SlideShare uma empresa Scribd logo

SSL Europa Cloud Security 2013

S
ssleuropa

Cloud Security: the rules and best practices by SSL Europa

TecnologiaEducação
1 de 27
Baixar para ler offline
Cloud Security: Rules and Best Practices patrick.duboys@ssl-europa.com 20/11/2013 Autorité d’Enregistrement
Agenda       Seven Cloud Computing Risks Asymmetric encryption Electronic signature Strong authentication Rules Best Practices Autorité d’Enregistrement
Cloud-Computing Security Risks (1) Risk Assessment • • • Data integrity, recovery privacy Evaluation of legal issues, regulatory compliance, auditing Etc… Transparency • • • • • Qualification of policy makers, architects, coders, operators Risk-control processes and technical mechanisms Level of testing How unanticipated vulnerabilities are identified Etc… Autorité d’Enregistrement
Seven Cloud-Computing Risks (1) 1. Privileged user access • • • 2. Regulatory compliance • • 3. Customers are responsible Check external audits and security certifications Data location • • 4. Physical, logical and personnel control Ask about hiring and oversight of administrators What control there is ? Commitment to storing and processing data in specific jurisdictions Contractual commitment Data segregation • • Data at rest and in use ? Encryption designed and tested by experienced specialist Autorité d’Enregistrement
Seven Cloud-Computing Risks (2) 5. Recovery • • • What happens in case of a disaster? Replication of data and application across multiple sites? Ability to do a complete restoration ? how long would it take? 6. Investigative support • • • • How to trace inappropriate or illegal activities? Logging and data may be for multiple customers Contractual commitment to support specific forms of investigation Get evidence that the vendor has already supported such activities 7. Long-term viability • • What if your Cloud provider goes broke or gets acquired? How could you get your data back? In which format? Replacement application? Autorité d’Enregistrement
Asymmetric Encryption  Symmetric Encryption  Asymmetric Encryption Autorité d’Enregistrement
Symmetric Encryption Message in clear Encryption Encrypted Message Decryption Message in clear Autorité d’Enregistrement
Symmetric Encryption Autorité d’Enregistrement
Symmetric Encryption Advantages – Fast – Relatively simple to implement – Very efficient in particular when the key is used only once Drawbacks – A different key by pair of users • The major issue : Keys management (as many keys to exchange as there are users) • How do Alice and Bob get the key without anybody else having access to it ? • The key must follow a different channel (phone, fax, …) Autorité d’Enregistrement
Symmetric Encryption Internet & Cloud Applications Authentication Confidentiality Authorization Integrity (applicative) � Security Infrastructure Security Policy Autorité d’Enregistrement Non repudiation
Asymmetric Encryption Invented in 1975 by Whitfield Diffie and Martin Hellman Each user owns a pair of key – The public key that is used to encrypt and which is known by everybody – The private key that is used to decrypt and which is only known by the owner Autorité d’Enregistrement
Asymmetric Encryption Encryption Symmetric Key Decryption = = Asymmetric Key Autorité d’Enregistrement
Asymmetric Encryption Autorité d’Enregistrement
Asymmetric Encryption: Signature Autorité d’Enregistrement
Symmetric Encryption Internet & Cloud Applications Authentication Confidentiality Authorization Integrity Non repudiation (applicative) � � Security Infrastructure Security Policy Autorité d’Enregistrement �
Example : SSL Server Client Server Send a message A Verification of the certificate and of the signature Negotiation of the encryption algorithm Send the certificate and the message A signed Negotiation of the encryption algorithm Generation of a session key Encryption of the session Key with the server public key Send the session key Encrypted Decryption of the session key with the private key The session key is shared Autorité d’Enregistrement
Symmetric Encryption Internet & Cloud Applications Authentication Confidentiality Authorization Integrity Non repudiation (applicative) � � � Security Infrastructure Security Policy Autorité d’Enregistrement � �
Examples of Solutions Autorité d’Enregistrement
Rules of thumbs  Use encryption   For exchanges of data with the Cloud For data in the Cloud  Use strong authentication   To connect to the Cloud To identify the Cloud server  Use signature  For exchanges of data in the Cloud Autorité d’Enregistrement
Best Practices (1)        Protect data transfer but also data in the cloud Use data-centric encryption & encryption embedded in the file format Understand how the keys will be managed (avoid reliance on cloud providers) Include files such as logs and metadata in encryption Use strong standard algorithm (such as AES-256) Use open validated formats Avoid proprietary encryption Autorité d’Enregistrement
Best Practices (2)  Content aware Encryption  Format-preserving Encryption  Use Data Leak Prevention (DLP) solutions Autorité d’Enregistrement
Best Practices (3. Data Base)  Be aware of performances issues  Use object security  Store a secure hash Autorité d’Enregistrement
Best Practices (4) Use a Key Management Software Use group levels keys Maintain keys within the Enterprise Revoking keys Define and enforce strong Key management processes and practices  Implement segregation of duties      Autorité d’Enregistrement
Recommendations (1)  Use best practices key management practices  Use off-the-shelf products from credible sources  Maintain your own trusted cryptographic source  Key scoping at the individual or group level  Use DRM systems Autorité d’Enregistrement
Recommendations (2)  Use standard algorithm  Avoid old ones such as DES  Use central and internal key management (with your own HSM, etc.)  Use segregation of duties Autorité d’Enregistrement
Reference http://www.cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf Autorité d’Enregistrement
Thank you for your attention SSL EUROPA 8 chemin des escargots 18200 Orval - France +33 (0)9 88 99 54 09 www.ssl-europa.com Autorité d’Enregistrement

Recomendados

Security chapter6
Security chapter6Security chapter6
Security chapter6FLYMAN TECHNOLOGY LIMITED
 
Storage on cloud using dynamic encryption
Storage on cloud using dynamic encryptionStorage on cloud using dynamic encryption
Storage on cloud using dynamic encryptionMphasis
 
CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementSam Bowne
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge Pereira
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsNCC Group
 
Protecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementProtecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementStuart Marsh
 
Proprietary Information
Proprietary InformationProprietary Information
Proprietary Informationhypknight
 
Arjun it
Arjun itArjun it
Arjun itThakur Prasad
 

Recomendados

Security chapter6
Security chapter6Security chapter6
Security chapter6FLYMAN TECHNOLOGY LIMITED
 
Storage on cloud using dynamic encryption
Storage on cloud using dynamic encryptionStorage on cloud using dynamic encryption
Storage on cloud using dynamic encryptionMphasis
 
CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementSam Bowne
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge Pereira
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsNCC Group
 
Protecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementProtecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementStuart Marsh
 
Proprietary Information
Proprietary InformationProprietary Information
Proprietary Informationhypknight
 
Arjun it
Arjun itArjun it
Arjun itThakur Prasad
 
NIC - Securing one drive and its content
NIC - Securing one drive and its contentNIC - Securing one drive and its content
NIC - Securing one drive and its contentOlav Tvedt
 
Unit 3
Unit 3Unit 3
Unit 3abhishek srivastav
 
Brochure Imperva Vormetric
Brochure Imperva VormetricBrochure Imperva Vormetric
Brochure Imperva VormetricMichelle Guerrero Montalvo
 
Securing Data in MongoDB with Gazzang and Chef
Securing Data in MongoDB with Gazzang and ChefSecuring Data in MongoDB with Gazzang and Chef
Securing Data in MongoDB with Gazzang and ChefMongoDB
 
IACP 2011
IACP 2011IACP 2011
IACP 2011gnichols_interdev
 
FinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-OptimizedFinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-OptimizedPhillip Stalnaker
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityKarthikeyan Dhayalan
 
Next-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with TelosNext-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with TelosAmazon Web Services
 
In data security
In data securityIn data security
In data securityadithdev
 
The security story behind critical industrial networks
The security story behind critical industrial networks The security story behind critical industrial networks
The security story behind critical industrial networks odix (ODI LTD)
 
Crypto academy
Crypto academyCrypto academy
Crypto academyPaul Gillingwater, MBA
 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and TestingSam Bowne
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020odix (ODI LTD)
 
Honeypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsHoneypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsAPNIC
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingSam Bowne
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security OperationsSam Bowne
 
CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)Sam Bowne
 
CISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingCISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingSam Bowne
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
Judgment Debtors
Judgment DebtorsJudgment Debtors
Judgment Debtorsnavneetrai
 
2 ПАТ Черкассыоблэнерго sml
2 ПАТ Черкассыоблэнерго sml2 ПАТ Черкассыоблэнерго sml
2 ПАТ Черкассыоблэнерго smlOleksander Prudkoy
 

Mais conteúdo relacionado

Mais procurados

NIC - Securing one drive and its content
NIC - Securing one drive and its contentNIC - Securing one drive and its content
NIC - Securing one drive and its contentOlav Tvedt
 
Securing Data in MongoDB with Gazzang and Chef
Securing Data in MongoDB with Gazzang and ChefSecuring Data in MongoDB with Gazzang and Chef
Securing Data in MongoDB with Gazzang and ChefMongoDB
 
FinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-OptimizedFinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-OptimizedPhillip Stalnaker
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityKarthikeyan Dhayalan
 
Next-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with TelosNext-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with TelosAmazon Web Services
 
In data security
In data securityIn data security
In data securityadithdev
 
The security story behind critical industrial networks
The security story behind critical industrial networks The security story behind critical industrial networks
The security story behind critical industrial networks odix (ODI LTD)
 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and TestingSam Bowne
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020odix (ODI LTD)
 
Honeypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsHoneypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsAPNIC
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingSam Bowne
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security OperationsSam Bowne
 
CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)Sam Bowne
 
CISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingCISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingSam Bowne
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 

Mais procurados (20)

NIC - Securing one drive and its content
NIC - Securing one drive and its contentNIC - Securing one drive and its content
NIC - Securing one drive and its content
 
Unit 3
Unit 3Unit 3
Unit 3
 
Brochure Imperva Vormetric
Brochure Imperva VormetricBrochure Imperva Vormetric
Brochure Imperva Vormetric
 
Securing Data in MongoDB with Gazzang and Chef
Securing Data in MongoDB with Gazzang and ChefSecuring Data in MongoDB with Gazzang and Chef
Securing Data in MongoDB with Gazzang and Chef
 
IACP 2011
IACP 2011IACP 2011
IACP 2011
 
FinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-OptimizedFinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-Optimized
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical security
 
Next-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with TelosNext-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with Telos
 
In data security
In data securityIn data security
In data security
 
The security story behind critical industrial networks
The security story behind critical industrial networks The security story behind critical industrial networks
The security story behind critical industrial networks
 
Crypto academy
Crypto academyCrypto academy
Crypto academy
 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and Testing
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
 
odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020odix introduction ransomware prevention in WFH reality 2020
odix introduction ransomware prevention in WFH reality 2020
 
Honeypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsHoneypots for proactively detecting security incidents
Honeypots for proactively detecting security incidents
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and Testing
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security Operations
 
CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)
 
CISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingCISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and Testing
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
 

Destaque

Judgment Debtors
Judgment DebtorsJudgment Debtors
Judgment Debtorsnavneetrai
 
2 ПАТ Черкассыоблэнерго sml
2 ПАТ Черкассыоблэнерго sml2 ПАТ Черкассыоблэнерго sml
2 ПАТ Черкассыоблэнерго smlOleksander Prudkoy
 
การเขียนโปรแกรมโดยใช้ Net beans
การเขียนโปรแกรมโดยใช้ Net beansการเขียนโปรแกรมโดยใช้ Net beans
การเขียนโปรแกรมโดยใช้ Net beansDonnapha Bor-sap
 
8051 Microcontroller Tutorial and Architecture with Applications
8051 Microcontroller Tutorial and Architecture with Applications8051 Microcontroller Tutorial and Architecture with Applications
8051 Microcontroller Tutorial and Architecture with Applicationselprocus
 
Enfermedad trofoblastica gestacional
Enfermedad trofoblastica gestacionalEnfermedad trofoblastica gestacional
Enfermedad trofoblastica gestacionalNelva Gallardo
 
Aguilas enero del 2016
Aguilas enero del 2016Aguilas enero del 2016
Aguilas enero del 2016Josue Gonzalez
 
Harvey Nichols Dubai - by www.aramanstudio.com
Harvey Nichols Dubai - by www.aramanstudio.comHarvey Nichols Dubai - by www.aramanstudio.com
Harvey Nichols Dubai - by www.aramanstudio.comaraman
 
Levítico santidad practica xxiv ibe callao
Levítico santidad practica xxiv ibe callaoLevítico santidad practica xxiv ibe callao
Levítico santidad practica xxiv ibe callaoIBE Callao
 

Destaque (9)

Judgment Debtors
Judgment DebtorsJudgment Debtors
Judgment Debtors
 
2 ПАТ Черкассыоблэнерго sml
2 ПАТ Черкассыоблэнерго sml2 ПАТ Черкассыоблэнерго sml
2 ПАТ Черкассыоблэнерго sml
 
Personal SWOT
Personal SWOTPersonal SWOT
Personal SWOT
 
การเขียนโปรแกรมโดยใช้ Net beans
การเขียนโปรแกรมโดยใช้ Net beansการเขียนโปรแกรมโดยใช้ Net beans
การเขียนโปรแกรมโดยใช้ Net beans
 
8051 Microcontroller Tutorial and Architecture with Applications
8051 Microcontroller Tutorial and Architecture with Applications8051 Microcontroller Tutorial and Architecture with Applications
8051 Microcontroller Tutorial and Architecture with Applications
 
Enfermedad trofoblastica gestacional
Enfermedad trofoblastica gestacionalEnfermedad trofoblastica gestacional
Enfermedad trofoblastica gestacional
 
Aguilas enero del 2016
Aguilas enero del 2016Aguilas enero del 2016
Aguilas enero del 2016
 
Harvey Nichols Dubai - by www.aramanstudio.com
Harvey Nichols Dubai - by www.aramanstudio.comHarvey Nichols Dubai - by www.aramanstudio.com
Harvey Nichols Dubai - by www.aramanstudio.com
 
Levítico santidad practica xxiv ibe callao
Levítico santidad practica xxiv ibe callaoLevítico santidad practica xxiv ibe callao
Levítico santidad practica xxiv ibe callao
 

Semelhante a SSL Europa Cloud Security 2013

Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataPrecisely
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...Ulf Mattsson
 
Web-of-Things and Services Security
Web-of-Things and Services SecurityWeb-of-Things and Services Security
Web-of-Things and Services SecurityOliver Pfaff
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...MongoDB
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 
2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion DetectionAPNIC
 
Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romneywoyaoni
 
Cloud Security and some preferred practices
Cloud Security and some preferred practicesCloud Security and some preferred practices
Cloud Security and some preferred practicesMichael Pearce
 
Encryption in the enterprise
Encryption in the enterpriseEncryption in the enterprise
Encryption in the enterpriseBozhidar Bozhanov
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
CLOUD SECURITY.pptx
CLOUD SECURITY.pptxCLOUD SECURITY.pptx
CLOUD SECURITY.pptxMrPrathapG
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Mukesh Chinta
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Security Innovation
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPandreasschuster
 
Preatorian Secure partners with Cipher loc - New Encryption Technology
Preatorian Secure partners with Cipher loc - New Encryption Technology Preatorian Secure partners with Cipher loc - New Encryption Technology
Preatorian Secure partners with Cipher loc - New Encryption Technology Austin Ross
 

Semelhante a SSL Europa Cloud Security 2013 (20)

Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i Data
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...
 
Web-of-Things and Services Security
Web-of-Things and Services SecurityWeb-of-Things and Services Security
Web-of-Things and Services Security
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
 
2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection
 
Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romney
 
Cloud Security and some preferred practices
Cloud Security and some preferred practicesCloud Security and some preferred practices
Cloud Security and some preferred practices
 
Encryption in the enterprise
Encryption in the enterpriseEncryption in the enterprise
Encryption in the enterprise
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
CLOUD SECURITY.pptx
CLOUD SECURITY.pptxCLOUD SECURITY.pptx
CLOUD SECURITY.pptx
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLP
 
Praetorian_Secure_EncryptionServices_Overview
Praetorian_Secure_EncryptionServices_OverviewPraetorian_Secure_EncryptionServices_Overview
Praetorian_Secure_EncryptionServices_Overview
 
Praetorian secure encryption_services_overview
Praetorian secure encryption_services_overviewPraetorian secure encryption_services_overview
Praetorian secure encryption_services_overview
 
Preatorian Secure partners with Cipher loc - New Encryption Technology
Preatorian Secure partners with Cipher loc - New Encryption Technology Preatorian Secure partners with Cipher loc - New Encryption Technology
Preatorian Secure partners with Cipher loc - New Encryption Technology
 

Mais de ssleuropa

Comment obtenir une clé de signature RGS avec SSL Europa?
Comment obtenir une clé de signature RGS avec SSL Europa? Comment obtenir une clé de signature RGS avec SSL Europa?
Comment obtenir une clé de signature RGS avec SSL Europa? ssleuropa
 
Comment obtenir un certificat SSL pour sécuriser son site internet?
Comment obtenir un certificat SSL pour sécuriser son site internet? Comment obtenir un certificat SSL pour sécuriser son site internet?
Comment obtenir un certificat SSL pour sécuriser son site internet? ssleuropa
 
Digital signature by SSL Europa
Digital signature by SSL EuropaDigital signature by SSL Europa
Digital signature by SSL Europassleuropa
 
Signature électronique par SSL Europa
Signature électronique par SSL EuropaSignature électronique par SSL Europa
Signature électronique par SSL Europassleuropa
 
Comment choisir son certificat ssl fr v01
Comment choisir son certificat ssl fr v01Comment choisir son certificat ssl fr v01
Comment choisir son certificat ssl fr v01ssleuropa
 
Secure your digital world v01
Secure your digital world v01Secure your digital world v01
Secure your digital world v01ssleuropa
 
Sécurité du monde numérique v01
Sécurité du monde numérique v01Sécurité du monde numérique v01
Sécurité du monde numérique v01ssleuropa
 

Mais de ssleuropa (7)

Comment obtenir une clé de signature RGS avec SSL Europa?
Comment obtenir une clé de signature RGS avec SSL Europa? Comment obtenir une clé de signature RGS avec SSL Europa?
Comment obtenir une clé de signature RGS avec SSL Europa?
 
Comment obtenir un certificat SSL pour sécuriser son site internet?
Comment obtenir un certificat SSL pour sécuriser son site internet? Comment obtenir un certificat SSL pour sécuriser son site internet?
Comment obtenir un certificat SSL pour sécuriser son site internet?
 
Digital signature by SSL Europa
Digital signature by SSL EuropaDigital signature by SSL Europa
Digital signature by SSL Europa
 
Signature électronique par SSL Europa
Signature électronique par SSL EuropaSignature électronique par SSL Europa
Signature électronique par SSL Europa
 
Comment choisir son certificat ssl fr v01
Comment choisir son certificat ssl fr v01Comment choisir son certificat ssl fr v01
Comment choisir son certificat ssl fr v01
 
Secure your digital world v01
Secure your digital world v01Secure your digital world v01
Secure your digital world v01
 
Sécurité du monde numérique v01
Sécurité du monde numérique v01Sécurité du monde numérique v01
Sécurité du monde numérique v01
 

Último

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Último (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

SSL Europa Cloud Security 2013

  • 1. Cloud Security: Rules and Best Practices patrick.duboys@ssl-europa.com 20/11/2013 Autorité d’Enregistrement
  • 2. Agenda       Seven Cloud Computing Risks Asymmetric encryption Electronic signature Strong authentication Rules Best Practices Autorité d’Enregistrement
  • 3. Cloud-Computing Security Risks (1) Risk Assessment • • • Data integrity, recovery privacy Evaluation of legal issues, regulatory compliance, auditing Etc… Transparency • • • • • Qualification of policy makers, architects, coders, operators Risk-control processes and technical mechanisms Level of testing How unanticipated vulnerabilities are identified Etc… Autorité d’Enregistrement
  • 4. Seven Cloud-Computing Risks (1) 1. Privileged user access • • • 2. Regulatory compliance • • 3. Customers are responsible Check external audits and security certifications Data location • • 4. Physical, logical and personnel control Ask about hiring and oversight of administrators What control there is ? Commitment to storing and processing data in specific jurisdictions Contractual commitment Data segregation • • Data at rest and in use ? Encryption designed and tested by experienced specialist Autorité d’Enregistrement
  • 5. Seven Cloud-Computing Risks (2) 5. Recovery • • • What happens in case of a disaster? Replication of data and application across multiple sites? Ability to do a complete restoration ? how long would it take? 6. Investigative support • • • • How to trace inappropriate or illegal activities? Logging and data may be for multiple customers Contractual commitment to support specific forms of investigation Get evidence that the vendor has already supported such activities 7. Long-term viability • • What if your Cloud provider goes broke or gets acquired? How could you get your data back? In which format? Replacement application? Autorité d’Enregistrement
  • 6. Asymmetric Encryption  Symmetric Encryption  Asymmetric Encryption Autorité d’Enregistrement
  • 7. Symmetric Encryption Message in clear Encryption Encrypted Message Decryption Message in clear Autorité d’Enregistrement
  • 9. Symmetric Encryption Advantages – Fast – Relatively simple to implement – Very efficient in particular when the key is used only once Drawbacks – A different key by pair of users • The major issue : Keys management (as many keys to exchange as there are users) • How do Alice and Bob get the key without anybody else having access to it ? • The key must follow a different channel (phone, fax, …) Autorité d’Enregistrement
  • 10. Symmetric Encryption Internet & Cloud Applications Authentication Confidentiality Authorization Integrity (applicative) � Security Infrastructure Security Policy Autorité d’Enregistrement Non repudiation
  • 11. Asymmetric Encryption Invented in 1975 by Whitfield Diffie and Martin Hellman Each user owns a pair of key – The public key that is used to encrypt and which is known by everybody – The private key that is used to decrypt and which is only known by the owner Autorité d’Enregistrement
  • 15. Symmetric Encryption Internet & Cloud Applications Authentication Confidentiality Authorization Integrity Non repudiation (applicative) � � Security Infrastructure Security Policy Autorité d’Enregistrement �
  • 16. Example : SSL Server Client Server Send a message A Verification of the certificate and of the signature Negotiation of the encryption algorithm Send the certificate and the message A signed Negotiation of the encryption algorithm Generation of a session key Encryption of the session Key with the server public key Send the session key Encrypted Decryption of the session key with the private key The session key is shared Autorité d’Enregistrement
  • 17. Symmetric Encryption Internet & Cloud Applications Authentication Confidentiality Authorization Integrity Non repudiation (applicative) � � � Security Infrastructure Security Policy Autorité d’Enregistrement � �
  • 18. Examples of Solutions Autorité d’Enregistrement
  • 19. Rules of thumbs  Use encryption   For exchanges of data with the Cloud For data in the Cloud  Use strong authentication   To connect to the Cloud To identify the Cloud server  Use signature  For exchanges of data in the Cloud Autorité d’Enregistrement
  • 20. Best Practices (1)        Protect data transfer but also data in the cloud Use data-centric encryption & encryption embedded in the file format Understand how the keys will be managed (avoid reliance on cloud providers) Include files such as logs and metadata in encryption Use strong standard algorithm (such as AES-256) Use open validated formats Avoid proprietary encryption Autorité d’Enregistrement
  • 21. Best Practices (2)  Content aware Encryption  Format-preserving Encryption  Use Data Leak Prevention (DLP) solutions Autorité d’Enregistrement
  • 22. Best Practices (3. Data Base)  Be aware of performances issues  Use object security  Store a secure hash Autorité d’Enregistrement
  • 23. Best Practices (4) Use a Key Management Software Use group levels keys Maintain keys within the Enterprise Revoking keys Define and enforce strong Key management processes and practices  Implement segregation of duties      Autorité d’Enregistrement
  • 24. Recommendations (1)  Use best practices key management practices  Use off-the-shelf products from credible sources  Maintain your own trusted cryptographic source  Key scoping at the individual or group level  Use DRM systems Autorité d’Enregistrement
  • 25. Recommendations (2)  Use standard algorithm  Avoid old ones such as DES  Use central and internal key management (with your own HSM, etc.)  Use segregation of duties Autorité d’Enregistrement
  • 27. Thank you for your attention SSL EUROPA 8 chemin des escargots 18200 Orval - France +33 (0)9 88 99 54 09 www.ssl-europa.com Autorité d’Enregistrement