Cloud security and security architecture
vladimirjirasek
28,664 views
12 slides
Dec 11, 2012
Slide 1 of 12
1
2
3
4
5
6
7
8
9
10
11
12
About This Presentation
Presentation that I gave at ISC2 SecureLondon conference in London on 11th December 2012.
Slide Content
Security architecture and Cloud computing, are these mutually exclusive ? ( Introduction to Cloud Security Guidance) Vladimir Jirasek Director of Research, CSA UK 11 December 2012
Agenda Cloud risk assessment x compared to traditional risk assessments Cloud security architectures x compared to security architectures CSA domains
Cloud risk assessment
Cloud model Public Private Hybrid Community Software as a Service ( SaaS ) Platform as a Service ( SaaS ) Infrastructure as a Service ( SaaS ) Broad network access Rapid elasticity Measured service On-demand service Resource pooling
Cloud computing deployment models Infrastructure managed by Infrastructure owned by Infrastructure located Accessible and consumed by Public Third party provider Third party provider Off-premise Untrusted Private/ Community or Organisation Organisation On-premise Trusted 3 rd party provider 3 rd party provider Off-Premise Hybrid Both Organisation & Third party provider Both Organisation & Third party provider Both On-Premise & Off-Premise Trusted & Untrusted
Cloud model maps to Security model Cloud model Physical security Network security Host security Application sec. Data security SIEM Identity, Access Cryptography Business continuity GRC Direct map
Responsibilities for areas in security model compared to delivery models Physical security Network security Host security Application sec. Data security SIEM Identity, Access Cryptography Business continuity GRC Provider responsible Customer responsible IaaS P aaS SaaS IaaS P aaS SaaS
Cloud Security Domains Governance Governance and Enterprise Risk Management Legal Issues: Contracts and Electronic Discovery Compliance and Audit Information Management and Data Security Portability and Interoperability Operational Traditional Security, Business Continuity and Disaster Recovery Data Center Operations Incident Response, Notification and Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Security as a Service
Cloud Security Alliance supports number of projects related to cloud Get involved at https :// cloudsecurityalliance.org /research/
How to manage cloud security Have a cloud security standard What to do on an Enterprise level Before your Cloud project During your Cloud project BAU Exit from the Cloud provider Risks cannot be outsourced Manage lock-in and exit up-front – especially in SaaS How to drive out the 'seven deadly sins' of cloud computing - new Information Security Forum report
Contact Help us secure cloud computing – Get involved http:// cloudsecurityalliance.org.uk [email protected] LinkedIn: http ://www.linkedin.com/groups/Cloud-Security-Alliance-UK-Chapter- 3745837 Twitter: @ CSAUKResearch
Thank you!
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 28,664
- Slides 12
- Favorites 19
- Age 4739 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
27 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
29 views