Securing Your Data In The Cloud: an insiders perspective

Size: px
Start display at page:

Download "Securing Your Data In The Cloud: an insiders perspective"

Transcription

1 Securing Your Data In The Cloud: an insiders perspective

2 INTRODUCTION As the increasing use of cloud computing and other technologies is changing the world of data management, keeping your data private and secure is an ongoing concern for everyone. Memset, a cloud computing Infrastructure as a Service (IaaS) provider gives an insider s perspective on what you should be doing to keep your data safe. ISTHEREASECURITYTHREAT? As you move data to the cloud there are many different challenges. Applications have to be designed differently. Security gets pushed further and further away from perimeter-based approaches. Security threats change when data moves to the cloud, with threats from the network or from the provider s personnel being more pertinent than concerns over physical attack. However, it need not be a big concern, you just need to apply the same common sense you would to sourcing any other service. Ask questions about your prospective cloud supplier; Are they financially sound? Do they have good security procedures in place? Is the infrastructure your data will be on shared with lots of other users, or will it be in its own virtual or dedicated environment? WHOTOTRUST? Up until the existence of cloud computing the norm was to trust the IT department internally. Now that the IT department is outsourced people are asking the right questions about IT security. The focus must be on the security processes and procedures rather than the physical perimeter around the data storage devices. In many ways using the cloud can be much safer than hosting data on your own systems in your own building since a putative attacker no longer knows where to look. Even if, somehow, an individual were able to breach the heavy physical security of our data centres, they would be faced with thousands of identical-looking machines and no way of identifying their target. The most likely source of data theft is always from within an organisation, therefore for data management when it is not on your own systems, it comes down to trust. Just as if it were hosted on a computer in your office, then you need to trust everyone who has access to that machine, so if outsourcing to the cloud you need to trust the organisation that has access to the underlying infrastructure. Look for companies that have appropriate certifications like ISO27001 (as a minimum), and ask them about how they regulate and monitor their systems administrators' access to servers holding client data. THREATSFROMTHENETWORK The other increasingly common source of attacks on cloud-based services is via the network itself. This can be greatly mitigated with good firewall systems, and if your services only need be accessed from a small number of office locations then the firewall should restrict access to only those IP addresses. That can prevent the helpful feature of universal access, however, so it may not be practical, but even then firewalling is important. Talk to the provider and they should be able to advise you. For public-facing services there is also the danger of Distributed Denial of Service attack (ddos), where servers are flooded with millions of bogus requests from hacked computers (a bot-net ). Most providers should have a system for automatically detecting and blocking the

3 source of such attacks, so ask them, but in cases where the attack is massively distributed the only defence is to have more bandwidth than the attackers, which means you need to be using an operator with large scale. CONFIDENTIALITY Confidentiality is a major question to ask your cloud hosting provider. Having the right tools in place to ensure that confidentiality is also being maintained is critical. So, some questions would be: What mechanism do you have to protect and securely deliver logs? What are you actually able to log? What activity are you recording within your cloud? Can the integrity of those logs be proven regardless of when and where they are sent? BACKUPS&DATARESILIENCE When entrusting a cloud provider to look after your data it is essential to ensure that there is adequate resilience in their storage systems. At a minimum they should be using RAID (Redundant Array of Independent Disks) systems, but most cloud storage providers will store multiple copies of your data across many independent machines. Memset s cloud storage solution stores all data in triplicate, for example. Most providers will offer additional backup services, and these should certainly be considered when operating cloud based applications so that in the event of a serious hardware failure you can roll back to an earlier state. Also ask the provider what their normal restore times are. Finally, as we have seen with the recent failure of Amazon s Simple Storage Service, which included irrecoverable loss of some customer data, sometimes it is not enough to trust one provider. To help overcome this problem there are tools that allow you to use one cloud storage provider to backup another, as with Memset s cloud backup service. WHEREISYOURDATABEINGSTORED? Although pushing data into the cloud is proving increasingly attractive for many organisations, there's a growing realisation that geographic considerations remain important. While the overriding concept of cloud involves the decoupling of data and applications from the underlying hardware on which they reside, knowing where that hardware is located can be vitally important. For reasons of security, legal jurisdiction and privacy, many organisations are obliged to be aware where sensitive data is stored. For British companies, data may need to be stored within UK borders for data protection purposes. For the majority of UK public sector IT requirements the data absolutely must remain within national boundaries. THEPATRIOTACT Any data which is housed, stored or processed by a company, which is a U.S. based company or is wholly owned by a U.S. parent company, is vulnerable to interception and inspection by U.S. authorities. Microsoft has recently admitted that any EU-stored data, held in their EU-data centres, is subject to the US Patriot Act as Microsoft is a US headquartered company.

4 If you don't want your data subject to the PATRIOT Act, then you have to use a non-us based company, in addition to a non-us data centre, for storing your data. WHOCONTROLSYOURDATA? One risk with Software as a Service (SaaS) is that all your eggs are effectively in one basket, and if something goes wrong with that one provider you could face serious challenges. Memset s approach is to disintegrate the stack enabling you to be able to move your software from one place to another. A typical example of this is using third party open source solutions to deliver hosted software services on their infrastructure. That way if the software provider fails you can still get to the data, and if the hosting company fails (assuming you have good backups) the software company can help you transfer to a new host. DATASEGREGATION Many SaaS providers are essentially running one application for thousands (or many more) client organisations, with their data commingling on the same infrastructure and in the same databases separated only by the software itself. This presents a potential security risk, since if there is a flaw in the provider's code it could be exploited to allow access to other customers' data. For some services this may not be a problem, but for critical company or personal data it may be advisable to obtain additional segregation. Memset's stack disintegration approach solves this problem also. By using open source solutions (eg. Zimbra for Web or Trac for integrated project management and Wiki), each hosted on virtual or dedicated servers dedicated to just one client, there are additional layers of segregation between the software instances, thus providing greater security. While many SaaS solution's code bases are not heavily tested, network and virtual machine segregation is very robust. DATAPORTABILITY You also need to think about data portability; the ability to be able to reuse your data across interoperable applications. When weighing up SaaS suppliers, see if they have a portability policy. Where a privacy policy discloses what a company can do with your data, a portability policy discloses how a user can access and transfer their own data once it s stored with that company. For IaaS providers this is normally a given, since they are just providing the infrastructure and you are able to extract the data as and when you wish at a root level. MIGRATINGOUT Once you re clear on who has your data, where that data is held, what they are doing with it and how they are protecting it, you also need to establish what procedures are in place to allow you to migrate your data out. Key characteristics to look for include: a clearly defined and established procedure for data migration low or no cost for migration data can be extracted in a meaningful, useful form for immediate re-use For SaaS providers, look for an API or tools to download your data in a meaningful context. This could be as simple as a widget to download a CSV file (like with Google Contacts), or it might be a fully-fledged XML API. Failing that, and if taking the stack disintegration approach, ensure that the database in which the information is stored is transparent and well-documented. It is frequently not in a SaaS provider's interest to make data portability easy though, so this can be a difficult item.

5 MITIGATERISKWITHCLEARSLAs As with any service provider contract, you should negotiate clear SLAs for your cloud provider. These should include, but not be limited to, clear metrics around performance (both networking and computing), provisioning, change management, patching and vulnerability remediation. To ensure your data is safe in the cloud at all times, make sure you think about the following: Who has your data Where that data is held What they are doing with it How they are protecting it CONCLUSION In summary, the cloud is, and will continue to be, a critical part of many companies IT strategy so must it therefore be considered in their security policies. This role is likely to grow as a raft of new services are developed and commercialised and users level of familiarity and comfort with this approach to service delivery develops and grows. But it is also likely that the most effective network security strategies will be a hybrid model that takes the best that the cloud has to offer and combines it with the skills and focus of experts working on the ground.

Cloud Computing Security Considerations

Cloud Computing Security Considerations Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction

More information

Data Security Policy THE CTA. Guardian Electrical Solutions Ltd DATA SECURITY POLICY. Reviewed and approved by the Company Secretary Richard Roebuck

Data Security Policy THE CTA. Guardian Electrical Solutions Ltd DATA SECURITY POLICY. Reviewed and approved by the Company Secretary Richard Roebuck THE Data Security Policy CTA Reviewed and approved by the Company Secretary Richard Roebuck Signed 04/01/2013 INDEX SECTION DESCRIPTION 1.0 INTRODUCTION 2.0 AND ARRANGEMENTS 3.0 MONITORING THE SECURITY

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

Cloud Service Rollout. Chapter 9

Cloud Service Rollout. Chapter 9 Cloud Service Rollout Chapter 9 Cloud Service Topics Cloud service rollout plans vary depending on the type of cloud service SaaS, PaaS, or IaaS and the vendor. Unit Topics Identifying vendor roles and

More information

Cloud Computing Risks & Reality. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com

Cloud Computing Risks & Reality. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com Cloud Computing Risks & Reality Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com What is Cloud Security The quality or state of being secure to be free from danger & minimize risk To be protected from

More information

Security and Privacy in Cloud Computing. Molnár Bálint(GKK4ZF) Biztonságos e-kereskedelem alapjai

Security and Privacy in Cloud Computing. Molnár Bálint(GKK4ZF) Biztonságos e-kereskedelem alapjai Security and Privacy in Cloud Computing Molnár Bálint(GKK4ZF) Biztonságos e-kereskedelem alapjai Content What is Cloud Computing? Type of service offered throught cloud Infrastructure Security Network

More information

Buyer s Guide. Buyer s Guide to Secure Cloud. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.net

Buyer s Guide. Buyer s Guide to Secure Cloud. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.net Buyer s Guide to Secure Cloud Buyer s Guide to Secure Cloud An executive guide to outsourcing IT infrastructure and data storage using Private Cloud as the foundation. Executives derive much confidence

More information

Cloud Computing for SCADA

Cloud Computing for SCADA Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry

More information

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways

More information

Cloud Security: An Independent Assessent

Cloud Security: An Independent Assessent Cloud Security: An Independent Assessent A Quantix White Paper Dec 2010 Call us on: 0115 983 6200 Visit us on-line at: www.quantix-uk.com E-mail us at : enquiries@quantix-uk.com Why are people concerned

More information

Assessing, Evaluating and Managing Cloud Computing Security

Assessing, Evaluating and Managing Cloud Computing Security Assessing, Evaluating and Managing Cloud Computing Security S.SENTHIL KUMAR 1, R.KANAKARAJ 2 1,2 ASSISTANT PROESSOR, DEPARTMENT OF COMMERCE WITH COMPUTER APPLICATIONS Dr.SNS RAJALAKSHMI COLLEGE OF ARTS

More information

Addressing Cloud Computing Security Considerations

Addressing Cloud Computing Security Considerations Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information

Cloud computing: benefits, risks and recommendations for information security

Cloud computing: benefits, risks and recommendations for information security Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation

More information

The Education Fellowship Finance Centralisation IT Security Strategy

The Education Fellowship Finance Centralisation IT Security Strategy The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

CLOUD COMPUTING GUIDELINES FOR LAWYERS

CLOUD COMPUTING GUIDELINES FOR LAWYERS INTRODUCTION Legal practices are increasingly using cloud storage and software systems as an alternative to in-house data storage and IT programmes. The cloud has a number of advantages particularly flexibility

More information

Ensuring security the last barrier to Cloud adoption

Ensuring security the last barrier to Cloud adoption Ensuring security the last barrier to Cloud adoption Publication date: March 2011 Ensuring security the last barrier to Cloud adoption Cloud computing has powerful attractions for the organisation. It

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

EXIN Cloud Computing Foundation

EXIN Cloud Computing Foundation EXIN Cloud Computing Foundation Sample exam Edition 201606 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing system

More information

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4 TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6 TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4 Cloud services (Data Centre) and related Functional requirement Cloud services as a Control

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

CLOUD COMPUTING SECURITY CONCERNS

CLOUD COMPUTING SECURITY CONCERNS CLOUD COMPUTING SECURITY CONCERNS ABSTRACT ASMA GULAM MOHAMED Saveetha School of Engineering Cloud computing is set of resources including data storage, programs and hardware offered through the Internet.

More information

whitepaper Cloud Servers: New Risk Considerations

whitepaper Cloud Servers: New Risk Considerations whitepaper Cloud Servers: New Risk Considerations Overview...2 Cloud Servers Attract e-criminals...2 Servers Have More Exposure in the Cloud...3 Cloud Elasticity Multiplies Attackable Surface Area...3

More information

Can security conscious businesses really adopt the Cloud safely?

Can security conscious businesses really adopt the Cloud safely? Can security conscious businesses really adopt the Cloud safely? January 2014 1 Phone: 01304 814800 Fax: 01304 814899 info@ Contents Executive overview The varied Cloud security landscape How risk assessment

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential

More information

Keyfort Cloud Services (KCS)

Keyfort Cloud Services (KCS) Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

Cloud Security Who do you trust?

Cloud Security Who do you trust? Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud

More information

security in the cloud White Paper Series

security in the cloud White Paper Series security in the cloud White Paper Series 2 THE MOVE TO THE CLOUD Cloud computing is being rapidly embraced across all industries. Terms like software as a service (SaaS), infrastructure as a service (IaaS),

More information

The Magazine for IT Security. May 2010. issue 3. sör alex / photocase.com

The Magazine for IT Security. May 2010. issue 3. sör alex / photocase.com The Magazine for IT Security May 2010 sör alex / photocase.com free digital version made in Germany issue 3 Luiz Fotolia.com Clouds or storm clouds? Cloud Computing Security by Javier Moreno Molinero Gradually,

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Contracting for Cloud Computing

Contracting for Cloud Computing Contracting for Cloud Computing Geofrey L Master Mayer Brown JSM Partner +852 2843 4320 geofrey.master@mayerbrownjsm.com April 5th 2011 Mayer Brown is a global legal services organization comprising legal

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Cloud Courses Description

Cloud Courses Description Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

Assessing Risks in the Cloud

Assessing Risks in the Cloud Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research

More information

KeyLock Solutions Security and Privacy Protection Practices

KeyLock Solutions Security and Privacy Protection Practices KeyLock Solutions Overview KeyLock Solutions hosts its infrastructure at Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout

More information

Cloud-Security: Show-Stopper or Enabling Technology?

Cloud-Security: Show-Stopper or Enabling Technology? Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics

More information

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding

More information

Recommendations and Considerations for Companies Migrating to the Cloud

Recommendations and Considerations for Companies Migrating to the Cloud Recommendations and Considerations for Companies Migrating to the Cloud White Paper May 2012 Colocation Connectivity Cloud Communications Introduction As organisations think about moving to the cloud,

More information

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013 SRG Security Services Technology Report Cloud Computing and Drop Box April 2013 1 Cloud Computing In the Industry Introduction to Cloud Computing The term cloud computing is simply the use of computing

More information

Data In The Cloud: Who Owns It, and How Do You Get it Back?

Data In The Cloud: Who Owns It, and How Do You Get it Back? Data In The Cloud: Who Owns It, and How Do You Get it Back? Presented by Dave Millier, Soban Bhatti, and Oleg Sotnikov 2013 Sentry Metrics Inc. Agenda Reasons for Cloud Adoption How Did My Data Get There?

More information

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Char Sample Security Engineer, Carnegie Mellon University CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk

More information

Why You Should Consider the Cloud

Why You Should Consider the Cloud INTERSYSTEMS WHITE PAPER Why You Should Consider the Cloud In 2014, we ll see every major player make big investments to scale up Cloud, mobile, and big data capabilities, and fiercely battle for the hearts

More information

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise

More information

Securing the Physical, Virtual, Cloud Continuum

Securing the Physical, Virtual, Cloud Continuum Securing the Physical, Virtual, Cloud Continuum By Ted Ritter, CISSP Senior Research Analyst Executive Summary The data center is undergoing a radical shift, from virtualization towards internal cloud

More information

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future. Web Filtering Email Filtering Mail Archiving Cloud Backup Disaster Recovery Virtual Machines Private Cloud itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your

More information

Demystifying Cloud Computing Graham McLean

Demystifying Cloud Computing Graham McLean Whitepaper Demystifying Cloud Computing Graham McLean Link-Connect Services Ltd Frensham House Farnham Business Park Weydon Lane, Farnham Surrey, GU9 8QT Page 1 LC-CC White Paper (V1.3) April 2014 Page

More information

Building Secure Cloud Applications. On the Microsoft Windows Azure platform

Building Secure Cloud Applications. On the Microsoft Windows Azure platform Building Secure Cloud Applications On the Microsoft Windows Azure platform Contents 1 Security and the cloud 3 1.1 General considerations 3 1.2 Questions to ask 3 2 The Windows Azure platform 4 2.1 Inside

More information

QuickBooks Online: Security & Infrastructure

QuickBooks Online: Security & Infrastructure QuickBooks Online: Security & Infrastructure May 2014 Contents Introduction: QuickBooks Online Security and Infrastructure... 3 Security of Your Data... 3 Access Control... 3 Privacy... 4 Availability...

More information

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,

More information

WHY ALL CLOUDS ARE NOT CREATED EQUAL ENTERPRISE CLOUD, PUBLIC CLOUD, CARRIER CLOUD

WHY ALL CLOUDS ARE NOT CREATED EQUAL ENTERPRISE CLOUD, PUBLIC CLOUD, CARRIER CLOUD WHY ALL CLOUDS ARE NOT CREATED EQUAL ENTERPRISE CLOUD, PUBLIC CLOUD, CARRIER CLOUD STRATEGIC WHITE PAPER Cloud computing technology brings an unprecedented level of independence and liberation in deploying

More information

Document title. Using Cloud Based Storage Services. Introduction

Document title. Using Cloud Based Storage Services. Introduction Document title ICE s Geospatial Engineering Panel has published a series of reports concerned with various subjects such as A civil engineers guide to GPS and GNSS and many others. Designed to be both

More information

Cloud Security Who do you trust?

Cloud Security Who do you trust? Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud

More information

Trust issues. 68 Computer News Middle East november 2014 www.cnmeonline.com

Trust issues. 68 Computer News Middle East november 2014 www.cnmeonline.com Trust issues Storing data in the public cloud can be both convenient and cost-effective. However, shared access to stored information can be a nerve-wracking prospect for some users. Vendors can do some

More information

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS? What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software

More information

Security & Trust in the Cloud

Security & Trust in the Cloud Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer

More information

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical

More information

Cloud Computing - Starting Points for Privacy and Transparency

Cloud Computing - Starting Points for Privacy and Transparency Computing - Starting Points for Privacy and Transparency Ina Schiering Ostfalia University of Applied Science Wolfenbüttel, Germany IFIP Summerschool: Privacy and Identity Management for Life, Helsingborg,

More information

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it The Cloud Threat Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it This white paper outlines the concerns that often prevent midsized enterprises from taking advantage of the Cloud.

More information

Cloud Computing in a Government Context

Cloud Computing in a Government Context Cloud Computing in a Government Context Introduction There has been a lot of hype around cloud computing to the point where, according to Gartner, 1 it has become 'deafening'. However, it is important

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

Cloud Courses Description

Cloud Courses Description Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,

More information

How Data-Centric Protection Increases Security in Cloud Computing and Virtualization

How Data-Centric Protection Increases Security in Cloud Computing and Virtualization How Data-Centric Protection Increases Security in Cloud Computing and Virtualization Executive Overview Cloud services and virtualization are driving significant shifts in IT spending and deployments.

More information

A Survey on Security Issues in Service Delivery Models of Cloud Computing

A Survey on Security Issues in Service Delivery Models of Cloud Computing A Survey on Security Issues in Service Delivery Models of Cloud Computing { S. Subashini and V. Kavitha (2011) Presented by: Anthony Postiglione Outline Introduction What is Cloud Computing Pros/Cons of

More information

A Brave. Who Owns Security in the Cloud? A Trend Micro Opinion Piece. February 2011. Written by Dave Asprey VP Cloud Security

A Brave. Who Owns Security in the Cloud? A Trend Micro Opinion Piece. February 2011. Written by Dave Asprey VP Cloud Security A Brave Who Owns Security in the Cloud? A Trend Micro Opinion Piece February 2011 Written by Dave Asprey VP Cloud Security I. WHO OWNS SECURITY IN THE CLOUD? Cloud computing is the technology buzzword

More information

International Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: 2347-3622, Volume-1, Issue-5, February 2014

International Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: 2347-3622, Volume-1, Issue-5, February 2014 An Overview on Cloud Computing Services And Related Threats Bipasha Mallick Assistant Professor, Haldia Institute Of Technology bipasm@gmail.com Abstract. Cloud computing promises to increase the velocity

More information

Cloud Security Specialist Certification Self-Study Kit Bundle

Cloud Security Specialist Certification Self-Study Kit Bundle Cloud Security Specialist Certification Bundle CloudSchool.com CLOUD CERTIFIED Technology Professional This certification bundle provides you with the self-study materials you need to prepare for the exams

More information

Emerging Approaches in a Cloud-Connected Enterprise: Containers and Microservices

Emerging Approaches in a Cloud-Connected Enterprise: Containers and Microservices Emerging Approaches in a -Connected Enterprise: Containers and Microservices Anil Karmel Co-Founder and CEO, C2 Labs Co-Chair, NIST Security Working Group akarmel@c2labs.com @anilkarmel Emerging Technologies

More information

THE BLUENOSE SECURITY FRAMEWORK

THE BLUENOSE SECURITY FRAMEWORK THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2 DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing Slide 1 Slide 3 A style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet.

More information

Whitepaper: Cloud Computing for Credit Unions

Whitepaper: Cloud Computing for Credit Unions Whitepaper: Cloud Computing for Credit Unions A new twist on an old strategy MYCU SERVICES December 29, 2011 Authored by: Lingle, Linda Table of Contents Introduction... 2 Cloud Providers... 3 Cloud Components...

More information

Keyword: Cloud computing, service model, deployment model, network layer security.

Keyword: Cloud computing, service model, deployment model, network layer security. Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging

More information

FACING SECURITY CHALLENGES

FACING SECURITY CHALLENGES 24 July 2013 TimeTec Cloud Security FACING SECURITY CHALLENGES HEAD-ON - by Mr. Daryl Choo, Chief Information Officer, FingerTec HQ Cloud usage and trend Cloud Computing is getting more common nowadays

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Study concluded that success rate for penetration from outside threats higher in corporate data centers

Study concluded that success rate for penetration from outside threats higher in corporate data centers Auditing in the cloud Ownership of data Historically, with the company Company responsible to secure data Firewall, infrastructure hardening, database security Auditing Performed on site by inspecting

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing

More information

Cloud Computing. Chapter 1 Introducing Cloud Computing

Cloud Computing. Chapter 1 Introducing Cloud Computing Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization

More information

Evaluating IaaS security risks

Evaluating IaaS security risks E-Guide This expert tip examines the risks organizations need to be aware of when evaluating IaaS solutions, and highlights the key architectural and process components of access management services that

More information

Cloud Computing and Attacks

Cloud Computing and Attacks Cloud Computing and Attacks Joseph Spring School of Computer Science 7COM1027 - Distributed Systems Security 1 Areas for Discussion Cloud Computing Attacks Firewalls 2 Cloud Computing A Cloud is a large

More information

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected

More information

A hole in the cloud: Is cloud secure?

A hole in the cloud: Is cloud secure? A hole in the cloud: Is cloud secure? N. Vijaykumar Infosys Technologies Limited, Bangalore presented at Security in cloud is a key challenge! 70% 60% 50% 40% 30% 20% 10% 0% Data integrity tampering Hacker

More information

Information Security: Cloud Computing

Information Security: Cloud Computing Information Security: Cloud Computing Simon Taylor MSc CLAS CISSP CISMP PCIRM Director & Principal Consultant All Rights Reserved. Taylor Baines Limited is a Registered Company in England & Wales. Registration

More information

Analyzing HTTP/HTTPS Traffic Logs

Analyzing HTTP/HTTPS Traffic Logs Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that

More information

Security Issues In Cloud Computing And Their Solutions

Security Issues In Cloud Computing And Their Solutions Security Issues In Cloud Computing And Their Solutions Mr. Vinod K. Lalbeg Lecturer (Management), NWIMSR, Pune-1 & Ms. Anjali S. Mulik Lecturer (Management), NWIMSR, Pune-1 ABSTRACT Cloud Computing offers

More information

Cloud Computing. Cloud computing:

Cloud Computing. Cloud computing: Cloud computing: Cloud Computing A model of data processing in which high scalability IT solutions are delivered to multiple users: as a service, on a mass scale, on the Internet. Network services offering:

More information

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc. Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value

More information

Cloud Computing Jenn CruverKibi, CPA July 27, 2016

Cloud Computing Jenn CruverKibi, CPA July 27, 2016 Pursuing the Profession While Promoting the Public Good Cloud Computing Jenn CruverKibi, CPA July 27, 2016 2016 Annual Non-Profit Seminar What we will cover 1 What we will cover: What is cloud computing?

More information

Remote Services. Managing Open Systems with Remote Services

Remote Services. Managing Open Systems with Remote Services Remote Services Managing Open Systems with Remote Services Reduce costs and mitigate risk with secure remote services As control systems move from proprietary technology to open systems, there is greater

More information

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Secure, Scalable and Reliable Cloud Analytics from FusionOps White Paper Secure, Scalable and Reliable Cloud Analytics from FusionOps A FusionOps White Paper FusionOps 265 Santa Ana Court Sunnyvale, CA 94085 www.fusionops.com World-class security... 4 Physical Security...

More information

Implications for Cloud Computing & Data Privacy

Implications for Cloud Computing & Data Privacy Implications for Cloud Computing & Data Privacy Diane Mueller Cloud Evangelist, ActiveState dianem@activestate.com http://www.activestate.com/stackato Founded 1997 2 million developers, 97% of Fortune

More information

The Cloud, Virtualization, and Security

The Cloud, Virtualization, and Security A Cloud: Large groups of remote servers that are networked to allow centralized, shared data storage and online access to computer services or resources A Cloud: Large groups of remote servers that are

More information