Hot Topics:Mobility in the Cloud

Slides:



Advertisements
Similar presentations
Considerations in an Outsourced / Cloud World ARMA Information Management Symposium Bill Wilson, Chief Privacy Technologist.
Advertisements

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Dr. Bhavani Thuraisingham June 2013
AMOS KUJENGA ADLSN Training Coordinator Addis Ababa, Ethiopia 5 – 7 November 2014 Cloud Computing.
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.
Cloud Computing Will Crowley Monica Lopez Jaimie Morrison.
Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security,
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
Cloud Computing Risk Assessments Donald Gallien March 31, 2011.
Introduction to Cloud Computing
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.
Adam Ely CISO, Heroku at salesforce.com Founder & COO, Bluebox Managing Security in The Cloud.
Lecture 6: Cloud Computing By D. Najla Al-Nabhan 1.
Cloud Computing. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable.
In the name of God :).
Cloud Computing. Cloud Computing defined Dynamically scalable, device-independent and task-centric computing resources are provided online, with all charges.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
CLOUD COMPUTING SECURITY – PENTESTING THE CLOUD Diogenes S. De Jesus CEH, Security+
Cloud Computing John Engates CTO, Rackspace Presented: Rackspace Customer Conference, 2008 October 29, 2008.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Cloud Project. SaaS: Software-as-a-Service Also known as an on-demand software, SaaS is an application that can be accessed from anywhere on the world.
Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Scott Charney Cybercrime and Risk Management PwC.
Software Development Risk Assessment for Clouds National Technical University of Ukraine “Kiev Polytechnic Institute” Heat and energy design faculty Department.
Speaker: Meng-Ting Tsai Date:2010/11/25 The Information Assurance Practices of Cloud Computing Vendors IEEE Communications Society.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
CLOUD COMPUTING RICH SANGPROM. What is cloud computing? “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a.
Implications of Privacy Risks in IT and Operations Virginie Hupé Strategist, Trustworthy Computing Microsoft Corporation.
3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.
Cloud Computing Talal Alsubaie DBA Saudi FDA. You Have a System (Website)
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Company Overview & Strategy Lance McAndrew Product Line Sales Engineer.
By: Joshua Wiegand. Overview ● What is the cloud computing? ● History of Mobile Computing ● Service Models ● Deployment Models ● Architecture ● Security.
Technical and organisational measures for protecting data and ensuring data security Simon Rice Group Manager (Technology) 29 May 2014.
© 2012 Eucalyptus Systems, Inc. Cloud Computing Introduction Eucalyptus Education Services 2.
Agenda  What is Cloud Computing?  Milestone of Cloud Computing  Common Attributes of Cloud Computing  Cloud Service Layers  Cloud Implementation.
Clouding with Microsoft Azure
Lecture 6: Cloud Computing
Use Cloud Computing to Achieve Small Enterprise Savings
EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY
11. Looking Ahead.
Chapter 6: Securing the Cloud
Understanding The Cloud
Managing the Cloud.
Platform as a Service (PaaS)
Cloud Security– an overview Keke Chen
VIRTUALIZATION & CLOUD COMPUTING
Microsoft 365 Get help with regulatory compliance
Paul Woods Chair, MITIGATION: Ensuring we procure cloud services taking into account of the risks involved Paul Woods Chair, ISNorthEast.
Cloud Computing Kelley Raines.
NYBA 2017 Technology, Compliance &
AWS. Introduction AWS launched in 2006 from the internal infrastructure that Amazon.com built to handle its online retail operations. AWS was one of the.
Cloud Computing Team Members: Aleksandra Knezevic Willie Robbins
Secure & Unified Identity
Content Management lifecycle
Assessing the Security of the Cloud
Company Overview & Strategy
Cloud Computing.
Cloud Computing and its Implementation
Cloud computing Technology: innovation. Points  Cloud Computing and Social Network Sites have become major trends not only in business but also in various.
Cloud computing Technology: innovation. Points  Cloud Computing and Social Network Sites have become major trends not only in business but also in various.
CONTENTS BACKGROUND CLOUD MODELS SECURITY CONSIDERATIONS MANAGING RISK.
Emerging technologies-
Session I Cloud Introduction Session I
Privacy and Data Mining
Salesforce.com Salesforce.com is the world leader in on-demand customer relationship management (CRM) services Manages sales, marketing, customer service,
Microsoft Data Insights Summit
Cloud Computing for Wireless Networks
Presentation transcript:

Hot Topics:Mobility in the Cloud Adam Goldstein - IT Security Engineer, Dartmouth College EduCause Security Professionals Conference– April 13, 2010

Data on the Move… Institutional data is increasingly leaving the institution Mobile devices mean mobile data Drivers: Productivity Telecommuting Users like them! Services in the Cloud Cost Ease of use Allows institutions to focus on their core business

Data Protection Protecting data is as important as ever-why? Cybercrime and fraud a growing trend and significant problem Data protection laws Compliance trends Significant cost of breaches

The dilemma… How do we protect data when the data is on the move?

Cloud Computing- Definitions Software as a Service (SaaS) Google Apps, Salesforce.com, MS BPOS Platform as a Service (PaaS) Google App Engine, MS Azure, Force.com Infrasctucture as a Service (IaaS) Amazon EC2 Rackspace Cloud GoGrid

The Appeal of the Cloud Low cost Ease of use Scalability Minimizes infrastructure requirements Allows schools to focus on being a school

Concerns with the Cloud Some of the commonly cited concerns include: Bandwidth limitations Service availability Security!!! Legal issues!!!

Cloud-Security Concerns Technical concern examples: Authentication issues (both users and admins) Consolidating targets for the bad guys Procedural concern examples: Auditing? Are vendors implementing appropriate controls?

Cloud Security Concerns- Authentication Example Most vendors use a web-based admin console to control server instances Console accounts use username/password Doesn’t matter how secure the service is if attacker can get console credentials Phishing/spearfishing Sharing credentials Guessing Sniffing

Cloud Security Concerns: Target Example As more institutions move to popular Cloud services – will attacks change? CSRF (cross-site request forgery) example Can bad guys exploit that many users will be logged in to the same application ? Facebook CSRF Or more relevant- Banner CSRF (http://www.browndailyherald.com/campus-news/hickey-08- squashes-banner-bug-1.1673319)

Cloud Security Concerns: Vendor processes Limited auditing: Many vendor AUPs prohibit performing security tests against cloud services Minimal understanding of back-end security What can cloud companies access? What controls do they have in place? (HR, assessments, physical)

Risks to customers – Data retention/e-discovery Few published policies on how Cloud providers handle e-discovery requests What about internal investigations? What remains when data is deleted? Do Cloud providers perform their own backups? What is their retention policy? Do providers collect and retain access logs?

Cloud Legal concerns: Privacy Hosted e-mail… “We will not monitor your use of the online service, …track, view, … your subscriber data that are processed … by the online service except to…improve xxx products or online services” –not from who you think!

Cloud Legal concerns: Compliance and regulation trends All trends indicate that institution’s will be increasingly responsible for protecting data? Who will be responsible for protection? Breach? Even if it is not the institution’s fault, whose name is in the paper?

Cloud Legal concerns: Contracted services What happens to your data when contracts end? What happens if a vendor goes under! Putting data in the cloud is easy- how about getting it back?

Cloud Legal concerns: Contracted services We may suspend the online service: if we believe that your use of the online service represents a threat… We may cancel the online service: if we believe that your use of the online service violates the scope of use terms; “After we suspend or cancel the online service, you may not be able to access your data through the online service.”

Securing data on the move? Addressing the dilemma Institutional data security policies Required controls for vendors Technical solutions Understanding the true “cost” of cloud services And perhaps most important: What is your institutional stance on balancing security and mobility?

Additional Info: Contract Addendum for Vendors Data Protection Encryption (in-transit and at-rest) Network Security Secure Disposal Software Development Access Control Vulnerability Management Incident Response

Peter Kiewit Computing Services Thanks! Adam Goldstein IT Security Engineer Peter Kiewit Computing Services Adam.goldstein@dartmouth.edu

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.