Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud services security Prof. Manel Medina Head of Unit CERT Operations support ENISA

Published byHelen Gregory Modified over 9 years ago

Similar presentations

Presentation on theme: "Cloud services security Prof. Manel Medina Head of Unit CERT Operations support ENISA"— Presentation transcript:

1 www.enisa.europa.eu Cloud services security Prof. Manel Medina Head of Unit CERT Operations support ENISA manel.medina@enisa.europa.eu

2 www.enisa.europa.eu o The European Network and Information Security Agency o gives advice on information security issues o to national authorities, EU institutions, citizens, businesses o acts as a forum for sharing good NIS practices o facilitates information exchange and collaboration o Set up in 2004 – EC proposed a new mandate for 2013. New mandate pending of Council and Parliament approval. o Around 35 security experts and 25 supporting staff. o ENISA has an advisory role (not operational) and the focus is on prevention and preparedness. About ENISA 2

3 www.enisa.europa.eu Information Security Risks 3 information security risks time

4 www.enisa.europa.eu Part of the solution 4 Cloud computing Smartphones and apps Social media

5 www.enisa.europa.eu 5 The Shining Cloud

6 www.enisa.europa.eu 6 o 2009 Cloud computing risk assessment o 2009 Cloud security control framework o 2011 Security and resilience for gov clouds o 2011 Security parameters in gov cloud SLAs o 2011 EU Cloud strategy o 2012 Procure secure o 2012 Critical clouds ENISA’s cloud security work

7 www.enisa.europa.eu Leverage

8 www.enisa.europa.eu Resilience 8

9 www.enisa.europa.eu 9 Security will drive adoption of cloud computing

10 www.enisa.europa.eu Trust

11 www.enisa.europa.eu 11 Security and assurance standards

12 www.enisa.europa.eu 12 Penetration tests

13 www.enisa.europa.eu 13 Backup/failover tests

14 www.enisa.europa.eu 14 Data portability tests

15 www.enisa.europa.eu From periodic certification to continuous monitoring 15 Cloud security; if you can’t measure it, you can’t manage it

16 www.enisa.europa.eu o Work started as an ENISA/OASIS/CSA workshop o Guide for customers on monitoring security parameters of cloud services o Checklist with questions to ask o 8 security parameters o What and How to measure. Independence? o When to rise a flag? Responsible (Customer/Provider)? o Examples of security parameters o Service availability o Incident response o Vulnerability management Procure secure 16

17 www.enisa.europa.eu 1.Service availability: monitoring, thresholds 2.Incident response: Severity classification, management capabilities 3.Service elasticity and load tolerance: burst tests, who? 4.Data life-cycle management: back-up frequency & integrity 5.Technical compliance and Vulnerability management: Configuration, patches, vulnerability discovery & reporting, 3 rd party 6.Change management: Notification, critical periods, loss of certification status 7.Data isolation: categories of data, independent test? 8.Log management and forensics: frequency, granularity, availability, cross checking Procure secure: security parameters 17

18 www.enisa.europa.eu Dr. Marnix Dekker Prof. Manel Medina About securely moving to smartphones and cloud computing http://www.enisa.europa.eu/act/application-security Security parameters in Cloud SLAs http://www.enisa.europa.eu/activities/application- security/test/procure-secure-a-guide-to-monitoring-of- security-service-levels-in-cloud-contracts http://www.enisa.europa.eu/act/application-security http://www.enisa.europa.eu/activities/application- security/test/procure-secure-a-guide-to-monitoring-of- security-service-levels-in-cloud-contracts Contact 18

Download ppt "Cloud services security Prof. Manel Medina Head of Unit CERT Operations support ENISA"

Similar presentations

NISSG Open Meeting, 28/06/2006 1 ENISA. NISSG Open Meeting, 28/06/2006 2 The Agency ENISA: European Network and Information Security Agency Headquarters:

NISSG Open Meeting, 28/06/ ENISA. NISSG Open Meeting, 28/06/ The Agency ENISA: European Network and Information Security Agency Headquarters:
1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.
World Bank Financial Management Sector September 2010.

World Bank Financial Management Sector September 2010.
THE STRATEGIC COUNCIL LEADERSHIP TRUST AND ENGAGEMENT NEW FUNDING SOURCES AND NEW DELIVERY VEHICLES Appendix 1 NEW FUNDING SERVOURCES AND NEW DELIVERY.

THE STRATEGIC COUNCIL LEADERSHIP TRUST AND ENGAGEMENT NEW FUNDING SOURCES AND NEW DELIVERY VEHICLES Appendix 1 NEW FUNDING SERVOURCES AND NEW DELIVERY.
ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels
Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.

Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
Www.enisa.europa.eu ENISA – Cloud Computing Security Strategy Dr Steve Purser Head of Technical Department European Network and Information Security Agency.

ENISA – Cloud Computing Security Strategy Dr Steve Purser Head of Technical Department European Network and Information Security Agency.
EFSA’s Mission and Priorities Bernhard Berger Head of the Advisory Forum and Scientific Cooperation Unit Conference “Importance of food additives today.

EFSA’s Mission and Priorities Bernhard Berger Head of the Advisory Forum and Scientific Cooperation Unit Conference “Importance of food additives today.
PROCURE SECURE Continuous monitoring for public sector cloud services Dr. Giles Hogben European Network and Information Security Agency.

PROCURE SECURE Continuous monitoring for public sector cloud services Dr. Giles Hogben European Network and Information Security Agency.
Security Controls – What Works

Security Controls – What Works
1 DCS860A Emerging Technology Physical layer transparency in Cloud Computing (rev. 12-16-11)

1 DCS860A Emerging Technology Physical layer transparency in Cloud Computing (rev )
SMART GRID DEVICES SECURITY CERTIFICATION

SMART GRID DEVICES SECURITY CERTIFICATION
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
July 8-9, 2014 | Ronald Reagan Building | Washington, DC Federal Cloud Computing Summit Dr. Barry C. West Cloud Tools and Integration.

July 8-9, 2014 | Ronald Reagan Building | Washington, DC Federal Cloud Computing Summit Dr. Barry C. West Cloud Tools and Integration.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
NIS Directive and NIS Platform

NIS Directive and NIS Platform
The Information Systems Audit Process

The Information Systems Audit Process
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Geneva, Switzerland, 15-16 September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.

Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.

Similar presentations

Ads by Google