This presentation focused on cloud adoption and how cloud security will play an important role for the adoption of a cloud.

1. Cloud Security Issues andCloud Security Issues andCloud Security Issues andCloud Security Issues and
Adoption Guideline for ThaiAdoption Guideline for ThaiAdoption Guideline for ThaiAdoption Guideline for Thai
Government AgenciesGovernment AgenciesGovernment AgenciesGovernment Agencies
July 26, 2016
Dr. Sudsanguan Ngamsuriyaroj
Faculty of ICT, Mahidol University

2. About Me
Assistant Professor
Faculty of ICT, Mahidol University
Teaching
Parallel computing, Cloud computing
Security
Computer Ethics
Research
Security (network, cloud, database)
Parallel computing
Healthcare applications
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY 2
sudsanguan.nga@mahidol.ac.th

3. Agenda
Cloud Adoption
General Security Concepts
Cloud Security Model
Cloud Security Issues
3SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

4. Cloud Adoption
from Data Center to Cloud
4
http://www.stratoscale.com/blog/cloud/the-journey-from-virtualization-to-cloud-computing/
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

5. Cloud Adoption – Why?
5SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

6. Cloud Adoption – Why?
Cost Reduction
6
http://www.opengroup.org/cloud/whitepapers/ccroi/roi.htm
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

7. Are you ready for Cloud?
Which applications will be moved to cloud
Readiness of existing infrastructure
Development of IT personnel (infrastructure and
developers)
How to migrate to cloud
◦ Which cloud model/platform (public, private, hybrid) to use
Budget / ROI
Application users
Schedule to deliver products/services
7SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

8. Categories of Applications
1. Public applications: for everyone: web sites
2. External based applications: for customers/ partners
3. Internal based applications: for staff only - emails
4. Private applications: for administration: ERP, HR
8
Which applications will be
moved to Cloud
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

9. Network infrastructure
System infrastructure
Application platforms
BCP – Business Continuity Plan
Infrastructure Maintenance
Audit process
9
Readiness of Existing Infrastructure
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

10. Physical / Logical network diagram (latest update?)
All existing equipment and their capacity
Report of network usage
◦ Bandwidth enough?
◦ Any usage abuse?
What links needed to be updated
10
Readiness of Existing Infrastructure:
Network Ready?
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

11. List of all servers and the applications running
List of all servers no longer used
How long a server will be used
Is there any maintenance?
What workload running and how much the
utilization is?
If there is a new server, a plan to use VM ?
11
Readiness of Existing Infrastructure:
System Ready?
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

12. Workload Forecasted
12
http://www.americanis.net/2013/shift-your-risk-in-the-cloud/
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

13. Workload Analysis
13SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

14. What would be Barriers?
Data security and privacy
People with effective skills
Different cloud service providers and platforms
Vendor lock-in
Cloud providers’ reliability and availability
Risks
14
http://www.slideshare.net/ISS-NUS/security-in-smart-city-implementation-
infrastructure-and-people
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

15. General Security Concept
15
http://www.slideshare.net/dr_edw777/chapter-1-overview-11741038
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

16. NIST Reference Architecture
16
Source: NIST Special Publication 500-292, NIST Cloud Computing Reference Architecture
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

17. Cloud Security Model
17
http://www.softwaretestpro.com/ItemAssets/5590/Fig4.jpg
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

18. 1. Data breaches/ leaks
2. Data loss
3. Account or service traffic hijacking
4. Insecure interfaces and APIs
5. Denial of services
6. Malicious Insiders
7. Cloud abuse
8. Insufficient due diligence
9. Shared technology vulnerabilities
CSA Notorious 9CSA Notorious 9CSA Notorious 9CSA Notorious 9
Cloud Top Threats in 2013
18
https://downloads.cloudsecurityalliance.org/initiatives/top_
threats/The_Notorious_Nine_Cloud_Computing_Top_Threa
ts_in_2013.pdf
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

19. CSA TreacherousCSA TreacherousCSA TreacherousCSA Treacherous 12121212
Cloud Top Threats in 2016
1. Data Breaches
2. Weak Identity,
Credential and Access
Management
3. Insecure APIs
4. System and Application
Vulnerabilities
5. Account Hijacking
6. Malicious Insiders
19
7. Advanced Persistent
Threats (APTs)
8. Data Loss
9. Insufficient Due Diligence
10.Abuse and Nefarious Use
of Cloud Services
11.Denial of Service
12.Shared Technology Issues
https://cloudsecurityalliance.org/download/the-treacherous-twelve-cloud-
computing-top-threats-in-2016/
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

20. Data Breaches
World's Biggest Data Breaches
Selected losses greater than 30,000 records (updated 11th July 2016)
20
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

21. Data Loss
21
http://www.theregister.co.uk
/2016/05/13/salesforcecom_
crash_caused_data_loss/
http://www.computerworld.com/a
rticle/2973600/cloud-
computing/google-cloud-loses-
data-belgium-itbwcw.html
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

22. Data Security on Cloud
How to protect your data from being observed?
Data Encryption
what about KEY? and Key Management?
encryption algorithm?
How about “homomorphic encryption”?
Data Masking for Sensitive data like bank accounts
maintain a mapping between real and
masked data
22SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

23. Data Life Cycle
23
https://securosis.com/tag/data+security+lifecycle
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

24. Cloud Threats and Vulnerabilities
24
Adopted from “Realizing the Benefits of Vulnerability Management in the Cloud” by Gordon MacKay, CTO, Digital
Defense, Inc.
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

25. Cloud Security Issues
25
https://www.eitdigital.eu/fileadmin/files/docs/documents_helsinki/TheoDimitrakos-
EIT_ICT_Labs_Symposium_on_Trusted_Cloud_and_Future_Enterprises-email-no-demo.pdf
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

26. Cloud Security Issues
26
https://www.eitdigital.eu/fileadmin/files/docs/documents_helsinki/TheoDimitrakos-
EIT_ICT_Labs_Symposium_on_Trusted_Cloud_and_Future_Enterprises-email-no-demo.pdf
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

27. Cloud Security Issues
27
https://www.eitdigital.eu/fileadmin/files/docs/documents_helsinki/TheoDimitrakos-
EIT_ICT_Labs_Symposium_on_Trusted_Cloud_and_Future_Enterprises-email-no-demo.pdf
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

28. Cloud Security Issues
28
https://www.eitdigital.eu/fileadmin/files/docs/documents_helsinki/TheoDimitrakos-
EIT_ICT_Labs_Symposium_on_Trusted_Cloud_and_Future_Enterprises-email-no-demo.pdf
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

29. Q&A
Thank you
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY 29