Presentation is loading. Please wait.

Presentation is loading. Please wait.

Daniel Cuschieri Information Security Distance Learning Weekend Conference August 2013.

Similar presentations


Presentation on theme: "Daniel Cuschieri Information Security Distance Learning Weekend Conference August 2013."— Presentation transcript:

1 Daniel Cuschieri Information Security Distance Learning Weekend Conference August 2013

2 An evolving term Many existing technologies and approaches to computing combined into something different Storing your data on someone else’s computer and accessing it via a network (Bruce Schneier) A collection of services, applications, information, and infrastructure comprised of pools of compute, network, information, and storage resources that can be acquired or released as necessary (Cloud Security Alliance, 2009)

3 (NIST, 2009)

4 Cost savings Improved flexibility Better scalability More focus on the core business Higher availability Device independence

5 (KPMG Netherlands, 2010)

6

7 Generic security threats apply Confidentiality, Integrity and Availability Virtually unlimited Cloud compute power Vulnerability of Cloud management interfaces Malicious Cloud provider insiders A shared Cloud infrastructure Little direct control over data Insufficient forensic and auditing information An unknown risk profile

8 Data Cloud management Forensics Malicious Cloud provider insiders Compliance Unknown risk profile

9 Data at rest, in transit or in use (Ponemon Institute, 2012)

10 In SaaS Consumer encryption before data transmittal Provider encryption after data transmittal Third party encryption during data transmittal In PaaS Application-level encryption Infrastructure-level encryption In IaaS Application-level encryption Volume-based encryption

11 Encryption policies Availability of encrypted data Integrity of encrypted data Encryption client security Compliance with legislation and standards

12 Processing encrypted data Sorting encrypted data Searching encrypted data Encryption interoperability

13 Key generation and storage Key availability Key disposal and expiration Key management policy Separation of duties Key management interoperability

14 Cloud security is an issue, but measures such as encryption can address these concerns These measures are constantly improving Security will soon change from being a Cloud inhibitor to being one of the key enablers of Cloud adoption (Penn, 2010)

15

16

17 Daniel Cuschieri danielcuschieri@gmail.com


Download ppt "Daniel Cuschieri Information Security Distance Learning Weekend Conference August 2013."

Similar presentations


Ads by Google