Cloud-Security: Show-Stopper or Enabling Technology?
|
|
- Arabella Byrd
- 6 years ago
- Views:
Transcription
1 Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics 2. Security Implications 3. Some Attacks (real World) 4. Specific Challenge: ID Management 5. Summary 2
2 1. Cloud-Computing Cloud: Pool of networked IT components Cloud Characteristics Resources will be provided on demand User don t have to maintain/operate an own infrastructure An unlimited amount of resources: capacities can be dynamically added: Scalability, flexibility, on demand usage, Access to outsourced data: at anytime, from anywhere Fast development of new web applications offered as Cloud Services Software as a Service 3 1. Cloud-Computing Economic forecast: Estimated Market Shares for Cloud Computing Services: Merrill Lynch (2008): $169 Mrd. until 2011 IDC (2009): $42 Mrd. until 2012 Gartner (2009): $150 Mrd. until 2013 BITKOM (2009): 564 Mio. for Germany until 2011 Applications Infratsrucure 4
3 1. Cloud-Computing Main aspects forming the Cloud Types Features Models/Modes Stakeholders Benefitss And: legislation! 5 1. Cloud-Computing: Typs IaaS Software layer Platform layer Infrastructure layer User / Customer PaaS Virtualization SaaS Infrastructure as a Service (IaaS) e.g.: Elastic Compute Cloud (Amazon): providing virtual Server Platform as a Service (PaaS) e.g.: Google App Engine: Framework for application development & upload Software as a Service (SaaS) (Mail, CRM, presentations, ) e.g.: Google Docs, GMail, gliffy 6
4 1. Cloud-Computing: Show-Stopper Security? 7 2. Security Implications User: e.g. Enterprises Change of paradigm from closed and supervised IT infrastructures to outsourced services and remotely operated IT infrastructures Providers: e.g. Who uses the offered services? Who is liable for abuse of resources? General security implications Loss of control over data, infrastructures, processes, etc. Difficult Identity and Access management in the Cloud Compliance with security guidelines and legal standards, privacy issues Trustworthiness of service providers 8
5 2. Security implications: Scenario Cloud-provider #1 social network collaboration service end user Backupservice Cloud-provider #2 -service enterprise Cloud-provider # Security Implications Cloud Characteristics and their effects on security Resources will be provided on demand: Confidentiality? Where is my data (in which country?), which crypto regulation rules apply, e.g. key escrow requirements? unlimited amount of resources: Privacy? compliant with privacy legislation? Development of new web applications as services Trustworthiness of Cloud Service? How does the Cloud platform handle access rights, key management, certificate management, etc.? Accesses to outsourced data: at anytime, from anywhere Availability? Which measures against DoS, risk of Data Lock in,. AND: Cloud Computing: Door opener for new kinds of attacks 10
6 2. Security Implication Top Threats in Cloud Computing: source: Abuse of Cloud Computing Resources Shared Technology Vulnerabilities Data Loss Leakage Insecure Application Programmer Interface Account, Service & Traffic Hijacking Malicious Insiders Unknown risk profile Some threats in more detail 2. Security Implication Abuse of Cloud Computing Resources Problem Statement: IaaS provider offer unlimited resource usages coupled with frictionless registration process, i.e. users might act relatively anonymously Spammers, Malicous Code authors other attackers take advantage of that Attacks like DDoS, Passwort Cracking, controlling botnets,. Remediations: e.g. Improved initial registration and validation processes Comprehensive introspection (if compliant with legislation) of customer network traffic
7 2. Security Implication Shared Technology Vulnerabilities Problem Statement: IaaS vendors often share underlying infrastructure: cashes, storage,.. Improper isolation concepts are used: vulnerable hypervisor levels, no isolation on network layer etc. Attacks: information leakage, unauthorized data access Remediations: e.g. Strong compartmentalization Strong authentication and access controls Monitoring of access, activities Vulnerability scanning, configuration audits 2. Security Implication Data Loss Leakage Problem Statement: Missing backup concepts: data loss due to alteration, deletion, improper access controls Loss of encryption keys: data is lost Missing audit controls Attacks: Deletion or alteration of data, circumvent improper access controls, identity theft (leaked credentials, hijacking sessions etc.) Remediations: e.g. Strong access control, proper redundancy, backup concepts Data encryption and proper key management
8 2. Security Implication Insecure Application Programmer Interface Problem Statement: Providers offer APIs for services provisioning, orchestration, monitoring etc. with improper or even missing security concepts: Authentication, Encryption, logging, access control are often missing Third parties offer value added services using these APIs: e.g. credentials are forwarded to third parties using (insecure?) APIs Attacks: exploiting weak authentication like clear text passwords, reusable tokens, improper authorization,.. Remediations: e.g. Security analysis of the providers API, model dependencies Use strong authentication, encryption, logging concepts on top 3. Attacks Quelle: 16
9 3. Attacks Example: Virtualization layer Vulnerable VMMonitor: access to all data Possible Attack Scenario Distribution of virtual machines via public market places Amazon Machine Image (AMI) market place for EC2: Amazon: AMIs are launched at the user's own risk. Amazon cannot vouch for the integrity or security of AMIs shared by other users. [ ] Ideally, you should get the AMI ID from a trusted source (a web site, another user, etc). If you do not know the source of an AMI, we recommended that you search the forums for comments on the AMI before launching it. Attack: Setup of Bot nets, information leakages, Attacks DDos attack on Bitbucket.org (Amazon) DDoS attack with UDP Flooding Service was unavailable for storing data in persistent storage Problem solution lasts 18 hours: No detection of DDoS through Amazon Support Isolation of Network traffic via QoS guideline failed Connection over external IP address instead of internal addresses Design flaws in architecture of Bitbucket no Load balancing no Redundancy over decentralized data centers, no dynamic allocation of resources 18
10 3. Attacks Cracking keys in the Cloud (10/2009) Costs for breaking a PGP key with utilization of EDPR on Amazon EC2 Resources source: Attacks Misuse of Google App Engine for controlling Bot Nets (11/2009) CPU time, storage, 500 MByte disc storage and up to 5 millions Page Views per month for free Command & Control Server of Bot net by using Google App Engine Contacting Bot computers with the server, for receiving new orders Google had to manually delete the application sources: google appengine used as a cnc 20
11 Risk Assessment Cloud Security Study from Fraunhofer SIT, See: Aim: Framework and guidelines for risk assessments Classification Infrastructure Application Administration Compliance and Platform Physical security Host Virtualization Network Data security Application security Platform security Security as a service Interoperability and Portability Testing Identity and access management Key management Data protection Risk management Legal framework Governance 4. Identity Management in the Cloud Lesson learned so far: There are still lots of Security Problems in Cloud Computing: show stopper! Enabling technology: Strong Authentication spanning domains! The IdM Cloud ecosystem: Identity Providers Governments (e.g. in Germany via npa), Enterprises Large Internet Destinations (e.g. Google, Facebook, ) Cloud Providers: May also be Identity Providers SaaS/PaaS/IaaS (e.g. Amazon, Salesforce, Google, SAP, HP, IBM,...) Users Consumers or Business Individuals may have many Identities
12 4. Identity Management in the Cloud Core IdM Challenges Identity provisioning and deprovisioning: secure and timely management of on boarding (provisioning) and off boarding (deprovisioning) of users in the cloud. Extend user management processes within an enterprise to cloud services. Authorization & user profile management Establishing trusted user profile and policy information to control access within the cloud service, and doing this in an auditable way. Delegation and Federation exchanging identity attributes surely and trustworthy, Establishing a identity lifecycle management 4. Identity Management in the Cloud Support for compliance Enable customers to pull together information about accounts, access grants and segregation of duty enforcement in order to satisfy an enterprise's audit and compliance reporting requirements. Authentication How to provide cross domain strong multi factor authentication? How to provide strict multi tenancy model: isolation on all levels? How to identify, manage fine grained components, like Applications? How to guarantee interoperability, How to support multi tenancy
13 4. Identity Management in the Cloud Authentication: Scenario SaaS Strong Authentication? One Time Pad Credentials Cloud-based Authentication Service e.g. FireID true/false Authenticatio n Service Provider Enterprise User A Request SaaS Strong Authentication? Cloud-based Service e.g. Mail-Servce Service Provider 6. Summary Cloud Computing: Great Opportunities for enterprises and providers Security, Privacy and Trust are still open issues: Show Stopper?! Top threats: e.g. Abuse, Data Loss, Shared Technologies, Hijacking, Privacy and Compliance are still unsolved problems Cloud Computing provides a valuable environment to launch attacks Spamming, Bot net setup, Password and Key cracking Solved Security Problems will be Cloud Enablers! Trustworthy Identity Management within Clouds is one main issue Core Challenges and open research issues : Identity provisioning and deprovisioning, Authentication, Delegation and Federation, Authorization & user profile management, compliance Standards and Reference Architectures, Best Practice Guides are required 26
14 Thank you for your kind attention Contact: Fraunhofer Institute for Secure Information Technology Tel: claudia.eckert@sit.fraunhofer.de Internet: 27
Cloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 5th March 2015 Duration 2 Days Location Dublin Course Code SS15-13 Programme Overview Cloud Computing is gaining increasing attention
More informationWhose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control SESSION ID: CDS-T11 Sheung-Chi NG Senior Security Consulting Manager, APAC SafeNet, Inc. Cloud and Virtualization Are Change the
More informationAccess Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions
Access Governance in a Cloudy Environment Nabeel Nizar VP Worldwide Solutions Engineering @nabeelnizar Nabeel.Nizar@saviynt.com How do I manage multiple cloud instances from a single place? Is my sensitive
More informationSecuring Cloud Computing
Securing Cloud Computing NLIT Summit, May 2018 PRESENTED BY Jeffrey E. Forster jeforst@sandia.gov Lucille Forster lforste@sandia.gov Sandia National Laboratories is a multimission laboratory managed and
More informationThe Business of Security in the Cloud
The Business of Security in the Cloud Dr. Pamela Fusco Vice President Industry Solutions Solutionary Inc. CISSP, CISM, CHSIII, IAM, NSA/CSS Adjunct Faculty Promises Promises The promise of cloud computing
More informationPasswords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist
Passwords Are Dead Long Live Multi-Factor Authentication Chris Webber, Security Strategist Copyright 2015 Centrify Corporation. All Rights Reserved. 1 Threat Landscape Breach accomplished Initial attack
More informationGeneva, 6-7 December 2010 Addressing security challenges on a global scale
Geneva, 6-7 December 2010 Addressing security challenges on a global scale 1 Privacy & security issues for cloud computing services Heung Youl YOUM, PhD Vice-chair, ITU-T SG 17 Soonchunhyang University,
More informationTAKING THE MODULAR VIEW
TAKING THE MODULAR VIEW Extracting security from the application Chenxi Wang, Ph.D. Forrester Research SANS Application Security Summit, May, 2012 Application security remains an elusive goal 2012 Breach
More informationSecurity Readiness Assessment
Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS
More informationSecurity Models for Cloud
Security Models for Cloud Kurtis E. Minder, CISSP December 03, 2011 Introduction Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer
More informationBEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationWhy the cloud matters?
Why the cloud matters? Speed and Business Impact Expertise and Performance Cost Reduction Trend Micro Datacenter & Cloud Security Vision Enable enterprises to use private and public cloud computing with
More informationMitigating Risks with Cloud Computing Dan Reis
Mitigating Risks with Cloud Computing Dan Reis Director of U.S. Product Marketing Trend Micro Agenda Cloud Adoption Key Characteristics The Cloud Landscape and its Security Challenges The SecureCloud Solution
More informationISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems
ISACA Silicon Valley APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems Why Should You Care About APIs? Because cloud and mobile computing are built
More informationManaging SaaS risks for cloud customers
Managing SaaS risks for cloud customers Information Security Summit 2016 September 13, 2016 Ronald Tse Founder & CEO, Ribose For every IaaS/PaaS, there are 100s of SaaS PROBLEM SaaS spending is almost
More informationBuilding a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.
Building a Secure and Compliant Cloud Infrastructure Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc. Why Are We Here? Expanded Enterprise Data access anywhere, anytime
More informationIn this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing,
In this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing, where shared resources, data and information are provided
More informationEmbracing a Secure Cloud. Cloud & Network Virtualisation India 2017
Embracing a Secure Cloud Cloud & Network Virtualisation India 2017 Cloud Computing Group of computing resources providing services such as servers, storage, databases, software, applications, networks
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform
More informationBest Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter
White Paper Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter Overcoming Security, Privacy & Compliance Concerns 333 W. San Carlos Street San Jose, CA 95110 Table of Contents
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationCloud Computing. Ennan Zhai. Computer Science at Yale University
Cloud Computing Ennan Zhai Computer Science at Yale University ennan.zhai@yale.edu About Final Project About Final Project Important dates before demo session: - Oct 31: Proposal v1.0 - Nov 7: Source code
More informationBenefits of Cloud Computing
Cloud Computing Deployment Models Public Cloud Systems and services easily accessed by the general public. Less secure. Private Cloud Systems and Services accessed within an organisation. Increased security
More informationSecuring Your Most Sensitive Data
Software-Defined Access Securing Your Most Sensitive Data Company Overview Digital Growth Means Digital Threats Digital technologies offer organizations unprecedented opportunities to innovate their way
More informationKeep the Door Open for Users and Closed to Hackers
Keep the Door Open for Users and Closed to Hackers A Shift in Criminal Your Web site serves as the front door to your enterprise for many customers, but it has also become a back door for fraudsters. According
More informationIBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan
IBM Cloud Security for the Cloud Amr Ismail Security Solutions Sales Leader Middle East & Pakistan Today s Drivers for Cloud Adoption ELASTIC LOWER COST SOLVES SKILLS SHORTAGE RAPID INNOVATION GREATER
More informationCLOUD REPORT LITTLE CHANGE IN GDPR-READINESS LEVELS WITH MAY 2018 DEADLINE LOOMING. 24.6% of cloud services rated high on GDPR-readiness
SEPTEMBER 2017 CLOUD REPORT LITTLE CHANGE IN GDPR-READINESS LEVELS WITH MAY 2018 DEADLINE LOOMING 24.6% of cloud services rated high on GDPR-readiness REPORT HIGHLIGHTS 24.6 percent of cloud services are
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationMoving to computing are auditors ready for the security challenges? Albert Otete CPA CISA ISACA Uganda Workshop
Moving to computing are auditors ready for the security challenges? Albert Otete CPA CISA ISACA Uganda Workshop 10.08.2011 What is computing? Examples of service providers Computing preface Cloud computing
More informationThe Oracle Trust Fabric Securing the Cloud Journey
The Oracle Trust Fabric Securing the Cloud Journey Eric Olden Senior Vice President and General Manager Cloud Security and Identity 05.07.2018 Safe Harbor Statement The following is intended to outline
More informationCloud Computing and Service-Oriented Architectures
Material and some slide content from: - Atif Kahn SERVICES COMPONENTS OBJECTS MODULES Cloud Computing and Service-Oriented Architectures Reid Holmes Lecture 29 - Friday March 22 2013. Cloud precursors
More informationTowards the design of secure and privacy-oriented Information Systems in the Cloud: Identifying the major concepts
Towards the design of secure and privacy-oriented Information Systems in the Cloud: Identifying the major concepts Christos Kalloniatis Cultural Informatics Laboratory, Department of Cultural Technology
More informationIdentity & Access Management
Identity & Access Management THE PROBLEM: HOW DO WE ENABLE PRODUCTIVITY WITHOUT COMPROMISING SECURITY? S E C U R I T Y OR P R O D U C T I V I T Y On-premises THE PROBLEM: HOW DO WE ENABLE PRODUCTIVITY
More informationData Security: Public Contracts and the Cloud
Data Security: Public Contracts and the Cloud July 27, 2012 ABA Public Contract Law Section, State and Local Division Ieuan Mahony Holland & Knight ieuan.mahony@hklaw.com Roadmap Why is security a concern?
More informationTwilio cloud communications SECURITY
WHITEPAPER Twilio cloud communications SECURITY From the world s largest public companies to early-stage startups, people rely on Twilio s cloud communications platform to exchange millions of calls and
More informationMake Cloud the Most Secure Environment for Business. Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)
Make Cloud the Most Secure Environment for Business Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks) Enterprise cloud apps Consumer cloud apps The average organization now uses
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationIBM Future of Work Forum
IBM Cognitive IBM Future of Work Forum The Engaged Enterprise Comes Alive Improving Organizational Collaboration and Efficiency While Enhancing Security on Mobile and Cloud Apps Chris Hockings IBM Master
More informationWatson Developer Cloud Security Overview
Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for
More informationW H IT E P A P E R. Salesforce Security for the IT Executive
W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login
More information2010 IEEE Asia-Pacific Services Computing Conference
2010 IEEE Asia-Pacific Services Computing Conference Sang-Ho Na, Jun-Young Park, Eui-Nam Huh Dept. of Computing Engineering KyungHee University 1 Seocheon-dong, Giheung-gu, Yongin-si, Gyeonggi-do, 446-701,
More informationAccelerating growth and digital adoption with seamless identity trust
Accelerating growth and digital adoption with seamless identity trust IBM Trusteer helps organizations seamlessly establish identity trust across the omnichannel customer journey Let s get started 3 Introduction
More informationSHA-1 to SHA-2. Migration Guide
SHA-1 to SHA-2 Migration Guide Web-application attacks represented 40 percent of breaches in 2015. Cryptographic and server-side vulnerabilities provide opportunities for cyber criminals to carry out ransomware
More informationThe Challenge of Cloud Security
The Challenge of Cloud Security Dr. Ray Klump Chair, Mathematics & Computer Science Director, MS in Information Security Lewis University Poll Question #1: What type of cloud service are you
More informationArchitectural Implications of Cloud Computing
Architectural Implications of Cloud Computing Grace Lewis Research, Technology and Systems Solutions (RTSS) Program Lewis is a senior member of the technical staff at the SEI in the Research, Technology,
More informationCloud Computing Briefing Presentation. DANU
Cloud Computing Briefing Presentation Contents Introducing the Cloud Value Proposition Opportunities Challenges Success Stories DANU Cloud Offering Introducing the Cloud What is Cloud Computing? IT capabilities
More informationIBM Security Access Manager
IBM Access Manager Take back control of access management with an integrated platform for web, mobile and cloud Highlights Protect critical assets with risk-based and multi-factor authentication Secure
More informationCloud Computing and Service-Oriented Architectures
Material and some slide content from: - Atif Kahn SERVICES COMPONENTS OBJECTS MODULES Cloud Computing and Service-Oriented Architectures Reid Holmes Lecture 20 - Tuesday November 23 2010. SOA Service-oriented
More informationSAP Security in a Hybrid World. Kiran Kola
SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal
More informationCIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products
CIAM: Need for Identity Governance & Assurance Yash Prakash VP of Products Key Tenets of CIAM Solution Empower consumers, CSRs & administrators Scale to millions of entities, cloud based service Security
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationMobile Devices prioritize User Experience
Mobile Security 1 Uniqueness of Mobile Mobile Devices are Shared More Often Mobile Devices are Used in More Locations Mobile Devices prioritize User Experience Mobile Devices have multiple personas Mobile
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationCloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com
Cloud Computing Faculty of Information Systems Duc.NHM nhmduc.wordpress.com Evaluating Cloud Security: An Information Security Framework Chapter 6 Cloud Computing Duc.NHM 2 1 Evaluating Cloud Security
More informationModelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer
Modelos de Negócio na Era das Clouds André Rodrigues, Cloud Systems Engineer Agenda Software and Cloud Changed the World Cisco s Cloud Vision&Strategy 5 Phase Cloud Plan Before Now From idea to production:
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationDeploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)
Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP) May 16, 2016 Speakers Ron Moser, Managing Director, Moserhaus Consulting, LLC and Sr. Consultant,
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationEnhanced Privacy ID (EPID), 156
Index A Accountability, 148 ActiveDirectory, 153 Amazon AWS EC2, 168 Anonymity, 148 Asset tagging, 96 Attestation definition, 65 dynamic remote attestation techniques, 66 IMA, 67 Intel Trust Attestation
More informationSpotlight Report. Information Security. Presented by. Group Partner
Cloud SecuriTY Spotlight Report Group Partner Information Security Presented by OVERVIEW Key FINDINGS Public cloud apps like Office 365 and Salesforce have become a dominant, driving force for change in
More informationPractical Guide to Cloud Computing Version 2. Read whitepaper at
Practical Guide to Cloud Computing Version 2 Read whitepaper at www.cloud-council.org/resource-hub Sept, 2015 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! 2011/2012 Deliverables
More informationNext Generation Privilege Identity Management
White Paper Next Generation Privilege Identity Management Nowadays enterprise IT teams are focused on adopting and supporting newer devices, applications and platforms to address business needs and keep
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationSecuring Your Cloud Introduction Presentation
Securing Your Cloud Introduction Presentation Slides originally created by IBM Partial deck derived by Continental Resources, Inc. (ConRes) Security Division Revision March 17, 2017 1 IBM Security Today
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationWHITEPAPER. Security overview. podio.com
WHITEPAPER Security overview Podio security White Paper 2 Podio, a cloud service brought to you by Citrix, provides a secure collaborative work platform for team and project management. Podio features
More informationThe Emerging Role of a CDN in Facilitating Secure Cloud Deployments
White Paper The Emerging Role of a CDN in Facilitating Secure Cloud Deployments Sponsored by: Fastly Robert Ayoub August 2017 IDC OPINION The ongoing adoption of cloud services and the desire for anytime,
More informationIntroduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview
IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential
More informationTechnical Brief SUPPORTPOINT TECHNICAL BRIEF MARCH
Technical Brief 1 SupportPoint Cloud is a SaaS solution that makes it easy for people to get the information and guidance they need to navigate through complex business processes. SupportPoint Cloud Client
More informationCloud Computing, SaaS and Outsourcing
Cloud Computing, SaaS and Outsourcing Michelle Perez, AGC Privacy, IPG Bonnie Yeomans, VP, AGC & Privacy Officer, CA Technologies PLI TechLaw Institute 2017: The Digital Agenda Introduction to the Cloud
More informationKey words: Cloud computing, Reverse Proxy, SaaS, PaaS, IaaS and Security threats
Volume 5, Issue 7, July 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Service Model Specific
More informationChapter. Securing the Cloud THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:
Chapter 6 Securing the Cloud THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER: 1.3 Explain network design elements and components. Virtualization Cloud computing: Platform as
More informationControlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:
Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information
More informationPart III: Evaluating the Business Value of the Hybrid Cloud
Contents at a Glance Introduction... 1 Part I: Understanding Concepts and Construction... 7 Chapter 1: Discovering the Fundamentals of Your Computing Environment...9 Chapter 2: The Hybrid Cloud Continuum...25
More informationDISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud?
DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing Slide 1 Slide 3 ➀ What is Cloud Computing? ➁ X as a Service ➂ Key Challenges ➃ Developing for the Cloud Why is it called Cloud? services provided
More informationCompliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security
Panda Security Compliance of Panda Products with General Data Protection Regulation (GDPR) 1 Contents 1.1. SCOPE OF THIS DOCUMENT... 3 1.2. GENERAL DATA PROTECTION REGULATION: OBJECTIVES... 3 1.3. STORED
More informationStorage Made Easy. SoftLayer
Storage Made Easy Providing an Enterprise File Fabric for SoftLayer STORAGE MADE EASY ENTERPRISE FILE FABRIC FOR SOFTLAYER The File Fabric is a comprehensive multi-cloud data security solution built on
More informationEthical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition
Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition Chapter 7 Hacking Mobile Phones, PDAs, and Handheld Devices Objectives After completing this chapter,
More informationPrivacy hacking & Data Theft
Privacy hacking & Data Theft Cloud Computing risks & the Patricia A RoweSeale CIA, CISA, CISSP, CRISC, CRMA The IIA (Barbados Chapter) Internal Audit Portfolio Director CIBC FirstCaribbean Objectives Cloud
More informationCLOUD FORENSICS : AN OVERVIEW. Kumiko Ogawa
CLOUD FORENSICS : AN OVERVIEW Kumiko Ogawa What is Cloud Forensics Forensic Science - Application of science to the criminal and civil laws that are enforced by police agencies in a criminal justice system.
More informationSecuring Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)
Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...
More informationCOSC6376 Cloud Computing Lecture 2. CAP and Challenges
COSC6376 Cloud Computing Lecture 2. CAP and Challenges Instructor: Weidong Shi (Larry), PhD Computer Science Department University of Houston Outline Ecosystem CAP Challenges Summary Assignment Paper can
More informationProtecting your Data in the Cloud. Cyber Security Awareness Month Seminar Series
Protecting your Data in the Cloud Cyber Security Awareness Month Seminar Series October 24, 2012 Agenda Introduction What is the Cloud Types of Clouds Anatomy of a cloud Why we love the cloud Consumer
More informationSecurity Overview of the BGI Online Platform
WHITEPAPER 2015 BGI Online All rights reserved Version: Draft v3, April 2015 Security Overview of the BGI Online Platform Data security is, in general, a very important aspect in computing. We put extra
More informationAltitude Software. Data Protection Heading 2018
Altitude Software Data Protection Heading 2018 How to prevent our Contact Centers from Data Leaks? Why is this a priority for Altitude? How does it affect the Contact Center environment? How does this
More informationWHITEPAPER. How to secure your Post-perimeter world
How to secure your Post-perimeter world WHAT IS THE POST-PERIMETER WORLD? In an increasingly cloud and mobile focused world, there are three key realities enterprises must consider in order to move forward
More informationHow Credit Unions Are Taking Advantage of the Cloud
2013 CliftonLarsonAllen LLP How Credit Unions Are Taking Advantage of the Cloud CUNA Technology Council Conference September 2013 CLAconnect.com Randy Romes, CISSP, CRISC, MCP, PCI-QSA Principal, Information
More informationJim Reavis CEO and Founder Cloud Security Alliance December 2017
CLOUD THREAT HUNTING Jim Reavis CEO and Founder Cloud Security Alliance December 2017 A B O U T T H E BUILDING SECURITY BEST PRACTICES FOR NEXT GENERATION IT C L O U D S E C U R I T Y A L L I A N C E GLOBAL,
More informationSecuring The Cloud in Today's Threat Landscape. David Dzienciol Vice President, Channels & SMB Asia Pacific Japan Region September 2011
Securing The Cloud in Today's Threat Landscape David Dzienciol Vice President, Channels & SMB Asia Pacific Japan Region September 2011 Digital data is up 600% in 5 years to 988 exabytes in 2010 88% of
More informationSecuring Data in the Cloud: Point of View
Securing Data in the Cloud: Point of View Presentation by Infosys Limited www.infosys.com Agenda Data Security challenges & changing compliance requirements Approach to address Cloud Data Security requirements
More informationPROPOSAL OF A SCHEME SECURING SERVICES IN CLOUD COMPUTING
PROPOSAL OF A SCHEME SECURING SERVICES IN CLOUD COMPUTING RESERCH WORK Ruchi Bhatnagar *Department of Information Technology, IIMT Engineering College, Meerut, G.B.T.U., Lucknow, India. Abstract Ever since
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationLarge Scale Computing Infrastructures
GC3: Grid Computing Competence Center Large Scale Computing Infrastructures Lecture 2: Cloud technologies Sergio Maffioletti GC3: Grid Computing Competence Center, University
More informationVMware, SQL Server and Encrypting Private Data Townsend Security
VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! Compliance, standards, and best practices! Encryption and
More informationCSCE 813 Internet Security Final Exam Preview
CSCE 813 Internet Security Final Exam Preview Professor Lisa Luo Fall 2017 Coverage All contents! Week1 ~ Week 15 The nature of the exam: 12 questions: 3 multiple choices questions 1 true or false question
More informationSoftLayer Security and Compliance:
SoftLayer Security and Compliance: How security and compliance are implemented and managed Introduction Cloud computing generally gets a bad rap when security is discussed. However, most major cloud providers
More informationAdvent IM Ltd ISO/IEC 27001:2013 vs
Advent IM Ltd ISO/IEC 27001:2013 vs 2005 www.advent-im.co.uk 0121 559 6699 bestpractice@advent-im.co.uk Key Findings ISO/IEC 27001:2013 vs. 2005 Controls 1) PDCA as a main driver is now gone with greater
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More information