Cloud Security - Security Aspects of Cloud Computing

  • Published on
    09-May-2015

  • View
    4.574

  • Download
    3

Embed Size (px)

DESCRIPTION

Lightning talk presented at Jakarta's Executive Forum, 5 August 2010.

Transcript

  • 1.Bellua Asia Pacic CLOUD SECURITY SECURITY ASPECTS OF CLOUD COMPUTING JIM GEOVEDI Director, Bellua Asia Pacic jim.geovedi@bellua.com @geovediBellua Asia Pacic Graha Mandiri 9th oor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com

2. Bellua Asia PacicEssential characteristics On-demand Service-Get computing capabilities as needed automatically Broad Network Access-Services available over the net Resource Pooling-Provider resources pooled to server multiple clients Rapid Elasticity-Ability to quickly scale in/out service Measured Service-Control, optimise services based on meteringBellua Asia Pacic Graha Mandiri 9th oor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 2 3. Bellua Asia PacicService modelsPresentation ModalityPresentation PlatformAPIs Applications Data Metadata Content Integration and Middleware APIs Infrastructure as Core Connectivity and Delivery Software as Platform asa Service a Service a ServiceAbstractionHardware Facilities Bellua Asia Pacic Graha Mandiri 9th oor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 3 4. Bellua Asia PacicDeployment models Public-Cloud infrastructure is available to the general public, owned by org selling cloud services Private-Cloud infrastructure for single organisation only, may be managed by the organisation or a 3rd party, on or off premise Community- Cloud infrastructure shared by several organisations that haveshared concerns, managed by org or 3rd party Hybrid- Combinations of more than clouds bound by standard orproprietary technology Bellua Asia Pacic Graha Mandiri 9th oor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 4 5. Bellua Asia PacicCloud examples Bellua Asia Pacic Graha Mandiri 9th oor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 5 6. Bellua Asia PacicMove to the cloud? Identify the asset(s) for cloud deployment-Data-Applications/Functions/Process Evaluate the asset-Determine how important the data or function is to the organisation Bellua Asia Pacic Graha Mandiri 9th oor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 6 7. Bellua Asia PacicTop CIO concernsSecurityAvailability Performance CostStandards Bellua Asia Pacic Graha Mandiri 9th oor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 7 8. Bellua Asia PacicCloud security threats 1. Abuse and nefarious use 2. Insecure interfaces and APIs 3. Malicious insiders 4. Shared technology issues 5. Data loss or leakage 6. Account or service hijacking 7. Unknown risk prole source: http://www.cloudsecurityalliance.org/topthreats Bellua Asia Pacic Graha Mandiri 9th oor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 8 9. Bellua Asia PacicThreat #1: Abuse and Nefarious Use Criminals continue to leverage new technologies to improvetheir reach, avoid detection, and improve the effectivenessof their activities. Cloud Computing providers are actively being targeted,partially because their relatively weak registration systemsfacilitate anonymity, and providers fraud detectioncapabilities are limited. Bellua Asia Pacic Graha Mandiri 9th oor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 9 10. Bellua Asia PacicThreat #2: Insecure Interfaces and APIs While most providers strive to ensure security is wellintegrated into their service models, it is critical forconsumers of those services to understand the securityimplications associated with the usage, management,orchestration and monitoring of cloud services. Reliance on a weak set of interfaces and APIs exposesorganisations to a variety of security issues related tocondentiality, integrity, availability and accountability. Bellua Asia Pacic Graha Mandiri 9th oor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 10 11. Bellua Asia PacicThreat #3: Malicious Insiders The impact that malicious insiders can have on anorganisation is considerable, given their level of access andability to inltrate organisations and assets. Brand damage, nancial impact, and productivity losses arejust some of the ways a malicious insider can affect anoperation. As organisations adopt cloud services, the human elementtakes on an even more profound importance. It is criticaltherefore that consumers of cloud services understandwhat providers are doing to detect and defend against themalicious insider threat.Bellua Asia Pacic Graha Mandiri 9th oor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 11 12. Bellua Asia PacicThreat #4: Shared Technology Issues Attacks have surfaced in recent years that target the sharedtechnology inside Cloud Computing environments. Diskpartitions, CPU caches, GPUs, and other shared elementswere never designed for strong compartmentalisation. As a result, attackers focus on how to impact theoperations of other cloud customers, and how to gainunauthorised access to data. Bellua Asia Pacic Graha Mandiri 9th oor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 12 13. Bellua Asia PacicThreat #5: Data Loss or Leakage Data loss or leakage can have a devastating impact on abusiness. Beyond the damage to ones brand andreputation, a loss could signicantly impact employee,partner, and customer morale and trust. Loss of core intellectual property could have competitiveand nancial implications. Worse still, depending upon thedata that is lost or leaked, there might be complianceviolations and legal ramications. Bellua Asia Pacic Graha Mandiri 9th oor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 13 14. Bellua Asia PacicThreat #6: Account or Service Hijacking Account and service hijacking, usually with stolencredentials, remains a top threat. With stolen credentials,attackers can often access critical areas of deployed cloudcomputing services, allowing them to compromise thecondentiality, integrity and availability of those services. Organisations should be aware of these techniques as wellas common defence in depth protection strategies tocontain the damage (and possible litigation) resulting from abreach. Bellua Asia Pacic Graha Mandiri 9th oor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 14 15. Bellua Asia PacicThreat #7: Unknown Risk Prole When adopting a cloud service, the features and functionalitymay be well advertised, but...-What about details or compliance of the internal security procedures, conguration hardening, patching, auditing, and logging?-How are your data and related logs stored and who has access to them?-What information if any will the vendor disclose in the event of a security incident? Often such questions are not clearly answered or are overlooked,leaving customers with an unknown risk prole that may includeserious threats.Bellua Asia Pacic Graha Mandiri 9th oor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com 15 16. Bellua Asia PacicSecurity guidance Security guidance for critical areas of focus in cloud computing source: http://www.cloudsecurityalliance.org/guidance.htmlCloud ArchitectureGoverning in the Cloud Operating in the Cloud Cloud Computing ArchitecturalGovernance and Enterprise RiskTraditional Security, BusinessFrameworkManagement Continuity and Disaster Recovery Legal and Electronic Discovery Data Centre Operations Compliance and AuditIncident Response, Notication, and Remediation Information Lifecycle ManagementApplication Security Portability and InteroperabilityEncryption and Key Management Identity and Access ManagementVirtualisation Bellua Asia Pacic Graha Mandiri 9th oor, Jalan Imam Bonjol No. 61, Jakarta 10310. T: +6221-39834116 F: +6221-39834114 E: sales@bellua.com16