Cloud Security Enterprise Concerns and Mitigations. November 3 rd 2015
|
|
- Calvin Cooper
- 8 years ago
- Views:
Transcription
1 Cloud Security Enterprise Concerns and Mitigations November 3 rd 2015
2 Biography Javed Samuel - Technical Director at NCC Group Lead Training Services Technical Account Manager for various clients Deliver security assessments (eg. Architecture Reviews, Cloud, Cryptography) Former Developer 2
3 Agenda Introduction to Cloud Security Cloud Service Security Threats Penetration Testing Highlights Concluding Lessons Additional Areas of Concerns in Cloud Security 3
4 Introduction to Cloud Security
5 Cloud Security Introduction Lots of general purpose hosts Central management Distributed data storage Ability to move applications from system to system Low touch provisioning system Soft failover/redundancy 5
6 Why Cloud Computing? Has transformed business and government, Created new security challenges. Cloud service model delivers businesssupporting technology more efficiently than ever before. Transforms design and delivery of computing technology. 6
7 Cloud Computing Risks Bypass information technology (IT) departments and information officers. Undermines important business-level security policies, processes, and best practices. Businesses are vulnerable to security breaches that can quickly erase any gains made by the switch to SaaS. 7
8 Review of Cloud Service Types Software as a Service (SaaS) Software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. On-demand software". SaaS is typically accessed by users using a thin client via a web browser. o Salesforce.com, Google Apps, Workday, Concur, Citrix GotoMeeting, WebEx 8
9 Review of Cloud Service Types Platform as a Service (PaaS) Provides a platform allowing customers to develop, run, and manage Web applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app. o AWS, Windows Azure, Heroku, Force.com, Google App Engine, Apache Stratos 9
10 Review of Cloud Service Types Infrastructure as a Service (IaaS) Form of cloud computing that provides virtualized computing resources over the Internet. A third-party provider hosts hardware, software, servers, storage and other infrastructure components on behalf of its users. o Amazon Web Services (AWS), Windows Azure, Google Compute Engine, Rackspace Open Cloud, and IBM SmartCloud Enterprise. 10
11 Other Cloud Service Types An Honorable Mention to Citrix! Citrix Presentation Server Not a Cloud Service hosted on-premises (accessed internally/externally) Allows for the rapid remote deployment of internal applications Or full desktop environments 11
12 Other Cloud Service Types 12
13 Most Common Cloud Services Security Assessments & Penetration Tests Microsoft Exchange & Lync Microsoft SharePoint & OneDrive Google Apps for Business Dropbox / Box Slack / HipChat Windows Azure / AWS / Google Cloud 13
14 Breaking In to a Company CLOUD! Attacking Cloud Services Enterprises are increasingly offloading traditional in-house IT to the Cloud. Customer data for commercial services are now more likely to be third party hosted for scalability. Changes the perimeter diagram somewhat. 14
15 Breaking In to a Company CLOUD! Attacking Cloud Services In some cases cloud hosting makes our job easier. Services traditionally buried in the internal network are now on the Internet. E.g. Exchange Online, SharePoint All we need is privilege, federated identity = WIN! Cloud environment security is as strong as the keys / passwords used for the management console. 15
16 Cloud Service Security Threats
17 Cloud Service Security Threats 1. Service Platform Security Is the platform you are using actually secure itself? How do you know? 2. Cloud Data Security Is your data secure with your Cloud Services Provider? Is it encrypted? 17
18 Cloud Service Security Threats 3. Incident Response in the Cloud How much control and visibility do you have if something bad happens? Do you have an Incident Response plan? 4. Cloud Exposure of Systems & Data What important data are you placing outside of your perimeter? Do you know what data is outside your perimeter? 18
19 Cloud Service Security Threats 1. Service Platform Security Is the Cloud Service platform secure itself? Has it been security tested to a comprehensive level? What could go wrong? o Web application provisioning o Multi-tenant environments o Is it a segregated tier or are you in a shared environment? 19
20 Cloud Service Security Threats 2. Cloud Data Security What data are you putting in the cloud? Your corporate ? (Exchange Online) Does your risk management criteria include: o Trusting your CSP with your sensitive data? o Worrying about the CSP being compromised? 20
21 Cloud Service Security Threats 2. Cloud Data Security The choice is obviously yours Many firms are worried about data compromise in the Cloud. Are you? Searchable encryption products are on the rise data encryption in the Cloud to protect your data from the CSP ecosystem. o CipherCloud o Vaultive (others) 21
22 Cloud Service Security Threats 3. Incident Response in the Cloud Incidents and events happen all the time Does your CSP carry out adequate logging? Can you access the logs? What is the lead time in sourcing the logs? What form are they available in? 22
23 Cloud Service Security Threats 3. Incident Response in the Cloud Will they provide running memory snapshots? Will they provide disk images? Have you verified your IR process? Do they provide realtime telemetry for your SOC? 23
24 Cloud Service Security Threats 4. Cloud Exposure of Systems & Data How do your users access the Cloud Service environment? How do your administrators access the Cloud Service environment? What does an attacker gain if they access as a user? What does an attacker gain if they access as an admin? 24
25 Cloud Service Security Threats 4. Cloud Exposure of Systems & Data Consider the interconnection of hosts in the Cloud environment to your Enterprise: o Is there connectivity? o How is it controlled? o If an attacker compromises a Cloud host can they traverse to your on-premises Enterprise network? 25
26 Cloud Service Security Myths 1. Inherently Insecure 2. More Breaches 3. Physical Control of Data Provides Security 4. Too Difficult to Maintain 26
27 Penetration Tests & Securing Applications
28 Operational Risks Lost Credentials Overly Permissive Controls Inadequate Logging and Auditing 28
29 Operational Mitigations Limited accounts via IAM MFA on top-level accounts Limit direct access and use management platforms when possible No developers on production Require all access via bastion host Log every keystroke on top-level accounts. 29
30 Infrastructure Risks Poor Patching Insecure Control Plane Attacks from Corporate Network 30
31 Infrastructure Mitigations Continuous external and semi-external scanning. Auto-discover all instances via API Revocable SSH key per admin AWS Suggestions Use highly limited AMIs Use VPCs to strongly isolate critical services 31
32 Application Risks Too-loose binding Web/API vulnerabilities Bad cryptography 32
33 Application Mitigations Create security engineering group. Build a small set of trusted, core components Input Validation Session Management Cryptography Build a separated, protected authentication cluster Provision internal certs to all instances. 33
34 Concluding Lessons
35 Lessons Learned Easiest Entry Points Still Deliver General Control of Assets Data Security & Confidentiality Exposure of Enterprise Systems Traversal Paths into your Company Authentication & Access Control 35
36 Lessons Learned Easiest Entry Points Still Deliver If you rely solely on usernames and passwords you have a problem. The easiest methods to get usernames and passwords: o Guess them o Phishing o Ask for them 36
37 Lessons Learned General Control of Assets How much control do you have? Quite a lot but as much as you have on-prem? This trade off is probably important to consider You should use this consideration to decide: o Which systems you host in the Cloud? o What data you place in the Cloud? 37
38 Lessons Learned Data Security & Confidentiality is a great example So is online storage Do you trust your CSP? Do you trust their security? Perhaps you should only put data in the Cloud you can afford to: A. Lose B. Have exposed CipherClloud Vaultive 38
39 Lessons Learned Exposure of Enterprise Systems Microsoft The location of Enterprise Data has changed? Where is it now? If its accessible via a CSP, it s not behind the VPN It s globally accessible without the VPN What authentication exists between your data and the rest of the world? What types of authentication? Microsoft 39
40 Lessons Learned Traversal Paths into Your Company Threat Model differently not if, but when What happens when an attacker compromises a Cloud host Can they traverse into your organization via the Cloud presence? Only way to tell is to think about, test it, harden it. Continuous penetration tests. 40
41 Lessons Learned Authentication & Access Control Authentication for Cloud Services is key If you are using single-factor authentication for Cloud Services, you have a major problem. Especially for high-value accounts You need to offset authentication factors away from single points of failure 41
42 Lessons Learned Many options exist for MFA now, consider: o Google Authenticator open source, no support o Duo Authenticator closed source, enterprise support o Also consider how to use innovations like Yubikey (OTP) Think: if an attacker gets credentials MFA stop them getting in easily Native support is popping up cheaply built into platforms. 42
43 Lessons Learned Authentication & Access Control 43
44 Lessons Learned Authentication & Access Control 44
45 Recap Lessons for the Enterprise Easiest Entry Points Still Deliver General Control of Assets Data Security & Confidentiality Exposure of Enterprise Systems Traversal Paths into your Company Authentication & Access Control 45
46 Future Cloud Security Concerns
47 Additional Cloud Security Issues Hypervisor Breaks Covert Channels Timing Attacks Physical Breaches Key Compromises 47
48 Hypervisor Breaks Attackers break out of protected guest environments and take full control of the operating system hosting them. VM escape could open access to the host system and all other VMs running on that host Potentially giving adversaries significant elevated access to the host s local network and adjacent systems. 48
49 Hypervisor Breaks in the media Xen patch VENOM m-vulnerability-could-expose-virtual-machinesunpatched-host-systems 49
50 Key Management Loss of your key can result in loss of data Key provisioning and distribution challenges How does your Cloud Service Provider secure their Master Key? How is key revocation and key rotation handled? 50
51 Side Channel Attacks A side channel is any observable side effect of computation that an attacker could measure and possibly influence. Some error message that tells you a byte of some secret plaintext. Some timing information that tells you a bit of a secret key. 51
52 Side Channel Attacks Error Oracles Bad Padding Failure vs Success Timing Oracles Processor State Math Operations Cache Attacks 52
53 Points of contact Javed Samuel Technical Director NCC Group Security Services M: E: All trademarks used herein are the property of their respective owners 53
54 Cloud Security Gaps
55 Security Gaps in Cloud Computing Data Breaches Data Loss Account Hijacking Insecure APIs Denial of Service 55
56 Security Gaps in Cloud Computing Malicious Insiders Abuse of Cloud Services Insufficient Due Diligence Shared Technology Issues 56
57 Data Breaches Poorly designed multitenant cloud database A flaw in one client s application could allow an attacker access not only to that client s data, but every other client s data as well. Do you know all the security flaws in your applications? 57
58 Data Breaches Able to encrypt your data to reduce the impact of a data breach If the encryption key is lost then data is lost. Keeping offline backups of data to reduce the impact of a catastrophic data loss Increases your exposure to data breaches 58
59 Data Loss Malicious attackers. Accidental deletion by the cloud service provider. Physical catastrophes such as a fire or earthquake. Lost encryption key 59
60 Account hijacking Credentials and passwords reuse. Attacker may eavesdrop on your activities and transactions Or manipulate data and redirect your clients to illegitimate sites. Account or service instances may become a new base for the attacker. 60
61 Insecure API s and Interface Overall cloud services security is dependent upon the security of these APIs. Includes authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy. Often build upon these interfaces to offer valueadded services to their customers. 61
62 Denial of Service Force the victim cloud service to consume inordinate amounts of finite system resources Processor Power Memory Disk Space Network Bandwidth Denial-of-service (DDoS) attacks) cause: Intolerable system slowdown Confused and angry legitimate service users 62
63 Malicious Insiders May have access to potentially sensitive information. May have increasing levels of access to more critical systems. Even if encryption is implemented, if the keys are not kept with the customer, the system may still vulnerable to malicious insider attack. 63
64 Abuse of Cloud Services Not everyone wants to use cloud services for good. Cracking Encryption Keys DDos Attacks How will you detect people abusing your service? How will you define abuse? How will you prevent them from doing it again? 64
65 Insufficient Due Diligence Obligations on liability, response, or transparency create mismatched expectations. Applications that are dependent on internal network-level security controls to the cloud are dangerous. Ensure capable resources, and perform extensive internal and CSP due-diligence 65
66 Shared Technology Vulnerabilities Cloud service share infrastructure, platforms, and applications. Compromise of key piece of shared technology such as the hypervisor exposes the entire environment to a potential of compromise and breach. Potentially can affect an entire cloud at once (see Amazon Xen patch) 66
67 Cloud Vs. On-Prem Deployments 10 Benefits of Cloud Computing (Verio.com) 1. Achieve economies of scale increase volume output or productivity with fewer people. Your cost per unit, project or product plummets. 2. Reduce spending on technology infrastructure. Maintain easy access to your information with minimal upfront spending. Pay as you go (weekly, quarterly or yearly), based on demand. 67
68 Cloud Vs. On-Prem Deployments 3. Globalize your workforce on the cheap. People worldwide can access the cloud, provided they have an Internet connection. 4. Streamline processes. Get more work done in less time with less people. 5. Reduce capital costs. There s no need to spend big money on hardware, software or licensing fees. 68
69 Cloud Vs. On-Prem Deployments 6. Improve accessibility. You have access anytime, anywhere, making your life so much easier! 7. Monitor projects more effectively. Stay within budget and ahead of completion cycle times. 8. Less personnel training is needed. It takes fewer people to do more work on a cloud, with a minimal learning curve on hardware and software issues. 69
70 Cloud Vs. On-Prem Deployments 9. Minimize licensing new software. Stretch and grow without the need to buy expensive software licenses or programs. 10.Improve flexibility. You can change direction without serious people or financial issues at stake. 70
Survey about Cloud Computing Threats
Survey about Cloud Computing Threats Raju M #1, Lanitha B *2 PG Scholar, Department of CSE, CMS College of Engineering, Namakkal, Tamilnadu, India #1 Assistant Professor, Department of CSE, KGiSL Institute
More informationCloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
More informationD. L. Corbet & Assoc., LLC
Demystifying the Cloud OR Cloudy with a Chance of Data D. L. Corbet & Assoc., LLC thelinuxguy@donet.com Why 'The Cloud' Common Clouds Considerations and Risk Why 'The Cloud' Distributed Very Large / Very
More informationFACING SECURITY CHALLENGES
24 July 2013 TimeTec Cloud Security FACING SECURITY CHALLENGES HEAD-ON - by Mr. Daryl Choo, Chief Information Officer, FingerTec HQ Cloud usage and trend Cloud Computing is getting more common nowadays
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationCloud computing: benefits, risks and recommendations for information security
Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation
More informationInternational Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: 2347-3622, Volume-1, Issue-5, February 2014
An Overview on Cloud Computing Services And Related Threats Bipasha Mallick Assistant Professor, Haldia Institute Of Technology bipasm@gmail.com Abstract. Cloud computing promises to increase the velocity
More informationPublic Cloud Security: Surviving in a Hostile Multitenant Environment
Public Cloud Security: Surviving in a Hostile Multitenant Environment SESSION ID: EXP-R01 Mark Russinovich Technical Fellow Windows Azure, Microsoft @markrussinovich The Third Computing Era Security Could
More informationCSE543 Computer and Network Security Module: Cloud Computing
CSE543 Computer and Network Security Module: Computing Professor Trent Jaeger 1 Computing Is Here Systems and Internet Infrastructure Security (SIIS) Laboratory 2 Computing Is Here Systems and Internet
More informationCloud Security Who do you trust?
Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud
More informationCLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM
CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationTop Threats Working Group. The Notorious Nine. Cloud Computing Top Threats in 2013. February 2013
Top Threats Working Group The Notorious Nine Cloud Computing Top Threats in 2013 February 2013 The permanent and official location for Cloud Security Alliance Top Threats research is http://www.cloudsecurityalliance.org/topthreats.
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationTable of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
More informationMedia Shuttle s Defense-in- Depth Security Strategy
Media Shuttle s Defense-in- Depth Security Strategy Introduction When you are in the midst of the creative flow and tedious editorial process of a big project, the security of your files as they pass among
More informationCloud and Security (Cloud hacked via Cloud) Lukas Grunwald
Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald About DN-Systems Global Consulting and Technology Services Planning Evaluation Auditing Operates own Security Lab Project Management Integral
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More information1 The intersection of IAM and the cloud
1 The intersection of IAM and the cloud Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Theory, practice, pros and cons with a focus on enterprise deployments of IAM and cloud
More informationCloud Computing; What is it, How long has it been here, and Where is it going?
Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where
More informationCLOUD COMPUTING. When It's smarter to rent than to buy
CLOUD COMPUTING When It's smarter to rent than to buy Is it new concept? Nothing new In 1990 s, WWW itself Grid Technologies- Scientific applications Online banking websites More convenience Not to visit
More informationSecurity Issues In Cloud Computing And Their Solutions
Security Issues In Cloud Computing And Their Solutions Mr. Vinod K. Lalbeg Lecturer (Management), NWIMSR, Pune-1 & Ms. Anjali S. Mulik Lecturer (Management), NWIMSR, Pune-1 ABSTRACT Cloud Computing offers
More informationSecurity & Cloud Services IAN KAYNE
Security & Cloud Services IAN KAYNE CloudComponents CLOUD SERVICES Dynamically scalable infrastructure, services and software based on broad network accessibility NETWORK ACCESS INTERNAL ESTATE CloudComponents
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationKeywords: Cloud computing, Characteristics of Cloud computing, Models of Cloud computing, Distance learning, Higher education.
Volume 5, Issue 6, June 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Analysis of Cloud
More informationOutline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages
Ivan Zapevalov 2 Outline What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages 3 What is cloud computing? 4 What is cloud computing? Cloud computing is the
More informationHow to Grow and Transform your Security Program into the Cloud
How to Grow and Transform your Security Program into the Cloud Wolfgang Kandek Qualys, Inc. Session ID: SPO-207 Session Classification: Intermediate Agenda Introduction Fundamentals of Vulnerability Management
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationIdentity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015
Identity & Management The Cloud Perspective Andrea Themistou 08 October 2015 Agenda Cloud Adoption Benefits & Risks Security Evolution for Cloud Adoption Securing Cloud Applications with IAM Securing Cloud
More informationLearn the Essentials of Virtualization Security
Learn the Essentials of Virtualization Security by Dave Shackleford by Dave Shackleford This paper is the first in a series about the essential security issues arising from virtualization and the adoption
More informationData Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
More informationSecuring Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits
A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationVirtualization System Security
Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability
More informationThe Cloud, Virtualization, and Security
A Cloud: Large groups of remote servers that are networked to allow centralized, shared data storage and online access to computer services or resources A Cloud: Large groups of remote servers that are
More informationLearn the essentials of virtualization security
Learn the essentials of virtualization security White Paper Table of Contents 3 Introduction 4 Hypervisor connectivity and risks 4 Multi-tenancy risks 5 Management and operational network risks 5 Storage
More informationCloud Security: Evaluating Risks within IAAS/PAAS/SAAS
Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Char Sample Security Engineer, Carnegie Mellon University CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk
More informationISSN: 2321-7782 (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies
ISSN: 2321-7782 (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies Research Paper Available online at: www.ijarcsms.com Analogous
More informationCloud Computing for SCADA
Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry
More informationINTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET) Introduction to Cloud Security. Taniya
INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET) International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 6464(Print)
More informationCloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
More informationSTORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM
STORAGE SECURITY TUTORIAL With a focus on Cloud Storage Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members
More information10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns
BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad
More informationSecuring your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation
Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization
More informationLecture 02a Cloud Computing I
Mobile Cloud Computing Lecture 02a Cloud Computing I 吳 秀 陽 Shiow-yang Wu What is Cloud Computing? Computing with cloud? Mobile Cloud Computing Cloud Computing I 2 Note 1 What is Cloud Computing? Walking
More informationSecurely Outsourcing to the Cloud: Five Key Questions to Ask
WHITE PAPER JULY 2014 Securely Outsourcing to the Cloud: Five Key Questions to Ask Russell Miller Tyson Whitten CA Technologies, Security Management 2 WHITE PAPER: SECURELY OUTSOURCING TO THE CLOUD: FIVE
More informationCloud Computing: What needs to Be Validated and Qualified. Ivan Soto
Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data
More informationBest Practices for Security and Compliance with Amazon Web Services. A Trend Micro White Paper I April 2013
Best Practices for Security and Compliance with Amazon Web Services A Trend Micro White Paper I April 2013 Contents Executive Summary...2 Defining Cloud Computing...2 SERVICE MODELS...3 DEPLOYMENT MODELS...5
More informationSECURITY THREATS TO CLOUD COMPUTING
IMPACT: International Journal of Research in Engineering & Technology (IMPACT: IJRET) ISSN(E): 2321-8843; ISSN(P): 2347-4599 Vol. 2, Issue 3, Mar 2014, 101-106 Impact Journals SECURITY THREATS TO CLOUD
More informationCloud Computing. Benefits and Risks. Bill Wells, CISSP, CISM, CISA, CRISC, CIPP/IT bill.wells@transamerica.com
Cloud Computing Benefits and Risks Bill Wells, CISSP, CISM, CISA, CRISC, CIPP/IT bill.wells@transamerica.com 10/3/2012 1 Let s make sure we re all talking about the same thing. WHAT IS CLOUD COMPUTING?
More informationSecurity Overview Enterprise-Class Secure Mobile File Sharing
Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud
More informationCloud Courses Description
Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment
More informationDISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2
DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing Slide 1 Slide 3 A style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet.
More informationCloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationSecure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services
Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro Udo_Schneider@trendmicro.de 26.03.2013
More informationData Centers and Cloud Computing
Data Centers and Cloud Computing CS377 Guest Lecture Tian Guo 1 Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing Case Study: Amazon EC2 2 Data Centers
More informationSecuring sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant
Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV Nadav Elkabets Presale Consultant Protecting Your Data Encrypt Your Data 1 ProtectFile StorageSecure ProtectDB ProtectV Databases File
More informationVirtualization and Cloud Computing
Written by Zakir Hossain, CS Graduate (OSU) CEO, Data Group Fed Certifications: PFA (Programming Foreign Assistance), COR (Contracting Officer), AOR (Assistance Officer) Oracle Certifications: OCP (Oracle
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationCLOUD COMPUTING SECURITY CONCERNS
CLOUD COMPUTING SECURITY CONCERNS ABSTRACT ASMA GULAM MOHAMED Saveetha School of Engineering Cloud computing is set of resources including data storage, programs and hardware offered through the Internet.
More informationKeyword: Cloud computing, service model, deployment model, network layer security.
Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging
More informationCloud Models and Platforms
Cloud Models and Platforms Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF A Working Definition of Cloud Computing Cloud computing is a model
More informationPublic Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.
Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationData In The Cloud: Who Owns It, and How Do You Get it Back?
Data In The Cloud: Who Owns It, and How Do You Get it Back? Presented by Dave Millier, Soban Bhatti, and Oleg Sotnikov 2013 Sentry Metrics Inc. Agenda Reasons for Cloud Adoption How Did My Data Get There?
More informationSecurity of Cloud Computing
Security of Cloud Computing Fabrizio Baiardi f.baiardi@unipi.it 1 Syllabus Cloud Computing Introduction Definitions Economic Reasons Service Model Deployment Model Supporting Technologies Virtualization
More informationSecuring the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC
Securing the Journey to the Private Cloud Dominique Dessy RSA, the Security Division of EMC June 2010 Securing the Journey to The Private Cloud The Journey IT Production Business Production IT-As-A-Service
More informationHost/Platform Security. Module 11
Host/Platform Security Module 11 Why is Host/Platform Security Necessary? Firewalls are not enough All access paths to host may not be firewall protected Permitted traffic may be malicious Outbound traffic
More informationcontent-aware identity & access management in a virtual environment
WHITE PAPER Content-Aware Identity & Access Management in a Virtual Environment June 2010 content-aware identity & access management in a virtual environment Chris Wraight CA Security Management we can
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationAddressing Data Security Challenges in the Cloud
Addressing Data Security Challenges in the Cloud Coordinate Security. The Need for Cloud Computing Security A Trend Micro White Paper July 2010 I. INTRODUCTION Enterprises increasingly recognize cloud
More informationCSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments
CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments Kelvin Ng Tao Yao Sing Heng Yiak Por Acknowledgeme nts Co-Chairs Kapil Raina, Zscaler Kelvin Ng, Nanyang
More informationCloud Computing. Making legal aspects less cloudy. Erik Luysterborg Partner Cyber Security & Privacy Belgium EMEA Data Protection & Privacy Leader
Cloud Computing Making legal aspects less cloudy Erik Luysterborg Partner Cyber Security & Privacy Belgium EMEA Data Protection & Privacy Leader 30 September 2014 1 Contents A. Introduction: a short walk
More informationCloud Computing An Auditor s Perspective
Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
More informationSMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales
SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,
More informationCloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 18th December 2014 Duration 2 Days Location Dublin Course Code SS906 Programme Overview Cloud Computing is gaining increasing
More informationIBM Cognos TM1 on Cloud Solution scalability with rapid time to value
IBM Solution scalability with rapid time to value Cloud-based deployment for full performance management functionality Highlights Reduced IT overhead and increased utilization rates with less hardware.
More informationHow To Protect Your Cloud Computing Resources From Attack
Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview
More informationHow To Protect Your Cloud From Attack
Cloud security Joakim Persson Outline Introduction to cloud security Cloud threats Securing the cloud Data center security Open Stack security Homomorphic encryption Introduction to cloud security Basic
More informationThreat Modeling Cloud Applications
Threat Modeling Cloud Applications What You Don t Know Will Hurt You Scott Matsumoto Principal Consultant smatsumoto@cigital.com Software Confidence. Achieved. www.cigital.com info@cigital.com +1.703.404.9293
More informationHow to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications
SOLUTION BRIEF: PROTECTING ACCESS TO THE CLOUD........................................ How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications Who should read this
More informationVirtualization Impact on Compliance and Audit
2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance
More informationRisks and Challenges
Cloud and Mobile Security: Risks and Challenges Chong Sau Wei (CISM) chong@scan associates.net General Manager Managed Security Services SCAN Associates Berhad Seminar e Kerajaan Negeri Pulau Pinang 14
More informationCloud Security Who do you trust?
Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud
More informationTop 10 Cloud Risks That Will Keep You Awake at Night
Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationHow to Secure Infrastructure Clouds with Trusted Computing Technologies
How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.
More informationAppendix to; Assessing Systemic Risk to Cloud Computing Technology as Complex Interconnected Systems of Systems
Appendix to; Assessing Systemic Risk to Cloud Computing Technology as Complex Interconnected Systems of Systems Yacov Y. Haimes and Barry M. Horowitz Zhenyu Guo, Eva Andrijcic, and Joshua Bogdanor Center
More informationCLOUD COMPUTING SECURITY ISSUES
CLOUD COMPUTING SECURITY ISSUES Florin OGIGAU-NEAMTIU IT Specialist The Regional Department of Defense Resources Management Studies, Brasov, Romania The term cloud computing has been in the spotlights
More informationSecuring Office 365 with MobileIron
Securing Office 365 with MobileIron Introduction Office 365 is Microsoft s cloud-based productivity suite. It includes online versions of Microsoft s most popular solutions, like Exchange and SharePoint,
More informationArchitecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud
Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics
More informationCAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST
CENTER FOR ADVANCED SECURITY TRAINING 618 Designing and Implementing Cloud Security About EC-Council Center of Advanced Security Training () The rapidly evolving information security landscape now requires
More informationCloud Infrastructure Security
Cloud Infrastructure Security Dimiter Velev 1 and Plamena Zlateva 2 1 University of National and World Economy, UNSS - Studentski grad, 1700 Sofia, Bulgaria dvelev@unwe.acad.bg 2 Institute of Control and
More informationCloud Courses Description
Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,
More informationStephen Coty Director, Threat Research
Emerging threats facing Cloud Computing Stephen Coty Director, Threat Research Cloud Environments 101 Cloud Adoption is Gaining Momentum Cloud market revenue will increase at a 36% annual rate Analyst
More informationDynamic Security for the Hybrid Cloud
Dynamic Security for the Hybrid Cloud Marc van Zadelhoff, VP Strategy, Marketing and Product Management, IBM Security Nataraj Nagaratnam, Distinguished Engineer and CTO Security Solutions, IBM Security
More informationResearch Paper Available online at: www.ijarcsse.com A COMPARATIVE STUDY OF CLOUD COMPUTING SERVICE PROVIDERS
Volume 2, Issue 2, February 2012 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: A COMPARATIVE STUDY OF CLOUD
More information