• No results found

How to procure a secure cloud service

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "How to procure a secure cloud service"

Copied!
35
0
0

Loading.... (view fulltext now)

Download now ( 35 Page )

Full text

(1)

How to procure a secure cloud 

service

Dr Giles Hogben

(2)
(3)
(4)
(5)
(6)

=> Shared Resources

(7)
(8)
(9)
(10)

=> Very high value assets

• Most risks are not new, but they are amplified by resource concentration – the asset values are high.

o Trustworthiness of insiders.

o Hypervisors- hypervisor layer attacks on virtual machines are very attractive.

(11)

=> Co‐tenancy and Isolation failure

o Like a Hotel

– you may be able to hear your neighbours if the walls are not well insulated

Storage (e.g. Side

channel attacks) see

http://bit.ly/12h5Yh

Virtual machines Entropy pools

(12)
(13)
(14)
(15)
(16)
(17)
(18)
(19)

CSA Controls Matrix

(20)
(21)
(22)
(23)
(24)

Somebody else’s problem (SEP) 

syndrome

“Appirio Cloud Storage fully encrypts each piece of

(25)

Amazon AWS ToS

o “YOU ARE SOLELY RESPONSIBLE FOR APPLYING APPROPRIATE SECURITY MEASURES TO YOUR DATA, INCLUDING ENCRYPTING SENSITIVE DATA.”

o “You are personally responsible for all

(26)
(27)
(28)
(29)
(30)
(31)
(32)
(33)
(34)

ENISA Deliverables and Ongoing Activities • Cloud Computing: Benefits, Risks and

Recommendations for Information security 2009 http://is.gd/cem9H

• Assurance framework http://is.gd/cnp9V0

2009

• Gov-Cloud security and resilience analysis

(35)

Giles Hogben (giles.hogbenQenisa.europa.eu)

Secure applications and services, ENISA

https://www.enisa.europa.eu/act/application‐security

References

Download now ( PDF - 35 Page - 1.81 MB )

Related documents

From high‑resolution to low‑resolution dive datasets: a new index to quantify the foraging effort of marine predators

Method: Two southern elephant seals were fitted with a head‑mounted time depth recorder (TDR) (recording depth at 1 Hz) and an accelerometer (recording 3 axes of acceleration at

Future Technology Devices International Ltd. FT800

Note: ACTIVE command is generated by dummy memory read from address 0 when FT800 is in sleep or standby mode.. This is followed by 2

UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT

Marshak quibbles with the district court’s reliance on the res judicata effect of the Nevada actions—the 2011 default judgment against FPI and the 2012 preliminary

Role of theobromine in cocoa's metabolic properties in healthy rats.

The higher levels of pantothenic acid in cocoa and theobromine groups might be associated 412 with an enhanced fatty-acid metabolism that would partially explain the lower body

[ International Code ] Seismic Design Manual - IBC 2012 Vol 1

Volume 1 of the 2012 IBC SEAOC Structural/Seismic Design Manual addresses the application and interpretation of the seismic provisions of the 2012 International Building Code.

Dengue Baidu Search Index data can improve the prediction of local dengue epidemic: A case study in Guangzhou, China

In order to improve early and rapid response to dengue outbreaks in Guang- zhou, we combined dengue internet-based data (DBSI) with imported cases, temperature and rainfall to

The importance of psychological variables in the perceived exertion of young football players

En ellos se defiende que las dimensiones del clima disempowering (el estilo interpersonal controlador del entrenador o el clima de implicación en el ego) actúan

The real seafood experience

TasTe The coasT is a stamp of quality – and each link is decisive. The chef uses knowledge and care, the waiter spices the presentation with good stories, the fisherman or