Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in the Clouds 1 Professor Sadie Creese London Hopper 2010 May 2010.

Published byRosaline Sparks Modified over 8 years ago

Similar presentations

Presentation on theme: "Security in the Clouds 1 Professor Sadie Creese London Hopper 2010 May 2010."— Presentation transcript:

1 Security in the Clouds 1 Professor Sadie Creese London Hopper 2010 May 2010

2 What is cloud computing? 2

3 Service Model 3 Gmail, Google Docs Google App Engine Amazon EC2 Amazon S3/SimpleDB VMWare/XEN

4 Cloud Market Drivers Enterprise Drivers Compression of deployment cycles Instant upgrade and try-it-out Elasticity Cost alignment Reduction of IT team costs Accessibility and sharing Dependability Waste reduction and carbon footprint Consumer drivers Up to speed with latest apps Pay-as-you-use Accessibility and sharing Dependability 4

5 Cloud Ecosystems 5 VM Broker VM User

6 Why are we concerned? 6

7 Significant investment 7 $$$ Hosted apps market currently at $6.4b, $14.8b in 2012 (Gartner Dec 08) Services market currently at $56b, $150b in 2013 (Gartner March 09) Services market currently worth $16.2b, $42b in 2012 (IDC Dec 08) Services market to be worth $160b in 2011 (Merril Lynch May 08)

8 Large Cloud Application Service Provider Space 8 Extract from slides : “Prophet a Path out of the cloud”, Best Practical, Presented at O’Reilly Open Source Conf, 2008

9 People Are Worried Key barriers to uptake, as recognised in the community: Data security concerns Privacy compromise/ practice Service dependability and QoS Loss of control over IT and data Management difficulties around performance, support and maintenance Service integration Lock-in Usability Lack of market maturity 9

10 What’s different about the Cloud? 10

11 Scale and Business Models 11 Length and depth of relationships Mobility of data Volumes of data Nature of data (more sensitive) Lack of perimeter Global nature Location of control

12 Futures – Scenarios 12 High Cost/Low Payback for an attacker. Most successful threat agents, likely to be insider’s within the silo High Cost/High Payback for an attacker. Most successful threat agent, likely to be insider managing resource distribution or a malicious service provider. Low Cost/Low Payback for an attacker. Threat agents will include external attackers utilising mixture of technology and social engineering. Low Cost/High Payback for an attacker. External attackers using the distributed scale to attack multiple systems and users simultaneously. E.G Bot and application framework based attacks.

13 Thinking Like an Attacker 13

14 (A few) potential future attack scenarios 14 Denial of service resource consumption, traffic redirection, inter-cloud and user to cloud Trojan Clouds Imitate providers, infiltrate supply chains, sympathetic cloud Inference Attacks Due to privileged (~admin) roles, cohabiting risks (via hypervisor) Application Framework attacks Repeatable, pervasive Sticky Clouds Lack of responsiveness, complex portability Onion storage Moving global location, fragmenting, encrypting Covert channels within the cloud network across services

15 And? 15

16 16 (A few) Implications for Security Regulatory/Legislation Nothing is transparent about data handling in cloud, privacy protection Investigations Technical forensics and legal, across borders Monitoring/Auditing Mechanisms Encryption At some point decryption happens for anything other than storage... Recent IBM breakthrough indicates potential for processing encrypted data but not practical yet.. Contracting/Due Diligence Service Level Agreements

17 17 Our current research directions... Digital Forensics Vulnerability Models / Threat Models and Cascade Effects Service Level Agreements Enterprise Capability Maturity Model Designing in Privacy -> via patterns and architectures Insider Threat Detection

18 Thank-you Questions? 18

Download ppt "Security in the Clouds 1 Professor Sadie Creese London Hopper 2010 May 2010."

Similar presentations

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.

INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Future Work Needed Kenneth Wade Najim Yaqubie. Outline 1.Model is simple 2.Too many assumptions 3.Conflicting internal architectures 4.Security Challenges.

Future Work Needed Kenneth Wade Najim Yaqubie. Outline 1.Model is simple 2.Too many assumptions 3.Conflicting internal architectures 4.Security Challenges.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Addition to Networking.  There is no unique and standard definition out there  Cloud Computing is a general term used to describe a new class of network.

Addition to Networking.  There is no unique and standard definition out there  Cloud Computing is a general term used to describe a new class of network.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Banking Clouds V International Youth Banking Forum.

Banking Clouds V International Youth Banking Forum.
©2012 Check Point Software Technologies Ltd. Cloud Security Tamir Zegman Architect.

©2012 Check Point Software Technologies Ltd. Cloud Security Tamir Zegman Architect.
Security Framework For Cloud Computing -Sharath Reddy Gajjala.

Security Framework For Cloud Computing -Sharath Reddy Gajjala.
Road to the Cloud The Economics of Cloud Computing.

Road to the Cloud The Economics of Cloud Computing.
Cloud Computing Cloud Security– an overview Keke Chen.

Cloud Computing Cloud Security– an overview Keke Chen.
Introduction to Cloud Computing

Introduction to Cloud Computing
Sanbolic Enabling the Always-On Enterprise Company Overview.

Sanbolic Enabling the Always-On Enterprise Company Overview.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
Software to Data model Lenos Vacanas, Stelios Sotiriadis, Euripides Petrakis Technical University of Crete (TUC), Greece www.intelligence.tuc.gr Workshop.

Software to Data model Lenos Vacanas, Stelios Sotiriadis, Euripides Petrakis Technical University of Crete (TUC), Greece Workshop.
Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security.

Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security.

Similar presentations

Ads by Google