1 / 64

Cloud Security By Dr. Anton Ravindran

Cloud Security By Dr. Anton Ravindran. Venue: Lecture at Institute for Research in Applicable Computing (IRAC), University of Bedfordshire.

globalstf
Download Presentation

Cloud Security By Dr. Anton Ravindran

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cloud Security Venue: Lecture at Institute for Research in Applicable Computing (IRAC), University of Bedfordshire Dr. Anton Ravindran

  2. 5000 Exabytes $ 150 Billion

  3. Adoption trends CIO Agenda Report, Gartner, 2013 (2053 CIOs, 36 industries, 41 countries)

  4. 82% of IT professionals in Asia Pacific continue to regard cloud data security as an executive-level concern Cloud Security an Executive Level Concern Source: Cloud Security Alliance “Cloud Adoptions Practices & Priorities Survey Report” (2015)

  5. Global Cloud Security Market Growth Analysis 2012-2014 (US$ million)

  6. Global Cloud Security Market by End-User Segmentation

  7. Cloud Anatomy

  8. Cloud Computing Landscape

  9. Cloud Computing Landscape Gartner predicts revenue of USD 131billion in 2013

  10. A simple definition “In simple words, the Cloudrefers to the process of sharing resources (such as hardware, development platforms and/or software) over the internet. It enables On-Demandnetwork access to a shared pool of dynamically configurable computing resources. These resources are accessed mostly on apay-per-useor subscription basis.” The Cloud Changing the Business Ecosystem, KPMG, 2011

  11. Why do customers use the cloud?

  12. Private Cloud vs. Public Cloud

  13. Public, Private, Hybrid Hybrid Private/ internal Public/ external On premises/internal Off premises/third-party Image reproduced from Cloud security and privacy, 2009, Mather et al.

  14. Private and hybrid clouds • Rise in hybrid and private cloud for sensitive data • Private cloud cost can be prohibitive • Hybrid cloud ranks 4 on Gartner top 10 strategic technology trends, 2014 Models companies use/intend to use* (Larger companies prefer private) KPMG's The Cloud: Changing the Business Ecosystem, 2011

  15. challenges

  16. A survey commissioned by Microsoft on ‘Cloud computing among business leaders and the general population’ states that: • 58% of the general population and 86% of senior business leaders are excited about the potential of cloud computing. • But, more than 90% of these same people are concerned about the security, access and privacy of their own data in the cloud. Customer’s biggest concern? Source: Microsoft

  17. Customers’ biggest concerns KPMG International’s 2012 Global Cloud Provider Survey (n=179)

  18. Customers’ biggest concerns KPMG International’s 2012 Global Cloud Provider Survey (n=179)

  19. Control, liability and accountability Organization shares control with vendor Organization has control Vendor has control Image reproduced from Cloud security and privacy, 2009, Mather et al.

  20. Cloud security • What’s not new? • Phishing, password, malware, downtime etc. • What’s new? Understand… • Change in trust boundaries • Impact of using • Public vs. private cloud • IaaS vs. PaaS vs. SaaS • Division of responsibilities between customer and Cloud Service Provider (CSP)

  21. Accountability Confidentiality Defining Security in Cloud Integrity Assurance Availability Source: NIST

  22. Cloud Security is no different Cloud Security is no different People & Process System Network Physical Validated and driven by customers’ security experts Familiar Security Model Benefits all customers

  23. There are undoubtedly risks associated with the use of Cloud-based services, just as there are risks associated other delivery models. Source: Capgemini

  24. Security is Shared

  25. Security & Compliance is a shared responsibility Customer Application & Content C U S T O M ER Customers have their choice of Security IN the Cloud Platform, Application, Identity & Access Management Operating System, Network & Firewall Configuration Sever-side Data Encryption Network Traffic Protection Client-side Data Encryption Foundation Services Compute Storage Database Networking Responsible for the security OFthe cloud Availability Zones Edge Locations Global Infrastructure Regions

  26. Why its DIFFERENT? • Most cloud security problems stem from: • Loss of control • Lack of trust • Multi-tenancy

  27. Data-in-transit Data-at-rest Processing of Data (including Multi-tenancy) Cloud Data and Storage Security

  28. Data Location • When users use the cloud, user probably won’t know exactly where your data is hosted, what country it will be stored in? • Data should be stored and processed by only specific jurisdictions as define by user. • Provider should also make contractual commitment to obey privacy requirement on behalf of their customers, • Data-centered policies that are generated when a user provides personal or sensitive information, that travels with that information throughout its lifetime to ensure that the information is used only in accordance with the policy Data Policies

  29. Data Sanitization • Sanitization is a process of removing sensitive information from a storage device . • What happens to data stored in a cloud computing environment once it has passed Its user’s “use by date” • What data sanitization practices does the cloud computing service provider propose to implement for redundant and retiring data storage devices as and when these devices are retired or taken out of service.

  30. Security is Familiar

  31. Security is Familiar • Visibility • Auditability • Controllability • Agility

  32. Security is Visible

  33. Security is visible HOW OFTEN DO YOU MAP YOUR NETWORK? WHAT’S IN YOUR ENVIROMENT RIGHT NOW?

  34. AWS CloudTrail You are making API calls On a growing set of services around the world… CloudTrail is continuously recording API calls And delivering log files to you

  35. Security is Visible • Who is accessing the resources? • Who took what action • When? • From Where? • What did they do? • Logs LogsLogs • Physical

  36. Security is Auditable

  37. Security is Auditable Security Control Objectives • Security Organization • User Access • Logical Security • Physical Security and ENV. Safeguards • Change Management • Data Integrity, Availability and Redundancy • Incident Handling

  38. Security is Controllable

  39. Security is Controllable • Mange encryption • Key management Services • Create, store & retrieve key securely • Rotate Keys regularly • Securely Audit access to keys • Fine grained Access/Firewalls (closed) • VPC • Logs of Access Logs of Actions Logs of Activities • Consistency of Security

  40. Simple Security Controls Easy to get Right Easy to Audit Easy to Enforce

  41. Security is Agile

  42. CSPs improving security Tighter restrictions on user access Improving real-time threat detection Greater use of data encryption What steps are you [CSP] taking to improve data security and privacy in your cloud offerings? (top 3)*

  43. Top SLA parameters System Availability Regulatory compliance Data security Response time Functional capabilities Other performance levels *KPMG International’s 2012 Global Cloud Provider Survey (n=179)

  44. Techniques & Examples

  45. We do have some options available if we need a higher level of risk mitigation than what is provided by a virtual firewall appliance i.e. hypervisor based firewall. • Example: VMware’s vShield • A hypervisor based firewall moves the firewall to the other side of the virtual switch, thus mitigating any risks within the switch itself. • The problem with hypervisor based firewalls is that they are vendor specific. Hypervisor Based Firewall

  46. Hypervisor Based Firewall Source: CSA

  47. The NetserversFireRack firewall is an Internet security appliance designed to provide highly compartmentalized security with devolved management. • Security Zones • It is hence ideally suited for environments such as co-location hosting or college networks where badly maintained or untrustworthy computers on the same network as yours could otherwise pose it a threat. FireRack Virtual Firewall

  48. FireRack Virtual Firewall Source: FireRack

More Related