5. “I don’t understand what we would
do differently in the light of cloud
computing other than change the
wording of some of our ads. ”
Larry Ellison, CEO, Oracle
6. Cloud computing is a model for enabling
ubiquitous, convenient, on-demand
network access to a shared pool of
configurable computing resources (e.g.,
networks, servers, storage, applications,
and services) that can be rapidly
provisioned and released with minimal
management effort or service provider
interaction.
Mell, Peter, and Timothy Grance. "The NIST definition of cloud computing."
NIST special publication 800 (2011): 145.
8. Benefits of Cloud Computing
• Minimized capital expenditure
• Location and device independence
• Utilization and efficiency
improvement
• Very high scalability
• High computing power
12. Threats
• Data Breaches
• Data Loss
• Account or Service Traffic Hijacking
• Insecure APIs
• Denial of Service (DoS)
• Malicious insiders
• Abuse of Nefarious Use
• Insufficient due diligence
• Shared Technology Vulnerabilities
13. Vulnerabilities
• Session Riding and Hijacking
• Reliability and Availability of Service
• Insecure Cryptography
• Data Protection and Portability
• Virtual Machine Escape
• Vendor Lock-in
• Internet Dependency
14. Countermeasures
• Policies and procedures
• Software configurations
• Encryption
• Separation of duties
• Identity management
• Good Service Level Agreement
15. Pros and Cons
CloudSecurityUpside CloudSecurityDownside
StaffSkillsandSpecialization SystemComplexity
PlatformStrength SharedMulti-tenantEnvironment
RecourseAvailability Internet-facingServices
BackupandRecovery LossofControl
MobileEndpoints BotnetofHackers
CrossDataCenterandCloud MechanismCracking
NIST Guidelines on Security and Privacy in Public Cloud Computing