Cloud Computing Security

The document discusses security considerations for cloud computing. It covers cloud basics like service models (SaaS, PaaS, IaaS) and deployment models (public, private, hybrid, community). It then discusses securing the cloud, including the security interaction model and top security threats. Finally, it discusses leveraging the cloud securely through a decision-making process and case study.

Uploaded by

Feisal Mohamed

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

113 views

Cloud Computing Security

Uploaded by

Feisal Mohamed

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 27

Security of Cloud Computing

Topic Overview
 Introduction
 Cloud Basics
 Securing the Cloud
 Leveraging the Cloud
Introduction
 Cloud Computing Industry is growing
 According to Gartner, worldwide cloud services revenue is
leading
 Businesses are increasing Cloud adoption
 "We expect a great deal of migration towards cloud computing
worldwide

 How can IT leaders ensure security in the cloud?

Cloud Basics
 Cloud Characteristics
 Service Models
 SaaS
 IaaS
 PaaS
 Deployment Models
 Public
 Private
 Community
 Hybrid
Cloud Characteristics
Cloud Service Models

 Software as a Service
(SaaS)

 Platform as a Service
(PaaS)

 Infrastructure as a Service
(IaaS)
Natural Evolution of the Web

Source: Lew Tucker, Introduction to Cloud Computing for Enterprise Users

Four Deployment Models
Four Deployment Models
Four Deployment Models
Four Deployment Models
Securing the Cloud

 Security Interaction Model

 Top Security Threats

 Cloud Provider Security Practices –

Security Interaction Model
Top Security Threats
 Abuse and nefarious use of cloud computing
 Insecure interfaces & API’s
 Unknown risk profile
 Malicious insiders
 Shared technology issues
 Data loss or leakage
 Account or service hijacking
Threat Mitigation
Abuse and nefarious  Stricter initial registration and validation processes.
 Enhanced credit card fraud monitoring and
use of cloud coordination.
computing  Comprehensive introspection of customer network
traffic.
 Monitoring public blacklists for one’s own network
blocks.
Insecure interfaces &  Analyze the security model of cloud provider
interfaces.
API’s  Ensure strong authentication and access controls
are
implemented in concert with encrypted transmission.
 Understand the dependency chain associated with
the API.
Unknown risk profile  Disclosure of applicable logs and data.
Partial/full disclosure of infrastructure details
 Monitoring and alerting on necessary information.
Threat Mitigation
Malicious insiders  Enforce strict supply chain management and conduct
a comprehensive supplier assessment.
 Specify human resource requirements as part of
legal contracts.
 Require transparency into overall information security
and management practices, as well as compliance
reporting.
 Determine security breach notification processes.
Shared technology  Implement security best practices for installation and
configuration.
issues  Monitor environment for unauthorized
changes/activity.
 Promote strong authentication and access control for
administrative access and operations.
 Enforce service level agreements for patching and
vulnerability remediation.
 Conduct vulnerability scanning and configuration
audits.
Threat Mitigation
Data loss or  Implement strong API access control.
 Encrypt and protect integrity of data in transit.
leakage  Analyze data protection at both design and run time.
 Implement strong key generation, storage and
management, and destruction practices.
 Contractually demand providers wipe persistent
media before it is released into the pool.
 Contractually specify provider backup and retention
strategies.
Account or  Prohibit the sharing of account credentials between
users and services.
service  Leverage strong two-factor authentication
hijacking techniques where possible.
 Employ proactive monitoring to detect unauthorized
activity.
 Understand cloud provider security policies and
SLAs.
Security Practices

 Organizational and Operational Security

 Data Security
 Threat Evasion
 Safe Access
 Privacy
Organizational and Operational
Security

 Holistic approach to security

 Security team
 Develop with security in mind
 Regularly performs security audits and threat assessments
 Employees screened, trained
 Works with security community and advisors
Data Security

 Google Code of Conduct – “Don’t be evil.”

 Physical security
 Logical Security
 Accessibility
 Redundancy
Threat Evasion

 Spam and virus protection built into products

 Protects against application & network attacks
Safe Access

 Avoids local storage

 Access controls
 Encrypted connections
 Integrated security
Privacy

 Privacy policy
 Does not access confidential user data
 Does not alter data
 Maintain own IP rights
 Indemnification, liability
 End of use
Leveraging the Cloud

 Decision Making Process

 Clan Wars Case Study

Decision Making Process
 Identify the asset for cloud deployment
 Evaluate the asset requirements for confidentiality, integrity,
and availability
 Map the asset to potential cloud deployment models
 Evaluate potential cloud service models and providers
 Sketch the potential data flow
 Draw conclusions
Rackspace Security Practices
 Physical Security
 System Security
 Operational Infrastructure Security
 Client Application Security
Cloud Consumer Best Practices
Governance Domains Operational Domains
• Governance & Enterprise • Traditional Security,
Risk Mgmt Business Continuity, and
• Legal and Electronic Disaster Recovery
Discovery • Data Center operations
• Compliance and Audit • Incident Management
• Information Life Cycle • Application security
Management • Encryption & Key Mgmt
• Portability and • Identity & access Mgmt
Interoperability • Virtualization

Cloud Computing Notes
100% (6)
Cloud Computing Notes
35 pages
AZURE AZ 500 STUDY GUIDE-1: Microsoft Certified Associate Azure Security Engineer: Exam-AZ 500
From Everand
AZURE AZ 500 STUDY GUIDE-1: Microsoft Certified Associate Azure Security Engineer: Exam-AZ 500
Mamta Devi
No ratings yet
SAP CONCUR SFTP CMD BATCH v2
100% (1)
SAP CONCUR SFTP CMD BATCH v2
17 pages
CIS Google Cloud Platform Foundation Benchmark v1.3.0
No ratings yet
CIS Google Cloud Platform Foundation Benchmark v1.3.0
327 pages
Cloud Security
No ratings yet
Cloud Security
54 pages
Cloud Security
No ratings yet
Cloud Security
35 pages
Introduction To Cloud Security
0% (1)
Introduction To Cloud Security
42 pages
Chapter 5 Cloud Computing Tech (Copy)
No ratings yet
Chapter 5 Cloud Computing Tech (Copy)
13 pages
?CLOUD SECURITY? [ MSG NOTES ✔️]
No ratings yet
?CLOUD SECURITY? [ MSG NOTES ✔️]
27 pages
Unit - 5
No ratings yet
Unit - 5
95 pages
Security in Cloud
No ratings yet
Security in Cloud
36 pages
Lec 4
No ratings yet
Lec 4
27 pages
Cloud Security
No ratings yet
Cloud Security
16 pages
Comprehensive Cloud Security Best Practices - The Script
No ratings yet
Comprehensive Cloud Security Best Practices - The Script
5 pages
Cloud Security Best Practices
No ratings yet
Cloud Security Best Practices
12 pages
Unit 4 Complete
No ratings yet
Unit 4 Complete
20 pages
Curriculum Cloud Security
No ratings yet
Curriculum Cloud Security
3 pages
unit1
No ratings yet
unit1
13 pages
CC Module 4
No ratings yet
CC Module 4
13 pages
NIST Cybersecurity
No ratings yet
NIST Cybersecurity
9 pages
Cloud Security UNIT 4
No ratings yet
Cloud Security UNIT 4
12 pages
Unit 1 Cloud
No ratings yet
Unit 1 Cloud
10 pages
CC MODULE 4
No ratings yet
CC MODULE 4
27 pages
Lm 12 Slides
No ratings yet
Lm 12 Slides
17 pages
Unit 4
No ratings yet
Unit 4
43 pages
Cloud Computing Unit-4 Complete Notes 20-09-2024
No ratings yet
Cloud Computing Unit-4 Complete Notes 20-09-2024
11 pages
Unit-4 CC
No ratings yet
Unit-4 CC
26 pages
CCDT unit 5
No ratings yet
CCDT unit 5
10 pages
Cloud Computing
No ratings yet
Cloud Computing
7 pages
Cloud Security 1714239755
No ratings yet
Cloud Security 1714239755
23 pages
module4-cloudcomputing
No ratings yet
module4-cloudcomputing
20 pages
Unit5 Cloud Security
No ratings yet
Unit5 Cloud Security
32 pages
Unit 4
No ratings yet
Unit 4
11 pages
Module 4 - Cloud, Transport, Application Layer Security
No ratings yet
Module 4 - Cloud, Transport, Application Layer Security
19 pages
CS Unit-II Derailed Notes
No ratings yet
CS Unit-II Derailed Notes
15 pages
Cloud Security
No ratings yet
Cloud Security
14 pages
Cloud Unit IV-1
No ratings yet
Cloud Unit IV-1
13 pages
Security in Cloud Computing (Salmon Joy)
No ratings yet
Security in Cloud Computing (Salmon Joy)
22 pages
Unit 5 - CC
No ratings yet
Unit 5 - CC
28 pages
Unit5 Cloud Security
No ratings yet
Unit5 Cloud Security
32 pages
Five Best Practices for Cloud Security
No ratings yet
Five Best Practices for Cloud Security
1 page
CloudComputing UNIT 4
No ratings yet
CloudComputing UNIT 4
83 pages
Unit 5 Cloud Security
No ratings yet
Unit 5 Cloud Security
16 pages
Unit 4 Lecture 5 Ppt5
No ratings yet
Unit 4 Lecture 5 Ppt5
38 pages
cyber security preparation
No ratings yet
cyber security preparation
3 pages
Cyber Security Framework V1.0
No ratings yet
Cyber Security Framework V1.0
39 pages
Unit-8- Threats Security Mechanism
No ratings yet
Unit-8- Threats Security Mechanism
88 pages
Information Security For Cloud Services Awareness Training
No ratings yet
Information Security For Cloud Services Awareness Training
5 pages
Check List Cloud
No ratings yet
Check List Cloud
9 pages
Untitled Document
No ratings yet
Untitled Document
5 pages
Cc Seminar Report Final
No ratings yet
Cc Seminar Report Final
14 pages
Unit - V Security in The Cloud
No ratings yet
Unit - V Security in The Cloud
40 pages
Cyber Fundamentals Course 2.0
No ratings yet
Cyber Fundamentals Course 2.0
29 pages
Climent E. Cloud Security Strategies. Protecting Data in The Digital Age 2024
No ratings yet
Climent E. Cloud Security Strategies. Protecting Data in The Digital Age 2024
213 pages
Disclosure of Security Policies, Compliance and Practices: The Cloud Service Provider Should Demonstrate
No ratings yet
Disclosure of Security Policies, Compliance and Practices: The Cloud Service Provider Should Demonstrate
15 pages
Cloud Computing Security
No ratings yet
Cloud Computing Security
31 pages
Cloud Computing
No ratings yet
Cloud Computing
9 pages
Chapter 1
No ratings yet
Chapter 1
6 pages
Chapter 6
No ratings yet
Chapter 6
7 pages
0572 AzureSecurityNotes
No ratings yet
0572 AzureSecurityNotes
121 pages
Unit 5
No ratings yet
Unit 5
51 pages
UNIT IV-Notes_CC
No ratings yet
UNIT IV-Notes_CC
26 pages
LM 12 Slides
No ratings yet
LM 12 Slides
13 pages
The Evolution of Java EE
No ratings yet
The Evolution of Java EE
4 pages
Vacancy Announcement: Ict Officer: Who We Are
No ratings yet
Vacancy Announcement: Ict Officer: Who We Are
2 pages
IT Governance Notes
No ratings yet
IT Governance Notes
21 pages
CIS 4402 IT Governance and Evalution - Course Outline
No ratings yet
CIS 4402 IT Governance and Evalution - Course Outline
3 pages
OWASP Juice Shop Vulnerability Descriptions Final Cleaned
No ratings yet
OWASP Juice Shop Vulnerability Descriptions Final Cleaned
10 pages
Prelim Exam - Attempt Review
No ratings yet
Prelim Exam - Attempt Review
14 pages
Security in Filevault: Sakthiyuvaraja Sakthivelmurugan Cis751 Report, Fall 2007
No ratings yet
Security in Filevault: Sakthiyuvaraja Sakthivelmurugan Cis751 Report, Fall 2007
4 pages
Chandan R K 18CS3K1042 BSC Csme
No ratings yet
Chandan R K 18CS3K1042 BSC Csme
11 pages
Cluster Based Data-Aggregation Using Lightweight Cryptographic
No ratings yet
Cluster Based Data-Aggregation Using Lightweight Cryptographic
8 pages
TOR Anonymity Network
No ratings yet
TOR Anonymity Network
32 pages
BPAS: Blockchain-Assisted Privacy-Preserving Authentication System For Vehicular
No ratings yet
BPAS: Blockchain-Assisted Privacy-Preserving Authentication System For Vehicular
10 pages
Test Cases
No ratings yet
Test Cases
3 pages
Digital Certificates v3
No ratings yet
Digital Certificates v3
22 pages
SA 9696 Computer Use Agreement Non Employee
No ratings yet
SA 9696 Computer Use Agreement Non Employee
1 page
Week9 Quiz
No ratings yet
Week9 Quiz
5 pages
Security+ Guide To Network Security Fundamentals, Fifth Edition
No ratings yet
Security+ Guide To Network Security Fundamentals, Fifth Edition
52 pages
Attachment Q30 COCoCCA Registry Services (NZ) Limited - Security PolicyCCA SecurityPolicy
No ratings yet
Attachment Q30 COCoCCA Registry Services (NZ) Limited - Security PolicyCCA SecurityPolicy
3 pages
Wireless Network Security Chapter3
No ratings yet
Wireless Network Security Chapter3
5 pages
Parameter Manipulation: Prev Next
No ratings yet
Parameter Manipulation: Prev Next
5 pages
Certified Ethical Hacker Certified Ethical Hacker: 10 (Practical)
No ratings yet
Certified Ethical Hacker Certified Ethical Hacker: 10 (Practical)
12 pages
Week 2 Data Loss Prevention
No ratings yet
Week 2 Data Loss Prevention
4 pages
Cryptography Quest Bank 02
No ratings yet
Cryptography Quest Bank 02
7 pages
CYBERSECURITYPROLOGUE New
0% (1)
CYBERSECURITYPROLOGUE New
3 pages
Encryption and Decryption Using Laplace Transform
No ratings yet
Encryption and Decryption Using Laplace Transform
19 pages
Aide-Mémoire COMPTIA Security
No ratings yet
Aide-Mémoire COMPTIA Security
3 pages
CCNA Security v20 Chapter 3 Exam Answers
No ratings yet
CCNA Security v20 Chapter 3 Exam Answers
5 pages
Romney Ais13 PPT 08
No ratings yet
Romney Ais13 PPT 08
14 pages
New DOC Document
No ratings yet
New DOC Document
9 pages
APM For Security Forensics: Enhance Your IT Security With Post-Event Intrusion Resolution
100% (1)
APM For Security Forensics: Enhance Your IT Security With Post-Event Intrusion Resolution
3 pages
Cloud Security Mechanisms
No ratings yet
Cloud Security Mechanisms
10 pages
Tryhackme Road Map For Beginners
No ratings yet
Tryhackme Road Map For Beginners
21 pages
Protection and Security
No ratings yet
Protection and Security
67 pages