Security issues in the Cloud Presentation for CloudCamp 2012 (Lagos) Christopher Odutola FVC Inc. Dubai

Introduction What is Cloud Security? Policies deployed to protect cloud computing Security issues faced by Providers and subscribers - responsibility Extensive use of Virtualization Security & Privacy, Compliance, Legal/Contractual issues

Security and Privacy Identity Management (IdM – federation or SSO) Physical and Personnel Security for providers Availability: regular and predictable access Application Security: ensure applications are secure Privacy: mask critical data, restrict user access/authority, protect digital IDs Legal issues vary from country to country

Compliance (PCI DSS, HIPAA, SOX) Regulations require reporting & audit trails BC and DR: plans for emergency recovery of data loss Logs and audit trails (incl. eDiscovery) Unique compliance requirements for data centers Legal and contractual issues (SLA, liability, intellectual property, end-of-service) Public records (incl. public agencies)

CSA’s top 7 threats Abuse and nefarious use of cloud computing (IaaS, PaaS) Insecure interfaces and APIs Malicious Insiders Shared Technology Issues Data Loss or Leakage Account or Service Hijacking Unknown Risk Profile

Conclusions Cloud Security – Old problems – New Problems – New Provider Enhancements – Many well understood problems and solutions (OWASP, CSA)

Thank You