Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Published byDevan Hiscock Modified over 9 years ago

Similar presentations

Presentation on theme: "Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services."— Presentation transcript:

1 Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services

2 Agenda Introduction to Cloud Computing Models Top Threats Categorical Approach to Cloud Security Technology Areas of Focus Encryption 2

3 Definitions – Cloud Computing Cloud Computing is: A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications & services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of:  5 essential characteristics  3 service models  4 deployment models -National Institute of Standards and Technology http://csrc.nist.gov/groups/SNS/cloud-computing 3

4 Cloud Definitions Cont’d Cloud Characteristics 1.On-demand Self-Service – User provisions their services 2.Ubiquitous Network Access – Standard network or mobile access 3.Resource Pooling – Shared resources and location independence 4.Elasticity – Capabilities scaled or released “rapidly” 5.Measured Service – Metered, monitored and billed as utility 4

5 Cloud Definitions Cont’d Cloud Service Models 1.Software as a Service (SaaS) – User access to the application layer 2. Platform as a Service – User deployment using providers’ tools 3. Infrastructure as a Service (IaaS)– User access to IT infrastructure 5

6 Cloud Definitions Cont’d Cloud Deployment Models 1.Private Cloud – Deployed for a single organization or company 2.Community Cloud – Shared by organizations with similar needs 3.Public Cloud – Cloud services available to all and shared 4.Hybrid Cloud – Two or more clouds with operational relationship 6

7 Business Services Customer Provided Cloud Provided Application Logic Middleware/DB Infrastructure Cloud Layers 7 SaaS PaaS IaaS

8 Top Cloud Security Threats 1.Data Breaches 2.Data Loss 3.Account or Service Traffic Hijacking 4.Insecure Interfaces and API 5.Denial of Service Attacks 6. Malicious Insiders 7. Abuse of Cloud Services 8. Insufficient Due Diligence 9. Shared Technology Vulnerabilities Source: Cloud Security Alliance cloudsecurityalliance.org

9 Approach to Security in the Cloud Governance Assessing the Risk Managing and Measuring Posture and Response Compliance Direct policy and technology requirements to meet regulations Architecture The technical components and their inherent strength and weaknesses Resiliency The ability to withstand and/or recover from an incident Process Established, regular, IT practices that ensure policy adherence Access Identity and authentication 9

10 Security in the Cloud CategoryFocus AreasTasksApplicability Governance Regulations Data Location eDiscovery Evaluation Risk Assessment / Analysis Audit Controls Audits PCI 5, 6, 11 HIPAA (C) 164.308, 312, 314 Compliance Data Location eDiscovery Device & Media Control Policy Development Policy Enforcement eMail Archiving PCI DSS, PA-DSS HIPAA 160.203, 164.308, SEC Rule 17a-3,4 Architecture Attack Surface Isolation/Separation Network Security Systems and Application Configuration Policy PCI 1,2 PA-DSS HIPAA 164.312 Resiliency Availability Data Protection Disaster Recovery Contingency Planning Encryption Media Management PCI 3,4 FISMA HIPAA 164.308, 310 Process Incident / Change Mgmt Security Mgmt / Monitoring Response Reporting Proactive Monitoring PCI 10,11 HIPAA 164.316 Access Identity / Authentication Access Controls Unique User ID Access Policies Remote Access Policy PCI 7, 8, 9 HIPAA 164.308 10

11 Technical Focus Architecture Provisioning Process and Capability Software / Network Isolation Multi-tenancy vs Dedicated Hypervisor structure Network structure Security Infrastructure Resiliency/Availability Business Continuity and Disaster Recovery Data Integrity Identity and Access Management Authentication tie-ins to customer, stand alone Data Protection Backups and Recovery Data Location and Encryption Physical Security 11

12 A Few Words On Encryption Encryption Built into Cloud Service vs Encrypting at the Source SaaS and PaaS: SSL based transfer prior to encryption in the cloud Read and Understand the Privacy Policy Cloud Storage Encrypt locally, then store in the cloud (e.g. DropBox) o Viivo, Sookasa, BoxCryptor, CloudFogger Use an integrated hybrid cloud storage solution o Wualu, SpiderOak, Tresorit Use Appliance Based Backups & BC o Walker/Datto 12

13 Encryption (cont’d) Cloud Storage features to Look for: Granularity: File vs Container vs Volume Key Management Administrative Features to meet your needs (e.g. compliance) Does it work with the service(s) you use? Dropbox, Box.com, Google Drive, Microsoft SkyDrive, Amazon S3 13

14 Sources Cloud Security Alliance http://cloudsecurityalliance.org NIST Cloud Computing Definition http://csrc.nist.gov/groups/SNS/cloud-computing CSA Top Nine Cloud Computing Threats White Paper https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats _in_2013.pdf HIPAA Guidelines Simplified from HHS http://www.hhs.gov/ocr/privacy/hipaa/administrative/combined/hipaa-simplification-201303.pdf NIST Cloud Security for Federal Agencies White Paper http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909494 14

15 15 860.678.3530 | TheWalkerGroup.com | info@thewalkergroup.com Thank You.

Download ppt "Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services."

Similar presentations

Hi – 5 Marcus Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi Security of Cloud Computing.

Hi – 5 Marcus Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi Security of Cloud Computing.
Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.

Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.

Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.
C LOUD C OMPUTING Presented by Ye Chen. What is cloud computing? Cloud computing is a model for enabling ubiquitous, convenient, on- demand network access.

C LOUD C OMPUTING Presented by Ye Chen. What is cloud computing? Cloud computing is a model for enabling ubiquitous, convenient, on- demand network access.
Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.

Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.
Security Controls – What Works

Security Controls – What Works
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.

Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
Cloud Usability Framework

Cloud Usability Framework
Wally Kowal, President and Founder Canadian Cloud Computing Inc.

Wally Kowal, President and Founder Canadian Cloud Computing Inc.
SaaS, PaaS & TaaS By: Raza Usmani

SaaS, PaaS & TaaS By: Raza Usmani
Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.

Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.
M.A.Doman 2011. Model for enabling the delivery of computing as a SERVICE.

M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Cloud Basics.  Define what the Cloud is  Describe the essential characteristics are of the Cloud  Describe the service models of the Cloud  Describe.

Cloud Basics.  Define what the Cloud is  Describe the essential characteristics are of the Cloud  Describe the service models of the Cloud  Describe.
SPRING 2011 CLOUD COMPUTING Cloud Computing San José State University Computer Architecture (CS 147) Professor Sin-Min Lee Presentation by Vladimir Serdyukov.

SPRING 2011 CLOUD COMPUTING Cloud Computing San José State University Computer Architecture (CS 147) Professor Sin-Min Lee Presentation by Vladimir Serdyukov.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Cloud computing Tahani aljehani.

Cloud computing Tahani aljehani.
EA and IT Infrastructure - 1© Minder Chen, 1995-2014 Enterprise Architecture, IT Infrastructure, and Cloud Computing Minder Chen, Ph.D. CSU Channel Islands.

EA and IT Infrastructure - 1© Minder Chen, Enterprise Architecture, IT Infrastructure, and Cloud Computing Minder Chen, Ph.D. CSU Channel Islands.
EA and IT Infrastructure - 1© Minder Chen, 1995-2011 Stages in IT Infrastructure Evolution Mainframe/Mini Computers Personal Computer Client/Sever Computing.

EA and IT Infrastructure - 1© Minder Chen, Stages in IT Infrastructure Evolution Mainframe/Mini Computers Personal Computer Client/Sever Computing.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Discussion on LI for Mobile Clouds

Discussion on LI for Mobile Clouds

Similar presentations

Ads by Google