current state of the art in cloud
TRANSCRIPT
-
8/10/2019 Current State of the Art in Cloud
1/14
-
8/10/2019 Current State of the Art in Cloud
2/14
Agenda
What is cloud computing? What is cloud security?
Security As a Service
Security Challenges
-
8/10/2019 Current State of the Art in Cloud
3/14
What is cloud computing?
The US National Institute of Standards andTechnology (NIST, http://csrc.nist.gov) defines it as
follows:
On-demand self-service
Broad network access Resource pooling
Rapid elasticity or expansion
Measured service
-
8/10/2019 Current State of the Art in Cloud
4/14
What is cloud computing?
-
8/10/2019 Current State of the Art in Cloud
5/14
What is cloud security?
Security ofcloud
computing Provide securityas a service
Cloud
Computing
Security Secured
Cloud
-
8/10/2019 Current State of the Art in Cloud
6/14
What is cloud security?
SaaS
PasS
IaaSAmazons EC2
Rackspace
Nimbus
Google App Engine
Microsoft Azure
Heroku
Salesforce
NetSuite
-
8/10/2019 Current State of the Art in Cloud
7/14
What is cloud security?
SaaSData Security
App Security
Identity Authentication
PasS
Data and Computing Availability
Data Security
Disaster Recovery
-
8/10/2019 Current State of the Art in Cloud
8/14
What is cloud security?
IaaSData center construction
Physical Security
Network Security
Transmission Security
System Security
-
8/10/2019 Current State of the Art in Cloud
9/14
Concerns when Implementing Security As a Service
Physical and personnel security Lack of visibility into security controls
Fragility of the relationship
Data leakage between virtual instances
-
8/10/2019 Current State of the Art in Cloud
10/14
Advantages of Implementing Security As a Service
Competitive Advantages Understanding the risk proposition of a given IT strategy
Able to stem the inclusion of undesirable content
Improved Vendor Client Relationship Transparency
Migration services
-
8/10/2019 Current State of the Art in Cloud
11/14
Diversity of Existing Security as a Service Offerings
Identity Services and Access Management Services Data Loss Prevention (DLP)
Web Security
Email Security
Security Assessments
Intrusion Management, Detection, and Prevention
(IDS/IPS)
Security Information and Event Management (SIEM) Encryption
Business Continuity and Disaster Recovery
Network Security
-
8/10/2019 Current State of the Art in Cloud
12/14
Threats
Threat #1: Abuse and Nefarious Use of CloudComputing
Threat #2: Insecure Interfaces and APIs
Threat #3: Malicious Insiders
Threat #4: Shared Technology Issues
Threat #5: Data Loss or Leakage
Threat #6: Account or Service Hijacking
Threat #7: Unknown Risk Profile
-
8/10/2019 Current State of the Art in Cloud
13/14
Security Challenges in the Cloud
Establishing trust in the remote execution Protecting the execution of one cloud instance from
other instances on the same base system or
infrastructure.
Protecting the execution of a cloud instance fromexternal adversaries.
-
8/10/2019 Current State of the Art in Cloud
14/14
Next steps: Improvements
Customers will need verifiably security-criticalprocessing to the cloud.
Cloud vendors will have to reconsider cloud services
design.
We see a benefit to having the base system performenforcement on its cloud instances behalf.