Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

Published byEric Baldwin Modified over 8 years ago

Similar presentations

Presentation on theme: "Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information."— Presentation transcript:

1

2 Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information Technology Services Division Department of Administration State of Montana lpizzini@mt.gov

3 Lynne Pizzini, CISSP, CISM, CIPP Lyn-nerd the Clown Information Systems Security Officer Information Technology Services Division Department of Administration State of Montana

4 Overview What is Cloud Computing? Types of Clouds Benefits Dangers Protections Is it Right for You? Review

5 What is Cloud Computing? Provides on-demand network access to a shared pool of computing resources such as networks, servers, storage and applications. Scalable to meet customer needs. Provided through a large data center.

6 Recent Developments Gartner – cloud computing has moved from #16 to #2 in the annual CIO survey of key technology investments. Recent NASCIO study of all 50 states ranked cloud computing as #5 in the top 10 technical goals for organizations. The top concern when it comes to cloud computing in this same NASCIO survey was Security and Privacy.

7 What is Cloud Computing?

8 Types of Clouds Software as a Service (SAAS) – provides ready for use web-based applications that are maintained centrally by a provider. Platform as a Service (PAAS) – provides programming languages and tools that can be used by application developers to create and deploy applications on the web Infrastructure as a Service (IAAS) – provides computing resources whose usage is rented from a provider (VM and storage).

9 Types Continued Can be private, public, hybrid, community (group with something in common – local government, healthcare industry, financial industry), or some combination of these models.

10 Benefits More expertise if you are a small organization More ability and resources Use of VM Recoverability

11 Benefits and Dangers

12 Dangers - Concerns VENDOR SECURITY Cloud computing customers rely on providers to implement appropriate security measures to protect the confidentiality, integrity, and availability of data. Be wary of providers who are reluctant to share details of their security architecture/practices with customers. Transparency vs. Secrecy

13 Dangers - Concerns ISOLATION/SEGREGATION Users access cloud computing resources via a virtual machine hosted on an unknown physical machine. The physical machine may be shared with other users. Providers must ensure that multiple customers do not interfere with each other, maliciously or unintentionally. How is data isolated or segregated from other organizations’ data? The cloud provider should provide evidence that encryption is being used and has been tested by experts.

14 Dangers - Concerns DATA LOCATION Providers may have data centers located in other countries. Be sure your vendor contract stipulates any restrictions you may have on the physical location of where your data is stored. Get a commitment from them to obey your privacy requirements no matter where the data is located.

15 Dangers - Concerns MANAGEMENT INTERFACE Customers access the cloud management interface via the Internet, thus increasing exposure to potential attack. How is the system administered by the company – via the Internet? Do they use two factor authentication? Are administrators monitored?

16 Dangers - Concerns REPUTATION SHARING Bad behavior by one cloud customer may impact others using the cloud. For example a customer engaging in spamming may cause a common cloud IP address to be black listed.

17 Dangers - Concerns PROVIDER VIABILITY How long has the provider been in business? What happens to your organization’s applications and data in the event that the provider goes out of business, is purchased by another business, or when the contract runs out?

18 Dangers - Concerns COMPLIANCE Placement of data in the cloud does not eliminate an organization’s need to meet legal and regulatory requirements such as PCI or HIPAA. Organizations will need timely assistance from cloud computing providers to fulfill investigation/audit requirements. Remember - you will be fined for being out of compliance, not the cloud provider.

19 Dangers - Concerns DATA LOSS/LEAKAGE How and where are backups stored? How is information removed when equipment is cycled?

20 Dangers - Concerns RECOVERY How does the provider meet your recovery requirements in the event of a disaster? What is their capability to do a complete restoration and how long will it take?

21 Dangers - Concerns LOGGING What is logged? Can it be accessed easily for investigative purposes?

22 Protect Your Data

23 Protections Data Classification: Consider the sensitivity of your data before making a decision of whether or not to put it in the cloud. Encryption: Encrypt sensitive data before placing it in the cloud. Authentication: Consider requiring multifactor authentication for access to cloud computing resources. Vulnerability Assessment: Include a requirement for a security review or vulnerability assessment as part of the service level agreement with the provider. Monitor: Require close monitoring of cloud computing resources by providers for unauthorized activity. Backup: Ensure that your backup data is not comingled with other customers. Notification: Require providers to provide timely notification of any potential data security breach or security incident.

24 Protections - Continued SAS-70 Certification Contract/Agreement Audit

25 Is Cloud Computing right for you? Risk Assessment

26 Resources CSO Magazine Gartner Network World Magazine Computer World Magazine Cloudsecurity.org ISACA MS-ISAC NIST NASCIO

27 Summary – Story Bag What is cloud computing Types of Clouds Benefits Dangers Protections Is it Right for You? Review

28 Final Comment Unofficial motto: “In God we trust, everyone else must have a digital signature.” Author Unknown

29 ANY QUESTIONS?

Download ppt "Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information."

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Considerations in an Outsourced / Cloud World ARMA Information Management Symposium Bill Wilson, Chief Privacy Technologist.

Considerations in an Outsourced / Cloud World ARMA Information Management Symposium Bill Wilson, Chief Privacy Technologist.
Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.

Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.
Hi – 5 Marcus Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi Security of Cloud Computing.

Hi – 5 Marcus Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi Security of Cloud Computing.
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.

Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
Cloud Computing NSAA Tallahassee September 2010 Brian Rue

Cloud Computing NSAA Tallahassee September 2010 Brian Rue
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.

Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.
Security Controls – What Works

Security Controls – What Works
Introduction to Cloud Computing and Secure Cloud Computing

Introduction to Cloud Computing and Secure Cloud Computing
Department of Internal Affairs Cloud computing considerations John Roberts Director, Relationship Management CRI Records Managers 11 June 2015.

Department of Internal Affairs Cloud computing considerations John Roberts Director, Relationship Management CRI Records Managers 11 June 2015.
Cloud Computing Will Crowley Monica Lopez Jaimie Morrison.

Cloud Computing Will Crowley Monica Lopez Jaimie Morrison.
Cloud Usability Framework

Cloud Usability Framework
Wally Kowal, President and Founder Canadian Cloud Computing Inc.

Wally Kowal, President and Founder Canadian Cloud Computing Inc.
Oyinkan Adedun Adeleye Caitlyn Carney Tyler Nguyen.

Oyinkan Adedun Adeleye Caitlyn Carney Tyler Nguyen.
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.

Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Similar presentations

Ads by Google