Privacy hacking & Data Theft

Similar documents
Introduction to Cloud Computing. [thoughtsoncloud.com] 1

Introduction To Cloud Computing

Cloud Computing, SaaS and Outsourcing

ALI-ABA Topical Courses ESI Retention vs. Preservation, Privacy and the Cloud May 2, 2012 Video Webcast

Programowanie w chmurze na platformie Java EE Wykład 1 - dr inż. Piotr Zając

Cloud Computing and Service-Oriented Architectures

Leveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group

Chapter 4. Fundamental Concepts and Models

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Copyright 2011 EMC Corporation. All rights reserved.

OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA

Moving to computing are auditors ready for the security challenges? Albert Otete CPA CISA ISACA Uganda Workshop

Auditing the Cloud. Paul Engle CISA, CIA

How Credit Unions Are Taking Advantage of the Cloud

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)

Cloud Computing and Service-Oriented Architectures

Future Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013

Computing as a Service

Securing the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA

Why the cloud matters?

VMware Hybrid Cloud Solution

Building your Castle in the Cloud for Flash Memory

Driving Cloud Governance and Avoiding Cloud Chaos

THE DATA CENTER AS A COMPUTER

CLOUD COMPUTING. Lecture 4: Introductory lecture for cloud computing. By: Latifa ALrashed. Networks and Communication Department

Mitigating Risks with Cloud Computing Dan Reis

CHEM-E Process Automation and Information Systems: Applications

Security Models for Cloud

INFS 214: Introduction to Computing

Cloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION

COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS

How to avoid storms in the cloud. The Australian experience and global trends

Analytics in the Cloud Mandate or Option?

Third Party Cloud Services Its Adoption in the New Age

Introduction to Cloud Computing

Introduction to Cloud Computing

Topics of Discussion

In this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing,

Reviewing Nist Cloud Computing Definition

Cloud Computing Definitions and Audits

Building Trust in the Era of Cloud Computing

Clouds in the Forecast. Factors to Consider for In-House vs. Cloud-Based Systems and Services

Data Security: Public Contracts and the Cloud

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

Protecting your Data in the Cloud. Cyber Security Awareness Month Seminar Series

Exam C Foundations of IBM Cloud Reference Architecture V5

A CISO GUIDE TO MULTI-CLOUD SECURITY Achieving Transparent Visibility and Control and Enhanced Risk Management

Fundamental Concepts and Models

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

Cloud Computing Overview. The Business and Technology Impact. October 2013

Practical Guide to Platform as a Service.

The Cloud and Big Data. Christopher L Poelker VP Enterprise Solutions FalconStor Software

3. What do you mean by virtualization? What is the role of virtualization in cloud computing?

Choosing the Right Cloud Computing Model for Data Center Management

Accelerate Your Enterprise Private Cloud Initiative

Best Practices in Securing a Multicloud World

BUSINESS CONTINUITY MANAGEMENT

Public vs private cloud for regulated entities

Cloud Computing introduction

Cloud Computing Introduction & Offerings from IBM

Cloud Security. Copyright Ramesh Nagappan. All rights reserved.

JOURNEY TO CLOUD (J2C) CONSUMING TECHNOLOGY, NOT OWNING IT

PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS

Network Implications of Cloud Computing Presentation to Internet2 Meeting November 4, 2010

Introduction to AWS GoldBase

Cloud Computing: The Next Wave. Matt Jonson Connected Architectures Lead Cisco Systems US and Canada Partner Organization

Practical Guide to Hybrid Cloud Computing. Cloud-Computing.

2-4 April 2019 Taets Art and Event Park, Amsterdam CLICK TO KNOW MORE

CLOUD COMPUTING. Rajesh Kumar. DevOps Architect.

Business Technology Briefing: Fear of Flying, And How You Can Overcome It

Automated Deployment of Private Cloud (EasyCloud)

Chapter. Securing the Cloud THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:

MANAGED CLOUD SERVICES

Multi Packed Security Addressing Challenges in Cloud Computing

10 Considerations for a Cloud Procurement. March 2017

Cloud Computing An IT Paradigm Changer

The Challenge of Cloud Security

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

Cloud Computing in the enterprise: Not if, but when and how?

Data Security, Integrity and Accessibility in the Cloud

Cloud Computing Concepts, Models, and Terminology

CS 6393 Lecture 10. Cloud Computing. Prof. Ravi Sandhu Executive Director and Endowed Chair. April 12,

Cloud Readiness Toolkit Overview

Data Security and Privacy Principles IBM Cloud Services

SCADA Traditional definition and application.

Cloud computing the use of contracts as a means of governing networked computer services.

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Introduction to data centers

Click to edit Master title style

ISACA Phoenix Chapter Meeting

ECE Enterprise Storage Architecture. Fall ~* CLOUD *~. Tyler Bletsch Duke University

Azure SQL Database Basics

Cloud Customer Architecture for Securing Workloads on Cloud Services

Cloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson

Cloud Computing and Its Impact on Software Licensing

Rijndael Encryption Technique for User Authentication in Cloud Computing

An introductory look. cloud computing in education

Community Clouds And why you should care about them

Benefits of Extending your Datacenters with Amazon Web Services

Transcription:

Privacy hacking & Data Theft Cloud Computing risks & the Patricia A RoweSeale CIA, CISA, CISSP, CRISC, CRMA The IIA (Barbados Chapter) Internal Audit Portfolio Director CIBC FirstCaribbean

Objectives Cloud Computing 101 Typical Risks associated with Cloud Computing The response November 12, 2014 2

Definition of Cloud Computing The US National Institute of Standards and Technology (NIST) Cloud computing is a model for enabling ubiquitous, convenient, on demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models November 12, 2014 3

Five Essential Characteristics of Cloud Computing On demand self service Computing capabilities can be provisioned without human interaction from the service provider. Broad network access Computing capabilities are available over the network and can be accessed by diverse client platforms Resource pooling Computer resources are pooled to support a multitenant model. Rapid elasticity Resources can scale up or down rapidly and in some cases automatically in response to business demands. Measured service Resource utilization can be optimized by leveraging charge per use capabilities November 12, 2014 4

Three Service models (reference #2) Infrastructure as a Service (IaaS) In an IaaS solution, the Cloud Service Provider (CSP) provides cloud users with processing, storage, networks and other fundamental computing resources. Operating systems and applications, however, are the responsibility of the user and are not included in the service offering of the CSP. Example: Amazon Web Services LLC Platforms as a Service (PaaS) PaaS entails the CSP making available infrastructures and platforms on which cloud users deploy their own applications. This requires the CSP to support programming languages, libraries, services and tools. Example: Google App Engine TM Software as a Service (SaaS) When opting for SaaS, cloud users not only hire infrastructure and platforms from the CSP, but also run CSP provided applications on them. Example: Salesforce November 12, 2014 5

Four Deployment models (reference #2) Public The infrastructure is made available to the general public (e.g., Google Apps, Apple icloud). It is deployed within the CSP infrastructure, offsite to the enterprise infrastructure. Community The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from enterprises or interest groups (e.g., schools, researchers, software developers) that have shared concerns. It can be deployed onsite (within the enterprise infrastructure) or offsite (within the CSP infrastructure, also called outsourced ). November 12, 2014 6

Four Deployment models (reference #2) Private The infrastructure can be used only by one single enterprise. As for community clouds, it can be deployed onsite or offsite enterprise premises. Hybrid The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community or public) that remain unique entities. November 12, 2014 7

Risk associated with Cloud Computing Typically risk events would impact the information assets by impairing one or more the following: Confidentiality / Privacy Availability Integrity November 12, 2014 8

Cloud Computing risks: Confidentiality / Privacy Who has access to your data? Where is your data? Is your CSP obligated to handover your data if requested (Governments, Law enforcement)? Is it possible for your data to be mistakenly disclosed, when another company s data is requested? Is your CSP compliant with laws and regulations at collection and storage jurisdictions? Who has physical and logical access? Who owns the data? November 12, 2014 9

Cloud Computing risks: Availability Is appropriately formatted data available at requested times for compliance monitoring and reporting? How portable is your data / applications? Is a Business Continuity Plan in place and was it tested? Is the CSP a going concern? November 12, 2014 10

Cloud Computing risks: Integrity Who has access to your data / applications How are users provisioned? Who controls user provisioning? Are security and application events logged and monitored Change management Who approves and validates changes made to systems November 12, 2014 11

response Early involvement in the decision Regular review of exceptions reports, with predefined corrective measures Review and action of independent auditor reports Current with emerging risks, laws and regulations Active monitoring of the CSP November 12, 2014 12

THANK YOU! November 12, 2014 13

Questions? November 12, 2014 14

References 1. IT Governance and the Cloud: Principles and Practice for Governing Adoption of Cloud Computing (Ron Speed, CISA, CRISC, CA ) www.isaca.org 2. Security Considerations for Cloud Computing www.isaca.org 3. Cloud Computing Risk Assessment: A Case Study (Sailesh Gadia, CISA, ACA, CPA, CIPP) www.isaca.org 4. Risk landscape of Cloud Computing (Vasant Raval, CISA, DBA) www.isaca.org November 12, 2014 15

Patricia RoweSeale CIBC FirstCaribbean International bernardpat@caribsurf.com 246 231 9816 patricia.roweseale@cibcfcib.com 246 367 5946 November 12, 2014 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback