Protecting your Data in the Cloud. Cyber Security Awareness Month Seminar Series

Similar documents
Leveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group

Everything you need to know about cloud. For companies with people in them

Privacy hacking & Data Theft

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

1-2-3 Webinar: Demystifying the Cloud

Cloud Computing Overview. The Business and Technology Impact. October 2013

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

VMware Hybrid Cloud Solution

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

FACEBOOK SAFETY FOR JOURNALISTS. Thanks to these partners for reviewing these safety guidelines:

Moving to computing are auditors ready for the security challenges? Albert Otete CPA CISA ISACA Uganda Workshop

How Small to Medium-Sized Businesses Can Leverage the Cloud in Secure, Money-Saving Ways A White Paper by CMIT Solutions

Data Security: Public Contracts and the Cloud

Mitigating Risks with Cloud Computing Dan Reis

Easy List Building System

ERP Solution to the Cloud

DuncanPowell RESTRUCTURING TURNAROUND FORENSIC

How NOT To Get Hacked

Cloud Computing Technologies and Types

How to Build a Culture of Security

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Clouds in the Forecast. Factors to Consider for In-House vs. Cloud-Based Systems and Services

How Secured2 Uses Beyond Encryption Security to Protect Your Data

SEEM3450 Engineering Innovation and Entrepreneurship

The Information Company for Storage Professionals

Cloud Security: Constant Innovation

Five Reasons It s Time For Secure Single Sign-On

Cloud Computing. An introduction using MS Office 365, Google, Amazon, & Dropbox.

CHEM-E Process Automation and Information Systems: Applications

Programowanie w chmurze na platformie Java EE Wykład 1 - dr inż. Piotr Zając

Why is Office 365 the right choice?

Malling U3A Computer Group. Cloud Storage. Chris Daly 3 rd April 2017

Best Practices in Securing a Multicloud World

INFS 214: Introduction to Computing

CLOUD COMPUTING BY DENNIS KENNEDY

Cyber Security Updates and Trends Affecting the Real Estate Industry

Cloud Strategies for Addressing IT Challenges

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

CLOUD COMPUTING. A public cloud sells services to anyone on the Internet. The cloud infrastructure is made available to

Information Security Policy

Introduction To Cloud Computing

IT & DATA SECURITY BREACH PREVENTION

Cyber Security Guide. For Politicians and Political Parties

The Challenge of Cloud Security

Personal Internet Security Basics. Dan Ficker Twin Cities DrupalCamp 2018

Cloud Computing Definitions and Audits

Password & Tutorials Packet

Crash course in Azure Active Directory

Cloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson

Cloud-Security: Show-Stopper or Enabling Technology?

Kaspersky Small Office Security 5. Product presentation

Securing Your Salesforce Org: The Human Factor. February 2016 User Group Meeting

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi

The Oracle Trust Fabric Securing the Cloud Journey

Are You Protected. Get Ahead of the Curve

Cloud & AWS Essentials Agenda. Introduction What is the cloud? DevOps approach Basic AWS overview. VPC EC2 and EBS S3 RDS.

MySQL CLOUD SERVICE. Propel Innovation and Time-to-Market

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

ECE Enterprise Storage Architecture. Fall ~* CLOUD *~. Tyler Bletsch Duke University

What is cloud computing? The enterprise is liable as data controller. Various forms of cloud computing. Data controller

Cloud Computing and Its Impact on Software Licensing

If you like this guide and you want to support the community, you can sign up as a Founding Member here:

DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud?

Cloud platforms T Mobile Systems Programming

Cloud Computing. Technologies and Types

Any conversation about virtualization for small- and medium-sized businesses (SMBs) usually starts around

How technology changed fraud investigations. Jean-François Legault Senior Manager Analytic & Forensic Technology June 13, 2011

Quick Start: Creating a Video and Publishing in YouTube

MANAGED CLOUD SERVICES

Cloud Storage Submitted in partial fulfillment of the requirement for the award of degree of Bachelor of Technology in Computer Science

Password & Tutorials Packet

THE DATA CENTER AS A COMPUTER

Going Paperless & Remote File Sharing

Cloud Computing. Ennan Zhai. Computer Science at Yale University

Cybersecurity Auditing in an Unsecure World

Introduction to Cloud Computing. [thoughtsoncloud.com] 1

Why SaaS isn t Backup

2013 Cloud Computing Outlook: Private Cloud Expected to Grow at Twice the Rate of Public Cloud

SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA

ARCHIVE ESSENTIALS

ANDROID PRIVACY & SECURITY GUIDE ANDROID DEVICE SETTINGS

INTERNET SAFETY IS IMPORTANT

A Welcome to Federated Identity Nate Klingenstein, Internet2, USA. Prepared for the Matsuyama University, December 2013

CHAPTER 2 BASICS OF CLOUD COMPUTING

Digital Safety and Digital Citizenship

ANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW

Cyber Hygiene Guide. Politicians and Political Parties

Mobile Device Management

05/24/2017. Christian Brothers Services 2017 Spring Webinar Series. Trends in Information Technology Usage for Religious Institutes

NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING.

The Cyber War on Small Business

Cloud Computing. Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative

Episerver Digital Experience Cloud Norge Thechforum 2017

Website Optimizer. Before we start building a website, it s good practice to think about the purpose, your target

Cloud Computing: The Next Wave. Matt Jonson Connected Architectures Lead Cisco Systems US and Canada Partner Organization

Community Clouds And why you should care about them

STAFF SYMPOSIUM SERIES INFORMATION TECHNOLOGY TRACK FACILITATORS

I.T. Review & Recommendations

What It Takes to be a CISO in 2017

Developing Enterprise Cloud Solutions with Azure

Transcription:

Protecting your Data in the Cloud Cyber Security Awareness Month Seminar Series October 24, 2012

Agenda Introduction What is the Cloud Types of Clouds Anatomy of a cloud Why we love the cloud Consumer Assumptions What are the risks How to Protect Yourself

What is the Cloud?

What is the Cloud? The cloud can mean different things depending on the audience For the Consumer (which we are focusing on today) it means Personal data storage Dropbox, Carbonite, Mozy Storage for music icloud, Google Music, Amazon Cloud player File sharing Google Drive, Torrent, Cyberlocker sites Collaboration Yammer, Google Sites Social media Facebook, Twitter For the Enterprise it means Can the cloud save us money economies of scale Can it help us be more adaptable to technology meet the need Will it allow us to focus on higher stack technologies Will it improve productivity Will it provide reliable uptime and desirable DR/BCP

Types of Cloud There are several types of Cloud Services targeting Consumers and Enterprises Public cloud the infrastructure is made available to the general public (e.g., Google Apps, Amazon Elastic Compute Cloud (EC2TM), Apple icloud). Community cloud provisioned for exclusive use by a specific community of consumers from enterprises or interest groups (e.g., vertical industries, schools, researchers, software developers) that have shared concerns. Private cloud infrastructure can be used only by one single enterprise Hybrid cloud composition of two or more distinct cloud infrastructures (private, community or public) that remain unique entities Cloud Service Models Service Provider perspective IaaS infrastructure as a service ping, power, pipe PaaS platform as a service server infrastructure SaaS software as a service. an application hosted on a remote server and accessed through the Internet salesforce.com, web services, DB

Anatomy of the Cloud Infrastructure, Data Center Power Servers, Virtualization Bandwidth/network Storage Monitoring SLA s

Why we love the Cloud? Consumer perspective It is cheap It is easy to use Ease of access We are told to always backup our data http://www.toptenreviews.com/

Assumptions of the Cloud Consumer assumptions of the cloud Our data will be backed up all the time It will be protected by the vendor They won t sell our information to others our privacy is protected We are in control of our data Vendor assumptions of their cloud service Each subscriber that signs up makes us money Each subscriber that signs up makes us more attractive to advertisers Keep costs low, higher margins leverage partners Privacy and security vs. ease of use and accessibility you get what you pay for

What are the Risks for Consumers? Who really has access to your data? Employees with background checks? What about the partners? Does the vendor consider data security a high priority Cloud services are attractive targets to cyber thieves one success breach can net a huge result Privacy of your data can your information be distributed? What happens if the vendor goes out of business how do I get my data back or how will the new vendor affect my rights?

What are the Risks for Consumers? Dropbox cloud was a haven for data thieves, researchers say These three attacks could have been useful tools for stealing data from within organizations that used Dropbox, the researchers say. Rather than having to sneak entire files out of corporate networks, all attackers had to sneak out was the hash for the data they wanted. The hash could then be submitted to Dropbox from anywhere to download the actual data. http://www.networkworld.com/news/2011/081711-dropbox-249830.html Dropbox Left User Accounts Unlocked for 4 Hours Sunday http://www.wired.com/threatlevel/2011/06/dropbox/ Dropbox confirms it got hacked, will offer two-factor authentication A couple of weeks ago Dropbox hired some "outside experts" to investigate why a bunch of users were getting spam at e-mail addresses used only for Dropbox storage accounts. The results of the investigation are in, and it turns out a Dropbox employee s account was hacked, allowing access to user e-mail addresses http://arstechnica.com/security/2012/07/dropbox-confirms-it-got-hacked-willoffer-two-factor-authentication/

The risks to the Enterprise Always a risk when you allow another to manage your data What data are employees putting out there?

How to protect yourself Cloud Computing Tips for Consumers: Read the Terms of Service before placing any information in the cloud. If you don t understand the Terms of Service, consider using a different cloud provider. Don t put anything in the cloud you would not want the government or a private litigant to see. Pay close attention if the cloud provider reserves rights to use, disclose, or make public your information. Read the privacy policy before placing your information in the cloud. If you don t understand the policy, consider using a different provider. When you remove your data from the cloud provider, does the cloud provider still retain rights to your information? If so, consider whether that makes a difference to you. Will the cloud provider give advance notice of any change of terms in the terms of service or privacy policy?

How to Protect yourself Does the user or the hosting company own the data? Can the host deny a user access to their own data? And, most importantly from a privacy standpoint, how does the host protect the user s data? If, through no fault of your own, information stored in the cloud were breached, who would bear responsibility for the consequences? The standard contract from the major cloud providers puts the responsibility for any data loss on the person or business placing the information in the cloud. Of course, it might be possible for a large business to negotiate the terms of the standard contract. As a consumer, you probably have no control over whether an organization you do business with places your personal information in the cloud.

How to Protect Yourself Don't trust cloud providers by default Do you think that cloud services offer security or privacy by default? Think again, as cloud-storage businesses are in business to make money, and that can lead to business decisions which prioritize information sharing and ease of access over security or privacy concerns. Notably, "Google's services are not secure by default," said security and privacy researcher Christopher Soghoian in a blog post that points to comments made by Google officials that anyone concerned with government surveillance of their documents or communications-- such as journalists--shouldn't rely on services like Google Docs just out of the box. Classify your data personally identifiable data vs public does it belong here? Use fake personal data don t make it easy to social engineer you Regularly make local backups Avoid daisy-chaining accounts have different passwords for different classes Consider two-factor authentication system. Per Honan's advice, Google users should employ Google's two-factor authentication system, a.k.a. "two-step authentication." It works by either having Google text a temporary password to a user whenever they attempt to log on to their Google account, or else by using a Google two-factor password generator smartphone app. Encrypt sensitive data if it is compromised, unreadable

Questions? Please feel free to contact me gguzman@gwu.edu Visit the Division of IT website for information security and awareness info http://it.gwu.edu/security

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback