony Before the Committee on Oversight and Government Reform and Its Subcommittee

More information

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014 Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System

More information

CLOUD COMPUTING: WHAT YOU SHOULD KNOW

CLOUD COMPUTING: WHAT YOU SHOULD KNOW CLOUD COMPUTING: WHAT YOU SHOULD KNOW There is hardly a topic creating more of a buzz in software industry, than the Cloud. Cloud computing is a dramatic shift in the way we think about providing computing

More information

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Ensuring Enterprise Data Security with Secure Mobile File Sharing. A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite

More information

CyberArk Privileged Threat Analytics. Solution Brief

CyberArk Privileged Threat Analytics. Solution Brief CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Cloud Computing. Keeping Up With IT During Recession

Cloud Computing. Keeping Up With IT During Recession Cloud Computing Keeping Up With IT During Recession Table of Contents Introduction...3 What is Cloud Computing?...3 Importance of robust IT Systems...4 Benefits of Cloud Computing...4 Lower Expenses: capital

More information

A Guide to Common Cloud Security Concerns. Why You Can Stop Worrying and Start Benefiting from SaaS

A Guide to Common Cloud Security Concerns. Why You Can Stop Worrying and Start Benefiting from SaaS A Guide to Common Cloud Security Concerns Why You Can Stop Worrying and Start Benefiting from SaaS T he headlines read like a spy novel: Russian hackers access the President s email. A cyber attack on

More information

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data

More information

D. L. Corbet & Assoc., LLC

D. L. Corbet & Assoc., LLC Demystifying the Cloud OR Cloudy with a Chance of Data D. L. Corbet & Assoc., LLC thelinuxguy@donet.com Why 'The Cloud' Common Clouds Considerations and Risk Why 'The Cloud' Distributed Very Large / Very

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Are You in Control of Your Cloud Data? Expanded options for keeping your enterprise in the driver s seat

Are You in Control of Your Cloud Data? Expanded options for keeping your enterprise in the driver s seat Are You in Control of Your Cloud Data? Expanded options for keeping your enterprise in the driver s seat EXECUTIVE SUMMARY Hybrid IT is a fact of life in companies today. Increasingly, the way to deploy

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER

The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER TABLE OF CONTENTS EXECUTIVE SUMMARY............................................... 1 BUSINESS CHALLENGE: MANAGING CHANGE.................................

More information

CONTENT OUTLINE. Background... 3 Cloud Security... 3. Instance Isolation:... 4. SecureGRC Application Security... 5

CONTENT OUTLINE. Background... 3 Cloud Security... 3. Instance Isolation:... 4. SecureGRC Application Security... 5 Page 2 Disclaimer THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF THE LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET

More information

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT

More information

Security Considerations for Cloud Computing. Steve Ouzman Security Engineer

Security Considerations for Cloud Computing. Steve Ouzman Security Engineer Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview

More information

The Education Fellowship Finance Centralisation IT Security Strategy

The Education Fellowship Finance Centralisation IT Security Strategy The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and

More information

Preemptive security solutions for healthcare

Preemptive security solutions for healthcare Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare

More information

CLOUD COMPUTING SECURITY ISSUES

CLOUD COMPUTING SECURITY ISSUES CLOUD COMPUTING SECURITY ISSUES Florin OGIGAU-NEAMTIU IT Specialist The Regional Department of Defense Resources Management Studies, Brasov, Romania The term cloud computing has been in the spotlights

More information

WHITE PAPER. How to choose and implement your cloud strategy

WHITE PAPER. How to choose and implement your cloud strategy WHITE PAPER How to choose and implement your cloud strategy INTRODUCTION Cloud computing has the potential to tip strategic advantage away from large established enterprises toward SMBs or startup companies.

More information

Data Protection: From PKI to Virtualization & Cloud

Data Protection: From PKI to Virtualization & Cloud Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security

More information

Trend Micro. Advanced Security Built for the Cloud

Trend Micro. Advanced Security Built for the Cloud datasheet Trend Micro deep security as a service Advanced Security Built for the Cloud Organizations are embracing the economic and operational benefits of cloud computing, turning to leading cloud providers

More information

The Sumo Logic Solution: Security and Compliance

The Sumo Logic Solution: Security and Compliance The Sumo Logic Solution: Security and Compliance Introduction With the number of security threats on the rise and the sophistication of attacks evolving, the inability to analyze terabytes of logs using

More information

Teradata and Protegrity High-Value Protection for High-Value Data

Teradata and Protegrity High-Value Protection for High-Value Data Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:

More information

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012 A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES

More information

Cloud security: A matter of trust? Dr Mark Ian Williams CEO, Muon Consulting

Cloud security: A matter of trust? Dr Mark Ian Williams CEO, Muon Consulting Cloud security: A matter of trust? Dr Mark Ian Williams CEO, Muon Consulting I wandered lonely as a cloud... The academic, globe-trotting years: 1992 1993: Parallel software for PET scanner images in Geneva

More information

Cloud Models and Platforms

Cloud Models and Platforms Cloud Models and Platforms Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF A Working Definition of Cloud Computing Cloud computing is a model

More information

Moving Applications To Cloud

Moving Applications To Cloud Whitepaper Jaya Arvind Krishna Mandira Shah Determining and implementing an IT strategy for any enterprise involves deliberating if current or new applications can be offered via the Cloud. The purpose

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

Integrated Threat & Security Management.

Integrated Threat & Security Management. Integrated Threat & Security Management. SOLUTION OVERVIEW Vulnerability Assessment for Web Applications Fully Automated Web Crawling and Reporting Minimal Website Training or Learning Required Most Accurate

More information

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc. Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value

More information