Escolar Documentos
Profissional Documentos
Cultura Documentos
Goals
http://www.flickr.com/photos/tomhaymes/3212 92834/
Understand
Cloud Cl d
EssentialCharacteristic
OnDemand Loweredrequirementtoforecasts Lowered requirement to forecasts Demandtrendsarepredictedbythe provider Usagemetered Usage metered Paybytherealtime use Selfservicefrompoolofresources Resourcesmanagedbyconsumer Resources managed by consumer withaGUIorAPI ElasticScalability Groworshrinkresourcesasrequired Grow or shrink resources as required UbiquitousNetwork Thenetworkisessentialtousethe service ser i e
Beyond basic..
Modes of
Deployment models
Public cloud Hybrid cloud Private cloud Pi t l d Community cloud
Deployment p S i Services
Types IaaS
Compute Network Storage Datacentre Web2.0Applications Runtime Business Middleware Database Developmenttools JavaRuntime
PaaS S
Saa aS
Security
Threat Thr t
Cloud Security?
...how do we simplify it how it...
http://www.flickr.com/photos/purpleslog/2870445256/in/photostream/
It is
same
As current InfoSec practice
You have to take the ha e same approach as current ISMS
http://www.flickr.com/photos/pheckaboolala/341063811 9
Cloud
Whatisit?
Security
Whyiscritical?
Yourinformationisatcentral unknownplaceincloud No visibility of security measures in Novisibilityofsecuritymeasuresin Publiccloud
Impactofbreachonbusiness?
LackofCompliance k f li Legalissue Breach of privacy Breachofprivacy
http://www.flickr.com/photos/nigeljohnson73/6788941421
PaaS
Enabledeveloperstobuildtheirownapplicationsontopoftheplatform M MoreextensiblethanSaaS,attheexpenseofcustomerreadyfeatures ibl h S S h f d f Builtincapabilitiesarelesscomplete,butthereismoreflexibilitytolayeronadditional security
IaaS
Fewapplicationlikefeatures, Enormousextensibility Lessintegratedsecuritycapabilitiesandfunctionalitybeyondprotectingthe infrastructureitself Assetstobemanagedandsecuredbythecloudconsumer
Security
Framework Fr rk
Security
Framework
5.Evaluatethe Dataflow,to ata o , to understandthe flow
Cloud
Controls C tr l
ITAssets incloud i l d
Risk Assessment A t
Implement
Controls
Possiblecontrols Layeredsecurity
facilities(physicalsecurity) networkinfrastructure(network t ki f t t ( t k security) ITsystems(systemsecurity) informationandapplications (applicationsecurity).
SaaS
Addresses upto Application layer AddressesuptoApplicationlayer
http://www.flickr.com/photos/telstar/2816038167
Summary
Considerthreeperspective Assets,Riskmanagementand Businesscriticality Cloudasanoperationalmodel neitherprovidefornorprevent p p achievingcompliance Selectionofcontroldependson theserviceanddeploymentmodel the service and deployment model Controlvariesdependingonthe design,deployment,and managementoftheresources f h MostofSecuritycontrolsincloud are,sameasnormalIT environment
http://www.flickr.com/photos/isadocafe/2095153000/
Sameer Paradia CGEIT, CISM, CISSP (sameer_m_paradia@yahoo.com) Practicing IT Security for 12+ y g y years out of 20+ y years of IT Services/ Outsourcing work experience. g p
http://www.flickr.com/photos/forgetmeknottphotography/7003899183/sizes/l/in/photostream/