Cloud Computing Security Customer TrustRisk Frameworks Presenter Nigel
- Slides: 43
Cloud Computing ~ Security & Customer Trust/Risk Frameworks ~ Presenter ~ Nigel Gibbons International Association of Microsoft Channel Partners (IAMCP)
NRG ‘PB’ Curve
Nigel Gibbons Uni. Tech - Executive Chairman Chartered IT Professional (CITP) Microsoft Buisness Value Planning (MBVP) Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional(CISSP) Microsoft Certified Inromation Technology Professional (MCITP) Strategic Business Planning & Audit. • • Insititute of Information Security Professionals (IISP) Information Security Audit & Control Association (ISACA) International Information Systems Security Certification Consortium or (ISC)2 Cloud Security Alliance - UK & Ireland • Euro. Cloud • Voices for Innovation • Microsoft Partner Advisory Council • Microsoft Executive Partner Board • IAMCP UK & International Board Member International Association of Microsoft Channel Partners (IAMCP) Strategic Business Planning & Audit.
Overview Cloud Security • Security in Context • Customers • Microsoft • Engagement Framework & References Frameworks • Real World application International Association of Microsoft Channel Partners (IAMCP)
Security Risk Trust Security International Association of Microsoft Channel Partners (IAMCP)
International Association of Microsoft Channel Partners (IAMCP)
Security Investment International Association of Microsoft Channel Partners (IAMCP)
Threat #1: Abuse and Nefarious Use of Cloud Computing • Criminal leverage of cloud resources • Cloud providers Targeted • Iaa. S offerings have hosted: – Zeus botnet, – Info. Stealer trojan horses – botnets command & control • Impact = Iaa. S blacklisting International Association of Microsoft Channel Partners (IAMCP)
Threat #2: Insecure Interfaces and APIs • Exposed software interfaces or APIs • Security and availability of services dependent upon the security of these. • Exposures: – unknown service or API dependencies. – clear-text authentication – Data unencrypted to process International Association of Microsoft Channel Partners (IAMCP)
Threat #3: Malicious Insiders • • Level of access means impact considerable Lack of hiring standards Legislative friction Impact: – Brand damage, – Financial loss – Productivity downtime International Association of Microsoft Channel Partners (IAMCP)
Threat #4: Shared Technology Issues • Multi-tenant architecture challenge hardware technologies & hypervisors • Inappropriate levels of control or influence on the underlying platform • Examples: – Joanna Rutkowska’s Red and Blue Pill exploits – Kortchinksy’s Cloud. Burst presentations International Association of Microsoft Channel Partners (IAMCP)
Threat #5: Data Loss or Leakage • Deletion or alteration of records without a backup • Loss of an encoding key • Jurisdiction and political issues • Impact: – Loss of core intellectual property – Compliance violations International Association of Microsoft Channel Partners (IAMCP)
Threat #6: Account or Service Hijacking • Reuse of Credentials and passwords • Eavesdrop on activities and transactions: – manipulate data, – return falsified information, – Redirect clients to illegitimate sites International Association of Microsoft Channel Partners (IAMCP)
Threat #7: Unknown Risk Profile • When adopting a cloud service, features and functionality may be well advertised, • What about: – details of internal security procedures, – configuration hardening, – patching, auditing, and logging – Compliance? International Association of Microsoft Channel Partners (IAMCP)
References • CSA (Cloud Security Alliance) – Top Threats • Gartner report -‘Assessing the Security Risks of Cloud Computing’ International Association of Microsoft Channel Partners (IAMCP)
The Mobile Effect • Cloud is a form of mobile computing • But then there is Mobile as well… • 24 x 7 x 365 from anywhere, anytime, anyways 90% internal 80% external International Association of Microsoft Channel Partners (IAMCP)
International Association of Microsoft Channel Partners (IAMCP)
NIST (The National Institute of Standards and Technology) • Despite concerns about security and privacy, the NIST concludes that: "public cloud computing is a compelling computing paradigm that agencies need to incorporate as part of their information technology solution set. " International Association of Microsoft Channel Partners (IAMCP)
International Association of Microsoft Channel Partners (IAMCP)
Cloud All in! International Association of Microsoft Channel Partners (IAMCP)
International Association of Microsoft Channel Partners (IAMCP)
Microsoft The case for a Cloud Business Technology Roadmap Technical Certification International Association of Microsoft Channel Partners (IAMCP)
Monetising the Cloud Little margin in subscription annuity Money is in the service tail, but how? International Association of Microsoft Channel Partners (IAMCP)
Security & Reliability • Financially-backed, guaranteed 99. 9% uptime Service Level Agreement (SLA) • Always-up-to-date antivirus and anti-spam solutions to protect email • Safeguarded data with geo-redundant, enterprise-grade reliability and disaster recovery with multiple datacentres and automatic failovers • Best-of-breed data centres with SAS 70 and ISO 27001 certification International Association of Microsoft Channel Partners (IAMCP)
Trust is King Honesty Trust Delivery International Association of Microsoft Channel Partners (IAMCP)
Ignorance International Association of Microsoft Channel Partners (IAMCP)
Temptation / Ignorance International Association of Microsoft Channel Partners (IAMCP)
International Association of Microsoft Channel Partners (IAMCP)
Cloud Stack (SPI Model) International Association of Microsoft Channel Partners (IAMCP)
International Association of Microsoft Channel Partners (IAMCP)
Risk Assessment International Association of Microsoft Channel Partners (IAMCP)
Compliance Landscape International Association of Microsoft Channel Partners (IAMCP)
Risk Mitigation International Association of Microsoft Channel Partners (IAMCP)
Attack Tree Compromise Customer Data £ 50, 000 Hack Web Server e. Mail Intercept Obtain Backup Media Value to Business £ 1 m+ Hack Firewall Burglarise Office £ 5, 000 Bribe Staff or Service Provider £ 10, 000 Hack teleworker Home System £ 1, 000 International Association of Microsoft Channel Partners (IAMCP) £ 5, 000 Hack SMTP service £ 2, 000 £ 7, 000
International Association of Microsoft Channel Partners (IAMCP)
Security On Ramp Microsoft Security Assessment Tool • Gain visibility of service revenue potential Identify in competency areas International Association of Microsoft Channel Partners (IAMCP) Out of competency = Engage a Pro!
Microsoft Security Assessment Toolkit http: //technet. microsoft. com/en-gb/security/cc 185712. aspx International Association of Microsoft Channel Partners (IAMCP)
European Network and Information Security Agency(ENISA) • Cloud Computing Security Risk Assessment http: //www. enisa. europa. eu/act/rm/files/deliver ables/cloud-computing-risk-assessment International Association of Microsoft Channel Partners (IAMCP)
Cloud Security Alliance (CSA) • Security Guidance in Cloud Computing https: //cloudsecurityalliance. org/research/pr ojects/security-guidance-for-critical-areas-offocus-in-cloud-computing/ International Association of Microsoft Channel Partners (IAMCP)
International Association of Microsoft Channel Partners (IAMCP)
International Association of Microsoft Channel Partners (IAMCP)
IAMCP Vision and Mission - PACE Vision • IAMCP the global business community for the Microsoft Channel Mission • To maximize the business potential of its members through: Peer to Peer Networking Rhythm of events occurring globally Advocacy To legislatures, the media, to Microsoft and Microsoft Partners (liaison with VFI) Community Outreach On the lines of Social Entrepreneurship Education and Growth Provide Programs and experiences to grow the business capability and capacity of Partners
Thank You ! http: //nigelgibbons. net #NRG_fx info@iamcp-uk. org http: //www. twitter. com/IAMCPUK http: //www. twitter. com/IAMCPOrg International Association of Microsoft Channel Partners (IAMCP)
- Computing refers to applications and services that run on a
- Food security concepts and frameworks
- Cloud computing reference architecture
- Cloud cube model
- Private securty
- Conventional computing and intelligent computing
- Liberta hax
- Subtopics in an essay
- Contemporary framework example
- Parcc model content frameworks
- Living tree of nursing theories
- Java e commerce frameworks
- List of theoretical frameworks
- Enterprise architecture proposal
- Nursing informatics theories, models and frameworks
- Enterprise agile frameworks
- I hate frameworks
- Social studies toolkit
- Describe trust frameworks.
- Actor frameworks
- A level english language frameworks
- Software architecture frameworks
- What is interpretive framework
- Regional construction frameworks
- What is interpretive framework
- Php frameworks
- Net frameworks 4
- Local development framework
- What is the knowledge framework
- Ethical and legal frameworks in nursing
- Types of executional framework
- How social computing improves customer service
- Vodafone cheapest cloud hosting
- Full virtualization in cloud computing
- Virtualization structures/tools and mechanisms ppt
- Clouds definition
- Cloud computing reference model
- Ardcs
- Distributed system models in cloud computing
- Multi-device broker
- Green computing seminar
- Scalability issues in cloud computing
- Conclusion of cloud computing
- Unified management software in cloud computing