Cloud-Security: Show-Stopper or Enabling Technology?

Size: px
Start display at page:

Download "Cloud-Security: Show-Stopper or Enabling Technology?"

Transcription

1 Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics 2. Security Implications 3. Some Attacks (real World) 4. Specific Challenge: ID Management 5. Summary 2

2 1. Cloud-Computing Cloud: Pool of networked IT components Cloud Characteristics Resources will be provided on demand User don t have to maintain/operate an own infrastructure An unlimited amount of resources: capacities can be dynamically added: Scalability, flexibility, on demand usage, Access to outsourced data: at anytime, from anywhere Fast development of new web applications offered as Cloud Services Software as a Service 3 1. Cloud-Computing Economic forecast: Estimated Market Shares for Cloud Computing Services: Merrill Lynch (2008): $169 Mrd. until 2011 IDC (2009): $42 Mrd. until 2012 Gartner (2009): $150 Mrd. until 2013 BITKOM (2009): 564 Mio. for Germany until 2011 Applications Infratsrucure 4

3 1. Cloud-Computing Main aspects forming the Cloud Types Features Models/Modes Stakeholders Benefitss And: legislation! 5 1. Cloud-Computing: Typs IaaS Software layer Platform layer Infrastructure layer User / Customer PaaS Virtualization SaaS Infrastructure as a Service (IaaS) e.g.: Elastic Compute Cloud (Amazon): providing virtual Server Platform as a Service (PaaS) e.g.: Google App Engine: Framework for application development & upload Software as a Service (SaaS) (Mail, CRM, presentations, ) e.g.: Google Docs, GMail, gliffy 6

4 1. Cloud-Computing: Show-Stopper Security? 7 2. Security Implications User: e.g. Enterprises Change of paradigm from closed and supervised IT infrastructures to outsourced services and remotely operated IT infrastructures Providers: e.g. Who uses the offered services? Who is liable for abuse of resources? General security implications Loss of control over data, infrastructures, processes, etc. Difficult Identity and Access management in the Cloud Compliance with security guidelines and legal standards, privacy issues Trustworthiness of service providers 8

5 2. Security implications: Scenario Cloud-provider #1 social network collaboration service end user Backupservice Cloud-provider #2 -service enterprise Cloud-provider # Security Implications Cloud Characteristics and their effects on security Resources will be provided on demand: Confidentiality? Where is my data (in which country?), which crypto regulation rules apply, e.g. key escrow requirements? unlimited amount of resources: Privacy? compliant with privacy legislation? Development of new web applications as services Trustworthiness of Cloud Service? How does the Cloud platform handle access rights, key management, certificate management, etc.? Accesses to outsourced data: at anytime, from anywhere Availability? Which measures against DoS, risk of Data Lock in,. AND: Cloud Computing: Door opener for new kinds of attacks 10

6 2. Security Implication Top Threats in Cloud Computing: source: Abuse of Cloud Computing Resources Shared Technology Vulnerabilities Data Loss Leakage Insecure Application Programmer Interface Account, Service & Traffic Hijacking Malicious Insiders Unknown risk profile Some threats in more detail 2. Security Implication Abuse of Cloud Computing Resources Problem Statement: IaaS provider offer unlimited resource usages coupled with frictionless registration process, i.e. users might act relatively anonymously Spammers, Malicous Code authors other attackers take advantage of that Attacks like DDoS, Passwort Cracking, controlling botnets,. Remediations: e.g. Improved initial registration and validation processes Comprehensive introspection (if compliant with legislation) of customer network traffic

7 2. Security Implication Shared Technology Vulnerabilities Problem Statement: IaaS vendors often share underlying infrastructure: cashes, storage,.. Improper isolation concepts are used: vulnerable hypervisor levels, no isolation on network layer etc. Attacks: information leakage, unauthorized data access Remediations: e.g. Strong compartmentalization Strong authentication and access controls Monitoring of access, activities Vulnerability scanning, configuration audits 2. Security Implication Data Loss Leakage Problem Statement: Missing backup concepts: data loss due to alteration, deletion, improper access controls Loss of encryption keys: data is lost Missing audit controls Attacks: Deletion or alteration of data, circumvent improper access controls, identity theft (leaked credentials, hijacking sessions etc.) Remediations: e.g. Strong access control, proper redundancy, backup concepts Data encryption and proper key management

8 2. Security Implication Insecure Application Programmer Interface Problem Statement: Providers offer APIs for services provisioning, orchestration, monitoring etc. with improper or even missing security concepts: Authentication, Encryption, logging, access control are often missing Third parties offer value added services using these APIs: e.g. credentials are forwarded to third parties using (insecure?) APIs Attacks: exploiting weak authentication like clear text passwords, reusable tokens, improper authorization,.. Remediations: e.g. Security analysis of the providers API, model dependencies Use strong authentication, encryption, logging concepts on top 3. Attacks Quelle: 16

9 3. Attacks Example: Virtualization layer Vulnerable VMMonitor: access to all data Possible Attack Scenario Distribution of virtual machines via public market places Amazon Machine Image (AMI) market place for EC2: Amazon: AMIs are launched at the user's own risk. Amazon cannot vouch for the integrity or security of AMIs shared by other users. [ ] Ideally, you should get the AMI ID from a trusted source (a web site, another user, etc). If you do not know the source of an AMI, we recommended that you search the forums for comments on the AMI before launching it. Attack: Setup of Bot nets, information leakages, Attacks DDos attack on Bitbucket.org (Amazon) DDoS attack with UDP Flooding Service was unavailable for storing data in persistent storage Problem solution lasts 18 hours: No detection of DDoS through Amazon Support Isolation of Network traffic via QoS guideline failed Connection over external IP address instead of internal addresses Design flaws in architecture of Bitbucket no Load balancing no Redundancy over decentralized data centers, no dynamic allocation of resources 18

10 3. Attacks Cracking keys in the Cloud (10/2009) Costs for breaking a PGP key with utilization of EDPR on Amazon EC2 Resources source: Attacks Misuse of Google App Engine for controlling Bot Nets (11/2009) CPU time, storage, 500 MByte disc storage and up to 5 millions Page Views per month for free Command & Control Server of Bot net by using Google App Engine Contacting Bot computers with the server, for receiving new orders Google had to manually delete the application sources: google appengine used as a cnc 20

11 Risk Assessment Cloud Security Study from Fraunhofer SIT, See: Aim: Framework and guidelines for risk assessments Classification Infrastructure Application Administration Compliance and Platform Physical security Host Virtualization Network Data security Application security Platform security Security as a service Interoperability and Portability Testing Identity and access management Key management Data protection Risk management Legal framework Governance 4. Identity Management in the Cloud Lesson learned so far: There are still lots of Security Problems in Cloud Computing: show stopper! Enabling technology: Strong Authentication spanning domains! The IdM Cloud ecosystem: Identity Providers Governments (e.g. in Germany via npa), Enterprises Large Internet Destinations (e.g. Google, Facebook, ) Cloud Providers: May also be Identity Providers SaaS/PaaS/IaaS (e.g. Amazon, Salesforce, Google, SAP, HP, IBM,...) Users Consumers or Business Individuals may have many Identities

12 4. Identity Management in the Cloud Core IdM Challenges Identity provisioning and deprovisioning: secure and timely management of on boarding (provisioning) and off boarding (deprovisioning) of users in the cloud. Extend user management processes within an enterprise to cloud services. Authorization & user profile management Establishing trusted user profile and policy information to control access within the cloud service, and doing this in an auditable way. Delegation and Federation exchanging identity attributes surely and trustworthy, Establishing a identity lifecycle management 4. Identity Management in the Cloud Support for compliance Enable customers to pull together information about accounts, access grants and segregation of duty enforcement in order to satisfy an enterprise's audit and compliance reporting requirements. Authentication How to provide cross domain strong multi factor authentication? How to provide strict multi tenancy model: isolation on all levels? How to identify, manage fine grained components, like Applications? How to guarantee interoperability, How to support multi tenancy

13 4. Identity Management in the Cloud Authentication: Scenario SaaS Strong Authentication? One Time Pad Credentials Cloud-based Authentication Service e.g. FireID true/false Authenticatio n Service Provider Enterprise User A Request SaaS Strong Authentication? Cloud-based Service e.g. Mail-Servce Service Provider 6. Summary Cloud Computing: Great Opportunities for enterprises and providers Security, Privacy and Trust are still open issues: Show Stopper?! Top threats: e.g. Abuse, Data Loss, Shared Technologies, Hijacking, Privacy and Compliance are still unsolved problems Cloud Computing provides a valuable environment to launch attacks Spamming, Bot net setup, Password and Key cracking Solved Security Problems will be Cloud Enablers! Trustworthy Identity Management within Clouds is one main issue Core Challenges and open research issues : Identity provisioning and deprovisioning, Authentication, Delegation and Federation, Authorization & user profile management, compliance Standards and Reference Architectures, Best Practice Guides are required 26

14 Thank you for your kind attention Contact: Fraunhofer Institute for Secure Information Technology Tel: Internet: 27

Cloud Essentials for Architects using OpenStack

Cloud Essentials for Architects using OpenStack Cloud Essentials for Architects using OpenStack Course Overview Start Date 5th March 2015 Duration 2 Days Location Dublin Course Code SS15-13 Programme Overview Cloud Computing is gaining increasing attention

More information

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control SESSION ID: CDS-T11 Sheung-Chi NG Senior Security Consulting Manager, APAC SafeNet, Inc. Cloud and Virtualization Are Change the

More information

Access Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions

Access Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions Access Governance in a Cloudy Environment Nabeel Nizar VP Worldwide Solutions Engineering @nabeelnizar Nabeel.Nizar@saviynt.com How do I manage multiple cloud instances from a single place? Is my sensitive

More information

Securing Cloud Computing

Securing Cloud Computing Securing Cloud Computing NLIT Summit, May 2018 PRESENTED BY Jeffrey E. Forster jeforst@sandia.gov Lucille Forster lforste@sandia.gov Sandia National Laboratories is a multimission laboratory managed and

More information

The Business of Security in the Cloud

The Business of Security in the Cloud The Business of Security in the Cloud Dr. Pamela Fusco Vice President Industry Solutions Solutionary Inc. CISSP, CISM, CHSIII, IAM, NSA/CSS Adjunct Faculty Promises Promises The promise of cloud computing

More information

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist Passwords Are Dead Long Live Multi-Factor Authentication Chris Webber, Security Strategist Copyright 2015 Centrify Corporation. All Rights Reserved. 1 Threat Landscape Breach accomplished Initial attack

More information

Geneva, 6-7 December 2010 Addressing security challenges on a global scale

Geneva, 6-7 December 2010 Addressing security challenges on a global scale Geneva, 6-7 December 2010 Addressing security challenges on a global scale 1 Privacy & security issues for cloud computing services Heung Youl YOUM, PhD Vice-chair, ITU-T SG 17 Soonchunhyang University,

More information

TAKING THE MODULAR VIEW

TAKING THE MODULAR VIEW TAKING THE MODULAR VIEW Extracting security from the application Chenxi Wang, Ph.D. Forrester Research SANS Application Security Summit, May, 2012 Application security remains an elusive goal 2012 Breach

More information

Security Readiness Assessment

Security Readiness Assessment Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS

More information

Security Models for Cloud

Security Models for Cloud Security Models for Cloud Kurtis E. Minder, CISSP December 03, 2011 Introduction Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer

More information

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.

More information

Cloud Customer Architecture for Securing Workloads on Cloud Services

Cloud Customer Architecture for Securing Workloads on Cloud Services Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,

More information

Why the cloud matters?

Why the cloud matters? Why the cloud matters? Speed and Business Impact Expertise and Performance Cost Reduction Trend Micro Datacenter & Cloud Security Vision Enable enterprises to use private and public cloud computing with

More information

Mitigating Risks with Cloud Computing Dan Reis

Mitigating Risks with Cloud Computing Dan Reis Mitigating Risks with Cloud Computing Dan Reis Director of U.S. Product Marketing Trend Micro Agenda Cloud Adoption Key Characteristics The Cloud Landscape and its Security Challenges The SecureCloud Solution

More information

ISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems

ISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems ISACA Silicon Valley APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems Why Should You Care About APIs? Because cloud and mobile computing are built

More information

Managing SaaS risks for cloud customers

Managing SaaS risks for cloud customers Managing SaaS risks for cloud customers Information Security Summit 2016 September 13, 2016 Ronald Tse Founder & CEO, Ribose For every IaaS/PaaS, there are 100s of SaaS PROBLEM SaaS spending is almost

More information

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc. Building a Secure and Compliant Cloud Infrastructure Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc. Why Are We Here? Expanded Enterprise Data access anywhere, anytime

More information

In this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing,

In this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing, In this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing, where shared resources, data and information are provided

More information

Embracing a Secure Cloud. Cloud & Network Virtualisation India 2017

Embracing a Secure Cloud. Cloud & Network Virtualisation India 2017 Embracing a Secure Cloud Cloud & Network Virtualisation India 2017 Cloud Computing Group of computing resources providing services such as servers, storage, databases, software, applications, networks

More information

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform

More information

Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter

Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter White Paper Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter Overcoming Security, Privacy & Compliance Concerns 333 W. San Carlos Street San Jose, CA 95110 Table of Contents

More information

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS

More information

Cloud Computing. Ennan Zhai. Computer Science at Yale University

Cloud Computing. Ennan Zhai. Computer Science at Yale University Cloud Computing Ennan Zhai Computer Science at Yale University ennan.zhai@yale.edu About Final Project About Final Project Important dates before demo session: - Oct 31: Proposal v1.0 - Nov 7: Source code

More information

Benefits of Cloud Computing

Benefits of Cloud Computing Cloud Computing Deployment Models Public Cloud Systems and services easily accessed by the general public. Less secure. Private Cloud Systems and Services accessed within an organisation. Increased security

More information

Securing Your Most Sensitive Data

Securing Your Most Sensitive Data Software-Defined Access Securing Your Most Sensitive Data Company Overview Digital Growth Means Digital Threats Digital technologies offer organizations unprecedented opportunities to innovate their way

More information

Keep the Door Open for Users and Closed to Hackers

Keep the Door Open for Users and Closed to Hackers Keep the Door Open for Users and Closed to Hackers A Shift in Criminal Your Web site serves as the front door to your enterprise for many customers, but it has also become a back door for fraudsters. According

More information

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan IBM Cloud Security for the Cloud Amr Ismail Security Solutions Sales Leader Middle East & Pakistan Today s Drivers for Cloud Adoption ELASTIC LOWER COST SOLVES SKILLS SHORTAGE RAPID INNOVATION GREATER

More information

CLOUD REPORT LITTLE CHANGE IN GDPR-READINESS LEVELS WITH MAY 2018 DEADLINE LOOMING. 24.6% of cloud services rated high on GDPR-readiness

CLOUD REPORT LITTLE CHANGE IN GDPR-READINESS LEVELS WITH MAY 2018 DEADLINE LOOMING. 24.6% of cloud services rated high on GDPR-readiness SEPTEMBER 2017 CLOUD REPORT LITTLE CHANGE IN GDPR-READINESS LEVELS WITH MAY 2018 DEADLINE LOOMING 24.6% of cloud services rated high on GDPR-readiness REPORT HIGHLIGHTS 24.6 percent of cloud services are

More information

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting

More information

Moving to computing are auditors ready for the security challenges? Albert Otete CPA CISA ISACA Uganda Workshop

Moving to computing are auditors ready for the security challenges? Albert Otete CPA CISA ISACA Uganda Workshop Moving to computing are auditors ready for the security challenges? Albert Otete CPA CISA ISACA Uganda Workshop 10.08.2011 What is computing? Examples of service providers Computing preface Cloud computing

More information

The Oracle Trust Fabric Securing the Cloud Journey

The Oracle Trust Fabric Securing the Cloud Journey The Oracle Trust Fabric Securing the Cloud Journey Eric Olden Senior Vice President and General Manager Cloud Security and Identity 05.07.2018 Safe Harbor Statement The following is intended to outline

More information

Cloud Computing and Service-Oriented Architectures

Cloud Computing and Service-Oriented Architectures Material and some slide content from: - Atif Kahn SERVICES COMPONENTS OBJECTS MODULES Cloud Computing and Service-Oriented Architectures Reid Holmes Lecture 29 - Friday March 22 2013. Cloud precursors

More information

Towards the design of secure and privacy-oriented Information Systems in the Cloud: Identifying the major concepts

Towards the design of secure and privacy-oriented Information Systems in the Cloud: Identifying the major concepts Towards the design of secure and privacy-oriented Information Systems in the Cloud: Identifying the major concepts Christos Kalloniatis Cultural Informatics Laboratory, Department of Cultural Technology

More information

Identity & Access Management

Identity & Access Management Identity & Access Management THE PROBLEM: HOW DO WE ENABLE PRODUCTIVITY WITHOUT COMPROMISING SECURITY? S E C U R I T Y OR P R O D U C T I V I T Y On-premises THE PROBLEM: HOW DO WE ENABLE PRODUCTIVITY

More information

Data Security: Public Contracts and the Cloud

Data Security: Public Contracts and the Cloud Data Security: Public Contracts and the Cloud July 27, 2012 ABA Public Contract Law Section, State and Local Division Ieuan Mahony Holland & Knight ieuan.mahony@hklaw.com Roadmap Why is security a concern?

More information

Twilio cloud communications SECURITY

Twilio cloud communications SECURITY WHITEPAPER Twilio cloud communications SECURITY From the world s largest public companies to early-stage startups, people rely on Twilio s cloud communications platform to exchange millions of calls and

More information

Make Cloud the Most Secure Environment for Business. Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)

Make Cloud the Most Secure Environment for Business. Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks) Make Cloud the Most Secure Environment for Business Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks) Enterprise cloud apps Consumer cloud apps The average organization now uses

More information

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric

More information

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government

More information

IBM Future of Work Forum

IBM Future of Work Forum IBM Cognitive IBM Future of Work Forum The Engaged Enterprise Comes Alive Improving Organizational Collaboration and Efficiency While Enhancing Security on Mobile and Cloud Apps Chris Hockings IBM Master

More information

Watson Developer Cloud Security Overview

Watson Developer Cloud Security Overview Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for

More information

W H IT E P A P E R. Salesforce Security for the IT Executive

W H IT E P A P E R. Salesforce Security for the IT Executive W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login

More information

2010 IEEE Asia-Pacific Services Computing Conference

2010 IEEE Asia-Pacific Services Computing Conference 2010 IEEE Asia-Pacific Services Computing Conference Sang-Ho Na, Jun-Young Park, Eui-Nam Huh Dept. of Computing Engineering KyungHee University 1 Seocheon-dong, Giheung-gu, Yongin-si, Gyeonggi-do, 446-701,

More information

Accelerating growth and digital adoption with seamless identity trust

Accelerating growth and digital adoption with seamless identity trust Accelerating growth and digital adoption with seamless identity trust IBM Trusteer helps organizations seamlessly establish identity trust across the omnichannel customer journey Let s get started 3 Introduction

More information

SHA-1 to SHA-2. Migration Guide

SHA-1 to SHA-2. Migration Guide SHA-1 to SHA-2 Migration Guide Web-application attacks represented 40 percent of breaches in 2015. Cryptographic and server-side vulnerabilities provide opportunities for cyber criminals to carry out ransomware

More information

The Challenge of Cloud Security

The Challenge of Cloud Security The Challenge of Cloud Security Dr. Ray Klump Chair, Mathematics & Computer Science Director, MS in Information Security Lewis University Poll Question #1: What type of cloud service are you

More information

Architectural Implications of Cloud Computing

Architectural Implications of Cloud Computing Architectural Implications of Cloud Computing Grace Lewis Research, Technology and Systems Solutions (RTSS) Program Lewis is a senior member of the technical staff at the SEI in the Research, Technology,

More information

Cloud Computing Briefing Presentation. DANU

Cloud Computing Briefing Presentation. DANU Cloud Computing Briefing Presentation Contents Introducing the Cloud Value Proposition Opportunities Challenges Success Stories DANU Cloud Offering Introducing the Cloud What is Cloud Computing? IT capabilities

More information

IBM Security Access Manager

IBM Security Access Manager IBM Access Manager Take back control of access management with an integrated platform for web, mobile and cloud Highlights Protect critical assets with risk-based and multi-factor authentication Secure

More information

Cloud Computing and Service-Oriented Architectures

Cloud Computing and Service-Oriented Architectures Material and some slide content from: - Atif Kahn SERVICES COMPONENTS OBJECTS MODULES Cloud Computing and Service-Oriented Architectures Reid Holmes Lecture 20 - Tuesday November 23 2010. SOA Service-oriented

More information

SAP Security in a Hybrid World. Kiran Kola

SAP Security in a Hybrid World. Kiran Kola SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal

More information

CIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products

CIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products CIAM: Need for Identity Governance & Assurance Yash Prakash VP of Products Key Tenets of CIAM Solution Empower consumers, CSRs & administrators Scale to millions of entities, cloud based service Security

More information

PCI DSS Compliance. White Paper Parallels Remote Application Server

PCI DSS Compliance. White Paper Parallels Remote Application Server PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3

More information

Mobile Devices prioritize User Experience

Mobile Devices prioritize User Experience Mobile Security 1 Uniqueness of Mobile Mobile Devices are Shared More Often Mobile Devices are Used in More Locations Mobile Devices prioritize User Experience Mobile Devices have multiple personas Mobile

More information

Version 1/2018. GDPR Processor Security Controls

Version 1/2018. GDPR Processor Security Controls Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in

More information

Cloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com

Cloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com Cloud Computing Faculty of Information Systems Duc.NHM nhmduc.wordpress.com Evaluating Cloud Security: An Information Security Framework Chapter 6 Cloud Computing Duc.NHM 2 1 Evaluating Cloud Security

More information

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer Modelos de Negócio na Era das Clouds André Rodrigues, Cloud Systems Engineer Agenda Software and Cloud Changed the World Cisco s Cloud Vision&Strategy 5 Phase Cloud Plan Before Now From idea to production:

More information

10 FOCUS AREAS FOR BREACH PREVENTION

10 FOCUS AREAS FOR BREACH PREVENTION 10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual

More information

Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)

Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP) Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP) May 16, 2016 Speakers Ron Moser, Managing Director, Moserhaus Consulting, LLC and Sr. Consultant,

More information

University of Pittsburgh Security Assessment Questionnaire (v1.7)

University of Pittsburgh Security Assessment Questionnaire (v1.7) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided

More information

Enhanced Privacy ID (EPID), 156

Enhanced Privacy ID (EPID), 156 Index A Accountability, 148 ActiveDirectory, 153 Amazon AWS EC2, 168 Anonymity, 148 Asset tagging, 96 Attestation definition, 65 dynamic remote attestation techniques, 66 IMA, 67 Intel Trust Attestation

More information

Spotlight Report. Information Security. Presented by. Group Partner

Spotlight Report. Information Security. Presented by. Group Partner Cloud SecuriTY Spotlight Report Group Partner Information Security Presented by OVERVIEW Key FINDINGS Public cloud apps like Office 365 and Salesforce have become a dominant, driving force for change in

More information

Practical Guide to Cloud Computing Version 2. Read whitepaper at

Practical Guide to Cloud Computing Version 2. Read whitepaper at Practical Guide to Cloud Computing Version 2 Read whitepaper at www.cloud-council.org/resource-hub Sept, 2015 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! 2011/2012 Deliverables

More information

Next Generation Privilege Identity Management

Next Generation Privilege Identity Management White Paper Next Generation Privilege Identity Management Nowadays enterprise IT teams are focused on adopting and supporting newer devices, applications and platforms to address business needs and keep

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

Securing Your Cloud Introduction Presentation

Securing Your Cloud Introduction Presentation Securing Your Cloud Introduction Presentation Slides originally created by IBM Partial deck derived by Continental Resources, Inc. (ConRes) Security Division Revision March 17, 2017 1 IBM Security Today

More information

DreamFactory Security Guide

DreamFactory Security Guide DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit

More information

WHITEPAPER. Security overview. podio.com

WHITEPAPER. Security overview. podio.com WHITEPAPER Security overview Podio security White Paper 2 Podio, a cloud service brought to you by Citrix, provides a secure collaborative work platform for team and project management. Podio features

More information

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments White Paper The Emerging Role of a CDN in Facilitating Secure Cloud Deployments Sponsored by: Fastly Robert Ayoub August 2017 IDC OPINION The ongoing adoption of cloud services and the desire for anytime,

More information

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential

More information

Technical Brief SUPPORTPOINT TECHNICAL BRIEF MARCH

Technical Brief SUPPORTPOINT TECHNICAL BRIEF MARCH Technical Brief 1 SupportPoint Cloud is a SaaS solution that makes it easy for people to get the information and guidance they need to navigate through complex business processes. SupportPoint Cloud Client

More information

Cloud Computing, SaaS and Outsourcing

Cloud Computing, SaaS and Outsourcing Cloud Computing, SaaS and Outsourcing Michelle Perez, AGC Privacy, IPG Bonnie Yeomans, VP, AGC & Privacy Officer, CA Technologies PLI TechLaw Institute 2017: The Digital Agenda Introduction to the Cloud

More information

Key words: Cloud computing, Reverse Proxy, SaaS, PaaS, IaaS and Security threats

Key words: Cloud computing, Reverse Proxy, SaaS, PaaS, IaaS and Security threats Volume 5, Issue 7, July 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Service Model Specific

More information

Chapter. Securing the Cloud THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:

Chapter. Securing the Cloud THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER: Chapter 6 Securing the Cloud THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER: 1.3 Explain network design elements and components. Virtualization Cloud computing: Platform as

More information

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes: Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information

More information

Part III: Evaluating the Business Value of the Hybrid Cloud

Part III: Evaluating the Business Value of the Hybrid Cloud Contents at a Glance Introduction... 1 Part I: Understanding Concepts and Construction... 7 Chapter 1: Discovering the Fundamentals of Your Computing Environment...9 Chapter 2: The Hybrid Cloud Continuum...25

More information

DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud?

DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud? DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing Slide 1 Slide 3 ➀ What is Cloud Computing? ➁ X as a Service ➂ Key Challenges ➃ Developing for the Cloud Why is it called Cloud? services provided

More information

Compliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security

Compliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security Panda Security Compliance of Panda Products with General Data Protection Regulation (GDPR) 1 Contents 1.1. SCOPE OF THIS DOCUMENT... 3 1.2. GENERAL DATA PROTECTION REGULATION: OBJECTIVES... 3 1.3. STORED

More information

Storage Made Easy. SoftLayer

Storage Made Easy. SoftLayer Storage Made Easy Providing an Enterprise File Fabric for SoftLayer STORAGE MADE EASY ENTERPRISE FILE FABRIC FOR SOFTLAYER The File Fabric is a comprehensive multi-cloud data security solution built on

More information

Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition

Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition Chapter 7 Hacking Mobile Phones, PDAs, and Handheld Devices Objectives After completing this chapter,

More information

Privacy hacking & Data Theft

Privacy hacking & Data Theft Privacy hacking & Data Theft Cloud Computing risks & the Patricia A RoweSeale CIA, CISA, CISSP, CRISC, CRMA The IIA (Barbados Chapter) Internal Audit Portfolio Director CIBC FirstCaribbean Objectives Cloud

More information

CLOUD FORENSICS : AN OVERVIEW. Kumiko Ogawa

CLOUD FORENSICS : AN OVERVIEW. Kumiko Ogawa CLOUD FORENSICS : AN OVERVIEW Kumiko Ogawa What is Cloud Forensics Forensic Science - Application of science to the criminal and civil laws that are enforced by police agencies in a criminal justice system.

More information

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...

More information

COSC6376 Cloud Computing Lecture 2. CAP and Challenges

COSC6376 Cloud Computing Lecture 2. CAP and Challenges COSC6376 Cloud Computing Lecture 2. CAP and Challenges Instructor: Weidong Shi (Larry), PhD Computer Science Department University of Houston Outline Ecosystem CAP Challenges Summary Assignment Paper can

More information

Protecting your Data in the Cloud. Cyber Security Awareness Month Seminar Series

Protecting your Data in the Cloud. Cyber Security Awareness Month Seminar Series Protecting your Data in the Cloud Cyber Security Awareness Month Seminar Series October 24, 2012 Agenda Introduction What is the Cloud Types of Clouds Anatomy of a cloud Why we love the cloud Consumer

More information

Security Overview of the BGI Online Platform

Security Overview of the BGI Online Platform WHITEPAPER 2015 BGI Online All rights reserved Version: Draft v3, April 2015 Security Overview of the BGI Online Platform Data security is, in general, a very important aspect in computing. We put extra

More information

Altitude Software. Data Protection Heading 2018

Altitude Software. Data Protection Heading 2018 Altitude Software Data Protection Heading 2018 How to prevent our Contact Centers from Data Leaks? Why is this a priority for Altitude? How does it affect the Contact Center environment? How does this

More information

WHITEPAPER. How to secure your Post-perimeter world

WHITEPAPER. How to secure your Post-perimeter world How to secure your Post-perimeter world WHAT IS THE POST-PERIMETER WORLD? In an increasingly cloud and mobile focused world, there are three key realities enterprises must consider in order to move forward

More information

How Credit Unions Are Taking Advantage of the Cloud

How Credit Unions Are Taking Advantage of the Cloud 2013 CliftonLarsonAllen LLP How Credit Unions Are Taking Advantage of the Cloud CUNA Technology Council Conference September 2013 CLAconnect.com Randy Romes, CISSP, CRISC, MCP, PCI-QSA Principal, Information

More information

Jim Reavis CEO and Founder Cloud Security Alliance December 2017

Jim Reavis CEO and Founder Cloud Security Alliance December 2017 CLOUD THREAT HUNTING Jim Reavis CEO and Founder Cloud Security Alliance December 2017 A B O U T T H E BUILDING SECURITY BEST PRACTICES FOR NEXT GENERATION IT C L O U D S E C U R I T Y A L L I A N C E GLOBAL,

More information

Securing The Cloud in Today's Threat Landscape. David Dzienciol Vice President, Channels & SMB Asia Pacific Japan Region September 2011

Securing The Cloud in Today's Threat Landscape. David Dzienciol Vice President, Channels & SMB Asia Pacific Japan Region September 2011 Securing The Cloud in Today's Threat Landscape David Dzienciol Vice President, Channels & SMB Asia Pacific Japan Region September 2011 Digital data is up 600% in 5 years to 988 exabytes in 2010 88% of

More information

Securing Data in the Cloud: Point of View

Securing Data in the Cloud: Point of View Securing Data in the Cloud: Point of View Presentation by Infosys Limited www.infosys.com Agenda Data Security challenges & changing compliance requirements Approach to address Cloud Data Security requirements

More information

PROPOSAL OF A SCHEME SECURING SERVICES IN CLOUD COMPUTING

PROPOSAL OF A SCHEME SECURING SERVICES IN CLOUD COMPUTING PROPOSAL OF A SCHEME SECURING SERVICES IN CLOUD COMPUTING RESERCH WORK Ruchi Bhatnagar *Department of Information Technology, IIMT Engineering College, Meerut, G.B.T.U., Lucknow, India. Abstract Ever since

More information

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002 ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION

More information

Large Scale Computing Infrastructures

Large Scale Computing Infrastructures GC3: Grid Computing Competence Center Large Scale Computing Infrastructures Lecture 2: Cloud technologies Sergio Maffioletti GC3: Grid Computing Competence Center, University

More information

VMware, SQL Server and Encrypting Private Data Townsend Security

VMware, SQL Server and Encrypting Private Data Townsend Security VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! Compliance, standards, and best practices! Encryption and

More information

CSCE 813 Internet Security Final Exam Preview

CSCE 813 Internet Security Final Exam Preview CSCE 813 Internet Security Final Exam Preview Professor Lisa Luo Fall 2017 Coverage All contents! Week1 ~ Week 15 The nature of the exam: 12 questions: 3 multiple choices questions 1 true or false question

More information

SoftLayer Security and Compliance:

SoftLayer Security and Compliance: SoftLayer Security and Compliance: How security and compliance are implemented and managed Introduction Cloud computing generally gets a bad rap when security is discussed. However, most major cloud providers

More information

Advent IM Ltd ISO/IEC 27001:2013 vs

Advent IM Ltd ISO/IEC 27001:2013 vs Advent IM Ltd ISO/IEC 27001:2013 vs 2005 www.advent-im.co.uk 0121 559 6699 bestpractice@advent-im.co.uk Key Findings ISO/IEC 27001:2013 vs. 2005 Controls 1) PDCA as a main driver is now gone with greater

More information

Who s Protecting Your Keys? August 2018

Who s Protecting Your Keys? August 2018 Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and

More information