Date post: | 30-Oct-2014 |
Category: |
Technology |
Upload: | administratorconfidis |
View: | 430 times |
Download: | 1 times |
www.confidis.co Technology Consulting
Cloud Security Emerging Trends
June 12, 2013
Keith Prabhu Master of Business (Australia), CCSK, MBCI, CISSP, CISA Executive Director, Confidis Advisory Services Founder & Director, Cloud Security Alliance, Mumbai Chapter
www.confidis.co
Storyline
Need for Cloud Security
Threats Inhibiting Cloud Adoption
Cloud Vulnerabilities Research
CSA Resources
Need for CCSK
New Trends
www.confidis.co
Need for Cloud Security
• Previously users, applications and data were secured within the organization’s perimeter
• Mobility was restricted
• Firewalls were used to keep the bad guys out and employees in
• Standardized access devices were owned by the organizations
• Employees had to conform to IT policies
The Good (?) Old days…
www.confidis.co
Need for Cloud Security
• Confidential data resides in the Cloud
• Data is everywhere
• IT users need to access data located outside the organization’s perimeter
• IT users can BYOD while organizations need to allow access to partner apps
• IT users can buy business apps “off the Cloud” without IT knowing let alone approving it
Today’s Scenario
www.confidis.co
Threats inhibiting Cloud Adoption
Source: The Notorious Nine. Cloud Computing Top Threats in 2013, Cloud Security Alliance https://cloudsecurityalliance.org/research/top-threats/
Cloud Computing Top Threats 2013
#1 Data Breaches
#2 Data Loss
#3 Account Hijacking
#4 Insecure APIs
#5 Denial of Service
#6 Malicious Insiders
#7 Abuse of Cloud Services
#8 Insufficient Due Diligence
#9 Shared Technology Issues
www.confidis.co
Cloud Vulnerabilities Research
Source: CSA Research, Dr. Ryan Ko, Sr. Lecturer, University of Waikato
www.confidis.co
Assessing Security Maturity
Incident Management and Forensics
Consensus Assessments Initiative
Cloud Controls Matrix Trusted Cloud Initiative Top Threats to Cloud Computing
www.confidis.co
Need for Cloud Security Knowledge Professionals • While large areas of IT Security remain the same,
new combinations of technology have resulted in new security challenges
• These new challenges require a study of security from a Cloud perspective
• Certificate of Cloud Security Knowledge (CCSK) is available from CSA
• Key guidance available in form of:
• CSA Guidance • ENISA
www.confidis.co
New Trends/Challenges in Cloud Security
Cloud Application Protection: Application protection repeatedly tests an application to see if changes in code were made, preventing hackers intent on putting their own malicious code into applications. This is now available as a service from the Cloud
Open Certification Framework
The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of cloud providers.
Big Data Security in the Cloud: The Big Data Working Group (BDWG) will be identifying scalable techniques for data-centric security and privacy problems. (https://cloudsecurityalliance.org/research/big-data/)
Encryption: Mitigating risks of extraction of keys from memory
Forensics in the Cloud: Ways to conduct forensic investigation in a shared environment
www.confidis.co
Cloud Security Alliance
• Global, not-for-profit organization • Over 45,000+ individual members, 100+ corporate
members • Building best practices and a trusted cloud ecosystem • Agile philosophy, rapid development of applied
research − GRC: Balance compliance with risk management − Reference models: build using existing standards − Identity: a key foundation of a functioning cloud
economy − Champion interoperability − Advocacy of prudent public policy
“To promote the use of best practices for providing security assurance within Cloud Computing, and
provide education on the uses of Cloud Computing to help secure all other forms of computing.”
Join: Cloud Security Alliance, Mumbai Chapter on LinkedIn (http://www.linkedin.com/groups?gid=2963138)
www.confidis.co
Thank You!
www.confidis.co
Contact Us
For any further information, please contact:
Keith Prabhu Executive Director Confidis Advisory Services Private Limited Email: info @ confidis DOT co