Standardization for Security of Cloud Computing
|
|
- Doris Lang
- 8 years ago
- Views:
Transcription
1 Standardization for Security of Cloud Computing - with Focus on Availability - Thu, 28 February, 2013 Ben T. Katsumi Chief Researcher, Security Economics Laboratory IT Security Center, IPA, Japan
2 Agenda Background: Risk of cloud black out Overview of Cloud Standards for Security Cloud Security Management & Audit Standards Interoperability and Portability Inter-Cloud Migration and Operation Considerations on Conditions under Emergency Considerations on Inter-Cloud Operation Summary 28 February 2013 Copyright IPA Information-Technology Promotion Agency 2
3 Cloud supports economy & society IT infrastructure to sustain emergency response Emergency Safety Retrieval Info Disti. Sharing Victims Support Emergency Services Lifeline Peace Life Economy Society Supports all the human, economic & social activities Cloud Computing and Services Platform 28 February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 3
4 Cloud as IT Infrastructure for ER Case of East Japan Earthquake IT infrastructure for city staffs and volunteer stations for rescues and refugees support 2. Communications between individuals and families 3. Backups/mirroring of gov.s and local gov.s information dissemination: radiation info, citizen services info, etc. 4. IT infrastructure and services to businesses for emergency biz, customer & employee communications and data backups 28 February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 4
5 CC s superior characteristics for ER Ready-for-use pool of resources allow immediate use with: 1. Agility: Short dev. lead time 2. Scalability: Start small, expand as needed 3. Economy: Minimum user cost, minimal cost to vendor allows free offer 4. Tolerance: Tolerant to damages, reliable 5. Security: Built-in security at data centers vs newly built with less or no security a. Upstream candid information flow b. Remote, time-free collaboration platform c. Mash up with data stored in cloud, e.g. maps d. Multi media, large data capability =ACTIVE Emergency Response Concept of conventional BCP/DR is just to recover what used to be in terms of functions and services 28 February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 5
6 Anatomy of cloud from social perspective Reliability of cloud in view of ER, DR and BC Emergency View View at Peace (Positioning in Economy & Society) Potential Risk View Cloud for Emergency Response & Disaster Rescue ER BC Cloud as the System Platform with Resiliency & Dependability Services in Emergency Service at Peace Cloud as the Service or Business Model Cloud as the Model for IT Utilization Cloud Computing Service at Peace Services in Emergency Cloud as the Service Platform Cloud as the Public Asset Security & Privacy of Aggregated Personal Data Potential Risks Potential Risks Social Infrastructure interdependency & Threats in Common Cloud to be resilient, dependable and survivable 28 February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 6
7 Agenda Background: Risk of cloud black out Overview of Cloud Standards for Security Cloud Security Management & Audit Standards Interoperability and Portability Inter-Cloud Migration and Operation Considerations on Conditions under Emergency Considerations on Inter-Cloud Operation Summary 28 February 2013 Copyright IPA Information-Technology Promotion Agency 7
8 Properties for cloud to keep alive Resiliency: tolerable against obstacles from outside a system self-recoverable from damages due to outside causes Dependabillty: free from defects within a system free from failure of a system Survivability: able to transfer from a system to another Related legend: portable, interoperable, migratable 28 February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 8
9 Overview of Cloud Standards for Security Confidentiality Security Information Security Management System (ISMS) for Cloud Computing Cloud Security Audit Integrity Availability Portability Interoperability Migratability = Inter-Cloud 28 February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 9
10 Agenda Background: Risk of cloud black out Overview of Cloud Standards for Security Cloud Security Management & Audit Standards Interoperability and Portability Inter-Cloud Migration and Operation Considerations on Conditions under Emergency Considerations on Inter-Cloud Operation Summary 28 February 2013 Copyright IPA Information-Technology Promotion Agency 10
11 Standardization from Survivability Viewpoint Survivability Resiliency Dependability Interoperability Portability Common Cloud Pla5orm for Inter- cloud Migra;on Standardiza;on Requirements for commonality Common understanding of requirement User- facing business prac;ces Common compliance assurance Cloud ISMS Cloud Security Audit Security Privacy SLA Contract T&C Regula;on Compliance 28 February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 11
12 International Standardization Scheme Joint Technical Committee Terminology ISO/IEC27000 International Organization for Standards International Electro- technical Commission JTC1 SCn SCn SCn SC27 Requirements Guidelines Sector Specific Standards /Guidelines IT Security Techniques ISO/IEC27001 ISO/IEC27006 ISO/IEC27002 ISO/IEC27003 ISO/IEC27004 ISO/IEC ISO/IEC27017 ISO/IEC27011 ISO/IEC27012 ISO/IEC Cloud Computing Security Attributed to: Mr. Shin Yamashita, from presentation at NSF2013 SC38 Distributed Application Platforms and Services Cloud Computing/SOA 28 February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 12
13 Cloud Security Management Standards ISMS Requirements Code of Practice for Information Security Controls Example: Guide for cloud consumers Monitoring and review of supplier services following to be added to guidance: Cloud consumer should regularly monitor and review the services, reports and records provided by the cloud provider Security in Cloud Computing Addition to controls of of: 1. cloud-specific controls, implementation guidance & other information Based on proposal from Japan 2. supplementary implementation guidance to existing controls Example: Guide for cloud providers Implementing information security continuity following to be added to guidance: Cloud provider should provide the following information to the cloud consumer to develop and implement business continuity plan covering cloud service. Attributed to: Mr. Shin Yamashita, from presentation at NSF February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 13
14 Security Management for Supplier Relations Information Security for Supplier Relationships Part 1 Overview and Concepts To provide detailed controls and implementation guidance for section 15 of : To be aimed at both Acquirer and Supplier In view of information security risks in acquisition such as: Supplier may access the information of acquirer Acquirer information may be deposited/entrusted to supplier Purchased products may cause security incidents to acquirer Part 2 Common Requirements Part 3 Guidelines for ICT Supply Chain Security Part 4 Guidelines for Security of Cloud Services Attributed to: Mr. Shin Yamashita, from presentation at NSF February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 14
15 Security Audit Framework for Cloud Provider 2 Security Management & Control Systems Attestation/Assertion of Certain Extent and Level of Security Management and Controls A set of Security Management & Controls (standard) ISMS, regulations, laws & treatments 0 Confirmation required Requirement of consistency 3 provision Report/Certification Audit Independent Cloud Security Auditor Compliance Declaration Consumer Certified Cloud Security Management & Controls Implementation and Operation B Security Management & Control Systems Certification 28 February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 15 C 4 1 A
16 Cloud assurance framework Basic attestation is commitment of basic security level. Cloud provider, which has satisfied the basic security requirements, can declare basic attestation without disclosing detail of the countermeasures. Basic attestation is announced to all users, Special attestation is shown to each consumer. Cloud Consumer Audit Report Basic attestation Risk management for general use of cloud + Special attestation (Additional) Risk management for more important information in cloud Cloud Provider Merit to auditor Efficient auditing on basic requirements Assurance Auditor Auditing the deployment and operation of controls being effective by independent expert Basic attestation; Audit each service Special attestation; Audit each customer Copyright 2012 Japan Information Security Audit Association. All rights reserved. 16
17 Basic requirements; Controls for high and medium risks Cloud information security management standard Annex defines Basic requirements for cloud provider which are necessary controls deployed and operated for declaring Basic Attestation for Information Security for Cloud Service. Basic Attestation for Information Security for Cloud Service shows the top management declares executing risk management surely. Cloud audit assures Basic Attestation for Information Security for Cloud Service signed by top management of cloud provider Cloud consumers select secure cloud service having an assured Basic Attestation for Information Security for Cloud Service Items of Basic requirements for cloud provider are selected from risk and controls table made by experts H01: Expanding damages caused by high concentration of resources and infrastructure Basic requirements focus on eleven risks, -high and medium level- selected from twenty one risk items. Requirements for basic attestation of cloud information security management High RIsk Medium Risk No H01 H02 H03 H04 H05 H06 M07 M08 M09 M10 M11 Name of risk Increasing Impacts of highly aggregated computing resources and infrastructures Mismatch between virtual and physical systems on design and operation phase Loss of business reputation due to co-tenant activities Resource exhaustion (under or over provisioning) Isolation failure Compromise service engine Cloud provider malicious insider - abuse of high privilege rolls) Management interface compromise (manipulation, availability of infrastructure) Intercepting data in transit Data leakage on up/download, intra-cloud Insecure or ineffective deletion of data Distributed denial of service (DDoS) Declaration of basic attestation is provider s commitment of managing high and medium risk. Copyright 2012 Japan Information Security Audit Association. All rights reserved. 17
18 Points of Cloud Security Audit System Simplified Cloud Model High RIsk Medium Risk Pre-fixed Set of Attestation Audit System Pre-defined Risk Factors No H01 H02 H03 H04 H05 H06 M07 M08 M09 M10 M11 Name of risk Increasing Impacts of highly aggregated computing resources and infrastructures Mismatch between virtual and physical systems on design and operation phase Loss of business reputation due to co-tenant activities Resource exhaustion (under or over provisioning) Isolation failure Compromise service engine Cloud provider malicious insider - abuse of high privilege rolls) Management interface compromise (manipulation, availability of infrastructure) Intercepting data in transit Data leakage on up/download, intra-cloud Insecure or ineffective deletion of data Distributed denial of service (DDoS) Provider Japan Consumer
19 Guidelines and recommendations in Japan (1) Owner METI (Ministry of Economy, Trade and Industry) SLA Guideline for SaaS Guideline URL (in white letters: available in English) Information Security Report Model Check List of Service Levels in Cloud Computing Information security management guidelines for the use of cloud computing services Guide to Safe Use of Cloud Services for Small-to-Mid-Sized Enterprises IPA (Informationtechnology Promotion Information Disclosure Reference Guide for Cloud Service Providers Agency) Recommendation for Safe Use of Cloud Services Cloud Security Management Standard, Risk-vs-Control List, Security Cheklist and JASA (Japan Security associated manuals, etc. Audit Association) 28 February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 19
20 Guidelines and recommendations in Japan (2) Owner JDCC (Japan Data Center Council) MIC(Ministry of Interior and Communicati ons) ASPIC (ASP SaaS Cloud Consortium) Abstract Data Center Facility Standard Guideline URL (in white letters: available in English) Report on Review of Data Center Facility Standard Based on East Japan Great Earthquake Information Security Measures Guideline for ASP and SaaS Information Disclosure Guide on Safety and Reliability of ASP and SaaS Information Disclosure Guide on Safety and Reliability of Data Centers Guide to Use Data Centers Guide for Coopreration among Data Center Operators Guide for Consumer Protection and Compliance in Cloud Services February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 20
21 Agenda Background: Risk of cloud black out Overview of Cloud Standards for Security Cloud Security Management & Audit Standards Interoperability and Portability Inter-Cloud Migration and Operation Considerations on Conditions under Emergency Considerations on Inter-Cloud Operation Summary 28 February 2013 Copyright IPA Information-Technology Promotion Agency 21
22 Definitions Interoperable, Portable, Migratable Interoperability: a property of a product or system, whose interfaces are completely understood, to work with other products or systems, present or future, without any restricted access or implementation. <Wikipedia> data Portability: the ability of a program (or software be processed systems and/or system) to execute properly on multiple hardware applications platforms. <Wikitionary> Migratability: the ability to move computer code or files from one computer or network to another. <Wikitionary> 28 February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 22
23 Cloud services to survive DC down Interoperability and Portability Common interfaces, formats, languages Organization OGF(Open Grid Forum) DMTF(Distributed Management Task Force, Inc.) SNIA(Storage Networking Industry Association) OASIS(Organization for the Advancement of Structured Information Standards) Open ID Foundation IETF (Internet Engineetring Task Force) IEEE (Institute of Electric and Electronic Engineers Association) ISO (International Standards Organization) Typical Cloud Standards OCCI(Open Cloud Computing Interface) OVF(Open Virtualization Format) CIMI(Cloud Infrastructure Management Interface) CDMI(Cloud Data Management Interface) TOSCA (Topology and Orchestration Specification for Cloud Application) OpenID Connect SCIM (Simple Cloud Identity Management ) CPIP (Guide for Cloud Portability and Interoperability Profiles) SIIF (Standard for Intercloud Interoperability and Federation) ISO/IEC February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 23
24 Cloud services to survive DC down Interoperable, Portable, Migratable Common platform architectures Organization Cloud Platform Open Stack Foundation Open Stack Apache Software Foundation Cloud Stack Eucalyptus Systems, Inc. OpenNebula Project Wakame Project Eucalyptus OpenNebula Wakame-vdc Applications may be easily migrated between common cloud platforms. 28 February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 24
25 Cloud services to survive DC down Migratable Virtual Machine or Service Function to be automatically transferred from a DC to another Intercloud Operation for Backup, Failover, Restoration, Recovery and Migration Source: 28 February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 25
26 Agenda Background: Risk of cloud black out Overview of Cloud Standards for Security Cloud Security Management & Audit Standards Interoperability and Portability Inter-Cloud Migration and Operation Considerations on Conditions under Emergency Considerations on Inter-Cloud Operation Summary 28 February 2013 Copyright IPA Information-Technology Promotion Agency 26
27 Conditions for stake holders to make use of cloud under emergent situation Allie among CSPs Inter-cloud colab. Migration Data duplication and synchronization Inter-cloud connection SLA Security CSPs & DCs BCP and SLA Building safety Lifelines: power, air, water Operator: call up, commute, food, supply Data backup Security Telecom Carriers BCP and DR Telecom lines Transmission stations and relays Lifelines for switches and transmitters Redundancy Aux power supply Security Consumers BCP Office Lifelines for office and workforce Workforce call up and commute Data backup Security Social environmental support : Rules and guidelines to support the above conditions Cloud services defined from social resource management Technical standards and common interfaces 28 February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 27
28 Interdependency of Critical Infrastructure IT infrastructure/ services lost System Failure HW Cyber Attacks Cyber Attacks Traffic Congestion System Failure SW Data Center Failure Power Outage Communication Services Failure Refinery & Tank Failure Operator Unavailable Power Systems Failure Radio Station Collapse Cable Cutoff 28 February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 28
29 Cloud Data Centers burden and criticalness Power Plants Railways Roads Oil Stock Logis;cs Produc;on [Supply side] Electricity Telecom Operators Fuel Supply Water Daily Supply Decision making algorithms should be established Cloud Data Center Support CI and General [Demand side] Safety Informa;on Refugee Housing Opera;on Emergency Mediacl Care Support Stuff Delivery Support and Rescu Administra;on Rescue Informa;on Dissemina;on Admin Informa;on Dissemina;on Medical Care Water Financing Administra;on Other Systems Emergency Response Critical Infrastructure 28 February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 29
30 Agenda Background: Risk of cloud black out Overview of Cloud Standards for Security Cloud Security Management & Audit Standards Interoperability and Portability Inter-Cloud Migration and Operation Considerations on Conditions under Emergency Considerations on Inter-Cloud Operation Summary 28 February 2013 Copyright IPA Information-Technology Promotion Agency 30
31 Conditions for Inter-Cloud Migration Virtual Machine or Service Function to be automatically transferred from a DC to another Issues to be allocated Technical Security Economy/Biz Legal International Technical feasibility, compatibility assurance Security features and capability should be maintained and guaranteed SLAs should be maintained and guaranteed Other terms & conditions should be consistent Rights and obligations to be transferred or re-contract? Compliance requirement fulfillment to be assured What if transfer is over a border? Legal enforcement etc. 28 February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 31
32 Agenda Background: Risk of cloud black out Overview of Cloud Standards for Security Cloud Security Management & Audit Standards Interoperability and Portability Inter-Cloud Migration and Operation Considerations on Conditions under Emergency Considerations on Inter-Cloud Operation Summary 28 February 2013 Copyright IPA Information-Technology Promotion Agency 32
33 Conditions of cloud as a CIIP Clearly understand cloud as the social infrastructure Incorporate cloud in critical infrastructure disaster protection planning Designate and understand cloud as a critical information infrastructure Prioritize cloud in disaster recovery and emergency response Secure availability of cloud services as a consistent resource Establish technical solutions to make cloud services portable, interoperable and migratable to overcome platform failure Develop/establish social system/agreement to support intercloud migration/operation Common SLA, SecLA, T&C, etc. for agreement interoperability Common understanding on regulatory obligations to be maintained after cloud services transfer Facilitate the same internationally for cross-border transfer 28 February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 33
34 ENISA Report on Cloud as a CIIP Cloud computing and natural disasters: A key benefit of cloud computing is resilience in the face of regional power cuts or local natural disasters. It is difficult to mitigate the impact of fairly common regional disasters like floods, storms, or earthquakes in a set up with only a single datacentre, or a traditional set-up with a legacy onsite IT deployment. Standardisation: From a CIIP perspective standardization in cloud computing is very important, because it allows customers to mitigate issues related to a specific provider or a specific platform. Standardization, especially for IaaS and PaaS services, would allow customers to move workload to other providers in case one provider has suffers a large outages caused by system failures or even administrative or legal disputes February 2013 Copyright 2013 IPA Information-Technology Promotion Agency 34
35 Special thanks!!! Standardization for Security of Cloud Computing - with Focus on Availability -- Thu, 28 February, 2013 Ben T. Katsumi Chief Researcher, Security Economics Laboratory IT Security Center, IPA, Japan t-katsu@ipa.go.jp
Security Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken )
23.11.2015 Jan Philipp Manager, Cyber Risk Services Enterprise Architect Security Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken ) Purpose today Introduction» Who I am
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationCloud Computing Standards: Overview and ITU-T positioning
ITU Workshop on Cloud Computing (Tunis, Tunisia, 18-19 June 2012) Cloud Computing Standards: Overview and ITU-T positioning Dr France Telecom, Orange Labs Networks & Carriers / R&D Chairman ITU-T Working
More informationStudy on Cloud security in Japan
Study on Cloud security in Japan 2011/February Professor Yonosuke HARADA INSTITUTE of INFORMATION SECURITY (C) ITGI Japan Content 1 Background 2 Survey 2.1 Respondents 2.2 User on cloud services 2.3 Risk
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationInformation Disclosure Reference Guide for Cloud Service Providers
Information Disclosure Reference Guide for Cloud Service Providers In Conjunction with "Guide to Safe Use of Cloud Services for Small-to-Mid-Sized Enterprises" April 2011 Information-technology Promotion
More informationCloud Computing. Cloud Computing An insight in the Governance & Security aspects
Cloud Computing An insight in the Governance & Security aspects AGENDA Introduction Security Governance Risks Compliance Recommendations References 1 Cloud Computing Peter Hinssen, The New Normal, 2010
More informationCyber Security and Cloud Computing. Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk
Cyber Security and Cloud Computing Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk Scope of Today SME Attractors for Cloud Switching to the Cloud Public Private Hybrid Big
More informationResidual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.)
Organizational risks 1 Lock-in Risk of not being able to migrate easily from one provider to another 2 Loss of Governance Control and influence on the cloud providers, and conflicts between customer hardening
More informationCLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE
CLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE Indranil Mukherjee Singapore ISC Pte Ltd Session ID: CLD T02 Session Classification: Intermediate Cloud Computing from a
More informationInformation Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationCloud Computing Security Issues
Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,
More informationCLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs
CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs Eric Simmon January 28 th, 2014 BACKGROUND Federal Cloud Computing Strategy Efficiency improvements will shift resources towards higher-value
More informationCloud Computing: What needs to Be Validated and Qualified. Ivan Soto
Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data
More informationCloud Computing Technology
Cloud Computing Technology The Architecture Overview Danairat T. Certified Java Programmer, TOGAF Silver danairat@gmail.com, +66-81-559-1446 1 Agenda What is Cloud Computing? Case Study Service Model Architectures
More informationWhat Cloud computing means in real life
ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)
More informationCloud Computing and Records Management
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
More informationHow To Protect Your Cloud Computing Resources From Attack
Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview
More informationLatest in Cloud Computing Standards. Eric A. Hibbard, CISSP, ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems
Latest in Cloud Computing Standards Eric A. Hibbard, CISSP, ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems 1 Short Introduction CTO Security & Privacy, Hitachi Data Systems Involved
More informationLeading by Example - Government Cloud Services from the UK, Germany and Japan
Cloud for savings, Cloud for quality 27 & 28 February 2013 Brussels, Belgium Leading by Example - Government Cloud Services from the UK, Germany and Japan www.cloudscapeseries.eu info@cloudscapeseries.eu
More informationPreparation Guide Content. EXIN Cloud. 1. Overview 4 2. Exam Requirements 6 3. List of Basic Concepts 9 4. Exam Literature 13. Computing Foundation
Preparation Guide Content EXIN Cloud 1. Overview 4 2. Exam Requirements 6 3. List of Basic Concepts 9 4. Exam Literature 13 Computing Foundation Edition December 2015 Copyright 2015 EXIN All rights reserved.
More informationCloud Security Who do you trust?
Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud
More informationAll Clouds Are Not Created Equal THE NEED FOR HIGH AVAILABILITY AND UPTIME
THE NEED FOR HIGH AVAILABILITY AND UPTIME 1 THE NEED FOR HIGH AVAILABILITY AND UPTIME All Clouds Are Not Created Equal INTRODUCTION Companies increasingly are looking to the cloud to help deliver IT services.
More informationAssessing, Evaluating and Managing Cloud Computing Security
Assessing, Evaluating and Managing Cloud Computing Security S.SENTHIL KUMAR 1, R.KANAKARAJ 2 1,2 ASSISTANT PROESSOR, DEPARTMENT OF COMMERCE WITH COMPUTER APPLICATIONS Dr.SNS RAJALAKSHMI COLLEGE OF ARTS
More informationPreparation Guide. EXIN Cloud Computing Foundation
Preparation Guide EXIN Cloud Computing Foundation Edition June 2012 Copyright 2012 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing
More informationInternational Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: 2347-3622, Volume-1, Issue-5, February 2014
An Overview on Cloud Computing Services And Related Threats Bipasha Mallick Assistant Professor, Haldia Institute Of Technology bipasm@gmail.com Abstract. Cloud computing promises to increase the velocity
More informationThe NREN s core activities are in providing network and associated services to its user community that usually comprises:
3 NREN and its Users The NREN s core activities are in providing network and associated services to its user community that usually comprises: Higher education institutions and possibly other levels of
More informationSecurity & Cloud Services IAN KAYNE
Security & Cloud Services IAN KAYNE CloudComponents CLOUD SERVICES Dynamically scalable infrastructure, services and software based on broad network accessibility NETWORK ACCESS INTERNAL ESTATE CloudComponents
More informationCloud Security & Standardization. Markku Siltanen Tietoturvakonsultti CISA, CGEIT, CRISC
0 Copyright 2011 FUJITSU Cloud Security & Standardization Markku Siltanen Tietoturvakonsultti CISA, CGEIT, CRISC Cloud computing 1 Copyright 2011 FUJITSU Characteristics of cloud 2 Copyright 2011 FUJITSU
More informationSecurity of Cloud Computing
Security of Cloud Computing Fabrizio Baiardi f.baiardi@unipi.it 1 Syllabus Cloud Computing Introduction Definitions Economic Reasons Service Model Deployment Model Supporting Technologies Virtualization
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationCloud Security & Risk Management PRESENTATION AT THE OPEN GROUP CONFERENCE
Cloud Security & Risk Management PRESENTATION AT THE OPEN GROUP CONFERENCE MARCH 2011 Image Area VARAD G. VARADARAJAN ENTERPRISE ARCHITECTURE COE COGNIZANT TECHNOLOGY SOLUTIONS For details please email:
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationServices Providers. Ivan Soto
SOP s for Managing Application Services Providers Ivan Soto Learning Objectives At the end of this session we will have covered: Types of Managed Services Outsourcing process Quality expectations for Managed
More informationCloud computing: benefits, risks and recommendations for information security
Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation
More informationOpen Certification Framework. Vision Statement
Open Certification Framework Vision Statement Jim Reavis and Daniele Catteddu August 2012 BACKGROUND The Cloud Security Alliance has identified gaps within the IT ecosystem that are inhibiting market adoption
More informationCloud Service Rollout. Chapter 9
Cloud Service Rollout Chapter 9 Cloud Service Topics Cloud service rollout plans vary depending on the type of cloud service SaaS, PaaS, or IaaS and the vendor. Unit Topics Identifying vendor roles and
More information6 Cloud computing overview
6 Cloud computing overview 6.1 General ISO/IEC 17788:2014 (E) Cloud Computing Overview Page 1 of 6 Cloud computing is a paradigm for enabling network access to a scalable and elastic pool of shareable
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationCloud Computing Standards: Overview and first achievements in ITU-T SG13.
Cloud Computing Standards: Overview and first achievements in ITU-T SG13. Dr ITU-T, Chairman of Cloud Computing Working Party, SG 13 Future Networks Orange Labs Networks, Cloud & Future Networks Standard
More informationGovernance and Management of Information Security
Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information
More informationIntel Enhanced Data Security Assessment Form
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
More informationData Centre Networks Overview
TELECOMMUNICATIONS TRANSFORMATION PROGRAM Data Centre Networks (DCN) Industry Day Data Centre Networks Overview Michel Fortin Director General, Telecommunications Transformation Program Transformation,
More informationSummary Report Report # 1. Security Challenges of Cross-Border Use of Cloud Services under Special Consideration of ENISA s Contributions
Summary Report Report # 1 Security Challenges of Cross-Border Use of Cloud Services under Special Consideration of ENISA s Contributions COINS Summer School 2015 on Could Security Prepared by: Nabeel Ali
More informationCloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing
Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Executive Summary As cloud service providers mature, and expand and refine their offerings, it is increasingly difficult for
More informationSession 11 : (additional) Cloud Computing Advantages and Disadvantages
INFORMATION STRATEGY Session 11 : (additional) Cloud Computing Advantages and Disadvantages Tharaka Tennekoon B.Sc (Hons) Computing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Cloud
More informationCLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM
CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material
More informationCloud Computing Security ENISA. Daniele Catteddu, CISM, CISA. Convegno Associazione Italiana Information Systems Auditors. www.enisa.europa.
Cloud Computing Security ENISA Daniele Catteddu, CISM, CISA Convegno Associazione Italiana Information Systems Auditors Agenda Introduction to ENISA ENISA objectives in Cloud computing Reaching the objectives
More informationCloud Security Who do you trust?
Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud
More informationInterna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES
Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES Agenda Importance of Common Cloud Standards Outline current work undertaken Define
More informationCloud Computing. What is Cloud Computing?
Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited
More informationUnderstanding changes to the Trust Services Principles for SOC 2 reporting
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding changes to the Trust Services Principles for SOC 2 reporting
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationWhy Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it
The Cloud Threat Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it This white paper outlines the concerns that often prevent midsized enterprises from taking advantage of the Cloud.
More information<cloud> Secure Hosting Services
Global Resources... Local Knowledge Figtree offers the functionality of Figtree Systems Software without the upfront infrastructure investment. It is the preferred deployment solution for organisations
More informationData Center Consolidation Disaster Recovery Cloud Computing
Data Center Consolidation Disaster Recovery Cloud Computing Discussion and Overview September 9, 2010 John R. Savageau President Discussion Topics Develop a national data center consolidation and disaster
More informationISO 27001:2005 & ISO 9001:2008
ISO 27001:2005 & ISO 9001:2008 September 2011 1 Main Topics SFA ISO Certificates ISO 27000 Series used in the organization ISO 27001:2005 - Benefits for the organization ISO 9001:2008 - Benefits for the
More informationCloud Courses Description
Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment
More informationProactively Secure Your Cloud Computing Platform
Proactively Secure Your Cloud Computing Platform Dr. Krutartha Patel Security Engineer 2010 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals Agenda 1 Cloud
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationBerlin, 15 th November 2013. Mark Dunne SaaSAssurance
Berlin, 15 th November 2013 Mark Dunne SaaSAssurance SaaSAssurance guidance to Irish Government on Cloud Adoption Who are SaaSAssurance? Diverse multilingual European team Focus on the here and now Digital
More informationNSW Government. Cloud Services Policy and Guidelines
NSW Government Cloud Services Policy and Guidelines August 2013 1 CONTENTS 1. Introduction 2 1.1 Policy statement 3 1.2 Purpose 3 1.3 Scope 3 1.4 Responsibility 3 2. Cloud services for NSW Government 4
More informationSECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING
SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING Karin Bernsmed, Martin Gilje Jaatun SINTEF Information and Communication Technology, Trondheim, Norway Karin.Bernsmed@sintef.no, Martin.G.Jaatun@sintef.no
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationCPNI VIEWPOINT 01/2010 CLOUD COMPUTING
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
More informationAddressing Cloud Computing Security Considerations
Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft
More informationOffice of the Government Chief Information Officer The Government of the Hong Kong Special Administrative Region
Office of the Government Chief Information Officer The Government of the Hong Kong Special Administrative Region 1 1) Government Cloud Journey 2) Government Clouds 3) Way Forward 2 1. Government Cloud
More informationInformation Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Technology Service Manager Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationCloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
More informationCSMS. Cyber Security Management System. Conformity Assessment Scheme
CSMS Cyber Security Management System Conformity Assessment Scheme for the CSMS Certification Criteria IEC 62443-2-1:2010 Cyber Security Management Syste 1 Purpose of the CSMS Conformity Assessment Scheme
More informationA HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems
A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY Eric A. Hibbard, CISSP, CISA Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise
More informationAssessing Risks in the Cloud
Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationFuture of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST
Future of Cloud Computing Irena Bojanova, Ph.D. UMUC, NIST No Longer On The Horizon Essential Characteristics On-demand Self-Service Broad Network Access Resource Pooling Rapid Elasticity Measured Service
More informationCloud Computing: Risks and Auditing
IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG
More informationCloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter
Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute
More informationWelcome. Panel. Cloud Computing New Challenges in Data Integrity and Security 13 November 2014
Welcome Cloud Computing New Challenges in Data Integrity and Security 13 November 2014 Panel Tracy Lampula, Associate Director of GIS Compliance, Vertex Pharmaceuticals William Sanborn, Director of Information
More informationVirtual Privacy vs. Real Security
Virtual Privacy vs. Real Security Certes Networks at a glance Leader in Multi-Layer Encryption Offices throughout North America, Asia and Europe Growing installed based with customers in 37 countries Developing
More informationa Disaster Recovery Plan
Construction of a Disaster Recovery Plan David Godwin, Sr. Sales Engineer March 18, 2014 Objectives Understand What Disaster Recovery is? Why is Disaster Recovery Needed? Effectively assist customers or
More informationsecurity in the cloud White Paper Series
security in the cloud White Paper Series 2 THE MOVE TO THE CLOUD Cloud computing is being rapidly embraced across all industries. Terms like software as a service (SaaS), infrastructure as a service (IaaS),
More informationCloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES
Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES Meeting the 7 Challenges in Testing and Performance Management Introduction With advent of the cloud paradigm, organizations are transitioning
More informationCloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University
Cloud Computing: Opportunities, Challenges, and Solutions Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University What is cloud computing? What are some of the keywords? How many of you cannot
More informationCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer
More informationThe Cloud in Regulatory Affairs - Validation, Risk Management and Chances -
45 min Webinar: November 14th, 2014 The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - www.cunesoft.com Rainer Schwarz Cunesoft Holger Spalt ivigilance 2014 Cunesoft GmbH PART
More informationPractical Overview on responsibilities of Data Protection Officers. Security measures
Practical Overview on responsibilities of Data Protection Officers Security measures Manuel Villaseca Spanish Data Protection Agency mvl@agpd.es Security measures Agenda: The rol of DPO on security measures
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationHow a Cloud Service Provider Can Offer Adequate Security to its Customers
royal holloway s, How a Cloud Service Provider Can Offer Adequate Security to its Customers What security assurances can cloud service providers give their customers? This article examines whether current
More informationOn Premise Vs Cloud: Selection Approach & Implementation Strategies
On Premise Vs Cloud: Selection Approach & Implementation Strategies Session ID#:10143 Prepared by: Praveen Kumar Practice Manager AST Corporation @Praveenk74 REMINDER Check in on the COLLABORATE mobile
More informationCloud Computing for SCADA
Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry
More informationBusiness Continuity and Disaster Recovery Solutions in Government
> Business Continuity and Disaster Recovery Solutions in Government Protecting Critical Data Flow for Uninterrupted Services WHITE PAPER January 2010 J. Asenjo, CISSP www.thalesgroup.com/iss Information
More informationCloud and the future of Unemployment Sean Rhody, CTO Capgemini Government Solutions
Cloud and the future of Unemployment Sean Rhody, CTO Capgemini Government Solutions Agenda Current State Frustrations Evolving Tax Solutions PaaS, SaaS, IaaS and you Changing the Model Q&A 1 Current State
More informationCloud, where are we? Mark Potts, HP Fellow, CTO Cloud November 2014
Cloud, where are we? Mark Potts, HP Fellow, CTO Cloud November 2014 What do the experts say? 3 4 This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated
More informationThe Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.
The Magical Cloud Lennart Franked Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. 2014-10-20 Lennart Franked (MIUN IKS) The Magical Cloud 2014-10-20 1 / 35
More information