Xiaoyue Jiu, Fola Oyediran, Eboni Strawder | Group 10

Slides:



Advertisements
Similar presentations
IT Security Policy Framework
Advertisements

Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Security Controls – What Works
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.
The Cloud: Demystified Neil Cattermull Frontier Technology.
What is it? CLOUD COMPUTING.  Connects to the cloud via the Internet  Does computing tasks, or  Runs applications, or  Stores Data THE AVERAGE CLOUD.
Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.
Saving Your Business from a Data Loss Randy Clark.
Session 3 – Information Security Policies
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Information Systems Controls for System Reliability -Information Security-
Oyinkan Adedun Adeleye Caitlyn Carney Tyler Nguyen.
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
WHAT IS CLOUD COMPUTING? PRESENTED BY BRIAN DUKE, RISHI SINGH & JOSE CERVANTES.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Plan Introduction What is Cloud Computing?
Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
CLOUD COMPUTING For Beginners.
Cloud Computing All Copyrights reserved to Talal Abu-Ghazaleh Organization
Osama Shahid ( ) Vishal ( ) BSCS-5B
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.
SEC835 Database and Web application security Information Security Architecture.
Evolving IT Framework Standards (Compliance and IT)
Cloud Models – Iaas, Paas, SaaS, Chapter- 7 Introduction of cloud computing.
Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Introduction to Cloud Computing
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Mehdi Ghayoumi Kent State University Computer Science Department Summer 2015 Exposition on Cyber Infrastructure and Big Data.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
1 © 2009 Cisco Systems, Inc. All rights reserved.Cisco Confidential Cloud Computing – The Value Proposition Wayne Clark Architect, Intelligent Network.
Everyone’s Been Hacked Now What?. OakRidge What happened?
Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.
E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Information Security IBK3IBV01 College 2 Paul J. Cornelisse.
New A.M. Best Cyber Questionnaire
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.
Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc
1 TCS Confidential. 2 Objective : In this session we will be able to learn:  What is Cloud Computing?  Characteristics  Cloud Flavors  Cloud Deployment.
RANDY MODOWSKI COSC Cloud Computing. Road Map What is Cloud Computing? History of “The Cloud” Cloud Milestones How Cloud Computing is being used.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Unit 3 Virtualization.
EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY
Chapter 6: Securing the Cloud
Information Security Program
Understanding The Cloud
IOT Critical Impact on DC Design
What is Cloud Computing - How cloud computing help your Business?
Cloud Computing Team Members: Aleksandra Knezevic Willie Robbins
Cloud Testing Shilpi Chugh.
I have many checklists: how do I get started with cyber security?
Cloud computing Technology: innovation. Points  Cloud Computing and Social Network Sites have become major trends not only in business but also in various.
Cloud computing Technology: innovation. Points  Cloud Computing and Social Network Sites have become major trends not only in business but also in various.
Emerging technologies-
IT Management Services Infrastructure Services
Cloud Computing for Wireless Networks
Presentation transcript:

Xiaoyue Jiu, Fola Oyediran, Eboni Strawder | Group 10 Cloud Computing MIS5205 TERM PAPER Xiaoyue Jiu, Fola Oyediran, Eboni Strawder | Group 10

Cloud Computing What is the cloud? In general, the cloud is the concept of remotely hosted IT services, termed cloud apps, provided by a supplier. These suppliers are called cloud providers. Typical cloud apps offered by cloud providers include email, calendar, documents, online storage, sales, customer service, and more. Example of many cloud providers include companies such as Amazon, Google, 37signals, Intuit, Microsoft, and Box. A selection of the top cloud apps in the market today include Cloud Drive, Google Apps for Business, Skype, SalesForce, Basecamp, Quickbase, and Box Business. In the simplest terms, cloud computing means storing and accessing data and programs over the Internet instead of your computer's hard drive. The cloud is just a metaphor for the Internet. http://www.pcmag.com/article2/0,2817,2372163,00.asp Cloud computing is a type of computing that relies on sharing computing resources rather than having local servers or personal devices to handle applications. http://www.webopedia.com/TERM/C/cloud_computing.html

Architectural Layers of Cloud Computing In practice, cloud service providers offer services that can be grouped into these 3 categories: Software as a service (SaaS) SaaS features a complete application offered as a service on demand. A single instance of the software runs on the cloud and services multiple end users or client organizations. Platform as a service (PaaS) PaaS encapsulates a layer of software and provides it as a service that can be used to build higher-level services. PaaS offerings can provide for every phase of software development and testing, or they can be specialized around a particular area such as content management. Infrastructure as a service (IaaS) IaaS delivers basic storage and compute capabilities as standardized services over the network. https://developers.google.com/appengine/training/intro/whatiscc - picture http://webobjects.cdw.com/webobjects/media/pdf/Sun_CloudComputing.pdf

Regulatory Compliance in the Cloud PCI DSS: Not all cloud providers are equal HIPAA: Compliance is a two way street. Burden falls on you and the cloud computing provider FedRAMP: Needed for any cloud service provider that intends to provide cloud computing services to Federal government agencies. Contractors to hire third-party assessment organizations that will verify whether they meet the basic security requirements. GLBA: Requires that financial institutions establish appropriate standards for protecting the security and confidentiality of their customers' non-public personal information PCIDSS- Set of regulations that are responsible for ensuring that companies are handling users’ credit card data in a secure and responsible manner. Health Insurance Portability and Accountability Act- Strict rules set in place in the healthcare field in order to protect patient privacy. Pertain to how medical information is collected, handled, protected, used, and disclosed. Federal Risk and Authorization Management Program- Authorization, not certification, NIST-based, has Standardized requirements Gramm-Leach-Bliley Act- Security and confidentiality of customer records and information Protect against any anticipated threats or hazards to the security or integrity Protect against unauthorized access which could result in harm or inconvenience to any customer http://www.emrisk.com/sites/default/files/presentations/Compliance%20In%20The%20Cloud.pdf

Business Benefits Reduced Cost: Minimizes IT requirements, reduces physical storage space, eliminates in-house maintenance and saves money on expensive hardware and licensing. Updated: Automatically updated software Backup Security: Reduces the risk of losing files and data because of natural disasters, human error, hackers and viruses by backing up your data off-site. Collaboration: Saving and accessing files on the cloud means everyone can work from the same document. Saves time: Increases response time, reduces travel time and enhances out-of-office work time. 1. Instead of buying expensive equipment and programs, you can buy a subscription which is using/buying only what you need. 4. Most small/medium businesses don’t have servers with the capacity to send large documents. The cloud offers endless space increasing the potential for collaborations.

Keys Risks of Cloud Computing

Keys Risks based on C.I.A Security & privacy Lack of Total Control Legal liability e.g. stolen personal info/ Litigation/ DDoS Cyber attack Stuck with a supplier/vendor

Risk Assessment and Controls COSO ERM framework should be applied since it helps align the risk appetite of an enterprise with its control strategy. Internal Environment: tone of the organization Objective setting: Management needs to evaluate how cloud computing aligns with the organization’s objectives Event identification: With the use of cloud computing, management needs to consider external and internal environment factors Risk assessment: Management should evaluate risks associated with its cloud strategy

Risk Assessment and Controls With most cloud management, enterprises rely on third-party controls; this reduces management’s ability to mitigate the risks directly Risk response Policies and procedures should be established and implemented to help ensure the risk responses are effectively carried out Control activities With cloud computing, an additional or different information process needs to be required by management Information and communication Monitoring To properly manage risks and implement controls, the entire ERM process should be monitored to make needed modifications

Risk Assessment and Controls Mitigating Control Security and privacy Data classification process and privacy controls Ensure that the purpose, ownership and sensitivity of this type of data are communicated and understood throughout the organization Enhance the effectiveness of data privacy controls Cloud service providers Building strong relationship with CSPs and determining appropriate controls Obtain copies of the service provider SAS 70 or the SSAE 16 audit reports to confirm CSPs’ controls Perform due diligence on the selected service provider Governance, management and control Management oversight and monitoring controls Board and senior management should have a precise understanding of the controls and determine the specific monitoring activities should implement http://icsa.cs.up.ac.za/issa/2011/Proceedings/Full/13_Paper.pdf http://www.coso.org/documents/Cloud%20Computing%20Thought%20Paper.pdf

Risk Assessment and Controls Mitigating Control Noncompliance with regulations Monitoring and auditing Third party audits should be performed on a regular basis to monitor the CSP’s compliance to agreed terms or procedures A compliance verification program will help organization enumerate all compliance requirements and validate the CSP’s compliance with the requirements Cyber-attacks Incident management Deploy encryption over data hosed on cloud infrastructure Maintain and implement BCP/DRP to prevent data loss or service disruption http://icsa.cs.up.ac.za/issa/2011/Proceedings/Full/13_Paper.pdf http://www.coso.org/documents/Cloud%20Computing%20Thought%20Paper.pdf

Residual risks Bandwidth: Network bandwidth is the most important component of the model without which the model is an illiquid asset. Lack of standardization: A provider could have the latest security features, but due to the general lack of standardization, there are no clear-cut guidelines unifying cloud providers. Insider threats: Once an employee gains or gives others access to your cloud, everything from customer data to confidential information and intellectual property are up for grabs.  Government Intrusion: government entities and technology companies in the U.S. and elsewhere may be inspecting your data as it is transmitted or where it resides in the Internet, including within clouds. There’s ALWAYS a risk: The biggest risk when it comes to cloud computing is that you never know what is up ahead. Hackers are always trying to break in and as technology advances, so do the risks that come with adopting them

Thank you http://www.youtube.com/watch?v=tAUuY0Yld0E Video- http://www.youtube.com/watch?v=tAUuY0Yld0E

References http://www.youtube.com/watch?v=tAUuY0Yld0E http://webobjects.cdw.com/webobjects/media/pdf/Sun_CloudComputing.pdf http://www.businessnewsdaily.com/5215-dangers-cloud-computing.html http://www.pwc.com/us/en/issues/cloud-computing/risks.jhtml http://www.us-cert.gov/sites/default/files/publications/using-cloud-apps-for-business.pdf http://icsa.cs.up.ac.za/issa/2011/Proceedings/Full/13_Paper.pdf http://www.coso.org/documents/Cloud%20Computing%20Thought%20Paper.pdf http://ebizresults.com/what-is-the-cloud/ http://www.emrisk.com/sites/default/files/presentations/Compliance%20In%20The%20Cloud.pdf