The Challenge of Cloud Security

Similar documents
CLOUD COMPUTING. The Old Ways Are New Again. Jeff Rowland, Vice President, USAA IT/Security Audit Services. Public Information

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

The Business of Security in the Cloud

NIST Cloud Computing Security Working Group

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

Security Models for Cloud

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Practical Guide to Cloud Computing Version 2. Read whitepaper at

A guide for IT professionals. implementing the hybrid cloud

Best Practices in Securing a Multicloud World

Securing Your Cloud Introduction Presentation

Next-Gen CASB. Patrick Koh Bitglass

Cloud Customer Architecture for Securing Workloads on Cloud Services

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

No Country for Old Security Compliance in the Cloud. Joel Sloss, CDSA Board of Directors May 2017

Multi Packed Security Addressing Challenges in Cloud Computing

Building Trust in the Era of Cloud Computing

Managing Microsoft 365 Identity and Access

Multicloud is the New Normal Cloud enables Digital Transformation (DX), but more clouds bring more challenges

Microsoft Security Management

Mitigating Risks with Cloud Computing Dan Reis

Why the cloud matters?

Practical Guide to Hybrid Cloud Computing. Cloud-Computing.

THALES DATA THREAT REPORT

Business Technology Briefing: Fear of Flying, And How You Can Overcome It

Jim Reavis CEO and Founder Cloud Security Alliance December 2017

Moving to computing are auditors ready for the security challenges? Albert Otete CPA CISA ISACA Uganda Workshop

Danish Cloud Maturity Survey 2018

Future Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013

Managing SaaS risks for cloud customers

Protecting Sensitive Data in the Cloud. Presented by: Eric Wolff Thales e-security

COMPLIANCE IN THE CLOUD

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

1/10/2011. Topics. What is the Cloud? Cloud Computing

In this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing,

CSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES. Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance

Cyber Resilience. Think18. Felicity March IBM Corporation

Lessons Learned from 4,000 Security Assessments. Sadik Al-Abdulla Security Practice Director, CDW

Cloud Transformation Program Cloud Change Champions June 20, 2018

Leveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group

Security Readiness Assessment

Analytics in the Cloud Mandate or Option?

CHALLENGES GOVERNANCE INTEGRATION SECURITY

ERP Solution to the Cloud

Cybersecurity Auditing in an Unsecure World

Security and Privacy Mechanisms: An Analysis of Cloud Service Providers for the US Government

OFFICE 365 GOVERNANCE: Top FAQ s & Best Practices. Internal Audit, Risk, Business & Technology Consulting

CASE STUDY: USING THE HYBRID CLOUD TO INCREASE CORPORATE VALUE AND ADAPT TO COMPETITIVE WORLD TRENDS

How Credit Unions Are Taking Advantage of the Cloud

ORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS. December 1, 2017

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Make Cloud the Most Secure Environment for Business. Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)

Enhanced Privacy ID (EPID), 156

Delivering Complex Enterprise Applications via Hybrid Clouds

Privacy hacking & Data Theft

Spotlight Report. Information Security. Presented by. Group Partner

Twilio cloud communications SECURITY

Driving Cloud Governance and Avoiding Cloud Chaos

Securing the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA

CIS Top 20 #13 Data Protection. Lisa Niles: CISSP, Director of Solutions Integration

SECURITY & PRIVACY DOCUMENTATION

Fundamental Concepts and Models

2017 Annual Meeting of Members and Board of Directors Meeting

ISC2 EXAM - CISSP. Certified Information Systems Security Professional. Buy Full Product.

Secure & Unified Identity

CompTIA Security+ Study Guide (SY0-501)

THALES DATA THREAT REPORT

Choosing a Secure Cloud Service Provider

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Cloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com

Healthcare IT Modernization and the Adoption of Hybrid Cloud

Cloud Security. Copyright Ramesh Nagappan. All rights reserved.

Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)

Enabling Hybrid Cloud Transformation

2018 Cyber Security Predictions

Dr. Stephanie Carter CISM, CISSP, CISA

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Cloud-Security: Show-Stopper or Enabling Technology?

NCCoE TRUSTED CLOUD: A SECURE SOLUTION

Why Microsoft Azure is the right choice for your Public Cloud, a Consultants view by Simon Conyard

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Geneva, 6-7 December 2010 Addressing security challenges on a global scale

MIS Week 9 Host Hardening

JOURNEY TO CLOUD (J2C) CONSUMING TECHNOLOGY, NOT OWNING IT

VMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment

Cyber Security Program

Defining the S&P Impacts of Cloud Computing? Presented by the SPWG September 20, 2012

Information Systems and Tech (IST)

Version 1/2018. GDPR Processor Security Controls

MSc Enterprise Security & Digital Forensics

Privacy and Security in the Age of Meaningful Use

Course Outline. CISSP - Certified Information Systems Security Professional

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Data Security: Public Contracts and the Cloud

TEL2813/IS2820 Security Management

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

Public vs private cloud for regulated entities

Security+ SY0-501 Study Guide Table of Contents

CISA Training.

Transcription:

The Challenge of Cloud Security Dr. Ray Klump Chair, Mathematics & Computer Science Director, MS in Information Security Lewis University

Poll Question #1: What type of cloud service are you currently using? a) SaaS (Software as a service) b) PaaS (Platform as a service) c) IaaS (Infrastructure as a service) d) None Master of Science in Information Security

Cloud consumers also have a responsibility to know what they want.

Understand your tolerance for risk. Master of Science in Information Security

Know your audience. Master of Science in Information Security

Migrate vs. Build New Master of Science in Information Security

Understand interdependencies Master of Science in Information Security

Governance Master of Science in Information Security

IT has to start thinking differently: new technologies and techniques for managing, securing, and monitoring data in the cloud.

Poll Question #2: Why are you going to the cloud? a) Cost savings b) Service availability c) Service scalability d) Faster turn-up e) Your boss told you to. Master of Science in Information Security

There are many obstacles to adopting the cloud. --- Some are the traditional challenges for adopting any new technology. --- Others are specific to the cloud.

Traditional considerations Enterprise strategy Business function / workload Technical architecture Network connectivity Application standards Interoperability IT and IT Risk Governance Security Policy Compliance management Maintenance Challenge to operations

Cloud-Specific Concerns Private, community, public, or hybrid? --- Adjusting your security policy to include the cloud. How does it jive with the cloud provider? --- Compliance and the cloud

Top Threats Trust Data leakage and unfriendly geography Insecure cloud software Who holds the keys? Malicious use of cloud services Account / service hijacking Malicious insiders Cloud-specific attacks Master of Science in Information Security

The top security issue for SaaS is password management. Address this through a SSO option managed in-house.

The top security issue for PaaS is encryption. Data should be encrypted before it leaves your enterprise. Use a solution that will automatically encrypt sensitive information using DLP classification technology.

The top security threat for IaaS is rogue users. Address this through governance and usage monitoring, tracking who uses what.

Poll Question #3: What are your top concerns with the Cloud? a) Lack of trust b) Loss of control c) Data security d) Availability e) Regulation requirements Master of Science in Information Security

A key question is deployment: will you use a public cloud, a private cloud, or a hybrid?

With a public cloud, you need to recognize an important reality: Your cloud provider has to become a transparent part of your IT.

In your search for a cloud provider, you need to find one that can answer the same kinds of questions your inhouse IT people would answer.

In other words, you need to be able to do the following Confirm chain of custody for information. Conduct investigative forensics. Detect attempts or occurrences of illegal disclosure Discover and enforce configurations Monitor and manage changes, patches, vulnerabilities

Questions to ask of a cloud provider Third-party validation (SOC-2) Security Policies Disaster Recovery / Business Continuity Access Controls Physical and Virtual Data Protection

With a private cloud (i.e. one you manage yourself) you need to understand why things are different from traditional IT.

Traditional model With virtualization

Poll Question #4: In your company, the Cloud is a) Mission critical b) A playground for developers c) Used for smaller / one-off projects d) A mystery

Who is inquiring about cloud security? Master of Science in Information Security

What are some helpful resources? Master of Science in Information Security

NIST Publications SP800-144: Guidelines for Security and Privacy in Public Cloud Computing SP800-145: NIST Definition of Cloud SP500-291: Cloud Computing Standards Roadmap SP500-292: Cloud Computing Reference Architecture SP500-293: US Government Cloud Computing Technology Roadmap

Cloud Security Alliance Security Guidance v3.0 Trusted Cloud Initiative (TCI) Cloud Control Matrix (CCM) Cloud Trust Protocol (CTP) GRC Stack Cloud Mobile

Trusted Cloud Initiative (TCI) Master of Science in Information Security

Governance, Risk Compliance (GRC) Framework Master of Science in Information Security

The cloud offers several promises, but it also presents unique and complex security challenges.

To make the most of the Cloud, you need to understand the challenges specific to your type of Cloud and how you deploy it.

The Lewis Master of Science in Information Security program is a unique graduate degree in Information Security.

The Lewis MSIS degree is unique in that it presents both the managerial and technical aspects of the problem. This hybrid approach reflects the true nature of the information security challenge.

Students take a shared core of courses and then specialize in either the management track or the technical track.

Students complete their coursework by completing a thesis or project as well as two CISSP review courses.

Courses are taught by industry professionals as well as Ph.D. s in Computer Science and Management Information Systems.

Most students complete the MSIS degree in 13 months to 2 years.

For more information, contact Dr. Ray Klump Director, MSIS Program Lewis University klumpra@lewisu.edu http://www.lewisu.edu/academics/msinfosec/index.htm

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback