Risks and Challenges
|
|
- Brent Edwards
- 8 years ago
- Views:
Transcription
1 Cloud and Mobile Security: Risks and Challenges Chong Sau Wei (CISM) associates.net General Manager Managed Security Services SCAN Associates Berhad Seminar e Kerajaan Negeri Pulau Pinang 14 Nov 2013
2 Agenda What is Cloud Computing? Cloud Security Risks and Challenges Mobile Security Risks and Challenges Securing Mobile & Cloud Implementations Conclusion References 2
3 What is Cloud Computing? What the H*LL is the cloud? Are we dead by cloud computing? Is Intel dead? There'd be no microprocessors in the cloud? Is Samsung dead? There'd be no memory in the cloud? Is Cisco dead because there's no networking in the cloud? Are we dead because there's no databases in the cloud, no applications in the cloud, no middleware in the cloud? The answer is no. All a cloud is computers in a network. We come in peace. We re the cloud people. We are the peaceful people. It s the democratization of computing 3
4 What is Cloud Computing? The delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a utility over a network (Internet) [wikipedia] Cloud an old new concept Parallel, distributed and grid computing have been around for a while: Scientists, governments, international organizations, military Urban planning, weather forecasts, economic modelling, etc. Now, cloud computingisa is commodity Who does not use the cloud nowadays? Ready to go services
5 What is Cloud Computing? 5
6 What is Cloud Computing? 6
7 Models of Cloud Services Software as a Service (SaaS): software CRM, , games, virtual desktops Google Apps, Salesforce CRM, Dropbox Platform as a Service (PaaS): computing or solution platform operating systems, databases, web servers Microsoft s Azure, Google s AppEngine. Infrastructure as a Service (IaaS): computers (physical/virtual), storage, firewalls or networks Amazon EC2, Rackspace Cloud
8 Cloud Services Providers
9 Security: Top Cloud Adoption Concerns Source: Oxford Economics Study: Protecting the Cloud
10 Cloud Security: Shared Responsibility On Premise On Premise (hosted) IaaS PaaS SaaS Application Application Application Application Application Services Services Services Services Services OS OS OS OS OS VM VM VM VM VM Server Server Server Server Server Storage Storage Storage Storage Storage Network Network Network Network Network Organization has Control Organization SharesControl with Vendor Vendor has Control
11 Cloud Security Advantages Shifting public data to a external cloud reduces the exposure of the internal sensitive ii data Cloud homogeneity makes security auditing/testing simpler Clouds enable automated security management Rd Redundancy d / Disaster Recovery 11
12 Cloud Security: Top Threats 2013 Based on survey results of industry experts by the Cloud Security Alliance (CSA) Data Breaches Data Loss Account Hijacking Insecure APIs Denial of Service Malicious Insiders Abuse of Cloud Services Insufficient Due Diligence Shared Technology Issues
13 Cloud Security: Breach Methods Hacking Malware Physical Attacks Social Tactics Priviledge Misuse % of Breaches Source: 2012 Data Breach Investigations Report (Verizon/USSS)
14 Threat Evolution Source: 2012 Data Breach Investigations Report (Verizon/USSS)
15 Hacking Methods Default/guessable credentials Stolen login credentials Brute force/dictionary attacks Exploit backdoor Exploit insufficient authentication SQL Injection Remote file inclusion Abuse of functionality Unknown % of Breaches Source: 2012 Data Breach Investigations Report (Verizon/USSS)
16 Some Interesting Observations 97% Avoidable through simple or intermediate controls 96% Were not highly difficult 94% Of all data compromised involved servers 92% Were discovered by a third party 85% Took weeks or more to discover 79% Were targets of opportunity Source: 2012 Data Breach Investigations Report (Verizon/USSS)
17 Cloud Security Challenges Exposure of data to foreign governments and data subpoenas US PRISM program Trusting vendor s security implementations Customer inability to respond to audit findings Obtaining support for investigations Indirect administrator i t accountability Proprietary implementations can t be examined Loss of physical control 17
18 Mobile Security: Value & Risks The world is mobile and cloudy and will be getting more so Mobile applications i can create tremendous values: New classes of applications utilizing mobile capabilities: GPS, camera, etc Innovating applications for employees and citizens Mobile devices and mobile applications can create tremendous risks as well: Sensitive datainevitably stored onthedevice ( , contacts) Connect to a lot of untrusted networks (carrier, Wi Fi) Most developers are new to creating mobile applications and therefore not trained to develop secure mobile applications
19 Mobile Security: Top Threats Type of Threats Threat Level 1 Data loss from lost, stolen or decommissioned devices High 2 Information stealing mobile malware High 3 Unsecured Wi Fi, network access and rogue access High points 4 Unsecured or rogue app marketplaces High 5 Data loss and data leakage through vulnerable apps Medium 6 Vulnerabilities within devices, OS, design and thirdparty apps Medium 7 Insufficient i management tools, capabilities and access Mdi Medium to APIs 8 NFC and proximity based hacking Low
20 Mobile Security Challenges Explosion of mobile devices Mobile Apps Data Management Ownership How to control over the usage of How to keep track and manage the How to protect the data and the devices? installations? critical information from being leaked out? Who should monitor the use of mobile devices?
21 What needs to be secured Device Data Application User Lock Encryption File Protection Rogue Applications Profiling Wipe Data leakages Visibility on Applications Locate Authentication Management policies Controls over Applications Location of the User
22 Security Threats Landscape Security Threats Human Non Human Natural Disaster Malicious Non malicious Hardware Poorly Design, Backdoor Software Malware, Bugs Fire, Flood etc Outsider Hackers, Script Kiddies, Spy Insider Disgruntled staff
23 Securing Cloud & Mobile Implementations Planning for security Secure infrastructure t Enable compliance monitoring Choose the right cloud Establish organizational Protect data service provider/mobile policies and standards management solutions. 3 4 Identify risks and threats (as discussed) Mitigate the risks and threats
24 1. Security Planning 1 Planning for security Consider the followings during planning stage: 1. What are the business priorities? 2. Which workloads do you want to move to the cloud? 3. How sensitive is the data? 4. What cloud delivery model works best? 5. What about compliance? 6. How will the data flow? 7. How will users access data and applications?
25 2. Establish Policies And Standards 2 Establish organizational policies and standards Policies i and standards d is important as guidance and ensuring compliance Adopt international security standards & guidelines such as ISO27001 (ISMS), and industry best practices Establish a Bring Your Own Device (BYOD) policies for mobile devices
26 4. Mitigate the Risks & Threats 4 Mitigate the risks and threats Examples of security controls: 1. Encrypt data that rests or moves in and out of both clouds. 2. Control access by managing identities and manage API control points at the network edge 3. Establish trusted compute pools to secure datacentre infrastructure and protect clients. 4. Build higher assurance into compliance to streamline auditing and increase visibility into the cloud.
27 5. Implement Data Protection 5 Protect data Safeguard data throughout the Cloud by: Accelerate and strengthen encryption usage pervasive encryption Establish secure connections for transferring encrypted data. Reduce data loss through data loss prevention (DLP) policies and implementations
28 6. Securing Infrastructure 6 Secure infrastructure Protect client, edge, and datacentre systems: Secure the clients to ensure that only authorized users can access the cloud and to guard endpoint devices against rootkit and otherlow level level malware attacks. Protect edge systems at the API level where external software interacts with the cloud environment. Create a secure datacentre infrastructure that establishes trust between servers and between servers and clients.
29 7. Enable Compliance Monitoring 7 Enable compliance monitoring Build higher assurance into compliance: Build a trusted pools of servers, which form the foundation for compliance in both public and private clouds. Ensure the continued trustworthy status of the server pools with routine security assessments. Support audit and security management by making assessment results available to policy management, security information and event manager (SIEM), governance, risk management, and compliance solutions.
30 8. Choosing the Provider/Solution 8 Choose the right cloud service provider/mobile management solutions Make security a key aspect of service provider/solution evaluation criteria: Ensure that data and platform security are built into any offering. Seek evidence of data and platform protections (i.e. compliance) for the services/solutions offered Establish measurable, enforceable service level agreements (SLAs) for verification.
31 Conclusion Understand the security advantages, threats and challenges of cloud and mobile technology adoption Understand the legal ramifications Establish organizational security policies Implement security processes Monitoring i for compliance Train the System Administrators and Software Developers Choose the right strategy and solutions for the business objectives 31
32 Conclusion It should take only 20% of your efforts to secure 80% of your infrastructure t Security is never just about technology (hardware/software) or solution deployment alone, but also involves: policies (compliance), processes (assessment & monitoring), awareness, skills and knowledge (people).
33 Recent High Profile Security Breaches
34 Cloud & Mobile Security Reality Check In the era of cloud and mobile computing, prevention is crucial, and we shouldn t lose sight of that goal BUT we must accept the fact that no barrier is impenetrable, and detection/response represents an extremely critical line of df defence. Therefore we should stop treating ti it (detection/response) like a backup plan if things go wrong, and start making it a core part of the plan.
35 Terima Kasih. Questions? SCAN Associates Bhd associates.net The first step toward change is awareness. The second step is acceptance. Nth Nathaniel ilbranden
36 Useful References p// / / / htt // i t i / / t / d t b h breachinvestigations report 2012_en_xg.pdf
FACING SECURITY CHALLENGES
24 July 2013 TimeTec Cloud Security FACING SECURITY CHALLENGES HEAD-ON - by Mr. Daryl Choo, Chief Information Officer, FingerTec HQ Cloud usage and trend Cloud Computing is getting more common nowadays
More information10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns
BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationEnterprise Global Security in an era of Hybrid Cloud and Smart Mobile
Enterprise Global Security in an era of Hybrid Cloud and Smart Mobile M. Asif Riaz, CISM, CISSP, CEH Agenda Users are demanding access to applications and services from wherever they are, whenever they
More informationIs it Time to Trust the Cloud? Unpacking the Notorious Nine
Is it Time to Trust the Cloud? Unpacking the Notorious Nine Jonathan C. Trull, CISO, Qualys Cloud Security Alliance Agenda Cloud Security Model Background on the Notorious Nine Unpacking the Notorious
More informationCAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST
CENTER FOR ADVANCED SECURITY TRAINING 618 Designing and Implementing Cloud Security About EC-Council Center of Advanced Security Training () The rapidly evolving information security landscape now requires
More informationCloud and Security (Cloud hacked via Cloud) Lukas Grunwald
Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald About DN-Systems Global Consulting and Technology Services Planning Evaluation Auditing Operates own Security Lab Project Management Integral
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationA Journey into the Privacy and Security Risks of a Cloud Computing Service
A Journey into the Privacy and Security Risks of a Cloud Computing Service Marco Balduzzi, MSc./Ph.D. Senior Threat Researcher Black Hat Webcast Series, 19 April 2012 - Copyright 2012 Trend Micro Inc.
More informationPublic Cloud Security: Surviving in a Hostile Multitenant Environment
Public Cloud Security: Surviving in a Hostile Multitenant Environment SESSION ID: EXP-R01 Mark Russinovich Technical Fellow Windows Azure, Microsoft @markrussinovich The Third Computing Era Security Could
More informationHow To Protect Your Cloud Computing Resources From Attack
Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview
More informationMobile & Security? Brice Mees Security Services Operations Manager
Mobile & Security? Brice Mees Security Services Operations Manager Telenet for Business Agenda Mobile Trends Where to start? Risks and Threats Risk mitigation Conclusion Agenda Mobile Trends Where to start?
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationSecurity & Trust in the Cloud
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationSecurity Issues In Cloud Computing And Their Solutions
Security Issues In Cloud Computing And Their Solutions Mr. Vinod K. Lalbeg Lecturer (Management), NWIMSR, Pune-1 & Ms. Anjali S. Mulik Lecturer (Management), NWIMSR, Pune-1 ABSTRACT Cloud Computing offers
More informationyvette@yvetteagostini.it yvette@yvetteagostini.it
1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationThe Cloud App Visibility Blind Spot
WHITE PAPER The Cloud App Visibility Blind Spot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Line-of-business leaders everywhere are bypassing IT departments
More informationMobility Challenges & Trends The Financial Services Point Of View
Mobility Challenges & Trends The Financial Services Point Of View Nikos Theodosiou Cloud Computing Solutions Presales/Marketing Engineer The New World Agenda The Mobile World The Challenges The Solutions
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationNCTA Cloud Architecture
NCTA Cloud Architecture Course Specifications Course Number: 093019 Course Length: 5 days Course Description Target Student: This course is designed for system administrators who wish to plan, design,
More informationOWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect
OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationD. L. Corbet & Assoc., LLC
Demystifying the Cloud OR Cloudy with a Chance of Data D. L. Corbet & Assoc., LLC thelinuxguy@donet.com Why 'The Cloud' Common Clouds Considerations and Risk Why 'The Cloud' Distributed Very Large / Very
More informationCloud Courses Description
Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment
More informationCyber Exploits: Improving Defenses Against Penetration Attempts
Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How
More informationQuick guide: Using the Cloud to support your business
Quick guide: Using the Cloud to support your business This Quick Guide is one of a series of information products targeted at small to medium sized enterprises (SMEs). It is designed to help businesses
More informationCyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
More informationModule 1: Facilitated e-learning
Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1
More informationCloud computing: benefits, risks and recommendations for information security
Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation
More informationCloud Courses Description
Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,
More informationHow To Understand Cloud Computing
CLOUD COMPUTING Jillian Raw Partner, Kennedys http://www.kennedys-law.com/jraw/ Cloud Computing- what they say about it the cloud will transform the information technology industry profoundly change the
More informationInformation Security for the Rest of Us
Secure Your Way Forward. AuditWest.com Information Security for the Rest of Us Practical Advice for Small Businesses Brian Morkert President and Chief Consultant 1 Introduction President Audit West IT
More informationThe Cloud, Virtualization, and Security
A Cloud: Large groups of remote servers that are networked to allow centralized, shared data storage and online access to computer services or resources A Cloud: Large groups of remote servers that are
More informationNew Risks in the New World of Emerging Technologies
New Risks in the New World of Emerging Technologies Victor Chu Client Technical Professional Identity, Security, and Compliance Management Software Group IBM Malaysia Risk it s NOT a four simple letter
More informationSecuring Office 365 with MobileIron
Securing Office 365 with MobileIron Introduction Office 365 is Microsoft s cloud-based productivity suite. It includes online versions of Microsoft s most popular solutions, like Exchange and SharePoint,
More informationBYOD: End-to-End Security
BYOD: End-to-End Security Alen Lo MBA(CUHK), BSc(HKU), CISA, CCP, CISSP, CISM, CEH IRCA Certified ISMS Lead Auditor, itsmf ISO 20000 Auditor Principal Consultant i-totalsecurity Consulting Limited alenlo@n2nsecurity.com
More informationPublic Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.
Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationUniversity of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template
University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative
More informationData Protection Act 1998. Bring your own device (BYOD)
Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...
More informationSecurityMetrics Vision whitepaper
SecurityMetrics Vision whitepaper 1 SecurityMetrics Vision: Network Threat Sensor for Small Businesses Small Businesses at Risk for Data Theft Small businesses are the primary target for card data theft,
More informationSecurity, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32
Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization
More informationEast African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?
East African Information Conference 13-14 th August, 2013, Kampala, Uganda Security and Privacy: Can we trust the cloud? By Dr. David Turahi Director, Information Technology and Information Management
More informationHARNESSING THE POWER OF THE CLOUD
HARNESSING THE POWER OF THE CLOUD Demystifying Cloud Computing Everyone is talking about the cloud nowadays. What does it really means? Indeed, cloud computing is the current stage in the Internet evolution.
More informationA SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS
A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS *Dr Umesh Sehgal, #Shalini Guleria *Associate Professor,ARNI School of Computer Science,Arni University,KathagarhUmeshsehgalind@gmail.com
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationDynamic Security for the Hybrid Cloud
Dynamic Security for the Hybrid Cloud Marc van Zadelhoff, VP Strategy, Marketing and Product Management, IBM Security Nataraj Nagaratnam, Distinguished Engineer and CTO Security Solutions, IBM Security
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationCloud Computing. Cloud Computing An insight in the Governance & Security aspects
Cloud Computing An insight in the Governance & Security aspects AGENDA Introduction Security Governance Risks Compliance Recommendations References 1 Cloud Computing Peter Hinssen, The New Normal, 2010
More informationCyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013
Cyber Security and Information Assurance Controls Prevention and Reaction 1 About Enterprise Risk Management Capabilities Cyber Security Risk Management Information Assurance Strategic Governance Regulatory
More informationOutline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages
Ivan Zapevalov 2 Outline What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages 3 What is cloud computing? 4 What is cloud computing? Cloud computing is the
More informationCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer
More informationElectronic Records Storage Options and Overview
Electronic Records Storage Options and Overview www.archives.nysed.gov Objectives Understand the options for electronic records storage, including cloud-based storage Evaluate the options best suited for
More informationCloud Infrastructure Security
Cloud Infrastructure Security Dimiter Velev 1 and Plamena Zlateva 2 1 University of National and World Economy, UNSS - Studentski grad, 1700 Sofia, Bulgaria dvelev@unwe.acad.bg 2 Institute of Control and
More informationMobile Security: The good, the bad, the way forward
Mobile Security: The good, the bad, the way forward Get the most out of HP s Mobility Protection Services Jan De Clercq, Felix Martin, HP TC, December, 2013 Today s Presenter Name Jan De Clercq Title &
More informationAbout me & Submission details
About me & Submission details Parveen Yadav Security Researcher aka Ethical Hacker. Working as a Freelancer. White Hat Hacking work. Few Recognitions :- Got listed my name in Google Hall of fame,amazon,paypal,adobe
More informationA Survey on Security Issues in Service Delivery Models of Cloud Computing
A Survey on Security Issues in Service Delivery Models of Cloud Computing { S. Subashini and V. Kavitha (2011) Presented by: Anthony Postiglione Outline Introduction What is Cloud Computing Pros/Cons of
More informationData Encryption in the cloud A Handy Guide
Data Encryption in the cloud A Handy Guide Table of Contents Introduction...01 Why Encryption is Different in the Cloud...02 Common Encryption Misconceptions Worth Rethinking...04 Encryption In Action
More informationHow Data-Centric Protection Increases Security in Cloud Computing and Virtualization
How Data-Centric Protection Increases Security in Cloud Computing and Virtualization Executive Overview Cloud services and virtualization are driving significant shifts in IT spending and deployments.
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationCLOUD SECURITY. Rafal Los. Renee Guttmann. Jason Clark SOLUTION PRIMER. Director, Information Security, Accuvant
CLOUD SECURITY Rafal Los Director, Information Security, Accuvant Renee Guttmann Vice President, Information Risk, Accuvant Jason Clark Chief Strategy and Security Officer, Accuvant Introduction As enterprises
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationGoals. What is Cloud Computing? 11/11/2010. Understand what cloud computing is and how. Understand the challenges and advantages of cloud computing
Goals Cloud Computing COMP755 Understand what cloud computing is and how it functions Understand the challenges and advantages of cloud computing Many slides were created by Peter Mell, Tim Grance of NIST
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationFileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.
FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution. In today s world the potential for ready access to data from virtually any device over any type of network connection creates
More informationThe Evolving Threat Landscape and New Best Practices for SSL
The Evolving Threat Landscape and New Best Practices for SSL sponsored by Dan Sullivan Chapter 2: Deploying SSL in the Enterprise... 16 Infrastructure in Need of SSL Protection... 16 Public Servers...
More informationThe Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.
The Magical Cloud Lennart Franked Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. 2014-10-20 Lennart Franked (MIUN IKS) The Magical Cloud 2014-10-20 1 / 35
More informationSecuring Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption
THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has
More informationWhat Cloud computing means in real life
ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)
More informationCloud Computing Phillip Hampton LogicForce Consulting, LLC
Phillip Hampton LogicForce Consulting, LLC New IT Paradigm What is? Benefits of Risks of 5 What the Future Holds 7 Defined...model for enabling ubiquitous, it convenient, ondemand network access to a shared
More informationIIABSC 2015 - Spring Conference
IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationA Survey on Cloud Security Issues and Techniques
A Survey on Cloud Security Issues and Techniques Garima Gupta 1, P.R.Laxmi 2 and Shubhanjali Sharma 3 1 Department of Computer Engineering, Government Engineering College, Ajmer Guptagarima09@gmail.com
More informationInternational Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: 2347-3622, Volume-1, Issue-5, February 2014
An Overview on Cloud Computing Services And Related Threats Bipasha Mallick Assistant Professor, Haldia Institute Of Technology bipasm@gmail.com Abstract. Cloud computing promises to increase the velocity
More informationHow to Grow and Transform your Security Program into the Cloud
How to Grow and Transform your Security Program into the Cloud Wolfgang Kandek Qualys, Inc. Session ID: SPO-207 Session Classification: Intermediate Agenda Introduction Fundamentals of Vulnerability Management
More informationEndpoint protection for physical and virtual desktops
datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become
More informationSECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING
SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING 1. K.SURIYA Assistant professor Department of Computer Applications Dhanalakshmi Srinivasan College of Arts and Science for Womren Perambalur Mail: Surik.mca@gmail.com
More informationCSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments
CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments Kelvin Ng Tao Yao Sing Heng Yiak Por Acknowledgeme nts Co-Chairs Kapil Raina, Zscaler Kelvin Ng, Nanyang
More informationPREVENTIA. Skyhigh Best Practices and Use cases. Table of Contents
PREVENTIA Forward Thinking Security Solutions Skyhigh Best Practices and Use cases. Table of Contents Discover Your Cloud 1. Identify all cloud services in use & evaluate risk 2. Encourage use of low-risk
More informationCloud Database Storage Model by Using Key-as-a-Service (KaaS)
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 4 Issue 7 July 2015, Page No. 13284-13288 Cloud Database Storage Model by Using Key-as-a-Service (KaaS) J.Sivaiah
More informationChris Boykin VP of Professional Services
5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing
More informationMobile and Personal Cloud Computing The Next Step in Cloud Computing
A Member of OneBeacon Insurance Group Mobile and Personal Cloud Computing The Next Step in Cloud Computing Author: Edgar Germer, Risk Control Specialist Published: November 2015 Executive Summary Cloud
More informationKeyword: Cloud computing, service model, deployment model, network layer security.
Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging
More informationCloud Security: An Independent Assessent
Cloud Security: An Independent Assessent A Quantix White Paper Dec 2010 Call us on: 0115 983 6200 Visit us on-line at: www.quantix-uk.com E-mail us at : enquiries@quantix-uk.com Why are people concerned
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationCloud & Security. Dr Debabrata Nayak Debu.nayak@huawei.com
Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com AGENDA General description of cloud Cloud Framework Top issues in cloud Cloud Security trend Cloud Security Infrastructure Cloud Security Advantages
More informationWhite Paper. Three Steps To Mitigate Mobile Security Risks
White Paper Three Steps To Mitigate Mobile Security Risks Bring Your Own Device Growth The Bring Your Own Device (BYOD) trend caught on with users faster than IT expected, especially as ios and Android
More information5 Critical Considerations for. Enterprise Cloud Backup
5 Critical Considerations for Enterprise Cloud Backup This guide is written for IT professionals who play a part in data protection and governance at their enterprises. It is meant to provide an initial
More informationProtecting Applications on Microsoft Azure against an Evolving Threat Landscape
Protecting Applications on Microsoft Azure against an Evolving Threat Landscape So, your organization has chosen to move to Office 365. Good choice. But how do you implement it? Find out in this white
More informationSecurity Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)
Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security
More informationNorth Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing
North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing Introduction ManTech Project Manager Mark Shaw, Senior Executive Director Cyber Security Solutions Division
More informationINCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe
INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN Albin Penič Technical Team Leader Eastern Europe Trend Micro 27 years focused on security software Headquartered
More informationnext generation privilege identity management
next generation privilege identity management Nowadays enterprise IT teams are focused on adopting and supporting newer devices, applications and platforms to address business needs and keep up pace with
More informationSolving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools
White Paper Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools Introduction The modern workforce is on the hunt for tools that help them get stuff done. When the technology
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationWhitePaper. Private Cloud Computing Essentials
Private Cloud Computing Essentials The 2X Private Cloud Computing Essentials This white paper contains a brief guide to Private Cloud Computing. Contents Introduction.... 3 About Private Cloud Computing....
More informationData Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
More information