How To Secure Cloud Computing



Similar documents
Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Assessing Risks in the Cloud

Security Issues in Cloud Computing

EXIN Cloud Computing Foundation

AskAvanade: Answering the Burning Questions around Cloud Computing

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

How To Protect Your Cloud Computing Resources From Attack

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Security Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken )

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Cloud Security Introduction and Overview

Trust but Verify. Vincent Campitelli. VP IT Risk Management

Cloud Security. DLT Solutions LLC June #DLTCloud

CLOUD COMPUTING SECURITY CONCERNS

Security Issues in Cloud Computing

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

Cloud Infrastructure Security

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

How To Choose A Cloud Computing Solution

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Securing the Physical, Virtual, Cloud Continuum

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

Cloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014

Cloud Security:Threats & Mitgations

Ragy Magdy Regional Channel Manager MEA IBM Security Systems

Making Leaders Successful Every Day

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

Fundamental Concepts and Models

Securing Oracle E-Business Suite in the Cloud

Cloud Data Security. Sol Cates

Addressing Data Security Challenges in the Cloud

Cloud Computing Security Considerations

Cloud Security Specialist Certification Self-Study Kit Bundle

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs

How To Manage Cloud Data Safely

7 Myths of Healthcare Cloud Security Debunked

Cloud Computing Governance & Security. Security Risks in the Cloud

Seeing Though the Clouds

Cloud Standardization, Compliance and Certification. Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak

Production in the Cloud

How To Understand Cloud Computing

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

Open Certification Framework. Vision Statement

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Cloud Security Strategies. Fabio Gianotti, Head of Cyber Security and Enterprise Security Systems

Security and Privacy in Cloud Computing

VMware vcloud Powered Services

Cloud computing: benefits, risks and recommendations for information security

Cloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University

Managing Cloud Computing Risk

Cloud Services Overview

Hedge Funds & the Cloud: The Pros, Cons and Considerations

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

How to procure a secure cloud service

White Paper How Noah Mobile uses Microsoft Azure Core Services

SaaS Security Testing: Guidelines and Evaluation Framework

Why are Companies in the EU Adopting More and More Cloud-Based Security Solutions? François GRATIOLET, Qualys Inc., CSO EMEA

Clinical Trials in the Cloud: A New Paradigm?

Cloud Security Who do you trust?

Top five lessons learned from enterprise hybrid cloud projects

A.Prof. Dr. Markus Hagenbuchner CSCI319 A Brief Introduction to Cloud Computing. CSCI319 Page: 1

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

How To Decide If You Should Buy Cloud Computing For Government

Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald

Cloud Computing. Key Considerations for Adoption. Abstract. Ramkumar Dargha

Cloud Courses Description

How To Protect Your Cloud From Attack

On Premise Vs Cloud: Selection Approach & Implementation Strategies

OVERVIEW Cloud Deployment Services

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

LEGAL ISSUES IN CLOUD COMPUTING

Cloud Computing An Auditor s Perspective

Security & privacy in the cloud; an easy road?

Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli

Cloud models and compliance requirements which is right for you?

Cloud Computing in the Enterprise An Overview. For INF 5890 IT & Management Ben Eaton 24/04/2013

Enterprise Architecture Review Checklist

CLOUD COMPUTING READINESS CHECKLIST

Securing SaaS Applications: A Cloud Security Perspective for Application Providers

Data Protection Act Guidance on the use of cloud computing

Proactively Secure Your Cloud Computing Platform

Cloud Computing: Risks and Auditing

Cloud Computing. What is Cloud Computing?

Transcription:

A hole in the cloud: Is cloud secure? N. Vijaykumar Infosys Technologies Limited, Bangalore presented at

Security in cloud is a key challenge! 70% 60% 50% 40% 30% 20% 10% 0% Data integrity tampering Hacker / Data breach Interruption of availability Loss of data due to system failure Business Continuity / DR Source: CSO Forum, 2010 Some highlights include SMBs' concerns regarding security and privacy with cloud environments, topping the list, at 51%, as a reason for not being interested in pay-per-use hosting of virtual servers, also known as cloud computing Source: Forrester Research, The State Of Emerging SMB Hardware: 2009 To 2010 Business Data Services North America And Europe All these only goes to suggest that Cloud security is being viewed as a critical parameter for cloud adoption! 2

Security is a common thread, whatever flavor of cloud be For accessing SaaS enabled applications over public internet Public Cloud (SaaS model) Private Cloud IaaS PaaS For private cloud access For supporting capacity burst from Private to public clouds Public Cloud (for usage burst) 3

How different is security in cloud, from an on-premise datacenter? 1 3 rd party service provider 2 Multi-tenancy 3 Geographical Distribution 4 Compliance & Standards 4

Breaking down security concerns in cloud Manageability Provisioning of users Identity & access management Policy based management Data Security Data privacy Data protection & leakage prevention Data availability Compliance Compliance to standards (HIPPA, GLBA ) Monitor & enforce compliance GRC requirements Contractual SLA management Business services management Audit & reporting Above all, TRUST 5

In cloud, these become very critical Host Security Network Security Data Security & Protection Compliance & Audits 6

Host Security: server hardware is still at risk Virtualization is the key building block of any cloud environment Virtual instances are vulnerable There have been such instances in most of the Hypervisors Underlying hardware is susceptible to attacks using Hypervisor Virtualization software is not a kind of security layer, hence secure it.. Check how cloud service provider has implemented host security before signing up (IaaS) 7

Network Security: The attack area gets only bigger in cloud Cloud being implemented and accessed over internet, provides a much bigger network security risk as compared to on-premise Enterprise and cloud are disconnected A conventional perimeter security model would not suffice for cloud Identity and access management is a concern area in cloud. Enterprises might not have control of end users logging on to cloud 8

Concern-in-chief: Data security How secure is the data? How secure is the application? Data life cycle management: in rest, transition etc. Data (of multiple customers ) are co-located!!! How does a public cloud provider, provides segmentation and ensure data security, integrity? Levels of encryption and data protection offered by public clouds Assumes criticality in a Paas and Iaas models 9

Compliance and audits: Only Trust can help Adherence to security standards (SAS, HIPPA) by the provider Where is my data? requirement for data to be within the country s geographical boundaries Is the cloud auditable? Ensure that contract includes everything qualitative Trust, but verify!!! 10

Cloud Information Assurance Framework by ENISA Aims at increasing transparency by defining a a minimum baseline for: Comparing cloud offers Assessing the risk to go Cloud Legal and compliance requirements Asset Management Personnel security 5 4.5 4 3.5 3 2.5 2 1.5 1 0.5 0 Score Provider 1 Score Provider 2 Supply chain security Operational Security Reducing audit burden and security risks Physical and Environmental Controls Business Continuity Management Data and Service Portability Identity and Access Management Applicable to both public and private clouds Example Provider Comparison Chart Source: www.enisa.europe.eu 11

Key questions that you should ask your cloud provider Do I have a control over where my information will be stored? Where is my data stored? Is your cloud operations open for physical and 3 rd party inspections Will you share the audit results of the ISMS audits in your infrastructure? What are your policies concerning my sensitive information? What are the anti-theft and anti-hacking mechanisms that you have implemented? And the list goes long 12

The last word Cloud means different things to different people "Cloud Computing Security is no different than "Regular Security, in some ways Security is perhaps one of the weakest link in the cloud lifecycle. Identify the weakest security mechanism and increase the lines of defenses Such issues can be tackled with a combination of technology and management So the only weapon we have is mutual TRUST, backed by complex set of contractual & legal documentation 13

THANK YOU Vijaykumar_n@infosys.com +91 97422 75313 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information