1 / 29

Agenda

Seminar on Cloud Computing: Buzzword or Savior ??? Cloud Computing Challenges & Security Issues. Agenda. Cloud Computing Challenges Cloud Security Issues Cloud Security Incidents Statistical analysis of Cloud Sec breaches Cloud Security Controls. Cloud Computing Challenges.

moesha
Télécharger la présentation

Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Seminar on Cloud Computing: Buzzword or Savior???Cloud Computing Challenges & Security Issues

  2. Agenda Cloud Computing Challenges Cloud Security Issues Cloud Security Incidents Statistical analysis of Cloud Sec breaches Cloud Security Controls

  3. Cloud Computing Challenges • Despite many opportunities there has been backlash against Cloud computing: • Dependence on others and that could possibly limit flexibility and innovation: • Monopoly of Bigger Internet companies (google & IBM). • Return to the time of mainframe computing ?? • Security could prove to be a big issue: • Safety of out-sourced data • Uncertainty in the ownership of data.

  4. Cloud Computing Challenges… • There are also issues relating to policy and access: • If your data is stored abroad whose policy do you adhere to? • What happens if the remote server goes down? • How will you then access files? • There have been cases of users being locked out of accounts and losing access to data.

  5. Cloud Computing Challenges Security Privacy Interoperability Portability Service Delivery & Billing Abuse of Cloud Services Performance Usage Control CLOUD Reliability Bandwidth Cost Availability Lack of knowledge & Expertise Shared Technology Issues Insufficient due diligence

  6. Categorization of Cloud Challenges

  7. Notorious-9 - Cloud Challenges

  8. Notorious-9 - Cloud Challenges..

  9. SECURITY of Cloud

  10. Toshiba -- July 12, 2011 Toshiba Database hacked and User accounts leaked by V0iD

  11. Amazon – July 29, 2011 Amazon Cloud hosts nasty Banking Trojan

  12. Microsoft – September 21, 2011 Microsoft Cloud evaporated by 1 busted file Service failed for hours

  13. APPLE – December 22 ,2011 New Phishing attacks target iCloud, MobileMe users

  14. Cloud Security Challenges Data Locality Privacy Trust Identity Management Virtualization Network Security Data Confidentiality Access Control Data Integrity Data Security Audit & Compliance

  15. Frequency of Cloud Vulnerability Incidents

  16. CSP breakdown for unknown vulnerability

  17. Incidents with un-reported causes Cloud breakdown due to unreported causes Number of Incidents

  18. Breakdown of Cloud Provider Incidents

  19. Comparison among major Cloud Vendors

  20. Incidents at Amazon over the years

  21. Cloud Sec Breach Incidents- Amazon

  22. CSA Top Cloud Security threats

  23. Cloud Security Threats • Abuse and Nefarious Use of Cloud Computing • Anyone with a valid credit card can register and abuse the relative anonymity to conduct their malicious activities with relative impunity. • Insecure Interfaces and APIs • The security and availability of general cloud services is dependent upon the security of SW interfaces and APIs. • Malicious Insiders • This threat is amplified for consumers of cloud services that are under a single management domain, combined with a lack of transparency. • Cloud related Malware • Attackers can use cloud-specific malware, such as bugs and Trojans, to either infiltrate or corrupt the network.

  24. Cloud Security Threats-Cont.. • Account or Service Hijacking • Attack methods such as phishing, fraud, and exploitation of software vulnerabilities still achieve results. • Data Loss or Leakage • Due to the increase in number of interactions between risks and challenges which are unique to cloud because of the architectural or operational characteristics of the cloud environment. • Hardware Failure • Hardware, from switches to servers in data centers, may fail making cloud data inaccessible.

  25. Cloud Security Threats – Cont.. • Inadequate Infrastructure Design and Planning • Providers cannot cater to sudden spikes in demand, • Insufficient provisioning of computing resources • Poor network design • Closure of Cloud service • Disputes with the cloud provider or non-profitability of the cloud service leading to data loss unless end-users are legally protected. • Natural Disaster • Based on the geographical location and the climate, data centers may be exposed to natural disasters which can affect the cloud services

  26. Cloud Security Controls • Data Governance • Labeling & Handling • Retention Policy • Security Policy • Risk Assessment • Secure Disposal • Information Leakage • Compliance • Third Party Audits

  27. Cloud Security Controls • Information Security • Baseline Requirements • User Access Policy • User Access Reviews • Segregation of Duties • Encryption & Encryption key management • Vulnerability / Patch Management • Policy Enforcement • User Access Restriction / Authorization • User Access Revocation • Incident Management

  28. Cloud Security Controls • Security Architecture • User ID Credentials • Network Security • Data Security / Integrity • Audit Logging / Intrusion Detection • Application security • Remote user multi-factor authentication • Data Governance • Ownership / Stewardship • Handling / Labeling / Security Policy • Information Leakage

  29. Thank You

More Related