How To Protect Your Cloud Computing Resources From Attack
|
|
- Magdalene Parrish
- 3 years ago
- Views:
Transcription
1 Security Considerations for Cloud Computing Steve Ouzman Security Engineer
2 AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary
3 Cloud Computing Overview The cloud model promotes availability and scalability and is composed of: - five essential characteristics - three service models - four deployment models.
4 Cloud Definition Deployment Models Private Cloud Hybrid Clouds Community Cloud Public Cloud Service Models Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Essential Characteristics On Demand Self-Service Broad Network Access Rapid Elasticity Resource Pooling Measured Service Common Characteristics Massive Scale Homogeneity Virtualization Low Cost Software Resilient Computing Geographic Distribution Service Orientation Advanced Security Based upon original chart created by Alex Dowbor -
5 Cloud Computing Security Considerations
6 Seven Security Considerations For Cloud Computing 1. Abuse of Cloud Computing Resources:- IaaS & PaaS platforms provide huge computing resources and can provide a very simple registration process to adopt. Eg. IaaS Offerings have hosted the Zeus Botnet, Infostealer trojan horses. 2. Insecure Interfaces and API s:- Cloud Providers expose a set of API for interacting customers to manage their data and interact with 3 rd party applications for integrations. These need strict controls. Eg. Anonymous access / re-usable passwords. Improper Authorizations.
7 Seven Security Considerations For Cloud Computing 3. Malicious Insiders:- Well known threat for most organizations. Threat amplified for consumers of cloud services by the convergence of IT Services under single management. 4. Shared Technology Issues:- IaaS and some SaaS vendors deliver their services in a scalable way by sharing resources. Multi-tenant environment share hardware resources through hypervisors / virtualization and can expose the underlying operating system.
8 Seven Security Considerations For Cloud Computing 5. Data Loss or Leakage:- Many ways to compromise data. Deletion / Alteration of records without backup. Loss of encryption key. Insufficient authorization controls. Eg. Insufficient AAA controls, Encryption of sensitive data in transit and at rest. 6. Account or Service Hijacking:- Not a new concept. Phishing, fraud and exploitation of software vulnerabilities still achieve results. Attackers could eavesdrop on your activities and transactions and manipulate data.
9 Seven Security Considerations For Cloud Computing 7. Unknown Risk Profile:- The benefits of using cloud computing resources should be measures against the security concerns. Versions of software, code updates, security practices, vulnerability profiles and security design of the cloud vendor must be understood. Furthermore legal jurisdiction and local legislation requirements need to be considered Eg. EU Privacy Laws, PCI Compliance, HIPAA etc.
10 Cloud Security Reference Sites ENISA:- cloud-computing-risk-assessment Cloud Security Alliance:- Jericho Forum
11 ServiceNow Security Overview
12 Security Program Security Program based on ISO Security Policies and Standards directly map to ISO controls We support customers regulatory requirements: PCI, SOX, FDA, HIPAA, NIST Risk based, data-centric approach
13 Data Location and Data Isolation Customer data ONLY exists in assigned Primary and Secondary secured datacenter No data processed/stored in business offices No data stored/processed on laptops/desktops Dedicated physical server option (additional cost) Hot DR site with asynchronous replication
14 Disaster Recovery Asynchronous data replication between primary and secondary datacenter Replicated backup files Coordinated DR testing (typically 4-7 minutes for failover and restored operations) Two Service-now.com DR drills per year Annual Business Impact Analysis
15
16 Datacenter Security Controls All internet connections terminate in DMZ Explicit network and host-based firewall rules RSA Two-Factor authentication for all administrator access QualysGuard for Vulnerability Management Centralized audit logging using Splunk TippingPoint IPS Sensors (blocking mode)
17 Penetration Testing Nightly QualysGuard Port Maps Bi-monthly Perimeter Scans using QualysGuard Integrated WhiteHat Security Application Penetration Testing Any given month: three customer initiated penetration tests in progress. Annual comprehensive Security Penetration Testing
18 Application Security Features LDAP/S and SAML Single Sign-On Integration Options Full encryption for data in motion (SSL, TLS, S/FTP) Column Level Encryption Full Support of Users/Groups/Roles Full Access Control List Support: Application, Module, Table, column, row Contextual Security Model
19 Demo Research Request Info demo.service-now.com
Cloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationCloud Computing: What needs to Be Validated and Qualified. Ivan Soto
Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data
More informationOWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect
OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud
More informationCloud Security Who do you trust?
Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud
More informationD. L. Corbet & Assoc., LLC
Demystifying the Cloud OR Cloudy with a Chance of Data D. L. Corbet & Assoc., LLC thelinuxguy@donet.com Why 'The Cloud' Common Clouds Considerations and Risk Why 'The Cloud' Distributed Very Large / Very
More informationCLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM
CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationStrategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security
Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities
More informationNew Risks in the New World of Emerging Technologies
New Risks in the New World of Emerging Technologies Victor Chu Client Technical Professional Identity, Security, and Compliance Management Software Group IBM Malaysia Risk it s NOT a four simple letter
More informationEast African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?
East African Information Conference 13-14 th August, 2013, Kampala, Uganda Security and Privacy: Can we trust the cloud? By Dr. David Turahi Director, Information Technology and Information Management
More informationCloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
More informationSecurity Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)
Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationCloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter
Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute
More information10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns
BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationyvette@yvetteagostini.it yvette@yvetteagostini.it
1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationCloud Security Who do you trust?
Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud
More informationSTORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM
STORAGE SECURITY TUTORIAL With a focus on Cloud Storage Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members
More informationCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer
More informationSecurity & Trust in the Cloud
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
More informationKeyLock Solutions Security and Privacy Protection Practices
KeyLock Solutions Overview KeyLock Solutions hosts its infrastructure at Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationCloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5. www.kc-class.eu
Cloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5 www.kc-class.eu 1 1 Outline Cloud computing General overview Deployment and service models Security issues Threats
More informationCloud and Security (Cloud hacked via Cloud) Lukas Grunwald
Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald About DN-Systems Global Consulting and Technology Services Planning Evaluation Auditing Operates own Security Lab Project Management Integral
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationInfrastructure as a Service (IaaS) Dancik International and Peak 10
Infrastructure as a Service (IaaS) Dancik International and Peak 10 Infrastructure as a Service Monty Blight, Peak 10 Data Center & Network Services Cloud Services Managed Services Agenda 1. Who is Peak
More informationOverview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
More informationThe Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing
Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?
More informationCloud Security: An Independent Assessent
Cloud Security: An Independent Assessent A Quantix White Paper Dec 2010 Call us on: 0115 983 6200 Visit us on-line at: www.quantix-uk.com E-mail us at : enquiries@quantix-uk.com Why are people concerned
More informationTop 10 Cloud Risks That Will Keep You Awake at Night
Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com
More informationCan SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations
Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations Topics What is SaaS? How does SaaS differ from managed hosting? Advantages of SaaS
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationIT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011
IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 Cloud Basics Cloud Basics The interesting thing about cloud computing is that we've redefined cloud computing to include everything
More informationCloud Storage Security with a Focus on CDMI. Eric A. Hibbard, CISSP, CISA, ISSAP, ISSMP, ISSEP, SCSE Hitachi Data Systems
Cloud Storage Security with a Focus on CDMI Eric A. Hibbard, CISSP, CISA, ISSAP, ISSMP, ISSEP, SCSE Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted by the
More informationThe Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.
The Magical Cloud Lennart Franked Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. 2014-10-20 Lennart Franked (MIUN IKS) The Magical Cloud 2014-10-20 1 / 35
More informationFACING SECURITY CHALLENGES
24 July 2013 TimeTec Cloud Security FACING SECURITY CHALLENGES HEAD-ON - by Mr. Daryl Choo, Chief Information Officer, FingerTec HQ Cloud usage and trend Cloud Computing is getting more common nowadays
More informationA Survey on Cloud Security Issues and Techniques
A Survey on Cloud Security Issues and Techniques Garima Gupta 1, P.R.Laxmi 2 and Shubhanjali Sharma 3 1 Department of Computer Engineering, Government Engineering College, Ajmer Guptagarima09@gmail.com
More informationSecurity Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken )
23.11.2015 Jan Philipp Manager, Cyber Risk Services Enterprise Architect Security Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken ) Purpose today Introduction» Who I am
More informationPublic Cloud Security: Surviving in a Hostile Multitenant Environment
Public Cloud Security: Surviving in a Hostile Multitenant Environment SESSION ID: EXP-R01 Mark Russinovich Technical Fellow Windows Azure, Microsoft @markrussinovich The Third Computing Era Security Could
More informationCloud Computing: Risks and Auditing
IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG
More informationNetwork Access Control and Cloud Security
Network Access Control and Cloud Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationAHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS
AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals
More informationAddressing Security for Hybrid Cloud
Addressing Security for Hybrid Cloud Sreekanth Iyer Executive IT Architect IBM Cloud (CTO Office) Email : sreek.iyer@in.ibm.com Twitter: @sreek Blog: http://ibm.co/sreek July 18, 2015 Cloud is rapidly
More informationCloud Infrastructure Security
Cloud Infrastructure Security Dimiter Velev 1 and Plamena Zlateva 2 1 University of National and World Economy, UNSS - Studentski grad, 1700 Sofia, Bulgaria dvelev@unwe.acad.bg 2 Institute of Control and
More informationPortWise Access Management Suite
Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s
More informationCloud Computing. Benefits and Risks. Bill Wells, CISSP, CISM, CISA, CRISC, CIPP/IT bill.wells@transamerica.com
Cloud Computing Benefits and Risks Bill Wells, CISSP, CISM, CISA, CRISC, CIPP/IT bill.wells@transamerica.com 10/3/2012 1 Let s make sure we re all talking about the same thing. WHAT IS CLOUD COMPUTING?
More informationUnmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems
Eric A. Hibbard, CISSP, CISA Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies and individual members may
More informationInternational Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: 2347-3622, Volume-1, Issue-5, February 2014
An Overview on Cloud Computing Services And Related Threats Bipasha Mallick Assistant Professor, Haldia Institute Of Technology bipasm@gmail.com Abstract. Cloud computing promises to increase the velocity
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationTENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4
TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6 TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4 Cloud services (Data Centre) and related Functional requirement Cloud services as a Control
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationTufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts.
Tufts University Department of Computer Science COMP 116 Introduction to Computer Security Fall 2014 Final Project Investigating Security Issues in Cloud Computing Guocui Gao Guocui.gao@tufts.edu Mentor:
More informationSecurity in the Green Cloud
Security in the Green Cloud Smart and Green infrastructure symposium 2011 Prague May 19 th 2011 Steinthor Bjarnason sbjarnas@cisco.com 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
More informationSERENA SOFTWARE Serena Service Manager Security
SERENA SOFTWARE Serena Service Manager Security 2014-09-08 Table of Contents Who Should Read This Paper?... 3 Overview... 3 Security Aspects... 3 Reference... 6 2 Serena Software Operational Security (On-Demand
More informationWhy SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?
SaaS vs. COTS Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? Unlike COTS solutions, SIMCO s CERDAAC is software that is offered as a service (SaaS). This offers several
More informationSMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales
SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,
More informationInformation Technology: This Year s Hot Issue - Cloud Computing
Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.
More informationIt ain t all fluffy and blue sky out there!
It ain t all fluffy and blue sky out there! Who s this guy? Ward Spangenberg, Director of Security Operations, Zynga Game Network No - I won t whack the Petville boss who just broke into your cafe and
More informationSecuring SaaS Applications: A Cloud Security Perspective for Application Providers
P a g e 2 Securing SaaS Applications: A Cloud Security Perspective for Application Providers Software as a Service [SaaS] is rapidly emerging as the dominant delivery model for meeting the needs of enterprise
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationTOP THREATS IN CLOUD COMPUTING
TOP THREATS IN CLOUD COMPUTING Pooja Sharma 1, Rajkumar Singh Rathore 2 1 PG Scholar, Masters of Technology, Galgotias College of Engineering and Technology, Greater Noida (India) 2 Assistant Professor,
More informationSecurity Threat Risk Assessment: the final key piece of the PIA puzzle
Security Threat Risk Assessment: the final key piece of the PIA puzzle Curtis Kore, Information Security Analyst Angela Swan, Director, Information Security Agenda Introduction Current issues The value
More informationModule 1: Facilitated e-learning
Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1
More informationCloud & Security. Dr Debabrata Nayak Debu.nayak@huawei.com
Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com AGENDA General description of cloud Cloud Framework Top issues in cloud Cloud Security trend Cloud Security Infrastructure Cloud Security Advantages
More informationINTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS
INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing
More informationData Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
More informationA Review : Security Framework Information Technology for University Based on Cloud Computing. E.S. Negara, R. Andryani
ICIBA 2014, the Third International Conference on Information Technology and Business Aplication Palembang-Indonesia, 20-21 February 2014 A Review : Security Framework Information Technology for University
More informationClouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst
Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment
More informationGoals. What is Cloud Computing? 11/11/2010. Understand what cloud computing is and how. Understand the challenges and advantages of cloud computing
Goals Cloud Computing COMP755 Understand what cloud computing is and how it functions Understand the challenges and advantages of cloud computing Many slides were created by Peter Mell, Tim Grance of NIST
More informationPublic Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.
Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value
More informationIs it Time to Trust the Cloud? Unpacking the Notorious Nine
Is it Time to Trust the Cloud? Unpacking the Notorious Nine Jonathan C. Trull, CISO, Qualys Cloud Security Alliance Agenda Cloud Security Model Background on the Notorious Nine Unpacking the Notorious
More informationCAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST
CENTER FOR ADVANCED SECURITY TRAINING 618 Designing and Implementing Cloud Security About EC-Council Center of Advanced Security Training () The rapidly evolving information security landscape now requires
More informationAnypoint Platform Cloud Security and Compliance. Whitepaper
Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationBUSINESS MANAGEMENT SUPPORT
BUSINESS MANAGEMENT SUPPORT Business disadvantages using cloud computing? Author: Maikel Mardjan info@bm-support.org 2010 BM-Support.org Foundation. All rights reserved. EXECUTIVE SUMMARY Cloud computing
More informationTable of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
More informationSECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING
SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING 1. K.SURIYA Assistant professor Department of Computer Applications Dhanalakshmi Srinivasan College of Arts and Science for Womren Perambalur Mail: Surik.mca@gmail.com
More informationCloud Computing: Compliance and Client Expectations
Cloud Computing: Compliance and Client Expectations February 15, 2012 MOSS ADAMS LLP 1 TODAY S PRESENTERS Moderator Kevin Villanueva, CPA, CISA, CISM, CITP, CRISC Sr. Manager, Infrastructure and Security
More informationCompTIA Cloud+ 9318; 5 Days, Instructor-led
CompTIA Cloud+ 9318; 5 Days, Instructor-led Course Description The CompTIA Cloud+ certification validates the knowledge and best practices required of IT practitioners working in cloud computing environments,
More informationWhat Cloud computing means in real life
ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationCloud models and compliance requirements which is right for you?
Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,
More informationCompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:
CompTIA Cloud+ Length: 5 Days Who Should Attend: Project manager, cloud computing services Cloud engineer Manager, data center SAN Business analyst, cloud computing Summary: The CompTIA Cloud+ certification
More informationGoodData Corporation Security White Paper
GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share
More informationSecurity & Cloud Services IAN KAYNE
Security & Cloud Services IAN KAYNE CloudComponents CLOUD SERVICES Dynamically scalable infrastructure, services and software based on broad network accessibility NETWORK ACCESS INTERNAL ESTATE CloudComponents
More informationHow To Secure Cloud Computing
A hole in the cloud: Is cloud secure? N. Vijaykumar Infosys Technologies Limited, Bangalore presented at Security in cloud is a key challenge! 70% 60% 50% 40% 30% 20% 10% 0% Data integrity tampering Hacker
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationRisks and Challenges
Cloud and Mobile Security: Risks and Challenges Chong Sau Wei (CISM) chong@scan associates.net General Manager Managed Security Services SCAN Associates Berhad Seminar e Kerajaan Negeri Pulau Pinang 14
More informationSecuring the Cloud through Comprehensive Identity Management Solution
Securing the Cloud through Comprehensive Identity Management Solution Millie Mak Senior IT Specialist What is Cloud Computing? A user experience and a business model Cloud computing is an emerging style
More information