SlideShare uma empresa Scribd logo

Cloud Security - Made simple

Sameer Paradia
Sameer Paradia

Cloud security is must for any of the IaaS, PaaS, SaaS or CaaS initiative. this presentation aims to simplify the concept of cloud security with clear steps to achieve it. It also summarize the controls required to implement cloud security.

TecnologiaNegócios
1 de 18
Cloud Security Cloud Security sameer paradia sameer paradia
Goals 1. Brief on Cloud Computing 2. Security Threats  2 Security Threats 3. Framework  4. Controls   4. Controls http://www.flickr.com/photos/tomhaymes/3212 92834/
Understand Cloud Cl d
Essential Characteristic On‐Demand Lowered requirement to  forecasts Lowered requirement to forecasts Demand trends are predicted by the  provider Usage‐metered  Usage metered Pay‐by‐the‐realtime use  Self‐service from pool of resources Resources managed by consumer  Resources managed by consumer with a GUI or API Elastic Scalability Grow or shrink resources as required Grow or shrink resources as required Ubiquitous  Network The network is essential to use the  service ser i e
Beyond basic.. Modes of Deployment p S i Services Types Compute Storage IaaS Deployment Network Datacentre  models Web 2.0 Applications  Public cloud S PaaS Runtime Development tools Business  Hybrid cloud Middleware Database Java Runtime Private cloud Pi t l d Community cloud Collaboratio ERP / CRM aS n Saa Business  Enterprise  Processes Applications
Security Threat Thr t
Lots of noise on.... Cloud Security? ...how do we simplify it how it... http://www.flickr.com/photos/purpleslog/2870445256/in/photostream/
It is same As current InfoSec practice You have to take the ha e same approach as current ISMS http://www.flickr.com/photos/pheckaboolala/341063811 9
Cloud Security • What is it? – Protection of your information in Protection of your information in  cloud • Why is critical? – Your information is at central  unknown place in cloud – No visibility of security measures in No visibility of security measures in  Public cloud • Impact of breach  on business? – Lack of Compliance  k f li – Legal issue – Breach of privacy Breach of privacy http://www.flickr.com/photos/nigeljohnson73/6788941421
Threats in XaaS Threats in XaaS Models • SaaS:  – Built in security functionality Built in security functionality – Least consumer extensibility – Relatively high level of integrated security • PaaS – Enable developers to build their own applications on top of the platform – M More extensible than SaaS, at the expense of customer ready features ibl h S S h f d f – Built in capabilities are less complete, but there is more flexibility to layer on additional  security • IaaS  – Few  application‐like features,  – Enormous extensibility – Less integrated security capabilities and functionality beyond protecting the  infrastructure itself  – Assets to be managed and secured by the cloud consumer
Security Framework Fr rk
1. Identify asset  2. Assess impact  3. Map the asset  to c oud y to cloudify o ta se g of transferring  to potential  to potential a) Data assets on cloud  cloud  b) Applications on business in  deployment  case of breach  case of breach models Security Framework 4. Evaluate  5. Evaluate the  controls in  Dataflow , to  ata o , to each of Iaas/  understand the  Paas/ Saas flow  layer  y depending  upon asset
Cloud Controls C tr l
3 Dimensions of cloud security Business  IT Assets  Risk  Criticality  C iti lit in cloud i l d Assessment A t For achieving robust and practical security consider all 3 perspective
Types of Controls Types of Controls Governance G Operational O ti l (Strategic)  (Tactical)  • Risk Management  • BCP/ DR • Legal & Electronic  • Data centre  Discovery Operations • Compliance/ Audit • Incident  • Information Life  Management  M t cycle management  • Application security • Portability and Portability and  • Encryption Encryption  Interoperability • Identity & Access  Management  Management • Virtualization 
Implement Controls • Possible controls – Layered security  – facilities (physical security) – network infrastructure(network  t ki f t t ( t k security) – IT systems (system security) – information and applications  (application security). • IaaS Cloud provider : IaaS Cloud provider :  – address security controls such as  physical security, environmental  security, and virtualization security it d i t li ti it • SaaS – Addresses upto Application layer Addresses upto Application layer http://www.flickr.com/photos/telstar/2816038167
Summary • Consider three perspective‐ Assets, Risk management and  Business criticality  • Cloud as an operational model  neither  provide for nor prevent  p p achieving compliance  • Selection of control depends on  the service and deployment model the service and deployment model • Control varies depending on  the  design, deployment, and  management of the resources f h • Most of Security controls in cloud  are, same as normal IT  environment http://www.flickr.com/photos/isadocafe/2095153000/
Sameer Paradia – CGEIT, CISM, CISSP (sameer_m_paradia@yahoo.com) Practicing IT Security for 12+ y g y years out of 20+ y years of IT Services/ Outsourcing work experience. g p http://www.flickr.com/photos/forgetmeknottphotography/7003899183/sizes/l/in/photostream/

Recomendados

Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareTzar Umang
 
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...Andris Soroka
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015Shah Sheikh
 

Recomendados

Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareTzar Umang
 
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...Andris Soroka
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015Shah Sheikh
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardEMC
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Priyanka Aash
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...Shah Sheikh
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012Jimmy Saigon
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceCamilo Fandiño Gómez
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
SIEM evolution
SIEM evolutionSIEM evolution
SIEM evolutionStijn Vande Casteele
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 
Cloud computing security infrastructure
Cloud computing security infrastructureCloud computing security infrastructure
Cloud computing security infrastructureIntel IT Center
 
IBM Security QFlow & Vflow
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & VflowCamilo Fandiño Gómez
 
2012-12-12 Seminar McAfee ESM
2012-12-12 Seminar McAfee ESM2012-12-12 Seminar McAfee ESM
2012-12-12 Seminar McAfee ESMPinewood
 
SD-WAN - comSpark 2019
SD-WAN - comSpark 2019SD-WAN - comSpark 2019
SD-WAN - comSpark 2019Advanced Technology Consulting (ATC)
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
IBM Qradar-Advisor
IBM Qradar-AdvisorIBM Qradar-Advisor
IBM Qradar-AdvisorLuigi Perrone
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsIBM Security
 
IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security IntelligenceAnna Landolfi
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in CloudLenin Aboagye
 

Mais conteúdo relacionado

Mais procurados

From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardEMC
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Priyanka Aash
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...Shah Sheikh
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012Jimmy Saigon
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceCamilo Fandiño Gómez
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 
Cloud computing security infrastructure
Cloud computing security infrastructureCloud computing security infrastructure
Cloud computing security infrastructureIntel IT Center
 
2012-12-12 Seminar McAfee ESM
2012-12-12 Seminar McAfee ESM2012-12-12 Seminar McAfee ESM
2012-12-12 Seminar McAfee ESMPinewood
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsIBM Security
 
IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security IntelligenceAnna Landolfi
 

Mais procurados (20)

From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security Intelligence
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentation
 
SIEM evolution
SIEM evolutionSIEM evolution
SIEM evolution
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security Issues
 
Cloud computing security infrastructure
Cloud computing security infrastructureCloud computing security infrastructure
Cloud computing security infrastructure
 
IBM Security QFlow & Vflow
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & Vflow
 
2012-12-12 Seminar McAfee ESM
2012-12-12 Seminar McAfee ESM2012-12-12 Seminar McAfee ESM
2012-12-12 Seminar McAfee ESM
 
SD-WAN - comSpark 2019
SD-WAN - comSpark 2019SD-WAN - comSpark 2019
SD-WAN - comSpark 2019
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case Study
 
IBM Qradar-Advisor
IBM Qradar-AdvisorIBM Qradar-Advisor
IBM Qradar-Advisor
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
 
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPs
 
IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security Intelligence
 

Semelhante a Cloud Security - Made simple

McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in CloudLenin Aboagye
 
Resarch paper i cloud computing
Resarch paper i cloud computingResarch paper i cloud computing
Resarch paper i cloud computingBharat Gupta
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Crew
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAmazon Web Services
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigmfanc1985
 
Neupart Isaca April 2012
Neupart Isaca April 2012Neupart Isaca April 2012
Neupart Isaca April 2012Lars Neupart
 
Security concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computingSecurity concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computingClinton DSouza
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14L S Subramanian
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloudAjay Rathi
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Amazon Web Services
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAmazon Web Services
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...ptaglephd
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloudInterop
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingIRJET Journal
 
Container Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptxContainer Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptxMandy Sidana
 
Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010graywilliams
 
Cloud Security_Module2.ppt
Cloud Security_Module2.pptCloud Security_Module2.ppt
Cloud Security_Module2.pptArunKumbi1
 

Semelhante a Cloud Security - Made simple (20)

McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
Resarch paper i cloud computing
Resarch paper i cloud computingResarch paper i cloud computing
Resarch paper i cloud computing
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
 
Neupart Isaca April 2012
Neupart Isaca April 2012Neupart Isaca April 2012
Neupart Isaca April 2012
 
Security concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computingSecurity concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computing
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud Computing
 
Container Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptxContainer Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptx
 
Presd1 10
Presd1 10Presd1 10
Presd1 10
 
Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010
 
Cloud Security_Module2.ppt
Cloud Security_Module2.pptCloud Security_Module2.ppt
Cloud Security_Module2.ppt
 

Mais de Sameer Paradia

Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerSameer Paradia
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )Sameer Paradia
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Product Management Lifecycle
Product Management LifecycleProduct Management Lifecycle
Product Management LifecycleSameer Paradia
 
IT - Enterprise Service Operation Center
IT - Enterprise Service Operation CenterIT - Enterprise Service Operation Center
IT - Enterprise Service Operation CenterSameer Paradia
 

Mais de Sameer Paradia (6)

Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developer
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
Product Management Lifecycle
Product Management LifecycleProduct Management Lifecycle
Product Management Lifecycle
 
IT - Enterprise Service Operation Center
IT - Enterprise Service Operation CenterIT - Enterprise Service Operation Center
IT - Enterprise Service Operation Center
 
IT Sourcing Strategy
IT Sourcing StrategyIT Sourcing Strategy
IT Sourcing Strategy
 

Último

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Último (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

Cloud Security - Made simple

  • 1. Cloud Security Cloud Security sameer paradia sameer paradia
  • 2. Goals 1. Brief on Cloud Computing 2. Security Threats  2 Security Threats 3. Framework  4. Controls   4. Controls http://www.flickr.com/photos/tomhaymes/3212 92834/
  • 3. Understand Cloud Cl d
  • 4. Essential Characteristic On‐Demand Lowered requirement to  forecasts Lowered requirement to forecasts Demand trends are predicted by the  provider Usage‐metered  Usage metered Pay‐by‐the‐realtime use  Self‐service from pool of resources Resources managed by consumer  Resources managed by consumer with a GUI or API Elastic Scalability Grow or shrink resources as required Grow or shrink resources as required Ubiquitous  Network The network is essential to use the  service ser i e
  • 5. Beyond basic.. Modes of Deployment p S i Services Types Compute Storage IaaS Deployment Network Datacentre  models Web 2.0 Applications  Public cloud S PaaS Runtime Development tools Business  Hybrid cloud Middleware Database Java Runtime Private cloud Pi t l d Community cloud Collaboratio ERP / CRM aS n Saa Business  Enterprise  Processes Applications
  • 6. Security Threat Thr t
  • 7. Lots of noise on.... Cloud Security? ...how do we simplify it how it... http://www.flickr.com/photos/purpleslog/2870445256/in/photostream/
  • 8. It is same As current InfoSec practice You have to take the ha e same approach as current ISMS http://www.flickr.com/photos/pheckaboolala/341063811 9
  • 9. Cloud Security • What is it? – Protection of your information in Protection of your information in  cloud • Why is critical? – Your information is at central  unknown place in cloud – No visibility of security measures in No visibility of security measures in  Public cloud • Impact of breach  on business? – Lack of Compliance  k f li – Legal issue – Breach of privacy Breach of privacy http://www.flickr.com/photos/nigeljohnson73/6788941421
  • 10. Threats in XaaS Threats in XaaS Models • SaaS:  – Built in security functionality Built in security functionality – Least consumer extensibility – Relatively high level of integrated security • PaaS – Enable developers to build their own applications on top of the platform – M More extensible than SaaS, at the expense of customer ready features ibl h S S h f d f – Built in capabilities are less complete, but there is more flexibility to layer on additional  security • IaaS  – Few  application‐like features,  – Enormous extensibility – Less integrated security capabilities and functionality beyond protecting the  infrastructure itself  – Assets to be managed and secured by the cloud consumer
  • 11. Security Framework Fr rk
  • 12. 1. Identify asset  2. Assess impact  3. Map the asset  to c oud y to cloudify o ta se g of transferring  to potential  to potential a) Data assets on cloud  cloud  b) Applications on business in  deployment  case of breach  case of breach models Security Framework 4. Evaluate  5. Evaluate the  controls in  Dataflow , to  ata o , to each of Iaas/  understand the  Paas/ Saas flow  layer  y depending  upon asset
  • 13. Cloud Controls C tr l
  • 14. 3 Dimensions of cloud security Business  IT Assets  Risk  Criticality  C iti lit in cloud i l d Assessment A t For achieving robust and practical security consider all 3 perspective
  • 15. Types of Controls Types of Controls Governance G Operational O ti l (Strategic)  (Tactical)  • Risk Management  • BCP/ DR • Legal & Electronic  • Data centre  Discovery Operations • Compliance/ Audit • Incident  • Information Life  Management  M t cycle management  • Application security • Portability and Portability and  • Encryption Encryption  Interoperability • Identity & Access  Management  Management • Virtualization 
  • 16. Implement Controls • Possible controls – Layered security  – facilities (physical security) – network infrastructure(network  t ki f t t ( t k security) – IT systems (system security) – information and applications  (application security). • IaaS Cloud provider : IaaS Cloud provider :  – address security controls such as  physical security, environmental  security, and virtualization security it d i t li ti it • SaaS – Addresses upto Application layer Addresses upto Application layer http://www.flickr.com/photos/telstar/2816038167
  • 17. Summary • Consider three perspective‐ Assets, Risk management and  Business criticality  • Cloud as an operational model  neither  provide for nor prevent  p p achieving compliance  • Selection of control depends on  the service and deployment model the service and deployment model • Control varies depending on  the  design, deployment, and  management of the resources f h • Most of Security controls in cloud  are, same as normal IT  environment http://www.flickr.com/photos/isadocafe/2095153000/
  • 18. Sameer Paradia – CGEIT, CISM, CISSP (sameer_m_paradia@yahoo.com) Practicing IT Security for 12+ y g y years out of 20+ y years of IT Services/ Outsourcing work experience. g p http://www.flickr.com/photos/forgetmeknottphotography/7003899183/sizes/l/in/photostream/