Security Requirements & Cloud Computing
|
|
- Corey Junior George
- 8 years ago
- Views:
Transcription
1 Security Requirements & Cloud Computing Matthias Luft ERNW GmbH
2 ERNW GmbH Heidelberg based security consulting and assessment company. - Independent - We understand corporate - Deep technical knowledge - Structured (assessment) approach - Business reasonable recommendations - Blog: - Conference: #2
3 Agenda Basic Cloud Terms ERNW CloudSec Approach Case Studies #3
4 Cloud Basics #4
5 Definition NIST Cloud Model #5
6 Definition Infrastructure as a Service #6
7 Definition Plattform as a Service #7
8 Definition NIST Cloud Model #8
9 Service Layers Configuration/Management Interface Software SaaS Governance/Monitoring/Billing Management APIs/Management Webinterfaces API Integration/Middleware Data Store Server Hardware Virtualization/Abstraction Storage Infra-structure PaaS IaaS Data Center #9
10 Deployment Models Public - Sold cloud services Private - Operated for (not necessary by) a single company Community - E.g. industry wide cooperation Hybrid - Composition of two or more clouds #10
11 There Is No Cloud There are many clouds. There is no cloud technology. There is a composition of - Hardware - Technologies - Glue code #11
12 ERNW CloudSec Approach #12
13 #13
14 Introducing the System Operation Lifecycle 1. Hardware is purchased from trusted hardware suppliers. 3. The hardware is operated in own data centers which reside in carefully selected countries and locations and are secured by carefully selected access control mechanisms. 6. The hardware is operated by trusted employees who install operating systems from trusted install media in a secure, documented way. 10. The operating system is secured by carefully selected controls. 11. Only approved applications are installed from trusted install media and operated and secured using carefully developed guidelines. 14. Hosted applications are developed following carefully developed secure coding guidelines. #14
15 Approach Analyze asset for security requirements Define cloud use case Map use case to system operation lifecycle Analyze security requirement gaps Perform additional risk/trust assessments #15
16 Asset Analysis Define security requirements and objectives. - Existing documentation might help ;-) No formal approach necessary: - Risk analysis, development documentation, data classification #16
17 Cloud Use Case Service model: - IaaS, PaaS, SaaS? Deployment model: - Public vs. private? Cloud Service Provider? Ø Map outcome to the system operation lifecycle! #17
18 Map requirements and find gaps! 1. Hardware is purchased from trusted hardware suppliers. 3. The hardware is operated in own data centers which reside in carefully selected countries and locations and are secured by carefully selected access control mechanisms. 6. The hardware is operated by trusted employees who install operating systems from trusted install media in a secure, documented way. 10. The operating system is secured by carefully selected controls. 11. Only approved applications are installed from trusted install media and operated and secured using carefully developed guidelines. 14. Hosted applications are developed following carefully developed secure coding guidelines. #18
19 Additional Assessments Risk assessment/acceptance Trust assessment Additional technical/organizational/ contractual measures possible? #19
20 Case Studies #20
21 Cloud Pentest Evaluation of a SaaS CSP - Some HR management software They agreed to perform a pentest on behalf of the potential customer. - Which is not necessarily the case! #21
22 Cloud Pentest Lifecycle: Software in SaaS cannot be controlled. Requirements: Compliance of the software with corporate security guidelines. Ø Additional assessment necessary #22
23 Pentesting SaaS Target of evaluation: HR web application 1 2 Typical web application pentest Cloud testing approach #23
24 Pentesting SaaS Basic result: After one day, we stopped the test. - We already had more severe findings than in some other 20 man day tests ;-) - File upload to the web root was possible (= code execution in a multi-tenancy environment ) So, no need to test cloud related stuff #24
25 Auditing Major CSPs Since many customers are interested in Amazon as a CSP, we perform a lot of tasks in the Amazon cloud. In the course of one of our regular password audits, we discovered some abnormalities in the Amazon login procedure. - Drop that, we wanted to break that stuff ;-) Bruteforce attempt against the Amazon Web Services login form - Using our own account - Using the standard login form #25
26 Right to Audit Requirement: All accounts have to comply with corporate security guidelines Amazon account management not under control Ø Auditing necessary! #26
27 Setup Tricky since bruteforcing tools do not cope well with modern webapp authentication mechanisms - Cookies with different scopes, redirects, JavaScript Using Burp for the bruteforcing #27
28 Results Burp might not be the best choice for bruteforcing. Still, good performance - ~80k requests per hour Setup was implemented in ~20 minutes - More details can be found here: - Successful login: #28
29 Conclusion Bruteforcing is possible. Big surprise? More important: - No connection throttling! - No account lockout! - No captcha solution! #29
30 Amazon Aftermath Very good response of the Amazon Security Team! Fast implementation of a captcha solution. Re-evaluation of our bruteforce attempt. 10/26/11 #30
31 Mapping Real World Requirements to the cloud. Analysis whether an n-tier application hosting environment can be migrated to the Amazon Cloud. - Business unit wanted to use Amazon due to flexibility and cost savings ;-) #31
32 N-Tier Typical Hosting Environment #32
33 Sample Requirements Analysis First step: Evaluation of security requirements Second step: Mapping of those requirements to potential controls, design decisions, and services in the Amazon Web Services cloud. Main goals of the project: - Which cloud deployment models can be used? - Which advantages/disadvantages result from these deployment models compared to the operation in own data centers? - Which are the adoption pitfalls? - Which regulatory requirements come into play when using a AWS setup and how to comply with those?
34 Derived Requirements Network Zoning & Filtering - Different network zones for each tier, filtering between tiers must be possible. Processing of customer data (personal data) Same availability as in own data center Latency between the different network zones - Need to be lower than 5ms (due to application performance requirements). #34
35 Network Zoning Three possibilities: Amazon VPC Subnets: Pure ACLs Different VPCs connected to corporate filtering mechanisms by IPSec Custom firewall instances #35
36 Customer Data Processing of customer data - German data protection laws - According to [OH_CC] not possible for personal data without special contractual requirements - => Data-tier must potentially be hosted in corporate data center #36
37 Latency Latency - Much higher in cloud environments, cannot be guaranteed - Basic tests: 30-50ms round trip time #37
38 Availability No actual SLAs guaranteed Uptime statements No reimbursement For IaaS, high availability still has to be implemented manually. #38
39 Additional Problems Extensive adjustment of operational processes necessary. Patch & vulnerability management needs to be adjusted. Provisioning processes: Custom AMIs necessary - E.g. data-tier requires IBM DB2 Nice-to-have: IDS between network zones External business partner connections Monitoring & logging must be adjusted for the cloud environment Ø Ø Advantages might materialize, but extensive restructuring and adoption necessary. Not feasible for only one application. #39
40 Conclusions Know your assets - Should not be surprising ;-) There is no cloud but a lot of technologies! Structured assessment necessary #40
41 Questions? #41
Cloud Security Fails & How the SDLC could (not?) have prevented them
Cloud Security Fails & How the SDLC could (not?) have prevented them CSA CEE Summit 2015, Ljubjana By Christopher Scheuring, ERNW Germany #2 /whoami Christopher Scheuring Security Analyst @ ERNW Since
More informationBecoming a Cloud Services Broker. Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013
Becoming a Cloud Services Broker Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013 Hybrid delivery for the future Traditional IT Evolving current state Future Information
More informationShared Services Canada. Cloud Computing
Shared Services Canada Cloud Computing Architecture Framework Advisory Committee Transformation, Service Strategy and Design January 28, 2013 1 Agenda TIME TOPICS PRESENTER(S) 09:00 9:15 Opening Remarks
More informationPATCH MANAGER what does it do?
PATCH MANAGER what does it do? PATCH MANAGER SAAS maps all your physical assets and physical infrastructure such as network and power cabling, racks, servers, switches, UPS and generators. It provides
More informationCloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
More informationThird Party Cloud Services Its Adoption in the New Age
Solutions for higher performance! Third Party Cloud Services Its Adoption in the New Age 1 Introduction Cloud computing is the delivery of computing services over the Internet. Cloud services allow individuals
More informationPrivate & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012
Private & Hybrid Cloud: Risk, Security and Audit Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private and Hybrid Cloud - Risk, Security and Audit Objectives: Explain the technology and benefits behind
More informationHow to Grow and Transform your Security Program into the Cloud
How to Grow and Transform your Security Program into the Cloud Wolfgang Kandek Qualys, Inc. Session ID: SPO-207 Session Classification: Intermediate Agenda Introduction Fundamentals of Vulnerability Management
More informationCloud Security: Evaluating Risks within IAAS/PAAS/SAAS
Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Char Sample Security Engineer, Carnegie Mellon University CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk
More informationPharma CloudAdoption. and Qualification Trends
Pharma CloudAdoption and Qualification Trends OurCloudExperience Numerous implementations of EDMS systems with external hosting for smaller life science clients Development of qualification strategy for
More informationWALKME WHITEPAPER. WalkMe Architecture
WALKME WHITEPAPER WalkMe Architecture Introduction WalkMe - the Enterprise Class Guidance and Engagement Platform - drives users to action as they use software or websites. WalkMe is used by Enterprises
More informationCompTIA Cloud+ 9318; 5 Days, Instructor-led
CompTIA Cloud+ 9318; 5 Days, Instructor-led Course Description The CompTIA Cloud+ certification validates the knowledge and best practices required of IT practitioners working in cloud computing environments,
More informationCloud Computing in a Regulated Environment
Computing in a Regulated Environment White Paper by David Stephenson CTG Regulatory Compliance Subject Matter Expert February 2014 CTG (UK) Limited, 11 Beacontree Plaza, Gillette Way, READING, Berks RG2
More informationCompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:
CompTIA Cloud+ Length: 5 Days Who Should Attend: Project manager, cloud computing services Cloud engineer Manager, data center SAN Business analyst, cloud computing Summary: The CompTIA Cloud+ certification
More informationCloud models and compliance requirements which is right for you?
Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,
More informationThe Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing
Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?
More informationWhat Cloud computing means in real life
ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationCloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
More informationChapter 11 Cloud Application Development
Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How
More informationCloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5
Cloud Computing: The atmospheric jeopardy Unique Approach Unique Solutions Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Background Cloud computing has its place in company computing strategies,
More informationArchitectural Implications of Cloud Computing
Architectural Implications of Cloud Computing Grace Lewis Research, Technology and Systems Solutions (RTSS) Program Lewis is a senior member of the technical staff at the SEI in the Research, Technology,
More informationProactively Secure Your Cloud Computing Platform
Proactively Secure Your Cloud Computing Platform Dr. Krutartha Patel Security Engineer 2010 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals Agenda 1 Cloud
More informationAddressing Security for Hybrid Cloud
Addressing Security for Hybrid Cloud Sreekanth Iyer Executive IT Architect IBM Cloud (CTO Office) Email : sreek.iyer@in.ibm.com Twitter: @sreek Blog: http://ibm.co/sreek July 18, 2015 Cloud is rapidly
More informationCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer
More informationCloud Computing. Chapter 1 Introducing Cloud Computing
Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationWeb Application Hosting Cloud Solution Architecture. http://www.cloud-council.org/web-app-hosting-wp/index.htm
Web Application Hosting Cloud Solution Architecture http://www.cloud-council.org/web-app-hosting-wp/index.htm February, 2015 Presenters Heather Kreger CTO International Standards, IBM US kreger@us.ibm.com
More informationTable of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
More informationThreat Modeling Cloud Applications
Threat Modeling Cloud Applications What You Don t Know Will Hurt You Scott Matsumoto Principal Consultant smatsumoto@cigital.com Software Confidence. Achieved. www.cigital.com info@cigital.com +1.703.404.9293
More information1 The intersection of IAM and the cloud
1 The intersection of IAM and the cloud Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Theory, practice, pros and cons with a focus on enterprise deployments of IAM and cloud
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationAPAC OF POSSIBILITIES: TIPS FOR INCREASING CLOUD SECURITY AND ADOPTION
APAC OF POSSIBILITIES: TIPS FOR INCREASING CLOUD SECURITY AND ADOPTION Ken Low Director of Enterprise Security, Asia Pacific, Trend Micro Chairman, Asia Pacific Executive Council, Cloud Security Alliance
More informationCloud Chasing 101: Planning And Preparing For Your Move To Cloud Collaboration. Marie L. Scott Virginia Commonwealth University
Cloud Chasing 101: Planning And Preparing For Your Move To Cloud Collaboration Marie L. Scott Virginia Commonwealth University Agenda Introduction Why are organizations moving to the cloud? Planning and
More informationOracle Applications and Cloud Computing - Future Direction
Oracle Applications and Cloud Computing - Future Direction February 26, 2010 03:00 PM 03:40 PM Presented By Subash Krishnaswamy skrishna@astcorporation.com Vijay Tirumalai vtirumalai@astcorporation.com
More informationCisco Cloud Assessments. Justin Tang
Cisco Cloud Assessments Justin Tang Cisco Landscape Evolution of Cloud Assessments Performing Cloud Assessments Challenges 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 Definition:
More informationAHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS
AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals
More informationGIS and the Cloud. Richard Cantwell richard.cantwell@gamma.ie www.gamma.ie
GIS and the Cloud Richard Cantwell richard.cantwell@gamma.ie www.gamma.ie Emerging Technologies Hype Cycle www.gartner.com Emerging Technologies Hype Cycle 2013 www.gartner.com/newsroom/id/2575515 Yesterday
More informationCloud Computing; What is it, How long has it been here, and Where is it going?
Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where
More informationDISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2
DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing Slide 1 Slide 3 A style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet.
More informationPlanning the Migration of Enterprise Applications to the Cloud
Planning the Migration of Enterprise Applications to the Cloud A Guide to Your Migration Options: Private and Public Clouds, Application Evaluation Criteria, and Application Migration Best Practices Introduction
More informationStrategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security
Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities
More informationSession 5. Mixing and matching Public, Private and Hybrid Clouds for maximum benefits
Session 5. Mixing and matching Public, Private and Hybrid Clouds for maximum benefits Best of both/ Best of all regarding specific needs, based on the use of resources Hybrid cloud is simply a mix of private
More informationCase Studies: Protecting Sensitive Data in
Case Studies: Protecting Sensitive Data in C.J. Radford Vice President, Cloud September 18, 2014 Contact: @cjrad; cradford@vormetric.com Agenda Data Security Challenges Top Considerations for Data Centric
More informationTop 10 Cloud Risks That Will Keep You Awake at Night
Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com
More informationSecurity Landscape of Cloud Computing
Security Landscape of Cloud Computing Amrith Nawoor Sales Consulting Team Leader East Africa & SADC 1 This document is for informational purposes. It is not a commitment to deliver any material, code,
More informationCloud and Regulations: A match made in heaven, or the worst blind date ever?
Cloud and Regulations: A match made in heaven, or the worst blind date ever? Vinod S Chavan Director Industry Cloud Solutions, IBM Cloud October 28, 2015 Customers are faced with challenge of balancing
More informationSubash Krishnaswamy Applications Software Technology Corporation
Oracle Applications and Cloud Computing - Future Direction Subash Krishnaswamy Applications Software Technology Corporation Agenda Introduction ti to CLOUD Oracle Corporation and CLOUD Oracle Applications
More informationJourneys in the Clouds The Cloud Codex John Barr, Head of EU Research
Journeys in the Clouds The Cloud Codex John Barr, Head of EU Research The 451 Group The 451 Group Who We Are and Who Uses Us Analyzing the business of enterprise IT innovation Publish syndicated research
More informationhttp://media.amazonwebservices.com/pdf/aws_security_whitepaper.pdf http://media.amazonwebservices.com/pdf/aws_security_whitepaper.
1. Cloud Costs Questions a. Are there any better ways for us to predict / manage our transfer costs than what we discussed in the meeting today? [DSB] There is currently no methodology with AWS to purchase
More informationCloud Computing Technology
Cloud Computing Technology The Architecture Overview Danairat T. Certified Java Programmer, TOGAF Silver danairat@gmail.com, +66-81-559-1446 1 Agenda What is Cloud Computing? Case Study Service Model Architectures
More informationCloud Computing and Amazon Web Services
Cloud Computing and Amazon Web Services Gary A. McGilvary edinburgh data.intensive research 1 OUTLINE 1. An Overview of Cloud Computing 2. Amazon Web Services 3. Amazon EC2 Tutorial 4. Conclusions 2 CLOUD
More informationCloud Computing. Chapter 1 Introducing Cloud Computing
Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization
More informationNCTA Cloud Architecture
NCTA Cloud Architecture Course Specifications Course Number: 093019 Course Length: 5 days Course Description Target Student: This course is designed for system administrators who wish to plan, design,
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationSecuring and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable
More informationSee Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.
Cloud Strategy Information Systems and Technology Bruce Campbell What is the Cloud? From http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf Cloud computing is a model for enabling ubiquitous,
More informationFederal Aviation Administration. efast. Cloud Computing Services. 25 October 2012. Federal Aviation Administration
efast Cloud Computing Services 25 October 2012 1 Bottom Line Up Front The FAA Cloud Computing Vision released in 2012 identified the agency's road map to meet the Cloud First Policy efast must provide
More informationCLOUD BASED SCADA. Removing Implementation and Deployment Barriers. Liam Kearns Open Systems International, Inc.
CLOUD BASED SCADA Removing Implementation and Deployment Barriers Liam Kearns Open Systems International, Inc. SCADA Traditional definition and application. SCADA DEFINITION Definition Supervisory Control
More informationElevate your analytics with SAS in the cloud
Elevate your analytics with SAS in the cloud Cloud$56 BILLION The Cloud SAS & Cloud Cloud in New Zealand The Cloud CHARACTERISTICS SERVICE MODELS DEPLOYMENT MODELS On-Demand Self Service Broad Network
More informationTECHNOLOGY WHITE PAPER Jun 2012
TECHNOLOGY WHITE PAPER Jun 2012 Technology Stack C# Windows Server 2008 PHP Amazon Web Services (AWS) Route 53 Elastic Load Balancing (ELB) Elastic Compute Cloud (EC2) Amazon RDS Amazon S3 Elasticache
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationJourneys in the Cloud William Fellows, Principal Analyst The 451 Group
Journeys in the Cloud William Fellows, Principal Analyst The 451 Group The 451 Group: Who we are and who uses us? Founded in 1999 Analyzing the business of enterprise IT innovation 900+ customers across
More informationAyla Networks, Inc. SOC 3 SysTrust 2015
Ayla Networks, Inc. SOC 3 SysTrust 2015 SOC 3 SYSTRUST FOR SERVICE ORGANIZATIONS REPORT July 1, 2015 To December 31, 2015 Table of Contents SECTION 1 INDEPENDENT SERVICE AUDITOR S REPORT... 2 SECTION 2
More informationEnterprise Governance and Planning
GEORGIA TECHNOLOGY AUTHORITY Title: Enterprise Operational Environment PSG Number: SO-10-003.02 Topical Area: Operations / Performance and Capacity Document Type: Standard Pages: 5 Issue Date: July 15,
More informationCloud Computing in the Enterprise An Overview. For INF 5890 IT & Management Ben Eaton 24/04/2013
Cloud Computing in the Enterprise An Overview For INF 5890 IT & Management Ben Eaton 24/04/2013 Cloud Computing in the Enterprise Background Defining the Cloud Issues of Cloud Governance Issue of Cloud
More informationClouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst
Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment
More informationManaging Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015
Managing Your Microsoft Windows Server Fleet with AWS Directory Service May 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational
More informationTECHNOLOGY WHITE PAPER Jan 2016
TECHNOLOGY WHITE PAPER Jan 2016 Technology Stack C# PHP Amazon Web Services (AWS) Route 53 Elastic Load Balancing (ELB) Elastic Compute Cloud (EC2) Amazon RDS Amazon S3 Elasticache CloudWatch Paypal Overview
More informationCloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com
Cloud Security Case Study Amazon Web Services Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com Agenda 1. Amazon Web Services challenge 2. Virtual Instances and Virtual Storage
More information10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns
BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad
More informationDeploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10
Deploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10 Document version 1.0 10.6.2.378-13/03/2015 Important Notice Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it
More informationCLOUD COMPUTING. When It's smarter to rent than to buy
CLOUD COMPUTING When It's smarter to rent than to buy Is it new concept? Nothing new In 1990 s, WWW itself Grid Technologies- Scientific applications Online banking websites More convenience Not to visit
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationStaying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro
Staying Secure After Microsoft Windows Server 2003 Reaches End of Life Trevor Richmond, Sales Engineer Trend Micro Windows Server 2003 End of Life- Why Care? The next big vulnerability (Heartbleed/Shellshock)
More informationValidation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014
Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September What is the The Cloud Some Definitions The NIST Definition of Cloud computing Cloud computing is
More informationCloud Computing Backgrounder
Cloud Computing Backgrounder No surprise: information technology (IT) is huge. Huge costs, huge number of buzz words, huge amount of jargon, and a huge competitive advantage for those who can effectively
More informationAMANDA Managed Services Understanding the benefits of moving to the cloud
Understanding the benefits of moving to the cloud WHITEPAPER Content Summary 1 Introduction 2 Challenges of Enterprise Implementations 3 Hosting and 4 The Technology Stack 5 and Hosting Alternatives Understanding
More informationPega as a Service. Kim Singletary, Dir. Product Marketing Cloud Matt Yanchyshyn, Sr. Mgr., AWS Solutions Architect
1 Pega as a Service Kim Singletary, Dir. Product Marketing Cloud Matt Yanchyshyn, Sr. Mgr., AWS Solutions Architect This information is not a commitment, promise or legal obligation to deliver any material,
More informationCloud Courses Description
Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment
More informationFortyCloud Installation Guide. Installing FortyCloud Gateways Using AMIs (AWS Billing)
FortyCloud Installation Guide Installing FortyCloud Gateways Using AMIs (AWS Billing) Date Version Changes 9/29/2015 2.0 2015 FortyCloud Ltd. 15 Berkshire Road Mansfield, MA 02048 USA 1 P a g e Introduction
More informationSeeing Though the Clouds
Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating
More informationHow To Monitor Hybrid It From A Hybrid Environment
IT Monitoring for the Hybrid Enterprise With a Look at ScienceLogic Perspective 2012 Neovise, LLC. All Rights Reserved. Report Published April, 2015 Hybrid IT Goes Mainstream Enterprises everywhere are
More informationTime to Value: Successful Cloud Software Implementation
Time to Value: Successful Cloud Software Implementation Cloud & Data Security 2015 Client Conference About the Presenter Scott Schimberg, CPA, CMA Partner, Consulting, Armanino Scott became a Certified
More informationSoftware AG and the AWS cloud. Past, Present and Best Practices. Jonathan Madamba Director, Solution Cloud John Fitzgerald Director, Product Marketing
Software AG and the AWS cloud Past, Present and Best Practices Jonathan Madamba Director, Solution Cloud John Fitzgerald Director, Product Marketing Agenda How Software AG Uses The cloud Software AG s
More informationOracle public Database and Java Cloud for Trials 19.03.2015
Oracle public Database and Java Cloud for Trials 19.03.2015 Arnold Keller, Senior Sales Consultant Core Technology Hannes Gütlin, Senior Sales Consultant Middleware Agenda 1 2 3 4 Oracle Cloud Introduction
More informationEnsuring PCI DSS Compliance in the Cloud
Cognizant 20-20 Insights Ensuring PCI DSS Compliance in the Cloud A simple approach based on ownership control and shared responsibility can help organizations more effectively migrate PCI DSS compliance
More informationProject management solution in the cloud
www.parm.com successful projects Project management solution in the cloud From Mario Angelsberger and Oliver Giger Cloud computing is the talk of the town and meanwhile becomes understood as solution for
More informationHow To Extend Security Policies To Public Clouds
What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their
More informationLogentries Insights: The State of Log Management & Analytics for AWS
Logentries Insights: The State of Log Management & Analytics for AWS Trevor Parsons Ph.D Co-founder & Chief Scientist Logentries 1 1. Introduction The Log Management industry was traditionally driven by
More informationHybrid Cloud Identity and Access Management Challenges
Hybrid Cloud Identity and Access Management Challenges Intro: Timothy P. McAliley timothy.mcaliley@microsoft.com Microsoft Premier Field Engineer, SQL Server, Washington, DC CISA, CISM, CISSP, ITIL V3,
More informationRagy Magdy Regional Channel Manager MEA IBM Security Systems
Ragy Magdy Regional Channel Manager MEA IBM Security Systems 1 Started my career in Security in 2003 by Joining ISS 2005 was named the ISS Regional Manager for the Middle East 2006 ISS was acquired by
More informationValidating Enterprise Systems: A Practical Guide
Table of Contents Validating Enterprise Systems: A Practical Guide Foreword 1 Introduction The Need for Guidance on Compliant Enterprise Systems What is an Enterprise System The Need to Validate Enterprise
More informationKeyword: Cloud computing, service model, deployment model, network layer security.
Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging
More informationAmazon Web Services. 18.11.2015 Yu Xiao
Amazon Web Services 18.11.2015 Yu Xiao Agenda Introduction to Amazon Web Services(AWS) 7 Steps to Select the Right Architecture for Your Web Applications Private, Public or Hybrid Cloud? AWS Case Study
More informationRose Business Technologies
Benefits of Software as a Service (SaaS) Software as a Service (SaaS) may be defined simply as software applications deployed over the Internet. With SaaS, a third-party provider licenses an application
More informationHow to run your business applications on the cloud
How to run your business applications on the cloud 19 th December, 2013 Jointly presented by Sudip Kar Vice President - Delivery Anuj Joshi Partner Development Manager South India & Sri Lanka ASSPL www.smartshifttech.com
More informationBest Practices for Siebel on AWS
Best Practices for Siebel on AWS Contributors The following individuals and organizations contributed to this document Ashok Sundaram, Solutions Architect, Amazon Web Services Milind Waikul, CEO, Enterprise
More informationCloudCheck Compliance Certification Program
CloudCheck Compliance Certification Program Ensure Your Cloud Computing Environment is Secure with CloudCheck Certification Organizations today are increasingly relying on a combination of private and/or
More information