Cloud Computing Business, Technology & Security. Subra Kumaraswamy Director, Security Architecture, ebay
|
|
- Megan Foster
- 5 years ago
- Views:
Transcription
1 Cloud Computing Business, Technology & Security Subra Kumaraswamy Director, Security Architecture, ebay COT June 2010
2 Cloud Computing: Evolution not a Revolution 2
3 What s Driving Interest in Clouds Lower Costs Business Agility
4 Cloud Virtues Economics Developer Centric Flexibility Pay As-You-Go Op-ex vs. Cap-ex SLA Virtualization Rapid, Self Provisioning Faster Deployment API-Driven Standard Services Elastic On-Demand Multi-Tenant
5 What is Cloud Computing? Compute as a utility: third major era of computing Cloud enabled by Moore s Law Hyperconnectivity SOA Provider scale Key characteristics Elastic & on-demand Multi-tenancy Metered service Disrupts Everything!
6 Cloud computing goals at ebay 1. Increase business agility and innovation and reduce time to market by providing a deployment environment in minutes. 2. Reduce the infrastructure cost by improving efficiency through resource sharing and automation. 3. Provide a scalable e-commerce platform to ebay developer community to deploy applications leveraging ebay commerce services. 6
7 The Private/Public Cloud Dilemma Enterprises under pressure to act now in pre-standards era Risk of lost investment, inability to securely manage multiple clouds Need for standards and guidance Orchestration of VMs Federation between hybrid clouds Comprehensive hardening
8 Cloud Adoption Trend 8 Source: Sand Hill Group Leaders in the Cloud" research study
9 Cloud Pyramid of Flexibility Security Controls move up the stack and embedded! Less Control = Less Responsibility More Control = More Responsibility 9
10 Cloud Security Remains a Significant Rogue Cloud Administrator Concern Drive-By Malware Melted Perimeter Controls not Portable Data Leakage & IP theft DDOS Attacks Multi-Tenancy & data Mingling No Transparency Compliance Governance Man-in-the-Browser OWASP Top 10 Sources: VeriSign, Computerworld
11 Business Want To Be Agile! Faster Pace of Innovation Agile and Secure! Consolidate services Customer Self Service Rapidly meet evolving business requirements Iterative in hours Deliver more robust customer service within budget constraints Empowered - Devops
12 Potent Combination Mobile + Cloud Cloud Services Accessed Authorized Public Cloud Services 21% Private Cloud Service 22% Unauthorized Public Cloud Services 28% Private Cloud Services 29% Risk Areas Corporate Owned Devices Personally Owned Devices * Cloud Services = Information stored in SaaS, PaaS, IaaS
13 Key Cloud Security Problems From CSA Top Threats Research: Trust: Lack of Provider transparency, impacts Governance, Risk Management, Compliance Data: Leakage, Loss or Storage in unfriendly geography Insecure Cloud software Malicious use of Cloud services Account/Service Hijacking Malicious Insiders Cloud-specific attacks
14 What do you mean by Cloud Security? Infrastructure security? Virtualization security? Application security? Threats? Compliance? Risks? It s all about the Confidentiality, Integrity and Availability of data assets and Intellectual property in the cloud
15 Components of Information Security Security Management Services Our Responsibility Identity services AAA, federation, delegation, provisioning Management patching, hygiene, controls governance, policy Information Security Data Encryption (transit, rest, processing), lineage, provenance, remanence Information Security Infrastructure Application-level PaaS IaaS OS-level Host-level Network-level 15
16 Rights for Cloud Computing Services- Gartner 1. The right to retain ownership, use and control one's own data 2. The right to service-level agreements that address liabilities, remediation and business outcomes 3. The right to notification and choice about changes that affect the service consumers' business processes 4. The right to know what security processes the provider follows 5. The right to understand the technical limitations or requirements of the service up front 6. The right to understand the legal requirements of jurisdictions in which the provider operates
17 Security-as-a-Service Why? Allows to focus on core business Subscription model (pay as you go, per user, per time) Lower rollout cost No additional IT overhead Rapid deployment and implementation Compliance requirements (audit trails, archiving, logging) Manage risk with Audit, SLA, Standards
18 Security-as-a-Service Threat Management-as-a-Service- Antivirus, Malware, Spam, Vulnerability Mgmt, Web content filtering in Cloud Intelligence-as-a-Service Identity-as-a-Service (IdaaS) In progress o o o o o Key management as a Service Attribute as a Service (Attribute provider) Data Masking/Encryption as a Service Business Continuity as a Service Data Leak Prevention as a Service
19 Security Considerations Data storage model and architecture (encryption User account management (provisioning, roles, permissions) Identity management (single-sign-on) Security process and certifications (SAS 70, SSAE 16, ISO) Backup, recovery & Business continuity Security Controls o Authentication, Access Control, Encryption, Data Leakage Prevention, Data Masking, Integrity Checking and Secure Deletion
20 Cloud Security Reference Arch Security Layers Network Network Security Host Application Policies Cloud Provider You Control Definitions Operational Effectiveness DoS Protection Transport Security Load Balancer Hypervisor Security Host Isolation IDS Configuration management IDM Monitoring and Incident response Web Application Firewall Encrypt/ Tokenization to protect regulatory data User Mgmt App Patch Information Security Management system Risk Mgmt Application patch mgmt Audit Certification
21 Move Away from One- Size-Fits-All- Risk Model Agility Vs Risk High Risk Risk Strategy Govern Monitor Pen Testing Compliance Low Agility Security Consulting Controls reviewed and Certified Ticket based Bolt-on Security Pre-approved patterns and libraries Automate Security Controls Data driven High Agility Low Risk Self certified Periodic Audit Coarse Policy Items in ellipse are actions that mitigate Risk while maintaining Agility
22 Security Life Cycle in Cloud SDLC White Box tester Infrastructure/Platform Security Architect Ops Security Access Control Engineer Design Deploy Common Model Manage Pen Test Engineer Forensics Engineer Self-service security automation defined by Architecture Security controls (preventive, detective) verification based on data sensitivity Reduce human errors by enabling automation Access controls assigned to apps, users in an automatic fashion Cloud Identity & Access Architect Cloud Governance Manager Whitebox and Pen testing of applications during development Threat Modeler Security Operations SIEM, Investigation support via self-service tools
23 Next Steps? 1. Evaluate the feasibility of a Cloud based approach for your applications based on security, privacy, compliance and availability requirements 2. Understand cloud provider protection methods used to secure data in transit and at rest 3. Define security boundaries, responsibilities, identify the risks and success factors of a cloud based service delivery to your organization 4.
24 Goal Enable Trust Security Privacy Policy Reputation Auditability Reliability Compliance Assurance Sources: VeriSign, Computerworld
25 Q&A Subra Kumaraswamy ebay Twitter 25
26 Keeping It Real What are the realistic threats to cloud services? Operational security breakdown o Scaling security processes to various deployment models o Need to plan from the start your security process ü Hardening ü Identity and access management ü Policy based on data sensitivity and other compliance requirements ü Logging ü Rate limiting ü Application identification ü Distribution of secure files ü Forensics and IR
27 Keeping It Real Cloud computing collapse technology and functional layers o Automation and shared responsibility can cause anxiety for governance, residency and compliancy o Lack of transparency from the provider ü Where is your data? ü Who has access? ü Who controls and manages keys? ü How is sensitive data accessed User->App, App->App? Human errors and misuse of new cloud technologies o o ü ü ü Security models of new technologies aren t well understood i.e. Access control in Hadoop Downgrade security via change Intentional or Unintentional Security zones in AWS vshield zones in VMW based cloud
28 Keeping It Real What are the realistic threats to cloud services? Loss of credentials via attacks against individuals and services ü Spear-Phishing Insider victimized ü Malware, rubber hose Gain access to cloud resources: ü Unprotected VM ü Weak access control of - Persistent Storage (EBS, SDB and S3) ü Cloud Management Consoles Keys to the Kingdom ü Bad guys get access to cloud resources to launch attack ü Less granular access privileges Don t automatically get access to: ü Running machine state/memory ü Non-persistent storage
29 4 Cloud Deployment Models 1. Private cloud (E.g. Azure Private Cloud) enterprise owned or leased 2. Community cloud ( E.g. Google Govt. Cloud) shared infrastructure for specific community 3. Public cloud (E.g. Azure Public Cloud, Amazon, Salesforce, Google) Sold to the public, mega-scale infrastructure 4. Hybrid cloud (E.g. Azure Private + Public Clouds) composition of two or more clouds
30 3 Cloud Service Models 1. Cloud Software as a Service (SaaS) Use provider s applications over a network 2. Cloud Platform as a Service (PaaS) Deploy customer-created applications to a cloud 3. Cloud Infrastructure as a Service (IaaS) Rent processing, storage, network capacity, and other fundamental computing resources To be considered cloud they must be deployed on top of cloud infrastructure that has the key characteristics
31 Barriers to Cloud? 31
32 Cloud Deployment Technical Considerations Service Provider Architecture SLA - Latency o Protocols Supported, Communication overhead o Bandwidth availability Data Security, Privacy, Compliance o Encryption of data in transit o Encryption and masking of data at rest o Can service provider meet the compliance? Availability and Business Continuity o Redundancy
33 The Capability Delivery Road Map 2 years 3 years Repeatability and Scalability Strategize & Architect Deliver a security automation strategy Security Architecture for standalone public, private & hybrid cloud use cases Developer awareness 1 year Enable & Automate Security automation for cloud use cases Deliver security standards, procedures for private, hybrid and public cloud use cases Pilot security tools in self-service models Core security services defined Integration with 3 rd party services for SSO Security-as-a- Service All operational and governance processes well defined for cloud operations in public and private models Self-service portals for vulnerability mgmt, app risk assessment API for Security Services Security testing integrated SDLC in cloud Today Tools & process Gap analysis Security in Cloud portal Capability 33
Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
Assessing Risks in the Cloud
Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research
Cloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 18th December 2014 Duration 2 Days Location Dublin Course Code SS906 Programme Overview Cloud Computing is gaining increasing
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.
Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value
IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
Cloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
Security & Trust in the Cloud
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC
RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure
Looking Ahead The Path to Moving Security into the Cloud
Looking Ahead The Path to Moving Security into the Cloud Gerhard Eschelbeck Sophos Session ID: SPO2-107 Session Classification: Intermediate Agenda The Changing Threat Landscape Evolution of Application
Cloud Security Alliance: Industry Efforts to Secure Cloud Computing
Cloud Security Alliance: Industry Efforts to Secure Cloud Computing Jim Reavis, Executive Director September, 2010 Cloud: Dawn of a New Age Art Coviello - the most overhyped, underestimated phenomenon
Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com
Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?
Data Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
Cloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud
VALUE PROPOSITION FOR SERVICE PROVIDERS Helping Service Providers accelerate adoption of the cloud Partnership with Service Providers Enabling Your Cloud Services in Complex Environments Today s challenge
Cloud Security Who do you trust?
Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud
Security Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales
SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,
The Trusted Front Door to the Cloud
The Trusted Front Door to the Cloud Jeff Burstein Director, Product Management, User Authentication 1 The Great Commoditization of IT has Begun Economic Drivers Pay as you go (or else) CAPEX to OPEX Simplification
Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services
Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro Udo_Schneider@trendmicro.de 26.03.2013
Managing Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM
CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material
OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect
OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud
Top 10 Cloud Risks That Will Keep You Awake at Night
Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com
Cloud Computing: Background, Risks and Audit Recommendations
Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For
Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC
Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications
Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto
Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data
Cloud Courses Description
Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment
On Premise Vs Cloud: Selection Approach & Implementation Strategies
On Premise Vs Cloud: Selection Approach & Implementation Strategies Session ID#:10143 Prepared by: Praveen Kumar Practice Manager AST Corporation @Praveenk74 REMINDER Check in on the COLLABORATE mobile
Cloud Infrastructure Security
Cloud Infrastructure Security Dimiter Velev 1 and Plamena Zlateva 2 1 University of National and World Economy, UNSS - Studentski grad, 1700 Sofia, Bulgaria dvelev@unwe.acad.bg 2 Institute of Control and
Intel IT Cloud 2013 and Beyond. Name Title Month, Day 2013
Intel IT Cloud 2013 and Beyond Name Title Month, Day 2013 Legal Notices This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Intel and the
How To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
Cloud Models and Platforms
Cloud Models and Platforms Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF A Working Definition of Cloud Computing Cloud computing is a model
Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
Agenda. What is cloud? Cloud based services The Good bad and Ugly.. Anatomy of a cloud Guidelines for you
Agenda What is cloud? Cloud based services The Good bad and Ugly.. Anatomy of a cloud Guidelines for you What is Cloud Computing? Compute as a utility: third major era of computing Cloud enabled by Moore
Don t Forget Your Security Umbrella in the Cloud
Don t Forget Your Security Umbrella in the Cloud Richard Sheng Director of Product Marketing, APAC Why the cloud matters? Speed and Business Impact Expertise and Performance Massive Cost Reduction 1) The
Securely Moving Your Business Into the Cloud
Securely Moving Your Business Into the Cloud Alex Stamos Partner SOURCE Boston April 21, 2010 Your Humble Narrator Alex Stamos Co Founder and Partner of isec LBNL, Loudcloud, @stake UC Berkeley BS EECS
Public Cloud Security: Surviving in a Hostile Multitenant Environment
Public Cloud Security: Surviving in a Hostile Multitenant Environment SESSION ID: EXP-R01 Mark Russinovich Technical Fellow Windows Azure, Microsoft @markrussinovich The Third Computing Era Security Could
GoodData Corporation Security White Paper
GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share
Securing SaaS Applications: A Cloud Security Perspective for Application Providers
P a g e 2 Securing SaaS Applications: A Cloud Security Perspective for Application Providers Software as a Service [SaaS] is rapidly emerging as the dominant delivery model for meeting the needs of enterprise
10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns
BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad
Lecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
Cloud Computing: Risks and Auditing
IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG
Cloud Computing. Bringing the Cloud into Focus
Cloud Computing Bringing the Cloud into Focus November 2011 Introduction Ken Cochrane CEO, IT/NET Partner, KPGM Performance and Technology National co-leader IT Advisory Services KPMG Andrew Brewin Vice
STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM
STORAGE SECURITY TUTORIAL With a focus on Cloud Storage Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members
Buyer s Guide. Buyer s Guide to Secure Cloud. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.net
Buyer s Guide to Secure Cloud Buyer s Guide to Secure Cloud An executive guide to outsourcing IT infrastructure and data storage using Private Cloud as the foundation. Executives derive much confidence
Cloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
Chapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
VMware vcloud Architecture Toolkit Public VMware vcloud Service Definition
VMware vcloud Architecture Toolkit Version 2.0.1 October 2011 This product is protected by U.S. and international copyright and intellectual property laws. This product is covered by one or more patents
What Cloud computing means in real life
ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)
Global Efforts to Secure Cloud Computing
April 2012 Global Efforts to Secure Cloud Computing Jim Reavis Executive Director Cloud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute
How to survive in a world of Virtualization and Cloud Computing, where you even can t trust your own environment anymore. Raimund Genes, CTO
How to survive in a world of Virtualization and Cloud Computing, where you even can t trust your own environment anymore. Raimund Genes, CTO Data everywhere but protection? Unprotected Data Needing Protection
Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter
Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute
Remote Voting Conference
Remote Voting Conference Logical Architecture Connectivity Central IT Infra NIST Best reachability in India for R-Voting Initiative 200+ Physical MPLS POPs across India 5 Regional Data Centre at Pune,
Orchestrating the New Paradigm Cloud Assurance
Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems
Managed Cloud Services
Managed Services From Data Centre to Managed Public Traditional data centre Virtual Data Centre In-house Dedicated External Multi-tenant External Managed Public Consulting approach: Breakdown of Business
VMware vcloud Powered Services
SOLUTION OVERVIEW VMware vcloud Powered Services VMware-Compatible Clouds for a Broad Array of Business Needs Caught between shrinking resources and growing business needs, organizations are looking to
Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
An enterprise- grade cloud management platform that enables on- demand, self- service IT operating models for Global 2000 enterprises
agility PLATFORM Product Whitepaper An enterprise- grade cloud management platform that enables on- demand, self- service IT operating models for Global 2000 enterprises ServiceMesh 233 Wilshire Blvd,
Vormetric Data Security Securing and Controlling Data in the Cloud
Vormetric Data Security Securing and Controlling Data in the Cloud Vormetric, Inc. Tel: 888.267.3732 Email: sales@vormetric.com www.vormetric.com Table of Contents Executive Summary.........................................................3
VMware vcloud Service Definition for a Public Cloud. Version 1.6
Service Definition for a Public Cloud Version 1.6 Technical WHITE PAPER 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011
IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 Cloud Basics Cloud Basics The interesting thing about cloud computing is that we've redefined cloud computing to include everything
Safeguarding the cloud with IBM Dynamic Cloud Security
Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from
Cloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
A Gentle Introduction to Cloud Computing
A Gentle Introduction to Cloud Computing Source: Wikipedia Platform Computing, Inc. Platform Clusters, Grids, Clouds, Whatever Computing The leader in managing large scale shared environments o 18 years
Cloud computing: benefits, risks and recommendations for information security
Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation
Cloud Computing. Benefits and Risks. Bill Wells, CISSP, CISM, CISA, CRISC, CIPP/IT bill.wells@transamerica.com
Cloud Computing Benefits and Risks Bill Wells, CISSP, CISM, CISA, CRISC, CIPP/IT bill.wells@transamerica.com 10/3/2012 1 Let s make sure we re all talking about the same thing. WHAT IS CLOUD COMPUTING?
Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com
Secure Multi Tenancy In the Cloud Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com At-a-Glance Trends Do MORE with LESS Increased Insider Threat Increasing IT spend on cloud
FACING SECURITY CHALLENGES
24 July 2013 TimeTec Cloud Security FACING SECURITY CHALLENGES HEAD-ON - by Mr. Daryl Choo, Chief Information Officer, FingerTec HQ Cloud usage and trend Cloud Computing is getting more common nowadays
Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF
Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk
INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET) Introduction to Cloud Security. Taniya
INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET) International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 6464(Print)
Cloud Courses Description
Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,
SOLUTIONS. Secure Infrastructure as a Service for Production Workloads
IaaS SOLUTIONS Secure Infrastructure as a Service for Production Workloads THE CHALLENGE Now more than ever, business and government are facing the challenge of balancing conflicting demands. Market pressures
Secure Cloud Computing
Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for
Cloud models and compliance requirements which is right for you?
Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,
Architectural Principles for Secure Multi-Tenancy
Architectural Principles for Secure Multi-Tenancy John Linn, Office of the CTO, RSA, The Security Division of EMC John Field, Office of the CTO, EMC Also adapting prior content by Burt Kaliski DIMACS Workshop
Total Cloud Protection
Total Cloud Protection Data Center and Cloud Security Security for Your Unique Cloud Infrastructure A Trend Micro White Paper August 2011 I. INTRODUCTION Many businesses are looking to the cloud for increased
GETTING THE MOST FROM THE CLOUD. A White Paper presented by
GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are
Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com
1 Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com Agenda Cloud Computing VMware and Security Network Security Use Case Securing View Deployments Questions 2 IT consumption
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
All the benefits of Public Cloud on Private, Dedicated Infrastructure. Benefits. Enterprise-Level Security. High Performance. Compliant and Audited
ActiveGrid Private Cloud Solutions Support any workload with incredible flexibility and security, combined with the peace of mind of an enterprise cloud platform. All signs point to continued cloud adoption
Software AG and the AWS cloud. Past, Present and Best Practices. Jonathan Madamba Director, Solution Cloud John Fitzgerald Director, Product Marketing
Software AG and the AWS cloud Past, Present and Best Practices Jonathan Madamba Director, Solution Cloud John Fitzgerald Director, Product Marketing Agenda How Software AG Uses The cloud Software AG s
Trust but Verify. Vincent Campitelli. VP IT Risk Management
Trust but Verify Vincent Campitelli VP IT Risk Management McKesson Corporation Trust but Verify Cloud Security 3 Agenda Cloud Defined Cloud Opportunities Cloud Challenges What s Different? How to Verify
Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable
Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
Cloud Assurance: Ensuring Security and Compliance for your IT Environment
Cloud Assurance: Ensuring Security and Compliance for your IT Environment A large global enterprise has to deal with all sorts of potential threats: advanced persistent threats (APTs), phishing, malware
SECURE CLOUD COMPUTING
Outline SECURE CLOUD COMPUTING Introduction (of many buzz words) References What is Cloud Computing Cloud Computing Infrastructure Security Cloud Storage and Data Security Identity Management in the Cloud
Study concluded that success rate for penetration from outside threats higher in corporate data centers
Auditing in the cloud Ownership of data Historically, with the company Company responsible to secure data Firewall, infrastructure hardening, database security Auditing Performed on site by inspecting
Addressing Cloud Computing Security Considerations
Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft
Cloud Computing for SCADA
Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry
The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing
Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?
WIPRO IDENTITY CLOUD UNLEASHING THE NEXT GENERATION OF IDENTITY AND ACCESS MANAGEMENT (IAM) www.wipro.com
WIPRO IDENTITY CLOUD UNLEASHING THE NEXT GENERATION OF IDENTITY AND ACCESS MANAGEMENT (IAM) www.wipro.com Table of Contents 03...Introduction 04...Wipro Cloud (WIC) as a Service Type 05...Wipro Cloud Capabilities
Architecting Security for the Private Cloud. Todd Thiemann
Architecting Security for the Private Cloud Todd Thiemann Classification 4/9/2010 Copyright 2009 Trend Micro Inc. 1 The Evolving Datacenter Lowering Costs, Increasing Flexibility Public Cloud Private Cloud
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS
Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Char Sample Security Engineer, Carnegie Mellon University CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk
DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2
DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing Slide 1 Slide 3 A style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet.
NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)
Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security