SlideShare uma empresa Scribd logo

Cloud Security - Security Aspects of Cloud Computing

Jim Geovedi
Jim Geovedi

Lightning talk presented at Jakarta's Executive Forum, 5 August 2010.

Tecnologia
1 de 16
Baixar para ler offline
Bellua Asia Pacific CLOUD SECURITY SECURITY ASPECTS OF CLOUD COMPUTING JIM GEOVEDI Director, Bellua Asia Pacific jim.geovedi@bellua.com @geovedi Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com
Bellua Asia Pacific Essential characteristics • On-demand Service - Get computing capabilities as needed automatically • Broad Network Access - Services available over the net • Resource Pooling - Provider resources pooled to server multiple clients • Rapid Elasticity - Ability to quickly scale in/out service • Measured Service - Control, optimise services based on metering Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 2
Bellua Asia Pacific Service models Presentation Modality Presentation Platform APIs Applications Data Metadata Content Integration and Middleware APIs Infrastructure as Core Connectivity and Delivery Software as Platform as a Service a Service a Service Abstraction Hardware Facilities Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 3
Bellua Asia Pacific Deployment models • Public - Cloud infrastructure is available to the general public, owned by org selling cloud services • Private - Cloud infrastructure for single organisation only, may be managed by the organisation or a 3rd party, on or off premise • Community - Cloud infrastructure shared by several organisations that have shared concerns, managed by org or 3rd party • Hybrid - Combinations of more than clouds bound by standard or proprietary technology Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 4
Bellua Asia Pacific Cloud examples Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 5
Bellua Asia Pacific Move to the cloud? • Identify the asset(s) for cloud deployment - Data - Applications/Functions/Process • Evaluate the asset - Determine how important the data or function is to the organisation Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 6
Bellua Asia Pacific Top CIO concerns Security Availability Performance Cost Standards Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 7
Bellua Asia Pacific Cloud security threats 1. Abuse and nefarious use 2. Insecure interfaces and APIs 3. Malicious insiders 4. Shared technology issues 5. Data loss or leakage 6. Account or service hijacking 7. Unknown risk profile source: http://www.cloudsecurityalliance.org/topthreats Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 8
Bellua Asia Pacific Threat #1: Abuse and Nefarious Use • Criminals continue to leverage new technologies to improve their reach, avoid detection, and improve the effectiveness of their activities. • Cloud Computing providers are actively being targeted, partially because their relatively weak registration systems facilitate anonymity, and providers’ fraud detection capabilities are limited. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 9
Bellua Asia Pacific Threat #2: Insecure Interfaces and APIs • While most providers strive to ensure security is well integrated into their service models, it is critical for consumers of those services to understand the security implications associated with the usage, management, orchestration and monitoring of cloud services. • Reliance on a weak set of interfaces and APIs exposes organisations to a variety of security issues related to confidentiality, integrity, availability and accountability. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 10
Bellua Asia Pacific Threat #3: Malicious Insiders • The impact that malicious insiders can have on an organisation is considerable, given their level of access and ability to infiltrate organisations and assets. • Brand damage, financial impact, and productivity losses are just some of the ways a malicious insider can affect an operation. • As organisations adopt cloud services, the human element takes on an even more profound importance. It is critical therefore that consumers of cloud services understand what providers are doing to detect and defend against the malicious insider threat. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 11
Bellua Asia Pacific Threat #4: Shared Technology Issues • Attacks have surfaced in recent years that target the shared technology inside Cloud Computing environments. Disk partitions, CPU caches, GPUs, and other shared elements were never designed for strong compartmentalisation. • As a result, attackers focus on how to impact the operations of other cloud customers, and how to gain unauthorised access to data. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 12
Bellua Asia Pacific Threat #5: Data Loss or Leakage • Data loss or leakage can have a devastating impact on a business. Beyond the damage to one’s brand and reputation, a loss could significantly impact employee, partner, and customer morale and trust. • Loss of core intellectual property could have competitive and financial implications. Worse still, depending upon the data that is lost or leaked, there might be compliance violations and legal ramifications. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 13
Bellua Asia Pacific Threat #6: Account or Service Hijacking • Account and service hijacking, usually with stolen credentials, remains a top threat. With stolen credentials, attackers can often access critical areas of deployed cloud computing services, allowing them to compromise the confidentiality, integrity and availability of those services. • Organisations should be aware of these techniques as well as common defence in depth protection strategies to contain the damage (and possible litigation) resulting from a breach. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 14
Bellua Asia Pacific Threat #7: Unknown Risk Profile • When adopting a cloud service, the features and functionality may be well advertised, but... - What about details or compliance of the internal security procedures, configuration hardening, patching, auditing, and logging? - How are your data and related logs stored and who has access to them? - What information if any will the vendor disclose in the event of a security incident? • Often such questions are not clearly answered or are overlooked, leaving customers with an unknown risk profile that may include serious threats. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 15
Bellua Asia Pacific Security guidance Security guidance for critical areas of focus in cloud computing source: http://www.cloudsecurityalliance.org/guidance.html Cloud Architecture Governing in the Cloud Operating in the Cloud Cloud Computing Architectural Governance and Enterprise Risk Traditional Security, Business Framework Management Continuity and Disaster Recovery Legal and Electronic Discovery Data Centre Operations Compliance and Audit Incident Response, Notification, and Remediation Information Lifecycle Management Application Security Portability and Interoperability Encryption and Key Management Identity and Access Management Virtualisation Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 16

Recomendados

Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
Cloud security
Cloud securityCloud security
Cloud securityNiharika Varshney
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud ComputingRohit Buddabathina
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computingveena venugopal
 

Recomendados

Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
Cloud security
Cloud securityCloud security
Cloud securityNiharika Varshney
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud ComputingRohit Buddabathina
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computingveena venugopal
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computingprachupanchal
 
Cloud computing and data security
Cloud computing and data securityCloud computing and data security
Cloud computing and data securityMohammed Fazuluddin
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter PresentationCloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter PresentationVenkateswar Reddy Melachervu
 
03 cia
03 cia03 cia
03 ciaJadavsejal
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud EncryptionRituparnaNag
 
Cloud security
Cloud securityCloud security
Cloud securityBikashPokharel3
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt Devyani Vaidya
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsViresh Suri
 
Cloud security
Cloud securityCloud security
Cloud securityTushar Kayande
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and managementShamsundar Machale (CISSP, CEH)
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architectureHybrid IT Europe
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Cloud security
Cloud securityCloud security
Cloud securityPurva Dublay
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesDheeraj Negi
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 

Mais conteúdo relacionado

Mais procurados

Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computingprachupanchal
 
Cloud computing and data security
Cloud computing and data securityCloud computing and data security
Cloud computing and data securityMohammed Fazuluddin
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter PresentationCloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter PresentationVenkateswar Reddy Melachervu
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsViresh Suri
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and managementShamsundar Machale (CISSP, CEH)
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architectureHybrid IT Europe
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 

Mais procurados (20)

Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
 
Cloud computing and data security
Cloud computing and data securityCloud computing and data security
Cloud computing and data security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter PresentationCloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
 
03 cia
03 cia03 cia
03 cia
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
 
Cloud security
Cloud securityCloud security
Cloud security
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
Cloud security
Cloud securityCloud security
Cloud security
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint Protection
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and management
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cloud security
Cloud securityCloud security
Cloud security
 

Destaque

Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesDheeraj Negi
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 
Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?Jim Geovedi
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Jim Geovedi
 
Satellite Telephony Security
Satellite Telephony SecuritySatellite Telephony Security
Satellite Telephony SecurityJim Geovedi
 
Hacking Cracking 2008
Hacking Cracking 2008Hacking Cracking 2008
Hacking Cracking 2008Jim Geovedi
 
Wireless Hotspot Security
Wireless Hotspot SecurityWireless Hotspot Security
Wireless Hotspot SecurityJim Geovedi
 
Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!Jim Geovedi
 
Hacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to DiscoverHacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to DiscoverJim Geovedi
 
Wireless Hotspot: The Hackers Playground
Wireless Hotspot: The Hackers PlaygroundWireless Hotspot: The Hackers Playground
Wireless Hotspot: The Hackers PlaygroundJim Geovedi
 
Satellite Hacking — Intro by Indianz (2012)
Satellite Hacking — Intro by Indianz (2012)Satellite Hacking — Intro by Indianz (2012)
Satellite Hacking — Intro by Indianz (2012)Jim Geovedi
 
Professional Hackers
Professional HackersProfessional Hackers
Professional HackersJim Geovedi
 
Warezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite HackingWarezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite HackingJim Geovedi
 
The 21st Century Bank Job
The 21st Century Bank JobThe 21st Century Bank Job
The 21st Century Bank JobJim Geovedi
 
Hacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT ConnectionHacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT ConnectionJim Geovedi
 
Cheating the 10,000 hour rule
Cheating the 10,000 hour ruleCheating the 10,000 hour rule
Cheating the 10,000 hour ruleJim Geovedi
 
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust RelationshipHacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust RelationshipJim Geovedi
 
Waluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social MediaWaluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social MediaJim Geovedi
 

Destaque (20)

Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
 
Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
 
Satellite Telephony Security
Satellite Telephony SecuritySatellite Telephony Security
Satellite Telephony Security
 
Hacking Cracking 2008
Hacking Cracking 2008Hacking Cracking 2008
Hacking Cracking 2008
 
Wireless Hotspot Security
Wireless Hotspot SecurityWireless Hotspot Security
Wireless Hotspot Security
 
Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!
 
Hacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to DiscoverHacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to Discover
 
Internet Worms
Internet WormsInternet Worms
Internet Worms
 
Wireless Hotspot: The Hackers Playground
Wireless Hotspot: The Hackers PlaygroundWireless Hotspot: The Hackers Playground
Wireless Hotspot: The Hackers Playground
 
Satellite Hacking — Intro by Indianz (2012)
Satellite Hacking — Intro by Indianz (2012)Satellite Hacking — Intro by Indianz (2012)
Satellite Hacking — Intro by Indianz (2012)
 
Professional Hackers
Professional HackersProfessional Hackers
Professional Hackers
 
Warezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite HackingWarezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite Hacking
 
The 21st Century Bank Job
The 21st Century Bank JobThe 21st Century Bank Job
The 21st Century Bank Job
 
Hacking Trust
Hacking TrustHacking Trust
Hacking Trust
 
Hacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT ConnectionHacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT Connection
 
Cheating the 10,000 hour rule
Cheating the 10,000 hour ruleCheating the 10,000 hour rule
Cheating the 10,000 hour rule
 
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust RelationshipHacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
 
Waluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social MediaWaluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social Media
 

Semelhante a Cloud Security - Security Aspects of Cloud Computing

FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveFUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveMyNOG
 
IRJET- Survey on Security Threats and Remedies in Cloud Computing
IRJET- Survey on Security Threats and Remedies in Cloud ComputingIRJET- Survey on Security Threats and Remedies in Cloud Computing
IRJET- Survey on Security Threats and Remedies in Cloud ComputingIRJET Journal
 
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...IRJET Journal
 
Enabling the-Connected-Car-Java
Enabling the-Connected-Car-JavaEnabling the-Connected-Car-Java
Enabling the-Connected-Car-Javaterrencebarr
 
MY RESUME ANTHONY
MY RESUME ANTHONYMY RESUME ANTHONY
MY RESUME ANTHONYtonny davis
 
Cloud and challenges isacakenya
Cloud and challenges isacakenyaCloud and challenges isacakenya
Cloud and challenges isacakenyaTonny Omwansa
 
Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”Vivek Maurya
 
Lightning Case Studies: Implementing Modern Enterprise Communications Across ...
Lightning Case Studies: Implementing Modern Enterprise Communications Across ...Lightning Case Studies: Implementing Modern Enterprise Communications Across ...
Lightning Case Studies: Implementing Modern Enterprise Communications Across ...Christina Inge
 
Mureti-Martin-Resume.pdf
Mureti-Martin-Resume.pdfMureti-Martin-Resume.pdf
Mureti-Martin-Resume.pdfMuretiMartin1
 
SDF_Security_A4_0606
SDF_Security_A4_0606SDF_Security_A4_0606
SDF_Security_A4_0606Eben Visser
 

Semelhante a Cloud Security - Security Aspects of Cloud Computing (20)

FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveFUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
 
IRJET- Survey on Security Threats and Remedies in Cloud Computing
IRJET- Survey on Security Threats and Remedies in Cloud ComputingIRJET- Survey on Security Threats and Remedies in Cloud Computing
IRJET- Survey on Security Threats and Remedies in Cloud Computing
 
ravi cv
ravi cvravi cv
ravi cv
 
ravi cv
ravi cvravi cv
ravi cv
 
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
 
Gicel Ragasa - 2015CV
Gicel Ragasa - 2015CV Gicel Ragasa - 2015CV
Gicel Ragasa - 2015CV
 
Enabling the-Connected-Car-Java
Enabling the-Connected-Car-JavaEnabling the-Connected-Car-Java
Enabling the-Connected-Car-Java
 
Gaurav-0D12AD
Gaurav-0D12ADGaurav-0D12AD
Gaurav-0D12AD
 
MY RESUME ANTHONY
MY RESUME ANTHONYMY RESUME ANTHONY
MY RESUME ANTHONY
 
141015 iNSAF intro
141015 iNSAF intro141015 iNSAF intro
141015 iNSAF intro
 
Cloud and challenges isacakenya
Cloud and challenges isacakenyaCloud and challenges isacakenya
Cloud and challenges isacakenya
 
CV - Babaniji-Olajumoke Oladunni
CV - Babaniji-Olajumoke OladunniCV - Babaniji-Olajumoke Oladunni
CV - Babaniji-Olajumoke Oladunni
 
Gerome_Ray_Delos_Reyes
Gerome_Ray_Delos_ReyesGerome_Ray_Delos_Reyes
Gerome_Ray_Delos_Reyes
 
Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”
 
120612 nettraxslides
120612 nettraxslides120612 nettraxslides
120612 nettraxslides
 
Lightning Case Studies: Implementing Modern Enterprise Communications Across ...
Lightning Case Studies: Implementing Modern Enterprise Communications Across ...Lightning Case Studies: Implementing Modern Enterprise Communications Across ...
Lightning Case Studies: Implementing Modern Enterprise Communications Across ...
 
Tk amk new
Tk amk newTk amk new
Tk amk new
 
Tk amk new
Tk amk newTk amk new
Tk amk new
 
Mureti-Martin-Resume.pdf
Mureti-Martin-Resume.pdfMureti-Martin-Resume.pdf
Mureti-Martin-Resume.pdf
 
SDF_Security_A4_0606
SDF_Security_A4_0606SDF_Security_A4_0606
SDF_Security_A4_0606
 

Último

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Último (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 

Cloud Security - Security Aspects of Cloud Computing

  • 1. Bellua Asia Pacific CLOUD SECURITY SECURITY ASPECTS OF CLOUD COMPUTING JIM GEOVEDI Director, Bellua Asia Pacific jim.geovedi@bellua.com @geovedi Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com
  • 2. Bellua Asia Pacific Essential characteristics • On-demand Service - Get computing capabilities as needed automatically • Broad Network Access - Services available over the net • Resource Pooling - Provider resources pooled to server multiple clients • Rapid Elasticity - Ability to quickly scale in/out service • Measured Service - Control, optimise services based on metering Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 2
  • 3. Bellua Asia Pacific Service models Presentation Modality Presentation Platform APIs Applications Data Metadata Content Integration and Middleware APIs Infrastructure as Core Connectivity and Delivery Software as Platform as a Service a Service a Service Abstraction Hardware Facilities Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 3
  • 4. Bellua Asia Pacific Deployment models • Public - Cloud infrastructure is available to the general public, owned by org selling cloud services • Private - Cloud infrastructure for single organisation only, may be managed by the organisation or a 3rd party, on or off premise • Community - Cloud infrastructure shared by several organisations that have shared concerns, managed by org or 3rd party • Hybrid - Combinations of more than clouds bound by standard or proprietary technology Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 4
  • 5. Bellua Asia Pacific Cloud examples Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 5
  • 6. Bellua Asia Pacific Move to the cloud? • Identify the asset(s) for cloud deployment - Data - Applications/Functions/Process • Evaluate the asset - Determine how important the data or function is to the organisation Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 6
  • 7. Bellua Asia Pacific Top CIO concerns Security Availability Performance Cost Standards Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 7
  • 8. Bellua Asia Pacific Cloud security threats 1. Abuse and nefarious use 2. Insecure interfaces and APIs 3. Malicious insiders 4. Shared technology issues 5. Data loss or leakage 6. Account or service hijacking 7. Unknown risk profile source: http://www.cloudsecurityalliance.org/topthreats Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 8
  • 9. Bellua Asia Pacific Threat #1: Abuse and Nefarious Use • Criminals continue to leverage new technologies to improve their reach, avoid detection, and improve the effectiveness of their activities. • Cloud Computing providers are actively being targeted, partially because their relatively weak registration systems facilitate anonymity, and providers’ fraud detection capabilities are limited. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 9
  • 10. Bellua Asia Pacific Threat #2: Insecure Interfaces and APIs • While most providers strive to ensure security is well integrated into their service models, it is critical for consumers of those services to understand the security implications associated with the usage, management, orchestration and monitoring of cloud services. • Reliance on a weak set of interfaces and APIs exposes organisations to a variety of security issues related to confidentiality, integrity, availability and accountability. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 10
  • 11. Bellua Asia Pacific Threat #3: Malicious Insiders • The impact that malicious insiders can have on an organisation is considerable, given their level of access and ability to infiltrate organisations and assets. • Brand damage, financial impact, and productivity losses are just some of the ways a malicious insider can affect an operation. • As organisations adopt cloud services, the human element takes on an even more profound importance. It is critical therefore that consumers of cloud services understand what providers are doing to detect and defend against the malicious insider threat. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 11
  • 12. Bellua Asia Pacific Threat #4: Shared Technology Issues • Attacks have surfaced in recent years that target the shared technology inside Cloud Computing environments. Disk partitions, CPU caches, GPUs, and other shared elements were never designed for strong compartmentalisation. • As a result, attackers focus on how to impact the operations of other cloud customers, and how to gain unauthorised access to data. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 12
  • 13. Bellua Asia Pacific Threat #5: Data Loss or Leakage • Data loss or leakage can have a devastating impact on a business. Beyond the damage to one’s brand and reputation, a loss could significantly impact employee, partner, and customer morale and trust. • Loss of core intellectual property could have competitive and financial implications. Worse still, depending upon the data that is lost or leaked, there might be compliance violations and legal ramifications. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 13
  • 14. Bellua Asia Pacific Threat #6: Account or Service Hijacking • Account and service hijacking, usually with stolen credentials, remains a top threat. With stolen credentials, attackers can often access critical areas of deployed cloud computing services, allowing them to compromise the confidentiality, integrity and availability of those services. • Organisations should be aware of these techniques as well as common defence in depth protection strategies to contain the damage (and possible litigation) resulting from a breach. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 14
  • 15. Bellua Asia Pacific Threat #7: Unknown Risk Profile • When adopting a cloud service, the features and functionality may be well advertised, but... - What about details or compliance of the internal security procedures, configuration hardening, patching, auditing, and logging? - How are your data and related logs stored and who has access to them? - What information if any will the vendor disclose in the event of a security incident? • Often such questions are not clearly answered or are overlooked, leaving customers with an unknown risk profile that may include serious threats. Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 15
  • 16. Bellua Asia Pacific Security guidance Security guidance for critical areas of focus in cloud computing source: http://www.cloudsecurityalliance.org/guidance.html Cloud Architecture Governing in the Cloud Operating in the Cloud Cloud Computing Architectural Governance and Enterprise Risk Traditional Security, Business Framework Management Continuity and Disaster Recovery Legal and Electronic Discovery Data Centre Operations Compliance and Audit Incident Response, Notification, and Remediation Information Lifecycle Management Application Security Portability and Interoperability Encryption and Key Management Identity and Access Management Virtualisation Bellua Asia Pacific — Graha Mandiri 9th floor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 16