Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud Security By Mahendran R Zylog Systems Ltd 04 Aug 12.

Published byBrendan Harrington Modified over 8 years ago

Similar presentations

Presentation on theme: "Cloud Security By Mahendran R Zylog Systems Ltd 04 Aug 12."— Presentation transcript:

1

2 Cloud Security By Mahendran R Zylog Systems Ltd 04 Aug 12

3 What is Cloud Computing * National Institute of Standards and Technology v15 Providing IT resources as a Service

4 Defining the Cloud On demand usage of compute and storage 5 principal characteristics (abstraction, sharing, SOA, elasticity, consumption/allocation) 3 delivery models Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Software as a Service (SaaS) 4 deployment models: Public, Private, Hybrid, Community

5 S-P-I Model IaaS Infrastructure as a Service You build security in You “RFP” security in PaaS Platform as a Service SaaS Software as a Service

6 SaaS - Software as a Service What is SaaS The sole requirement for SaaS is a computer with a browser, quite basic. SaaS is a recurring subscription based model delivered to the customer on demand – Pay as you use.

7 SaaS - Software as a Service Figure shows SaaS Component Stack and Scope of Control as defined by NIST

8 PaaS - Platform as a Service What is PaaS The PaaS provider will deliver the platform on the web, and in most cases you can consume the platform using your browser. There is no need to download any software This middle layer of cloud is consumed mainly by developers or tech savvy individuals.

9 PaaS - Platform as a Service A PaaS typically includes the development environment, programming languages, compilers, testing tools and deployment mechanism. In some cases, like Google Apps Engine (GAE), the developers may download development environment and use them locally in the developer’s infrastructure, or the developer may access tools in the provider’s infrastructure through a browser. Figure shows PaaS Component Stack and Scope of Control as defined by NIST

10 IaaS - Infrastructure as a Service What is IaaS The System Administrators are the subscriber of this service. Usage fees are calculated per CPU hour, data GB stored per hour, network bandwidth consumed, network infrastructure used per hour, value added services used, e.g., monitoring, auto-scaling etc.

11 IaaS - Infrastructure as a Service Figure shows IaaS Component Stack and Scope of Control as defined by NIST

12 In Simple..........

13 Service Models Host Build Consume

14 Deployment Models “Virtualization is a modernization catalyst and unlocks cloud computing.” ―Gartner Private Cloud Public Cloud Hybrid Cloud

15 About the Global, not-for-profit organization Inclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, and on and on… We believe Cloud Computing has a robust future, we want to make it better “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”

16 Top Threats to Cloud Computing Threat #1: Abuse and Nefarious Use of Cloud Computing Threat #2: Insecure Interfaces and APIs Threat #3: Malicious Insiders Threat #4: Shared Technology Issues Threat #5: Data Loss or Leakage Threat #6: Account or Service Hijacking Threat #7: Unknown Risk Profile

17 Top Threats to Cloud Computing Threat #1: Abuse and Nefarious Use of Cloud Computing ( IaaS,PaaS) The easiness of registering for IaaS solutions and the relative anonymity they offer attracts many a cyber criminal. IaaS offerings have been known to host botnets and/or their command and control centers, downloads for exploits, Trojans, etc. There is a myriad of ways in which in-the-cloud capabilities can be misused - possible future uses include launching dynamic attack points, CAPTCHA solving farms, password and key cracking and more. To remediate this, IaaS providers should toughen up the weakest links: the registration process and the monitoring of customer network traffic. 6/14/2016 16

18 Top Threats to Cloud Computing Threat #2: Insecure Interfaces and APIs(IaaS,PaaS,SaaS) Cloud Computing providers expose a set of software interfaces or APIs that customers use to manage and interact with cloud services. Provisioning, management, orchestration, and monitoring are all performed using these interfaces. The security and availability of general cloud services is dependent upon the security of these basic APIs. From authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy. Furthermore, organizations and third parties often build upon these interfaces to offer value-added services to their customers. This introduces the complexity of the new layered API; it also increases risk, as organizations may be required to relinquish their credentials to third parties in order to enable their agency 6/14/2016 17

19 Top Threats to Cloud Computing Threat #3: Malicious Insiders(IaaS,PaaS,SaaS) The threat of a malicious insider is well-known to most organizations. This threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure. For example, a provider may not reveal how it grants employees access to physical and virtual assets, how it monitors these employees, or how it analyzes and reports on policy compliance.To complicate matters, there is often little or no visibility into the hiring standards and practices for cloud employees. This kind of situation clearly creates an attractive opportunity for an adversary — ranging from the hobbyist hacker, to organized crime, to corporate espionage, or even nation-state sponsored intrusion. 6/14/2016 18

20 Top Threats to Cloud Computing Threat #4: Shared Technology Issues(IaaS) IaaS vendors deliver their services in a scalable way by sharing infrastructure. Often, the underlying components that make up this infrastructure (e.g., CPU caches, GPUs, etc.) were not designed to offer strong isolation properties for a multi-tenant architecture. To address this gap, a virtualization hypervisor mediates access between guest operating systems and the physical compute resources. Still, even hypervisors have exhibited flaws that have enabled guest operating systems to gain inappropriate levels of control or influence on the underlying platform. A defence in depth strategy is recommended, and should include compute, storage, and network security enforcement and monitoring. Strong compartmentalization should be employed to ensure that individual customers do not impact the operations of other tenants running on the same cloud provider. Customers should not have access to any other tenant’s actual or residual data, network traffic, etc. 6/14/2016 19

21 Top Threats to Cloud Computing Threat #5: Data Loss or Leakage(IaaS,PaaS,SaaS) There are many ways to compromise data. Deletion or alteration of records without a backup of the original content is an obvious example. Unlinking a record from a larger context may render it unrecoverable, as can storage on unreliable media. Loss of an encoding key may result in effective destruction. Finally, unauthorized parties must be prevented from gaining access to sensitive data.The threat of data compromise increases in the cloud, due to the number of and interactions between risks and challenges which are either unique to cloud, or more dangerous because of the architecturalor operational characteristics of the cloud environment 6/14/2016 20

22 Top Threats to Cloud Computing Threat #6: Account or Service Hijacking(IaaS,PaaS,SaaS) Account or service hijacking is not new. Attack methods such as phishing, fraud, and exploitation of software vulnerabilities still achieve results. Credentials and passwords are often reused, which mplifies the impact of such attacks. Cloud solutions add a new threat to the landscape. If an attacker gains access to your credentials, they can eavesdrop on your activities and transactions, manipulate data, return falsified information, and redirect your clients to illegitimate sites. Your account or service instances may become a new base for the attacker. From here, they may leverage the power of your reputation to launch subsequent attacks. 6/14/2016 21

23 Top Threats to Cloud Computing Threat #7: Unknown Risk Profile(IaaS,PaaS,SaaS) One of the tenets of Cloud Computing is the reduction of hardware and software ownership and maintenance to allow companies to focus on their core business strengths. This has clear financial and operational benefits, which must be weighed carefully against the contradictory security concerns — complicated by the fact that cloud deployments are driven by anticipated benefits, by groups who may lose track of the security ramifications. Versions of software, code updates, security practices, vulnerability profiles, intrusion attempts, and security design, are all important factors for estimating your company’s security posture. Information about who is sharing your infrastructure may be pertinent, in addition to network intrusion logs, redirection attempts and/or successes, and other logs.Security by obscurity may be low effort, but it can result in unknown exposures. It may also impair the in-depth analysis required highly controlled or regulated operational areas 6/14/2016 22

24 Thank You Any Queries feel free to mail me: Mahendran.me@gmail.com

Download ppt "Cloud Security By Mahendran R Zylog Systems Ltd 04 Aug 12."

Similar presentations

Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.

Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.
Hi – 5 Marcus Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi Security of Cloud Computing.

Hi – 5 Marcus Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi Security of Cloud Computing.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.

Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
By Adam Balla & Wachiu Siu

By Adam Balla & Wachiu Siu
Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.

Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.
© 2011 IBM Corporation Cloud Security Perspectives Dan Carlsen Certified Security IT Specialist – IBM

© 2011 IBM Corporation Cloud Security Perspectives Dan Carlsen Certified Security IT Specialist – IBM
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cloud Usability Framework

Cloud Usability Framework
SaaS, PaaS & TaaS By: Raza Usmani

SaaS, PaaS & TaaS By: Raza Usmani
M.A.Doman 2011. Model for enabling the delivery of computing as a SERVICE.

M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Oyinkan Adedun Adeleye Caitlyn Carney Tyler Nguyen.

Oyinkan Adedun Adeleye Caitlyn Carney Tyler Nguyen.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Cloud computing Tahani aljehani.

Cloud computing Tahani aljehani.
Discussion on LI for Mobile Clouds

Discussion on LI for Mobile Clouds
Travis, Stephanie, Alex.  Cloud computing is a general term for anything that involves delivering hosted services over the Internet.  These services.

Travis, Stephanie, Alex.  Cloud computing is a general term for anything that involves delivering hosted services over the Internet.  These services.
Plan Introduction What is Cloud Computing?

Plan Introduction What is Cloud Computing?
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.

Similar presentations

Ads by Google