Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hot Topics:Mobility in the Cloud

Published byFerdinand Hutchinson Modified over 6 years ago

Similar presentations

Presentation on theme: "Hot Topics:Mobility in the Cloud"— Presentation transcript:

1 Hot Topics:Mobility in the Cloud
Adam Goldstein - IT Security Engineer, Dartmouth College EduCause Security Professionals Conference– April 13, 2010

2 Data on the Move… Institutional data is increasingly leaving the institution Mobile devices mean mobile data Drivers: Productivity Telecommuting Users like them! Services in the Cloud Cost Ease of use Allows institutions to focus on their core business

3 Data Protection Protecting data is as important as ever-why?
Cybercrime and fraud a growing trend and significant problem Data protection laws Compliance trends Significant cost of breaches

4 The dilemma… How do we protect data when the data is on the move?

5 Cloud Computing- Definitions
Software as a Service (SaaS) Google Apps, Salesforce.com, MS BPOS Platform as a Service (PaaS) Google App Engine, MS Azure, Force.com Infrasctucture as a Service (IaaS) Amazon EC2 Rackspace Cloud GoGrid

6 The Appeal of the Cloud Low cost Ease of use Scalability
Minimizes infrastructure requirements Allows schools to focus on being a school

7 Concerns with the Cloud
Some of the commonly cited concerns include: Bandwidth limitations Service availability Security!!! Legal issues!!!

8 Cloud-Security Concerns
Technical concern examples: Authentication issues (both users and admins) Consolidating targets for the bad guys Procedural concern examples: Auditing? Are vendors implementing appropriate controls?

9 Cloud Security Concerns- Authentication Example
Most vendors use a web-based admin console to control server instances Console accounts use username/password Doesn’t matter how secure the service is if attacker can get console credentials Phishing/spearfishing Sharing credentials Guessing Sniffing

10 Cloud Security Concerns: Target Example
As more institutions move to popular Cloud services – will attacks change? CSRF (cross-site request forgery) example Can bad guys exploit that many users will be logged in to the same application ? Facebook CSRF Or more relevant- Banner CSRF ( squashes-banner-bug )

11 Cloud Security Concerns: Vendor processes
Limited auditing: Many vendor AUPs prohibit performing security tests against cloud services Minimal understanding of back-end security What can cloud companies access? What controls do they have in place? (HR, assessments, physical)

12 Risks to customers – Data retention/e-discovery
Few published policies on how Cloud providers handle e-discovery requests What about internal investigations? What remains when data is deleted? Do Cloud providers perform their own backups? What is their retention policy? Do providers collect and retain access logs?

13 Cloud Legal concerns: Privacy
Hosted … “We will not monitor your use of the online service, …track, view, … your subscriber data that are processed … by the online service except to…improve xxx products or online services” –not from who you think!

14 Cloud Legal concerns: Compliance and regulation trends
All trends indicate that institution’s will be increasingly responsible for protecting data? Who will be responsible for protection? Breach? Even if it is not the institution’s fault, whose name is in the paper?

15 Cloud Legal concerns: Contracted services
What happens to your data when contracts end? What happens if a vendor goes under! Putting data in the cloud is easy- how about getting it back?

16 Cloud Legal concerns: Contracted services
We may suspend the online service: if we believe that your use of the online service represents a threat… We may cancel the online service: if we believe that your use of the online service violates the scope of use terms; “After we suspend or cancel the online service, you may not be able to access your data through the online service.”

17 Securing data on the move? Addressing the dilemma
Institutional data security policies Required controls for vendors Technical solutions Understanding the true “cost” of cloud services And perhaps most important: What is your institutional stance on balancing security and mobility?

18 Additional Info: Contract Addendum for Vendors
Data Protection Encryption (in-transit and at-rest) Network Security Secure Disposal Software Development Access Control Vulnerability Management Incident Response

19 Peter Kiewit Computing Services
Thanks! Adam Goldstein IT Security Engineer Peter Kiewit Computing Services

Download ppt "Hot Topics:Mobility in the Cloud"

Similar presentations

Considerations in an Outsourced / Cloud World ARMA Information Management Symposium Bill Wilson, Chief Privacy Technologist.

Considerations in an Outsourced / Cloud World ARMA Information Management Symposium Bill Wilson, Chief Privacy Technologist.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Dr. Bhavani Thuraisingham June 2013

Dr. Bhavani Thuraisingham June 2013
AMOS KUJENGA ADLSN Training Coordinator Addis Ababa, Ethiopia 5 – 7 November 2014 Cloud Computing.

AMOS KUJENGA ADLSN Training Coordinator Addis Ababa, Ethiopia 5 – 7 November 2014 Cloud Computing.
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.

Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.

What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.
Cloud Computing Will Crowley Monica Lopez Jaimie Morrison.

Cloud Computing Will Crowley Monica Lopez Jaimie Morrison.
Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security,

Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security,
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.

Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
Www.isaca.org Cloud Computing Risk Assessments Donald Gallien March 31, 2011.

Cloud Computing Risk Assessments Donald Gallien March 31, 2011.
Introduction to Cloud Computing

Introduction to Cloud Computing
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.
Adam Ely CISO, Heroku at salesforce.com Founder & COO, Bluebox Managing Security in The Cloud.

Adam Ely CISO, Heroku at salesforce.com Founder & COO, Bluebox Managing Security in The Cloud.
Lecture 6: Cloud Computing By D. Najla Al-Nabhan 1.

Lecture 6: Cloud Computing By D. Najla Al-Nabhan 1.
Cloud Computing. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable.

Cloud Computing. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable.
In the name of God :).

In the name of God :).
Cloud Computing. Cloud Computing defined Dynamically scalable, device-independent and task-centric computing resources are provided online, with all charges.

Cloud Computing. Cloud Computing defined Dynamically scalable, device-independent and task-centric computing resources are provided online, with all charges.
April 14, 2003- A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
CLOUD COMPUTING SECURITY – PENTESTING THE CLOUD Diogenes S. De Jesus CEH, Security+

CLOUD COMPUTING SECURITY – PENTESTING THE CLOUD Diogenes S. De Jesus CEH, Security+
Cloud Computing John Engates CTO, Rackspace Presented: Rackspace Customer Conference, 2008 October 29, 2008.

Cloud Computing John Engates CTO, Rackspace Presented: Rackspace Customer Conference, 2008 October 29, 2008.

Similar presentations

Ads by Google