George Yauneridge
Overview Basic Security Selecting a Provider Cloud Computing Security Threats Cloud Computing Security Practices Conclusion
Basic Security Common sense policies should be applied, including: Strong passwords Firewalls Antivirus Apply patches etc
Selecting a Provider There are many factors to consider, the primary ones are: Price Services Security Regulations ○ Government ○ Industry
Cloud Computing Risks Clouds are big targets Risk of data being intercepted DoS Horizontal privilege escalation Provider stability
Big Targets Risks Attacks may be more frequent Possible to become collateral damage of hacktivists Prevention Store data locally Encrypt stored data
Risk of Interception Risks Information traveling over the internet might be intercepted Data could be altered Prevention Encrypt transmitted data
Privileges Risks Users from other accounts may be able to gain access to your data Prevention Use virtual servers Use virtual firewalls
Provider Stability Risks Bankrupt Relocation Acquired Prevention Research the provider
FedRAMP Government program to assess cloud providers Set to be released soon Developed by the government in conjunction with other organizations Uses third party auditing
The Contract Items to include Price Service Compliance with industry or government regulations Security policies Non-disclosure
Questions
Resources Brodkin, Jon. “Gartner: Seven cloud-computing security risks”. Infoworld. 16 February Jansen, Wayne; Grance, Timothy. “Guidelines on Security and Privacy in Public Cloud Computing”. National Institute of Standards and Technology. 16 February Perilli, Alessandro; et al. “Cloud Computing”. European Network and Information Security Agency. 16 February Brunette, Glenn; et al. “Security Guidance for Critical Areas of Focus in Cloud Computing Security V2.1”. Cloud Security Alliance. 20 February Vijayan, Jaikumar. “Feds Launch Cloud Security Standards Program”. Computer World. 20 February 2012.