Cloud Security- Sameer Paradia

8/2/2019 Cloud Security- Sameer Paradia

1/18


2/18

Goals

1.BriefonCloudComputin

.

3.Framework

http://www.flickr.com/photos/tomhaymes/3212

92834/


3/18

Understand ou


4/18

EssentialCharacteristic

OnDemand

Demandtrendsarepredictedbythe

provider

Paybytherealtime use

Selfservicefrompoolofresources

withaGUI

or

API

ElasticScalability

Ubiquitous Network

Thenetwork

is

essential

to

use

the

serv ce


5/18

Beyond basic..

S iiModes of DeploymentServiceservicesTypesypes

Compute

Network Datacentre

Storage

IaaSDeploymenteployment

modelsodelsWeb2.0Applications

DevelopmenttoolsPublic cloudublic cloudmodelsodels

Business

MiddlewareDatabase JavaRuntime

Paa

Public cloudublic cloud

P i t l di t l dHybrid cloudybrid cloud

Collaboratio

nERP/CRMS

Private cloudrivate cloudCommunity cloudommunity cloud

Business

Processes

Enterprise

ApplicationsS

a


6/18

Security rea


7/18

Lots of noise on....

... ...

http://www.flickr.com/photos/purpleslog/2870445256/in/photostream/


8/18

practice

ou ave o a e e

same approach ascurrent ISMS

http://www.flickr.com/photos/pheckaboolala/341063811


9/18

Whatisit?

cloud

Whyiscritical?

Your

information

is

at

central

unknownplaceincloud

No visibilit of securit measures inPubliccloud

Impact

of

breach

on

business? Lac o Comp iance

Legalissue

http://www.flickr.com/photos/nigeljohnson73/6788941421


10/18

SaaS:

Leastconsumerextensibility

Relativelyhigh

level

of

integrated

security

PaaS

Enabledeveloperstobuildtheirownapplicationsontopoftheplatform

Moreextensi et anSaaS,att eexpenseo customerrea y eatures

Builtincapabilitiesarelesscomplete,butthereismoreflexibilitytolayeronadditional

security

IaaS

Few

application

like

features,

Enormousextensibility

Lessintegratedsecuritycapabilitiesandfunctionalitybeyondprotectingthe

infrastructureitself

Assets

to

be

managed

and

secured

by

the

cloud

consumer


11/18

Security ramewor


12/18

1.Identifyasset

tocloudif

2.Assessimpact

oftransferrin 3.Maptheasset

a)Data

b)Applicationsassets

on

cloud

onbusinessincloud

deployment

models

ri Fr m rk

4.Evaluate

controlsin

5.Evaluatethe

Dataflow

to

eachofIaas/Paas/Saasla er

understandthe

flow

dependinguponasset


13/18

Cloud on ro s


14/18

3 Dimensions of cloud securityDimensions of cloud security

IT

Assets

Risk

Business

nc ou ssessmenr ca y

For achieving robust and practical security consider all 3 perspectiv


15/18

overnance

(Strategic)

pera ona

(Tactical)

RiskManagement

Legal&Electronic

BCP/DR

Datacentre

Discovery Compliance/Audit

Operations Incident

InformationLifecyclemanagement

anagemen

Applicationsecurity

Interoperability

Identity&Access

Virtualization


16/18

Possiblecontrols Layeredsecurity

facilities(physical

security)

ne wor n ras ruc ure ne wor security)

ITsystems(systemsecurity)

informationand

applications

(applicationsecurity).

addresssecuritycontrolssuchas

physicalsecurity,

environmental

secur ty,an v rtua zat onsecur ty

SaaS

http://www.flickr.com/photos/telstar/2816038167


17/18

Considerthreeperspective

Assets,Risk

management

and

Businesscriticality

Cloudasanoperationalmodel

neither rovidefornor revent

achievingcompliance

Selectionofcontroldependson

Controlvariesdependingon the

design,

deployment,

and

managemento t eresources

MostofSecuritycontrolsincloud

are,sameasnormalIT

environment

http://www.flickr.com/photos/isadocafe/2095153000/


18/18

Sameer Paradia CGEIT, CISM, CISSP

([email protected])

Practicin IT Securit for 12+ ears out of 20+ ears of IT Services/ Outsourcin work ex erience.

http://www.flickr.com/photos/forgetmeknottphotography/7003899183/sizes/l/in/photostream/

Documents

Cloud Security- Sameer Paradia