Introduction to Cloud Security

1,040 views 23 slides Oct 16, 2021
Slide 1
Slide 1 of 23
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23

About This Presentation

Cloud has changed the way we use computing and can yield significant economic, collaborative and efficiency benefits. But with this increased adoption, at both the personal & business level, comes increased exposure to potential risks, threats and attacks. This talk will introduce the fundament...

Size: 1.77 MB
Language: en
Added: Oct 16, 2021
Slides: 23 pages

Slide Content

SusanneTedrick
1
Introductionto
CloudSecurity

Agenda
WhyCloud?
SecurityImplicationsofCloudServiceandDeploymentModels
CloudSecurityRisksandThreats(A Sampler)
WhatisCloudSecurity?
NIST Cybersecurity Framework
Additional Resources

WhyCloud?
Scalability Payasyougo Resourcesharing
Collaboration/
mobility
Competitiveness

WhatAboutCloudSecurity?

TheSharedResponsibility ofCloudSecurity
On-Premises
Infrastructureasa
Service (IaaS)
Platformasa
Service
(PaaS)
Softwareasa
Service
(SaaS)
UserAccess UserAccess UserAccess UserAccess
Data Data Data Data
Applications Applications Applications Applications
OperatingSystem OperatingSystem OperatingSystem OperatingSystem
NetworkTraffic NetworkTraffic NetworkTraffic NetworkTraffic
Hypervisor Hypervisor Hypervisor Hypervisor
Infrastructure Infrastructure Infrastructure Infrastructure
Physical Physical Physical Physical
White–CustomerResponsibility Shaded–CloudProviderResponsibility

CloudDeploymentsModels
Hybrid Private
Cloud security
responsibility
completely
owned byclient
Shared cloud
security
responsibility
betweenclientand
cloudprovider
Cloud security
retained by cloud
provider;no
client control
Public

MulticloudLackofVisibility
MostUSbasedenterprisesareusingatleasttwopubliccloudproviders.Thisapproach
addsevenmoresecuritycomplexity.
Source:Cisco

DataLeakage
Dataisnolongerunder
your control
Loss ofconfidentiality
DataLoss
DataDamage
Acorrectcopyofthe
data is no longer
available
Compromiseofintegrity
oravailability

MalwareInjections
The attacker attempts to inject an
implementationofamaliciousservice
orvirtualmachineintothecloud.
Source:F5

DistributedDenialofService
(DDoS)
These types of attacks cause the
availabilityofdataorservicestogo
down because of an overload of
traffictotheserver.
Source:F5

InsecureApplication
Programming Interfaces(APIs)
APIsbecomeanopendoorwaytoanapplicationorcloudplatform-itiscriticalthat
they aresecured.
Source:F5

Containerization
With the wide adoption of
container-based applications,
systemsbecamemorecomplex
andsecurityrisksincreased.
Source:Devopedia

WhatIsCloudSecurity?
CLOUD
Policies,proceduresandtoolsusedtoprotectdata,
applicationsandnetworksincloudenvironments.

KeyQuestions
RESPONSIBILITY FORTIFICATION CONTROLS
What is my
responsibility?
HowdoIsecure
my cloud
environment
?
Whatsecurity
controlswork
best?

NISTCybersecurity
Framework
Establishedin2014
Maingoals:
■Helpmanagecyberrisks
■Providea“commonlanguage”for
discussingcyberrisks
■Help create and assess and
improvecybersecurity
programs
16

NISTCybersecurity
Framework
■Assetidentification
■Useridentification
■Dataidentificationand
governance
17

NISTCybersecurity
Framework
■Datasecurity
■Applicationsecurity
■Networksecurity
18

NISTCybersecurity
Framework
■Logging
■Continuous
monitoring
■Detectionprocesses
19

NISTCybersecurity
Framework
■Developandmaintain
responseplaybooks
■Addresscomplianceand
privacy notification
regulations
■Eliminatetechnologysilos
■Automatesecurityincident
investigations
20

NISTCybersecurity
Framework
■Backupandrestore
■Disasterrecovery
■Improvementsand
communication
■Remediation
21

Best Practices
•Research Your Cloud Service Provider’s Security Program
•Read Your Cloud Services Provider’s Terms of Use
•Utilize NIST’s Cybersecurity Framework
•Prevent, detect and respond to cyberattacks -nist.gov/cyberframework
•Utilize NIST’s Guidelines on Security and Privacy in Public Cloud
Computing
•nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf

AdditionalResources
■NISTCybersecurityFramework
nist.gov/cyberframework
■NISTGuidelinesonSecurityandPrivacyinPublicCloudComputing
nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf
■CloudSecurityAlliance
cloudsecurityalliance.org
■(ISC)
2
2020 CloudSecurityReport
isc2.org/resource-center/reports/2020-cloud- security-report

Thank
You!
Tags
cloud computing cloud security
Categories
Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 1,040
  • Slides 23
  • Age 1506 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
Know for Certain 21
Know for Certain
DaveSinNM
19 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views
View More in This Category