cloud security - made simple
TRANSCRIPT
![Page 1: Cloud Security - Made simple](https://reader037.vdocuments.us/reader037/viewer/2022110204/55d51deebb61ebcb498b462a/html5/thumbnails/1.jpg)
Cloud SecurityCloud SecurityCloud SecurityCloud Security
sameer paradiasameer paradiasameer paradiasameer paradia
![Page 2: Cloud Security - Made simple](https://reader037.vdocuments.us/reader037/viewer/2022110204/55d51deebb61ebcb498b462a/html5/thumbnails/2.jpg)
Goals
1. Brief on Cloud Computing2 Security Threats2. Security Threats 3. Framework 4. Controls4. Controls
http://www.flickr.com/photos/tomhaymes/321292834/
![Page 3: Cloud Security - Made simple](https://reader037.vdocuments.us/reader037/viewer/2022110204/55d51deebb61ebcb498b462a/html5/thumbnails/3.jpg)
Cl dUnderstand Cloud
![Page 4: Cloud Security - Made simple](https://reader037.vdocuments.us/reader037/viewer/2022110204/55d51deebb61ebcb498b462a/html5/thumbnails/4.jpg)
Essential CharacteristicOn‐Demand
Lowered requirement to forecastsLowered requirement to forecastsDemand trends are predicted by the provider
Usage meteredUsage‐metered Pay‐by‐the‐realtime use
Self‐service from pool of resourcesResources managed by consumerResources managed by consumer with a GUI or API
Elastic ScalabilityGrow or shrink resources as requiredGrow or shrink resources as required
Ubiquitous NetworkThe network is essential to use the ser i eservice
![Page 5: Cloud Security - Made simple](https://reader037.vdocuments.us/reader037/viewer/2022110204/55d51deebb61ebcb498b462a/html5/thumbnails/5.jpg)
Beyond basic..
S i S i Modes of Deployment
Services Services TypesTypes
p
Compute
Network Datacentre
Storage
IaaSDeployment Deployment
modelsmodels
Web 2.0 Applications Runtime Development toolsSPublic cloudPublic cloud
modelsmodels
Runtime
Business Middleware Database Java Runtime
PaaS
Public cloudPublic cloud
P i t l dP i t l dHybrid cloudHybrid cloud
Collaboration ERP / CRM
aS
Private cloudPrivate cloudCommunity cloudCommunity cloud
Business Processes
Enterprise ApplicationsSa
a
![Page 6: Cloud Security - Made simple](https://reader037.vdocuments.us/reader037/viewer/2022110204/55d51deebb61ebcb498b462a/html5/thumbnails/6.jpg)
Thr tSecurity Threat
![Page 7: Cloud Security - Made simple](https://reader037.vdocuments.us/reader037/viewer/2022110204/55d51deebb61ebcb498b462a/html5/thumbnails/7.jpg)
Lots of noise on....
Cloud Security?Cloud Security?how do we simplify it...how do we simplify it...
http://www.flickr.com/photos/purpleslog/2870445256/in/photostream/
![Page 8: Cloud Security - Made simple](https://reader037.vdocuments.us/reader037/viewer/2022110204/55d51deebb61ebcb498b462a/html5/thumbnails/8.jpg)
It isIt is
samesame As current InfoSecAs current InfoSecpractice
You ha e to take theYou have to take the same approach as current ISMS
http://www.flickr.com/photos/pheckaboolala/3410638119
![Page 9: Cloud Security - Made simple](https://reader037.vdocuments.us/reader037/viewer/2022110204/55d51deebb61ebcb498b462a/html5/thumbnails/9.jpg)
Cloud SecurityCloud Security
• What is it?– Protection of your information inProtection of your information in
cloud• Why is critical?
– Your information is at central unknown place in cloud
– No visibility of security measures inNo visibility of security measures in Public cloud
• Impact of breach on business?k f li– Lack of Compliance
– Legal issue– Breach of privacyBreach of privacy
http://www.flickr.com/photos/nigeljohnson73/6788941421
![Page 10: Cloud Security - Made simple](https://reader037.vdocuments.us/reader037/viewer/2022110204/55d51deebb61ebcb498b462a/html5/thumbnails/10.jpg)
Threats in XaaS ModelsThreats in XaaS Models• SaaS:
Built in security functionality– Built in security functionality– Least consumer extensibility– Relatively high level of integrated security
• PaaS– Enable developers to build their own applications on top of the platform
M ibl h S S h f d f– More extensible than SaaS, at the expense of customer ready features– Built in capabilities are less complete, but there is more flexibility to layer on additional
security
• IaaS – Few application‐like features, – Enormous extensibility– Less integrated security capabilities and functionality beyond protecting the
infrastructure itself – Assets to be managed and secured by the cloud consumer
![Page 11: Cloud Security - Made simple](https://reader037.vdocuments.us/reader037/viewer/2022110204/55d51deebb61ebcb498b462a/html5/thumbnails/11.jpg)
Fr rkSecurity Framework
![Page 12: Cloud Security - Made simple](https://reader037.vdocuments.us/reader037/viewer/2022110204/55d51deebb61ebcb498b462a/html5/thumbnails/12.jpg)
1. Identify asset to cloudify
2. Assess impact of transferring
3. Map the asset to potentialto c oud y
a) Datab) Applications
o t a s e gassets on cloud on business in case of breach
to potential cloud deployment
case of breach models
Security FrameworkSecurity Framework
4. Evaluate controls in
5. Evaluate the Dataflow , to
each of Iaas/ Paas/ Saaslayer
ata o , tounderstand the flow
ydepending upon asset
![Page 13: Cloud Security - Made simple](https://reader037.vdocuments.us/reader037/viewer/2022110204/55d51deebb61ebcb498b462a/html5/thumbnails/13.jpg)
C tr lCloud Controls
![Page 14: Cloud Security - Made simple](https://reader037.vdocuments.us/reader037/viewer/2022110204/55d51deebb61ebcb498b462a/html5/thumbnails/14.jpg)
3 Dimensions of cloud security3 Dimensions of cloud security
IT Assets i l d
Risk A t
Business C iti lit in cloud AssessmentCriticality
For achieving robust and practical security consider all 3 perspective
![Page 15: Cloud Security - Made simple](https://reader037.vdocuments.us/reader037/viewer/2022110204/55d51deebb61ebcb498b462a/html5/thumbnails/15.jpg)
Types of ControlsTypes of ControlsG O ti lGovernance(Strategic)
Operational(Tactical)
• Risk Management • Legal & Electronic
• BCP/ DR• Data centre
Discovery• Compliance/ Audit
Operations• Incident M t• Information Life
cycle management • Portability and
Management • Application security• Encryption• Portability and
Interoperability• Encryption • Identity & Access ManagementManagement
• Virtualization
![Page 16: Cloud Security - Made simple](https://reader037.vdocuments.us/reader037/viewer/2022110204/55d51deebb61ebcb498b462a/html5/thumbnails/16.jpg)
Implement ControlsImplement Controls
• Possible controls – Layered security – facilities (physical security)
t k i f t t ( t k– network infrastructure(network security)
– IT systems (system security)– information and applications
(application security).• IaaS Cloud provider :• IaaS Cloud provider :
– address security controls such as physical security, environmental
it d i t li ti itsecurity, and virtualization security• SaaS
– Addresses upto Application layer– Addresses upto Application layer
http://www.flickr.com/photos/telstar/2816038167
![Page 17: Cloud Security - Made simple](https://reader037.vdocuments.us/reader037/viewer/2022110204/55d51deebb61ebcb498b462a/html5/thumbnails/17.jpg)
SummarySummary• Consider three perspective‐
Assets, Risk management and Business criticality
• Cloud as an operational model neither provide for nor prevent p pachieving compliance
• Selection of control depends on the service and deployment modelthe service and deployment model
• Control varies depending on the design, deployment, and
f hmanagement of the resources• Most of Security controls in cloud
are, same as normal IT environment
http://www.flickr.com/photos/isadocafe/2095153000/
![Page 18: Cloud Security - Made simple](https://reader037.vdocuments.us/reader037/viewer/2022110204/55d51deebb61ebcb498b462a/html5/thumbnails/18.jpg)
Sameer Paradia – CGEIT, CISM, CISSP([email protected])Practicing IT Security for 12+ years out of 20+ years of IT Services/ Outsourcing work experience.g y y y g p
http://www.flickr.com/photos/forgetmeknottphotography/7003899183/sizes/l/in/photostream/