SlideShare uma empresa Scribd logo
1 de 18
Baixar para ler offline
Leron Zinatullin
Cloud Computing Security
www.zinatullin.com
Summary
• Overview
• Benefits
• Concerns
• Threats
• Vulnerabilities
• Countermeasures
• Conclusion
Cloud Computing Security
Typical Network Security Threats
“I don’t understand what we would
do differently in the light of cloud
computing other than change the
wording of some of our ads. ”
Larry Ellison, CEO, Oracle
Cloud computing is a model for enabling
ubiquitous, convenient, on-demand
network access to a shared pool of
configurable computing resources (e.g.,
networks, servers, storage, applications,
and services) that can be rapidly
provisioned and released with minimal
management effort or service provider
interaction.
Mell, Peter, and Timothy Grance. "The NIST definition of cloud computing."
NIST special publication 800 (2011): 145.
Cloud Definition Framework
Benefits of Cloud Computing
• Minimized capital expenditure
• Location and device independence
• Utilization and efficiency
improvement
• Very high scalability
• High computing power
Concerns in using Cloud
Computing
Aspects of Cloud Computing Security
Pronemon Institute – April 2011 – Survey of 127 US and EU cloud service providers
Threats-Vulnerabilities-
Countermeasures
Threats
• Data Breaches
• Data Loss
• Account or Service Traffic Hijacking
• Insecure APIs
• Denial of Service (DoS)
• Malicious insiders
• Abuse of Nefarious Use
• Insufficient due diligence
• Shared Technology Vulnerabilities
Vulnerabilities
• Session Riding and Hijacking
• Reliability and Availability of Service
• Insecure Cryptography
• Data Protection and Portability
• Virtual Machine Escape
• Vendor Lock-in
• Internet Dependency
Countermeasures
• Policies and procedures
• Software configurations
• Encryption
• Separation of duties
• Identity management
• Good Service Level Agreement
Pros and Cons
CloudSecurityUpside CloudSecurityDownside
StaffSkillsandSpecialization SystemComplexity
PlatformStrength SharedMulti-tenantEnvironment
RecourseAvailability Internet-facingServices
BackupandRecovery LossofControl
MobileEndpoints BotnetofHackers
CrossDataCenterandCloud MechanismCracking
NIST Guidelines on Security and Privacy in Public Cloud Computing
Summary
• Overview
• Benefits
• Concerns
• Threats
• Vulnerabilities
• Countermeasures
• Conclusion
Thank you!
Questions?

Mais conteúdo relacionado

Mais procurados

Mais procurados (19)

A comparative study between cloud computing and fog
A comparative study between cloud computing and fog A comparative study between cloud computing and fog
A comparative study between cloud computing and fog
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
cloud storage
cloud storagecloud storage
cloud storage
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Firewall
FirewallFirewall
Firewall
 
Grid Computing
Grid ComputingGrid Computing
Grid Computing
 
How Secure is Cloud
How Secure is CloudHow Secure is Cloud
How Secure is Cloud
 
Impact of cloud computing in education, e governance
Impact of cloud computing in education, e governanceImpact of cloud computing in education, e governance
Impact of cloud computing in education, e governance
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud Computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Grid Computing
Grid ComputingGrid Computing
Grid Computing
 
Cloud storage
Cloud storageCloud storage
Cloud storage
 
Cloud and openstack
Cloud and openstackCloud and openstack
Cloud and openstack
 
What Is Cloud Computing
What Is Cloud ComputingWhat Is Cloud Computing
What Is Cloud Computing
 
Cloud.ppt
Cloud.pptCloud.ppt
Cloud.ppt
 
Grid computing
Grid computingGrid computing
Grid computing
 
Cloud with Cyber Security
Cloud with Cyber SecurityCloud with Cyber Security
Cloud with Cyber Security
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
 
Cloud Computing security issues
Cloud Computing security issuesCloud Computing security issues
Cloud Computing security issues
 

Destaque

Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
Hpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessmentHpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessmentat MicroFocus Italy ❖✔
 
How to do pci compliance in google apps
How to do pci compliance in google appsHow to do pci compliance in google apps
How to do pci compliance in google appsSysCloud
 
Privacy Concerns and Cloud Computing
Privacy Concerns and Cloud ComputingPrivacy Concerns and Cloud Computing
Privacy Concerns and Cloud ComputingAIIM International
 
Grow your business by shaping the human impacts of technology
Grow your business by shaping the human impacts of technologyGrow your business by shaping the human impacts of technology
Grow your business by shaping the human impacts of technologyMichael Siepmann, Ph.D.
 
10 security concerns cloud computing
10 security concerns cloud computing10 security concerns cloud computing
10 security concerns cloud computingHossam Zein
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security IssuesStelios Krasadakis
 
Government cloud computing_strategy
Government cloud computing_strategyGovernment cloud computing_strategy
Government cloud computing_strategyGovCloud Network
 
Cloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesCloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesMegan Eskey
 
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация  Результаты поиска Санкт-Петербург  14 октябряОО" Шоола Кол" презентация  Результаты поиска Санкт-Петербург  14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряАсылбек Айтматов
 
Abusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingAbusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingMarco Balduzzi
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedMazin Ahmed
 
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...Marco Balduzzi
 
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
 HTTP(S)-Based Clustering for Assisted Cybercrime Investigations HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
HTTP(S)-Based Clustering for Assisted Cybercrime InvestigationsMarco Balduzzi
 
TUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEMTUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEMika aprilia
 

Destaque (20)

Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Hpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessmentHpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessment
 
How to do pci compliance in google apps
How to do pci compliance in google appsHow to do pci compliance in google apps
How to do pci compliance in google apps
 
How to Overcome Content Security Concerns in the Cloud
How to Overcome Content Security Concerns in the CloudHow to Overcome Content Security Concerns in the Cloud
How to Overcome Content Security Concerns in the Cloud
 
Privacy Concerns and Cloud Computing
Privacy Concerns and Cloud ComputingPrivacy Concerns and Cloud Computing
Privacy Concerns and Cloud Computing
 
Grow your business by shaping the human impacts of technology
Grow your business by shaping the human impacts of technologyGrow your business by shaping the human impacts of technology
Grow your business by shaping the human impacts of technology
 
10 security concerns cloud computing
10 security concerns cloud computing10 security concerns cloud computing
10 security concerns cloud computing
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security Issues
 
Government cloud computing_strategy
Government cloud computing_strategyGovernment cloud computing_strategy
Government cloud computing_strategy
 
Cloud Computing Strategy and Architecture
Cloud Computing Strategy and ArchitectureCloud Computing Strategy and Architecture
Cloud Computing Strategy and Architecture
 
Cloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational PerspectivesCloud Computing: Architecture, IT Security and Operational Perspectives
Cloud Computing: Architecture, IT Security and Operational Perspectives
 
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация  Результаты поиска Санкт-Петербург  14 октябряОО" Шоола Кол" презентация  Результаты поиска Санкт-Петербург  14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
 
Christmas
ChristmasChristmas
Christmas
 
Abusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingAbusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User Profiling
 
Adauga un text
Adauga un textAdauga un text
Adauga un text
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
 
Presentation1
Presentation1Presentation1
Presentation1
 
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
 
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
 HTTP(S)-Based Clustering for Assisted Cybercrime Investigations HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
 
TUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEMTUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEM
 

Semelhante a Cloud Computing Security

Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigmfanc1985
 
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...Phil Copperwheat
 
Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02abhisheknayak29
 
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Bill Annibell
 
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26TT L
 
Gitex journey to the cloud
Gitex journey to the cloudGitex journey to the cloud
Gitex journey to the cloudJorge Sebastiao
 
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)Glenn Ambler
 
Security of Data in Cloud Environment Using DPaaS
Security of Data in Cloud Environment Using DPaaSSecurity of Data in Cloud Environment Using DPaaS
Security of Data in Cloud Environment Using DPaaSIJMER
 
Cloud computing..
Cloud computing..Cloud computing..
Cloud computing..manoj kumar
 
Cloudcamp- The World Wide Cloud
Cloudcamp- The World Wide CloudCloudcamp- The World Wide Cloud
Cloudcamp- The World Wide CloudReuven Cohen
 
Cloud Ecosystems A Perspective
Cloud Ecosystems A PerspectiveCloud Ecosystems A Perspective
Cloud Ecosystems A Perspectivejmcdaniel650
 
Cloudhnologysstecociat
CloudhnologysstecociatCloudhnologysstecociat
CloudhnologysstecociatAnne Starr
 
Cloud computing – An Overview
Cloud computing – An OverviewCloud computing – An Overview
Cloud computing – An OverviewKannan Subbiah
 

Semelhante a Cloud Computing Security (20)

Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
 
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02
 
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
 
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
 
Gitex journey to the cloud
Gitex journey to the cloudGitex journey to the cloud
Gitex journey to the cloud
 
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
 
Cloud security
Cloud securityCloud security
Cloud security
 
Presd1 10
Presd1 10Presd1 10
Presd1 10
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Security of Data in Cloud Environment Using DPaaS
Security of Data in Cloud Environment Using DPaaSSecurity of Data in Cloud Environment Using DPaaS
Security of Data in Cloud Environment Using DPaaS
 
4831586.ppt
4831586.ppt4831586.ppt
4831586.ppt
 
Cloud computing..
Cloud computing..Cloud computing..
Cloud computing..
 
Understanding Cloud Computing
Understanding Cloud ComputingUnderstanding Cloud Computing
Understanding Cloud Computing
 
Cloudcamp- The World Wide Cloud
Cloudcamp- The World Wide CloudCloudcamp- The World Wide Cloud
Cloudcamp- The World Wide Cloud
 
Cloud Ecosystems A Perspective
Cloud Ecosystems A PerspectiveCloud Ecosystems A Perspective
Cloud Ecosystems A Perspective
 
Cloudhnologysstecociat
CloudhnologysstecociatCloudhnologysstecociat
Cloudhnologysstecociat
 
Testing with the Cloud
Testing with the CloudTesting with the Cloud
Testing with the Cloud
 
Cloud computing – An Overview
Cloud computing – An OverviewCloud computing – An Overview
Cloud computing – An Overview
 

Último

UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 

Último (20)

UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 

Cloud Computing Security

  • 1. Leron Zinatullin Cloud Computing Security www.zinatullin.com
  • 2. Summary • Overview • Benefits • Concerns • Threats • Vulnerabilities • Countermeasures • Conclusion
  • 5. “I don’t understand what we would do differently in the light of cloud computing other than change the wording of some of our ads. ” Larry Ellison, CEO, Oracle
  • 6. Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Mell, Peter, and Timothy Grance. "The NIST definition of cloud computing." NIST special publication 800 (2011): 145.
  • 8. Benefits of Cloud Computing • Minimized capital expenditure • Location and device independence • Utilization and efficiency improvement • Very high scalability • High computing power
  • 9. Concerns in using Cloud Computing
  • 10. Aspects of Cloud Computing Security Pronemon Institute – April 2011 – Survey of 127 US and EU cloud service providers
  • 12. Threats • Data Breaches • Data Loss • Account or Service Traffic Hijacking • Insecure APIs • Denial of Service (DoS) • Malicious insiders • Abuse of Nefarious Use • Insufficient due diligence • Shared Technology Vulnerabilities
  • 13. Vulnerabilities • Session Riding and Hijacking • Reliability and Availability of Service • Insecure Cryptography • Data Protection and Portability • Virtual Machine Escape • Vendor Lock-in • Internet Dependency
  • 14. Countermeasures • Policies and procedures • Software configurations • Encryption • Separation of duties • Identity management • Good Service Level Agreement
  • 15. Pros and Cons CloudSecurityUpside CloudSecurityDownside StaffSkillsandSpecialization SystemComplexity PlatformStrength SharedMulti-tenantEnvironment RecourseAvailability Internet-facingServices BackupandRecovery LossofControl MobileEndpoints BotnetofHackers CrossDataCenterandCloud MechanismCracking NIST Guidelines on Security and Privacy in Public Cloud Computing
  • 16. Summary • Overview • Benefits • Concerns • Threats • Vulnerabilities • Countermeasures • Conclusion