• No results found

Cloud Security. DLT Solutions LLC June #DLTCloud

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Cloud Security. DLT Solutions LLC June #DLTCloud"

Copied!
20
0
0

Loading.... (view fulltext now)

Download now ( 20 Page )

Full text

(1)

Cloud Security

DLT Solutions LLC

(2)
(3)

Your Hosts

• Van Ristau

Chief Technology Officer, DLT Solutions

• David Blankenhorn

(4)

Introduction

• Cloud Webcast Series

– Five weekly webcasts (Thursdays May 12–June 9)

• Webcast #1 –May 12– Introduction to Cloud Computing • Webcast #2 –May 19– Software as a Service (SaaS)

• Webcast #3 –May 26– Infrastructure as a Service (IaaS) • Webcast #4 –June 2– Platform as a Service (PaaS)

• Webcast #5 –June 9– Securing the Cloud

• Series Objectives

– Provide the audience with

• A baseline understanding of Cloud Computing service models.

• Suggested decision criteria for selecting appropriate Cloud services. • An overview of vendor Cloud services available

(5)

Agenda – Cloud Security

• What’s different?

• Key Security and Privacy Issues • Security Upside

• Security Downside • Threats & Risks

• Private & Virtual Private Clouds • What To Look For

• What To Ask

(6)

Current Models – It’s All Inside

Physical Datacenter

Systems • Servers (Hypervisors) • Storage • Network • Appliances Application Platforms • Operating Systems (VMs) • Applications Account Management • Identity • Authentication • Authorization Governance, Risk & Compliance (GRC) • Audit • Analysis • Business Continuity Security Infrastructure • Intrusion Prevention • Intrusion Detection • Continuous Monitoring • Access Controls Client Interface • Browsers • Smartphones • Desktops • Laptops • Tablets

(7)

Traditional Hosting Models IT • Systems • Application Platform • GRC • Account Management • Security Infrastructure • Client Interface Hosting Provider

• Physical Data Center • Systems (limited)

• Application Platform (limited)

(8)

Public Cloud - Realms of Responsibility

SaaS

PaaS

IaaS

• Application • Application Platform • Security Infrastructure

(9)

Governance Compliance Trust Architecture & Software Isolation Identity & Access Availability Incident Response Data Protection

(10)

Possible Security Upside • Cloud Staff Specialization • Platform Strength • Resource Availability

(11)

Possible Security Downside • Shared, Multi-tenant Services

• Complexity

• Loss of Control & Visibility • Internet Facing

• Data Sovereignty

(12)

Top Threats & Risks Threats

• Abuse & Nefarious Use • Insecure Interfaces &

APIs

• Malicious Insiders • Shared Technology • Data Loss or Leakage • Account or Service

Hijacking

• Unknown Risk Profile

Source: Cloud Security Alliances’ (CSA) Top Threats to Cloud Computing v1.0

Risks

• Privileged User Access • Regulatory & Ethical

(13)

What About Private? • Needs Additional Security

– Virtualization

– Cloud Infrastructure – VM Mobility

• Loses Scale

• Requires New Skills • Pay Upfront

• Solves “Data Sovereignty”

• Maintains Control & Visibility

(14)

Virtual Private Cloud? • Resource Dedication

– Multi-Tenancy Risk Reduced

• Virtual Private Network (VPN) • Additional Security Boundaries • Visibility & Control Increased

– But still limited

• Agility

(15)

What To Look For

• Service Level Agreements • Certifications & Compliance

– FISMA

– SAS 70, Type II – ISO 27001

– PCI DSS, HIPAA, etc.

• Penetration Testing

• Incident Response Processes & Procedures

(16)

What To Ask • How to audit?

• Where’s the data? • Who can access?

• How are employees trained?

(17)

Considerations & Cautions • Data Sovereignty • Key Management • Identity Integration • Network Latency • Cloud Compatibility • Auditors

• Trust, but Verify

(18)

Resources

• National Institute of Standards and Technology (NIST)

– http://www.nist.gov/itl/cloud/

800-37: Guide to Security Certification and Accreditation of Federal Systems800-53r3: Recommended Security Controls for Federal Information Systems and

Organizations

800-146: DRAFT Cloud Computing Synopsis and Recommendations800-144: Guidelines on Security and Privacy in Public Cloud Computing800-125: Guide to Security for Full Virtualization Technologies

• Cloud Security Alliance (CSA)

– https://cloudsecurityalliance.org/ – Cloud Controls Matrix

• European Network and Information Security Agency (ENISA)

– http://www.enisa.europa.eu/

Cloud Computing: Benefits, risks and recommendations for information security

• Federal Risk and Authorization Management Program (FedRAMP)

(19)

Closing Thoughts

“Clouds are massive complex systems [that] can be reduced to simple primitives that are

replicated thousands of times and common functional units.” – Peter Mell and Tim Grance, NIST.

““When eating an elephant, take one [bite] at a time.” – General Creighton Abrams Jr.

(20)

Contact Information

DLT Cloud Advisory Group

1-855-CLOUD01 (256-8301)

[email protected] www.dlt.com/cloud

References

Download now ( PDF - 20 Page - 1.64 MB )

Related documents

HOMEOWNERS UNDERWRITING GUIDE

A binder canceled prior to the expiration date shown in the application requires ten (10) days notice of cancellation to the named insured..  Such notices shall state reason(s)

Integrating GRC with Performance Management Demands Enterprise Solutions

The CFO-driven “Financial Planning & Management” process should translate the strategic business plan into annual target-setting, revenue projections, and budget development

Client Account Opening Application

For each Beneficial Owners (for definition see Appendix C) of the Client please provide us with the following details (for more than one Beneficial Owner kindly request to be

VALET MACHINE WET & DRY 30LTR.

Supplied with carpet lance, hand held lance, full wet and dry vacuum accessory kit including stainless steel rigid extension tube, cartridge filter and foam filter.. Large

Factors Associated With Adherence to Diabetes Medication Among Individuals With Type 2 Diabetes in Cambridge, Ontario, Canada.

In addition, in the multivariate logistic regression analysis, the following combined variables were significantly associated with adherence to type 2 diabetes medication: age

Commission on Minority Health

Funds in appropriation line item 149-502, Lupus Program, must be used to do the following: provide grants for programs in patient, public, and professional education on the subject

COMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS COMPLIANCE MANAGEMENT SOLUTIONS

6 COMPLIANCE MANAGEMENT SOLUTIONS CONTACT US • Board Solutions • Disclosure Solutions • Due Diligence Solutions • Enterprise GRC Solutions • Internal Audit

Biodiversity assessment of tropical shelf eukaryotic communities via pelagic eDNA metabarcoding

SIMPER analysis of the Bahamian sampling site sequences (Data S1), indeed indicates that an unidentified dinoflagellate MOTU is a major contributor to the