cloud security assessment n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Cloud Security Assessment PowerPoint Presentation
Download Presentation
Cloud Security Assessment

Loading in 2 Seconds...

play fullscreen
1 / 18

Cloud Security Assessment - PowerPoint PPT Presentation


  • 76 Views
  • Uploaded on

Cloud Security Assessment . Introduction. The Cloud, a revolution on several levels….

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Cloud Security Assessment' - louis


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
introduction
Introduction

The Cloud, a revolution on several levels…

  • Cloud computing is an approach in which infrastructure and software resources are provided by an external vendor or by your internal IT department over the Internet. These resources are highly scalable and at competitive costs, which make Cloud services highly attractive in a business environment in which organisations are trying to reduce their IT capital expenditure and costs and improve the flexibility of their IT services delivery.
reasons for using cloud computing

Introduction

Reasons for using Cloud Computing

Source: Flying Blind in the Cloud, Ponemon Institute, April 2010

introduction1
Introduction

Benefits and risks

Adopting Cloud computing can bring significant benefits and challenges for organisations in building trust and confidence in Cloud Computing services, including:

slide5

Introduction

Atos Sphere™ Security and Compliance

slide6

Introduction

  • Cloud Services as a mix of consumer commodities and enterprise applications have to meet costumer needs for confidentiality and compliance to legal directives. This package provides:
  • Set of core security principals to assure users and customers of a trustworthy cloud computing environment
  • Increased level of security to support sensible enterprise applications and data in a cloud environment
  • Customer adopted best practice rules to handle ignorance of data, processing and application location
legal recommendations
Legal Recommendations

Business issues

  • European Commission
    • Data Protect Directive (Article 29)
    • Customer notification of data security breaches
    • eCommerce Directive (Article 12-15)
    • Minimum data protection standards and privacy certification schemes common across all stated
  • Country local directives
    • Germany: TKG, Datenschutzgesetz
  • Areas of attention
    • Data Security, Protection and Transfer
    • Law Enforcement Access
    • Confidentiality and non-disclosure
    • Intellectual property
    • Risk allocation and limitation of liability
    • Change of control
security benefits security and the benefits of scale
Security Benefits Security and the benefits of scale

Business issues

  • All security measures are cheaper when implemented in a large scale
  • Same amount of investment in security buys better protection for all kinds of defensive measures e.g.
    • Filtering
    • Patch management
    • Hardening of virtual machines and hypervisors
  • Multiple locations
  • Edge networks
  • timeliness of response to incidents, treat management
  • Standardized interface for managed security services (open and readily available market)
  • Dynamic reallocation of filtering, traffic shaping, authentication, encryption, etc.
  • Audit and evidence gathering (less downtime for forensic analysis, lower log storage cost)
  • More timely effective and efficient updates and default
  • Benefits of resource concentration, beside the risk security is cheaper
protection of sensitive information in the cloud
Protection of sensitive information in the Cloud

Business issues

  • Only a few organizations have taken proactive steps to protect sensitive information

Source: Flying Blind in the Cloud, Ponemon Institute, April 2010

security risks top risks
Security RisksTop Risks

Business issues

  • Loss of Governance
  • Lock-In
  • Isolation Failure
  • Compliance Risk
  • Management interface compromise
  • Data protection
  • Insecure or incomplete data deletion
  • Malicious insider
7 research recommendations categories
7. Research RecommendationsCategories

Business issues

  • Building trust in the cloud
    • Effects on different forms of breach reporting on security
    • End-to-end data confidentiality in the cloud and beyond
    • Higher assurance clouds, virtual private clouds etc.
  • Data protection in large scale cross-organizational systems
    • Forensics and evidence gathering mechanisms
    • Incident handling, monitoring and traceability
    • International differences in relevant regulations including data protection and privacy
  • Large scale computer engineering
    • Resource isolation mechanisms – data, processing, logs, etc
    • Interoperability between cloud providers
    • Resilience of cloud computing How can cloud improve resilience.
slide16

Cloud Security Assessment

Our Approach

Customer benefits and business outcomes

  • Customer benefits
    • Knowledge of what your digital security weaknesses really are
    • Knowledge of the legislative and regulatory requirements you really face
    • Clarity on your cost v risk balance
slide17

Cloud Security Assessment

Our Approach

fig 2