SlideShare una empresa de Scribd logo

What is the future of cloud security linked in

Descargar como DOCX, PDF
Jonathan Spindel
Jonathan Spindel

An overall white paper type overview of cloud security, where we are, and where we're heading

TecnologíaEmpresariales
1 de 9
What is the future of Cloud Security? March 16, 2012 Author: Jonathan J. Spindel, Ph.D. White Paper – Cloud Security 1
What is the future of Cloud Security? March 16, 2012 Summary An open ended question, within every IT industry leaders mind is, “how do I operate in an open environment, allow for the maximum use of resources, and still keep a lid on security related issues”. Within Cloud Computing this question is even more prevalent, as we attempt operate in an open environment, and still worry about security concerns. This new quandary holdsvalidity, if the correct actions are taken to target attacks, which almost seam to be programmatically created for such a technology. In order to control and remediate emerging threats, we must adopt intuitive security policies and procedures, along with proactive defenses, whileincorporating intelligent management to solemnize these processes. This paper will delve into those avenues, address pinpointed benchmarks, within the subjects of distributed computing security, capitalizing on the Private/Hybrid/Public Cloud topics, and the management/remediation of such issues. Understanding the underlying complexities, as relates to information and data security, will help the reader expose their own concerns regarding internal and external security related concerns, as well as propose solutions that will assist in the remediation of those issues. Address anxieties revolving around the adoption of outdated information security concepts, andsolutionsmerging innovative ideas surrounding “intelligent” protocol and application behavioral analysis and pattern “DNA” matching techniques, utilizing more advanced computational tools. In tandem with protocol and application behavioral analysis, these techniques will assist the reader in understanding the value proposition in using more advanced intelligent technology, and how that will add, and level out theirapprehensions. By the end of this paper, the reader should be able to understand emerging threats, as they are rapidly changing, in succession, adopting new attack patterns, targeting application based computing, and assuming more lucrative attack scenarios. 2
What is the future of Cloud Security? March 16, 2012 Overview Cloud Computing, as they say, is an old idea, officiated through new technology. The inclusions added over the years, give distributed computing new depth, growing from an infantile rationality to what we view as a distributed cloud model, or fabric, today. As history shows us, we transgress from the typical roaming profile to VDI (Virtual Desktop Infrastructure), from smartphones, to mobile computing platforms, from virtualization to full elastic computing. As we grow and feel the pains of adjusting to such development, our security infrastructure must follow closely to account for changes. With this in mind, take a look at the technological hurdles we have leaped, through the mastery of innovation, and then visualize how security mustfollow. Threats have become more brazen, and have targeted objectives; ones, which if overlookedwill have drastic consequences. We moved beyond the typical DOS (Denial of Service) attacks, to cyber-criminals targeting serversat the application layer; these emerging and advanced persistent threats are distributedwith the sole purpose, being monetary gain. Information or data theft has become one of the number one issues surrounding monetary loss from a corporate and end-user standpoint. 1 With the increase in distributed architectures, such as cloud computing, we alter the direction of, not only how we achieve business IT objectives, but in the way in which we enable our internal IT establishments. The industry is seeing a gradual, yet 1 http://www.riskandinsurancechalkboard.com/uploads/file/Ponemon Study(1).pdf 3
What is the future of Cloud Security? March 16, 2012 definitive, shift towards these models as a whole, through not only the typical server venues, but alsosimilarly the change in mobile computing. The “distributed model” has multiple issues such as scalability, application elasticity, orchestration, automation, etc., these are not as difficultorcomplex as cloud security itself. Unlike legacy or local area computing, which communicates primarily through layers 1-4, Cloud is labeled as being much more application based and communicates primarily through layers 4-7 of the OSI model. There are also concerns regarding user, and usability, such as remote user authentication, to a much higher degree. This is takingdata, or information security to a new parallel, understanding application communication, how these processes, and protocols effectively communicate, and how to manage overall security for such fabrics. The underlying fact is, that because of this shift, attacks have transitioned from the transitional signatures, to the more advanced attack scenarios, such as advanced persistent attacks (APT).2 In recent years, the security industry has been inundated with news of informationtheft or dissemination of internal proprietary data, penetrations resulting in catastrophic loss, through attacks programmatically engineered, targeting application based computing. These subjects are far outweighed by security vendors themselves having issues themselves, with theft or loss of data, and the distribution of classified material, from multiple government agencies. Such concerns are mostly internal, and do not translate to hybrid or public cloud 2 http://www.cio.com.au/article/406586/assessing_apt_threat/?fp=4&fpid=18 4
What is the future of Cloud Security? March 16, 2012 computing, not because it hasn’t, or could happen, but the under utilization of public resources. These anomalies can generally point toward fear of losing control over resources, and/or general mistrust of the public/hybrid cloud, due to overall lack ofsecurity or concerns regarding security capabilities as a whole. 3. As it stands today, cloud overall, is an annual $37B enterprise, growing exponentially, to an estimated $121B by 20154, and only a portion is related to Public Cloud.5 Elastic computing models could save organization billions in overall hardware costs, head count, and increase revenue. The “on-demand” ability to scale up or down seamlessly offers a dynamic value add to DR (Disaster Recovery), and HA (High Availability), as well as the “pay for what you use” model offer a great value-add to small, medium, and enterprise customers across the board. Hybrid Cloud usage combines public and private fabrics, allowing the ability to gain functionality from public cloud resources, and in tandem, utilize private cloud resources internally. Although these models are best of breed, they exhibitsome of thesame characteristics regarding security, and even add more legitimacy as the solutions breed more complexity. Proportionally the public cloud is utilized, under the auspices of an unsecured fabric. Although security itself, if you want to route requests through a physical portal, is rather robust. There are several organizations offering solutions stacks, surrounding the usage of public cloud without the necessity of rerouting data, mostly packages, which rely on agent based architectures, or virtual appliances utilizing agents within the virtual instance itself. These solutions, although robust in nature, are somewhat diluted by the inability to manage multiple rule sets, and/or the ability to communicate with other virtual appliances within the fabric, and functionally forget about the hypervisor structure itself. The idea of managing a singular blade server, through one virtual appliance, has been brought up in many different fashions, from usability to the assumption of managing each blade server in a separate virtual container.6 Some issues surrounding these architecture genres’ stem from the idea of resource pools, and the presence of multiple virtual appliances within pools. From this we can discern that the possibilities of collisions between these appliances are a definite possibility, as well as manageability concerns of the pools themselves, i.e. “what handles what and where?” 3 "Hype Cycle for Cloud Application Infrastructure Services (PaaS), 2011") – Gartner Review Cloud Application Infrastructure Services. Cloud application infrastructure services (also known as platform as a service, or PaaS) form the foundation of a cloud computing platform by enabling development, execution, management and life cycle control for cloud-based application solutions (see"Hype Cycle for Cloud Application Infrastructure Services (PaaS), 2011"). It is a less developed and less understood layer in the cloud computing architecture when compared with system infrastructure services (IaaS) and application services (SaaS), but is the fastest growing with innovation and new vendor investments. 4 http://www.marketsandmarkets.com/Market-Reports/cloud-computing-234.html The global cloud computing market is expected to grow from $37.8 billion in 2010 to $121.1 billion in 2015 at a CAGR of 26.2% from 2010 to 2015. SaaS is the largest segment of the cloud computing services market, accounting for 73% of the market’s revenues 2010. The major SaaS-providers include Adobe Web Connect, Google Mail, Cisco WebEx, and Yahoo Mail. Content, communications, and collaboration (CCC) accounts for about 30% of the SaaS market revenues. 5 Cloud computing's fear factor: Acknowledge, reduce, move on http://radar.oreilly.com/2010/12/cloud-computing-the-fear-facto.htmlYou also need to be aware and mitigate your security concerns. It's possible the security risk is over-stated. Most of us do personal online banking don't we? And aren't huge components of our infrastructure such as energy, financial markets, and the military already large consumers of the cloud? (Little consolation, I agree, when there is a breach -- but a fact on the ground you can't deny). I argue that in the short-term these issues are about deliberate and diligent organizational planning and in the long-term it's simply about normal business continuity design. When something innovative becomes widely adopted, it just becomes business as normal. 6 Hype Cycle for Privacy, 2011 http://www.gartner.com/DisplayDocument?doc_cd=214943&ref=g_fromdocPrivacy. The first "Hype Cycle for Privacy, 2011" is a tool for privacy officers and other IT professionals who have a responsibility for privacy in the organization. As attention to privacy as a whole reaches a peak, it justifies a closer look at which regulations are emerging and which have matured, and which technologies are deployed to deal with legal requirements and cultural expectations 5
What is the future of Cloud Security? March 16, 2012 In any Cloud scenario, the presence of a “Single Pane of Glass” management methodology should be commonplace to function as a “Manager of Managers”, offering the capability of “Cross Platform Management”, and a central point of configuration. Within the typical data security model, this becomes a little bit more difficult, as communication between devices, is considered to be bad practice. However, there are various ways in which management of solutions could be learned, without direct connection and/or communication. Offeringmanagement structures allows the administrators to streamline operations across multiple machines, resources pools, and the ability to manage heterogeneous, multitenant environments, which are becoming more prevalent in the cloud industry. Programmaticallymodifying these methodologies, as our technological capabilities increase, is a must, as we are faced with novel attack scenarios that hamper our securitypolicies and procedures. Intelligent systems, with the capability of learning patterns within these transmissions, “protocol and application behavior analysis”, “packet assembly and de-assembly”, are becoming more established, as these threats matrixes mature, some utilizing the same signatures, but altering behavior. As our tool-sets develop, utilizing new technology to assess, interrogate, track, and assemble, transmissions are becoming more difficult to decode, as threats are focusing on applications, rather than the typical hardware based communications. These new genres‟ of attacks have surfaced, bringing a new mantra on how we protect our assets. We hear more about theft of proprietary information, infiltration of financial institutions, andintrusions within the defense industry. Advanced threats take on a new intonation, one of singularity, the focus is to either obtain information through illegal means, funneling monetary value from an institution, or disseminating information over the wire to discredit an organization or cause harm to individuals. 7 7 http://superconductor.voltage.com/2011/07/breaches-vs-european-countries.html 6
What is the future of Cloud Security? March 16, 2012 All thesedevelopments focus on one subject, causing disruption for monetary gain, the ability to use stealth like technologies to mask intrusion over multiple sessions, resembling internally to avoid detection. Although there have always been those whom have desired to gain from these acts, the ever growing presence of ones who have a harmful intent, have drastically increased. With that increase, so have their technologies, as attack methods become more sophisticated.8 The ability to forensically approach these issues, and “dig deeper” into the behavior of either the protocol or applications being assessed, the way in which the packets are being transmitting, or the destination of the request itself. All thesepoints must be met, in order to secure a fabric such as the “cloud”. How “we” manage these issues will be key in stopping the intrusion, and/or the unlawful dissemination of proprietary data. Delving into the behavior of such transmissions, and the protocol or application itself is where technology is headed. The ability to assess the transmission, and the way in which the protocol, or application, is behaving is the essence in which we can discern its‟ true nature, or the proper use of the transmission destination. Focusing on the behavior is key, whether that is protocol, or application based transmission, being able to interrogate that data assists in the ability of alerting or stopping the intrusion or transmission of proprietary information. By way of cohesively applying target based processors assigned to a varied number of protocols or applications,it is possible to determine if there is a malicious nature to a transmission, in which, again is possible to alert or drop associated packets or sessions, depending on the destination or the desire of dropping vs. alerting. This is accomplished by encapsulating the virtual instance, or instances, in which affords the capability of interrogating packets and transmissions through protocol/application analysis and/or behavior. 8 Common Monitoring and Management Solutions http://www.infosecurity-magazine.com/blog/2011/5/3/who-moved-my-cloud/334.aspx A single pane of glass is often required to provide a unified look of the entire infrastructure. This will provide an auditor the ability to verify the provider is delivering the level of service guaranteed by the solution. Auditors often look for event handling and common management across all systems. By automating the deployment of such monitoring solutions, and relying on a common platform for the management (including patch management, software revision control, and system lockdown procedures) a level of assurance can be provided to the auditor that all systems are uniform and follow the controls of the monitoring and management criteria. 7
What is the future of Cloud Security? March 16, 2012 In reality, the logical way of determining attack protocols is to measure what is normal vs. what isn‟t. In kind, that measurement should incorporate the “normal” behavior of a system, thereby being able to determine, or decipher what isn‟t. This realization elevates the need for determining the behavior of like application or system attacks. Attaching or capturing the “DNA” or “foot print” of normal activity within the actions or behavior of such protocols, applications, or servers one will be able to determine the actions of any malicious activity, including emerging threats, being able to remediate such activity in an in-line, or on-tap scenario. The same concept holds true in reference to the cloud, public, hybrid or private,again being far underutilized, mainly because worries of the inability to remain compliant, and the underlying factor, lack of a cohesive security solution. The same does not hold true in other locations, as use is increasing, especially in Europe as the market expands. Some of the reasoning for the anomaly is compliancy restrictions, referred to above, as well as the loss of control, security concerns, and the ability to operate autonomously throughout the fabric. These anxieties arise from the inability to control our own infrastructure, someone else having access to that technology, and/or the ability to access information remotely.9 9 http://wallstreetandtech.com/2012-outlook/the-cloudThe move to the public cloud also will be dictated by the size of the institution. Small to mid-size firms that do not have their own proprietary data centers will be among the first to move to the low-cost capacity the public cloud offers, while larger banks will initially continue to utilize their large, private clouds. 8
What is the future of Cloud Security? March 16, 2012 EncapsulatingCloud environments, whether that be physical, virtual, or Hybrid/Public Cloud based, allows for “dual vector” protection from the „outside in‟, and „inside out‟, affords organizations a value add, gaining back some of that control. Increasing the ability to see what is emerging, not only within the IaaS (Infrastructure-as-a-Service) layer, but also in the SaaS (Software-as-a-Service) or application layer. This allows the use to gain control, by protecting resources as if they were internal. This is accomplished via location parameters, and use of proprietary models that encompass the resources in a secured mesh, thereby allowing for protection of the resources through a holistic model. This enables the deployment of high-value, high-risk Cloud applications, while mitigating the risks associated with such applications. Intrusion detection and Prevention must include attack recognition beyond simple signature matching, and the ability to drop malicious sessions as opposed to simple resetting of connections.10 We must become more knowledgeable in way we conduct security operations, and how we design systems to manage and remediate breaches. Intelligent systems capable of managing such traffic, network discovery, analyzing traffic patterns and protocols, officiates processes, as they do not rely on application changes or structure. These tool- sets attendto traffic, patterns, and protocol behavior, adopting a set of rules capable of matching like patterns to suspicious activity. There must be an ability to incorporate intelligence, and machine learning technology, to combat these changes, capitalizing onprotocol and application behavior, and DNA patterns of the transmissions. These actions must be met with a robust, like minded, response to a malicious action, with the capability of forensic level capture, affording the capability to stay compliant, in a time where compliancy is so integral to vital business initiatives. 10 Public sector cloud use on the rise http://www.thecloudcircle.com/article/public-sector-cloud-use-rise The number of public sector organizations using the cloud is rising steadily, if not spectacularly, the Cloud Industry Forum, with 11 per cent increased clouds usage over the last nine months. The independent study of the latest cloud adoption rates showed that of the 300 UK-based organizations surveyed, 53 per cent are utilizing cloud services in some form. The private sector continues to lead the public sector with 56 per cent and 49 per cent respectively. 9

Recomendados

Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Booz Allen Hamilton
 
Ccsw
CcswCcsw
CcswVinit Zunjarrao
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...csandit
 
B018211016
B018211016B018211016
B018211016IOSR Journals
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...Dana Gardner
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
 
The Vigilant Enterprise
The Vigilant EnterpriseThe Vigilant Enterprise
The Vigilant EnterpriseBooz Allen Hamilton
 
Massive Data Analytics and the Cloud
Massive Data Analytics and the CloudMassive Data Analytics and the Cloud
Massive Data Analytics and the CloudBooz Allen Hamilton
 

Recomendados

Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Booz Allen Hamilton
 
Ccsw
CcswCcsw
CcswVinit Zunjarrao
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...csandit
 
B018211016
B018211016B018211016
B018211016IOSR Journals
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...Dana Gardner
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
 
The Vigilant Enterprise
The Vigilant EnterpriseThe Vigilant Enterprise
The Vigilant EnterpriseBooz Allen Hamilton
 
Massive Data Analytics and the Cloud
Massive Data Analytics and the CloudMassive Data Analytics and the Cloud
Massive Data Analytics and the CloudBooz Allen Hamilton
 
Research Report on Preserving Data Confidentiality & Data Integrity in ...
Research Report on Preserving Data Confidentiality & Data Integrity in ...Research Report on Preserving Data Confidentiality & Data Integrity in ...
Research Report on Preserving Data Confidentiality & Data Integrity in ...Manish Sahani
 
Research proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comResearch proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comPhD Assistance
 
Assurance of Security and Privacy Requirements for Cloud Deployment Model
Assurance of Security and Privacy Requirements for Cloud Deployment ModelAssurance of Security and Privacy Requirements for Cloud Deployment Model
Assurance of Security and Privacy Requirements for Cloud Deployment ModelIJMTST Journal
 
Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions. Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions. IJCERT JOURNAL
 
Outsourcing control
Outsourcing controlOutsourcing control
Outsourcing controlShahbaz Sidhu
 
Cloud Computing Security Issues and Challenges
Cloud Computing Security Issues and ChallengesCloud Computing Security Issues and Challenges
Cloud Computing Security Issues and Challengespaperpublications3
 
Review on Security Aspects for Cloud Architecture
Review on Security Aspects for Cloud Architecture Review on Security Aspects for Cloud Architecture
Review on Security Aspects for Cloud Architecture IJECEIAES
 
J3602068071
J3602068071J3602068071
J3602068071ijceronline
 
Ad4502189193
Ad4502189193Ad4502189193
Ad4502189193IJERA Editor
 
Securing a Collaborative Environment
Securing a Collaborative EnvironmentSecuring a Collaborative Environment
Securing a Collaborative EnvironmentJoseph Pidala
 
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Erik Ginalick
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...IJERA Editor
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-Lillian Ekwosi-Egbulem
 
Eb31854857
Eb31854857Eb31854857
Eb31854857IJERA Editor
 
A Survey of Cloud Computing Security Issues and Consequences
A Survey of Cloud Computing Security Issues and ConsequencesA Survey of Cloud Computing Security Issues and Consequences
A Survey of Cloud Computing Security Issues and ConsequencesAssociate Professor in VSB Coimbatore
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
 
Ijsrp p5211
Ijsrp p5211Ijsrp p5211
Ijsrp p5211Vishvi Vidanapathirana
 
Cloud computing technology security and trust challenges
Cloud computing technology security and trust challengesCloud computing technology security and trust challenges
Cloud computing technology security and trust challengesijsptm
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationBooz Allen Hamilton
 
Articolo - Matrice di convenienza 03.02.2014
Articolo - Matrice di convenienza 03.02.2014Articolo - Matrice di convenienza 03.02.2014
Articolo - Matrice di convenienza 03.02.2014Marco Crisci
 
Hxh291
Hxh291Hxh291
Hxh291Elfam
 

Más contenido relacionado

La actualidad más candente

Research Report on Preserving Data Confidentiality & Data Integrity in ...
Research Report on Preserving Data Confidentiality & Data Integrity in ...Research Report on Preserving Data Confidentiality & Data Integrity in ...
Research Report on Preserving Data Confidentiality & Data Integrity in ...Manish Sahani
 
Research proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comResearch proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comPhD Assistance
 
Assurance of Security and Privacy Requirements for Cloud Deployment Model
Assurance of Security and Privacy Requirements for Cloud Deployment ModelAssurance of Security and Privacy Requirements for Cloud Deployment Model
Assurance of Security and Privacy Requirements for Cloud Deployment ModelIJMTST Journal
 
Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions. Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions. IJCERT JOURNAL
 
Cloud Computing Security Issues and Challenges
Cloud Computing Security Issues and ChallengesCloud Computing Security Issues and Challenges
Cloud Computing Security Issues and Challengespaperpublications3
 
Review on Security Aspects for Cloud Architecture
Review on Security Aspects for Cloud Architecture Review on Security Aspects for Cloud Architecture
Review on Security Aspects for Cloud Architecture IJECEIAES
 
Securing a Collaborative Environment
Securing a Collaborative EnvironmentSecuring a Collaborative Environment
Securing a Collaborative EnvironmentJoseph Pidala
 
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Erik Ginalick
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...IJERA Editor
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-Lillian Ekwosi-Egbulem
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
 
Cloud computing technology security and trust challenges
Cloud computing technology security and trust challengesCloud computing technology security and trust challenges
Cloud computing technology security and trust challengesijsptm
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationBooz Allen Hamilton
 

La actualidad más candente (20)

Research Report on Preserving Data Confidentiality & Data Integrity in ...
Research Report on Preserving Data Confidentiality & Data Integrity in ...Research Report on Preserving Data Confidentiality & Data Integrity in ...
Research Report on Preserving Data Confidentiality & Data Integrity in ...
 
Research proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comResearch proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.com
 
Assurance of Security and Privacy Requirements for Cloud Deployment Model
Assurance of Security and Privacy Requirements for Cloud Deployment ModelAssurance of Security and Privacy Requirements for Cloud Deployment Model
Assurance of Security and Privacy Requirements for Cloud Deployment Model
 
Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions. Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions.
 
Outsourcing control
Outsourcing controlOutsourcing control
Outsourcing control
 
Cloud Computing Security Issues and Challenges
Cloud Computing Security Issues and ChallengesCloud Computing Security Issues and Challenges
Cloud Computing Security Issues and Challenges
 
Review on Security Aspects for Cloud Architecture
Review on Security Aspects for Cloud Architecture Review on Security Aspects for Cloud Architecture
Review on Security Aspects for Cloud Architecture
 
J3602068071
J3602068071J3602068071
J3602068071
 
Ad4502189193
Ad4502189193Ad4502189193
Ad4502189193
 
Securing a Collaborative Environment
Securing a Collaborative EnvironmentSecuring a Collaborative Environment
Securing a Collaborative Environment
 
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
 
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
 
Eb31854857
Eb31854857Eb31854857
Eb31854857
 
A Survey of Cloud Computing Security Issues and Consequences
A Survey of Cloud Computing Security Issues and ConsequencesA Survey of Cloud Computing Security Issues and Consequences
A Survey of Cloud Computing Security Issues and Consequences
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
 
Ijsrp p5211
Ijsrp p5211Ijsrp p5211
Ijsrp p5211
 
Cloud computing technology security and trust challenges
Cloud computing technology security and trust challengesCloud computing technology security and trust challenges
Cloud computing technology security and trust challenges
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data Classification
 

Destacado

Articolo - Matrice di convenienza 03.02.2014
Articolo - Matrice di convenienza 03.02.2014Articolo - Matrice di convenienza 03.02.2014
Articolo - Matrice di convenienza 03.02.2014Marco Crisci
 
Hxh291
Hxh291Hxh291
Hxh291Elfam
 
ALA Anaheim 2012
ALA Anaheim 2012ALA Anaheim 2012
ALA Anaheim 2012Lacey Klemm
 
Φύλλο εργασίας για την εγγραφή στο E twinning
Φύλλο εργασίας για την εγγραφή στο E twinningΦύλλο εργασίας για την εγγραφή στο E twinning
Φύλλο εργασίας για την εγγραφή στο E twinningPetros Michailidis
 
SCHOOL´S ANNUAL PLAN CHARACTERISTICS
SCHOOL´S ANNUAL PLAN CHARACTERISTICSSCHOOL´S ANNUAL PLAN CHARACTERISTICS
SCHOOL´S ANNUAL PLAN CHARACTERISTICSrosibelcruz
 
Photography and the Social Media
Photography and the Social MediaPhotography and the Social Media
Photography and the Social MediaBradley Wilson
 
Joanna Go Hello
Joanna Go HelloJoanna Go Hello
Joanna Go Hellojolizgo
 
Italy-visit to recycling centre
Italy-visit to recycling centreItaly-visit to recycling centre
Italy-visit to recycling centreCarlos Ajamil Royo
 
10 Tips for finding that next opportunity
10 Tips for finding that next opportunity10 Tips for finding that next opportunity
10 Tips for finding that next opportunityMike Jensen
 
Room1 ASSET Anne Crook Elluminate Conference Acc Comments
Room1 ASSET Anne Crook Elluminate Conference Acc CommentsRoom1 ASSET Anne Crook Elluminate Conference Acc Comments
Room1 ASSET Anne Crook Elluminate Conference Acc CommentsJISC SSBR
 
Presentacion Rider
Presentacion RiderPresentacion Rider
Presentacion Riderguest6e4166
 
Uncovering your black sheep ancestors
Uncovering your black sheep ancestorsUncovering your black sheep ancestors
Uncovering your black sheep ancestorsRE/MAX Grand Lake
 
Article Pengenalan Konsep Xml Web Services
Article Pengenalan Konsep Xml Web ServicesArticle Pengenalan Konsep Xml Web Services
Article Pengenalan Konsep Xml Web ServicesFredy Budimansyah
 
Advice For Buying Real-estate
Advice For Buying Real-estateAdvice For Buying Real-estate
Advice For Buying Real-estateGolden Team
 
Salary Exchange
Salary ExchangeSalary Exchange
Salary ExchangeBellpenny
 
Φύλλο εικόνας Background
Φύλλο εικόνας BackgroundΦύλλο εικόνας Background
Φύλλο εικόνας BackgroundPetros Michailidis
 

Destacado (20)

Articolo - Matrice di convenienza 03.02.2014
Articolo - Matrice di convenienza 03.02.2014Articolo - Matrice di convenienza 03.02.2014
Articolo - Matrice di convenienza 03.02.2014
 
Hxh291
Hxh291Hxh291
Hxh291
 
ALA Anaheim 2012
ALA Anaheim 2012ALA Anaheim 2012
ALA Anaheim 2012
 
Made in america terrorist
Made in america terroristMade in america terrorist
Made in america terrorist
 
Φύλλο εργασίας για την εγγραφή στο E twinning
Φύλλο εργασίας για την εγγραφή στο E twinningΦύλλο εργασίας για την εγγραφή στο E twinning
Φύλλο εργασίας για την εγγραφή στο E twinning
 
SCHOOL´S ANNUAL PLAN CHARACTERISTICS
SCHOOL´S ANNUAL PLAN CHARACTERISTICSSCHOOL´S ANNUAL PLAN CHARACTERISTICS
SCHOOL´S ANNUAL PLAN CHARACTERISTICS
 
Photography and the Social Media
Photography and the Social MediaPhotography and the Social Media
Photography and the Social Media
 
University Of Michigan
University Of MichiganUniversity Of Michigan
University Of Michigan
 
Joanna Go Hello
Joanna Go HelloJoanna Go Hello
Joanna Go Hello
 
Italy-visit to recycling centre
Italy-visit to recycling centreItaly-visit to recycling centre
Italy-visit to recycling centre
 
10 Tips for finding that next opportunity
10 Tips for finding that next opportunity10 Tips for finding that next opportunity
10 Tips for finding that next opportunity
 
Room1 ASSET Anne Crook Elluminate Conference Acc Comments
Room1 ASSET Anne Crook Elluminate Conference Acc CommentsRoom1 ASSET Anne Crook Elluminate Conference Acc Comments
Room1 ASSET Anne Crook Elluminate Conference Acc Comments
 
Καραΐσκάκης
ΚαραΐσκάκηςΚαραΐσκάκης
Καραΐσκάκης
 
Texas S Ta R Chart
Texas S Ta R ChartTexas S Ta R Chart
Texas S Ta R Chart
 
Presentacion Rider
Presentacion RiderPresentacion Rider
Presentacion Rider
 
Uncovering your black sheep ancestors
Uncovering your black sheep ancestorsUncovering your black sheep ancestors
Uncovering your black sheep ancestors
 
Article Pengenalan Konsep Xml Web Services
Article Pengenalan Konsep Xml Web ServicesArticle Pengenalan Konsep Xml Web Services
Article Pengenalan Konsep Xml Web Services
 
Advice For Buying Real-estate
Advice For Buying Real-estateAdvice For Buying Real-estate
Advice For Buying Real-estate
 
Salary Exchange
Salary ExchangeSalary Exchange
Salary Exchange
 
Φύλλο εικόνας Background
Φύλλο εικόνας BackgroundΦύλλο εικόνας Background
Φύλλο εικόνας Background
 

Similar a What is the future of cloud security linked in

Running head SESSION HIJACKING & CLOUD COMPUTING .docx
Running head SESSION HIJACKING & CLOUD COMPUTING .docxRunning head SESSION HIJACKING & CLOUD COMPUTING .docx
Running head SESSION HIJACKING & CLOUD COMPUTING .docxcharisellington63520
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
 
Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotCloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotTech Mahindra
 
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...ijcnes
 
Trends in the IT Profession Annotated BibliographyAdemola Adeleke.docx
Trends in the IT Profession Annotated BibliographyAdemola Adeleke.docxTrends in the IT Profession Annotated BibliographyAdemola Adeleke.docx
Trends in the IT Profession Annotated BibliographyAdemola Adeleke.docxwillcoxjanay
 
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGSECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGIRJET Journal
 
Exploring Cloud Encryption
Exploring Cloud EncryptionExploring Cloud Encryption
Exploring Cloud EncryptionSamuel Borthwick
 
Security aspects-of-mobile-cloud-computing
Security aspects-of-mobile-cloud-computingSecurity aspects-of-mobile-cloud-computing
Security aspects-of-mobile-cloud-computingSHREYASSRINATH94
 
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...Zac Darcy
 
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...Zac Darcy
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar reportshafzonly
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTUREacijjournal
 
cloud of things paper
cloud of things papercloud of things paper
cloud of things paperAssem mousa
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdfJose R
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Troy Marshall
 

Similar a What is the future of cloud security linked in (20)

Running head SESSION HIJACKING & CLOUD COMPUTING .docx
Running head SESSION HIJACKING & CLOUD COMPUTING .docxRunning head SESSION HIJACKING & CLOUD COMPUTING .docx
Running head SESSION HIJACKING & CLOUD COMPUTING .docx
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
 
Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotCloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot Spot
 
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
 
Trends in the IT Profession Annotated BibliographyAdemola Adeleke.docx
Trends in the IT Profession Annotated BibliographyAdemola Adeleke.docxTrends in the IT Profession Annotated BibliographyAdemola Adeleke.docx
Trends in the IT Profession Annotated BibliographyAdemola Adeleke.docx
 
The cloud
The cloudThe cloud
The cloud
 
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGSECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
 
Exploring Cloud Encryption
Exploring Cloud EncryptionExploring Cloud Encryption
Exploring Cloud Encryption
 
Security aspects-of-mobile-cloud-computing
Security aspects-of-mobile-cloud-computingSecurity aspects-of-mobile-cloud-computing
Security aspects-of-mobile-cloud-computing
 
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...
 
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar report
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
 
cloud of things paper
cloud of things papercloud of things paper
cloud of things paper
 
Cloud security
Cloud security Cloud security
Cloud security
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Security
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 

Último (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

What is the future of cloud security linked in

  • 1. What is the future of Cloud Security? March 16, 2012 Author: Jonathan J. Spindel, Ph.D. White Paper – Cloud Security 1
  • 2. What is the future of Cloud Security? March 16, 2012 Summary An open ended question, within every IT industry leaders mind is, “how do I operate in an open environment, allow for the maximum use of resources, and still keep a lid on security related issues”. Within Cloud Computing this question is even more prevalent, as we attempt operate in an open environment, and still worry about security concerns. This new quandary holdsvalidity, if the correct actions are taken to target attacks, which almost seam to be programmatically created for such a technology. In order to control and remediate emerging threats, we must adopt intuitive security policies and procedures, along with proactive defenses, whileincorporating intelligent management to solemnize these processes. This paper will delve into those avenues, address pinpointed benchmarks, within the subjects of distributed computing security, capitalizing on the Private/Hybrid/Public Cloud topics, and the management/remediation of such issues. Understanding the underlying complexities, as relates to information and data security, will help the reader expose their own concerns regarding internal and external security related concerns, as well as propose solutions that will assist in the remediation of those issues. Address anxieties revolving around the adoption of outdated information security concepts, andsolutionsmerging innovative ideas surrounding “intelligent” protocol and application behavioral analysis and pattern “DNA” matching techniques, utilizing more advanced computational tools. In tandem with protocol and application behavioral analysis, these techniques will assist the reader in understanding the value proposition in using more advanced intelligent technology, and how that will add, and level out theirapprehensions. By the end of this paper, the reader should be able to understand emerging threats, as they are rapidly changing, in succession, adopting new attack patterns, targeting application based computing, and assuming more lucrative attack scenarios. 2
  • 3. What is the future of Cloud Security? March 16, 2012 Overview Cloud Computing, as they say, is an old idea, officiated through new technology. The inclusions added over the years, give distributed computing new depth, growing from an infantile rationality to what we view as a distributed cloud model, or fabric, today. As history shows us, we transgress from the typical roaming profile to VDI (Virtual Desktop Infrastructure), from smartphones, to mobile computing platforms, from virtualization to full elastic computing. As we grow and feel the pains of adjusting to such development, our security infrastructure must follow closely to account for changes. With this in mind, take a look at the technological hurdles we have leaped, through the mastery of innovation, and then visualize how security mustfollow. Threats have become more brazen, and have targeted objectives; ones, which if overlookedwill have drastic consequences. We moved beyond the typical DOS (Denial of Service) attacks, to cyber-criminals targeting serversat the application layer; these emerging and advanced persistent threats are distributedwith the sole purpose, being monetary gain. Information or data theft has become one of the number one issues surrounding monetary loss from a corporate and end-user standpoint. 1 With the increase in distributed architectures, such as cloud computing, we alter the direction of, not only how we achieve business IT objectives, but in the way in which we enable our internal IT establishments. The industry is seeing a gradual, yet 1 http://www.riskandinsurancechalkboard.com/uploads/file/Ponemon Study(1).pdf 3
  • 4. What is the future of Cloud Security? March 16, 2012 definitive, shift towards these models as a whole, through not only the typical server venues, but alsosimilarly the change in mobile computing. The “distributed model” has multiple issues such as scalability, application elasticity, orchestration, automation, etc., these are not as difficultorcomplex as cloud security itself. Unlike legacy or local area computing, which communicates primarily through layers 1-4, Cloud is labeled as being much more application based and communicates primarily through layers 4-7 of the OSI model. There are also concerns regarding user, and usability, such as remote user authentication, to a much higher degree. This is takingdata, or information security to a new parallel, understanding application communication, how these processes, and protocols effectively communicate, and how to manage overall security for such fabrics. The underlying fact is, that because of this shift, attacks have transitioned from the transitional signatures, to the more advanced attack scenarios, such as advanced persistent attacks (APT).2 In recent years, the security industry has been inundated with news of informationtheft or dissemination of internal proprietary data, penetrations resulting in catastrophic loss, through attacks programmatically engineered, targeting application based computing. These subjects are far outweighed by security vendors themselves having issues themselves, with theft or loss of data, and the distribution of classified material, from multiple government agencies. Such concerns are mostly internal, and do not translate to hybrid or public cloud 2 http://www.cio.com.au/article/406586/assessing_apt_threat/?fp=4&fpid=18 4
  • 5. What is the future of Cloud Security? March 16, 2012 computing, not because it hasn’t, or could happen, but the under utilization of public resources. These anomalies can generally point toward fear of losing control over resources, and/or general mistrust of the public/hybrid cloud, due to overall lack ofsecurity or concerns regarding security capabilities as a whole. 3. As it stands today, cloud overall, is an annual $37B enterprise, growing exponentially, to an estimated $121B by 20154, and only a portion is related to Public Cloud.5 Elastic computing models could save organization billions in overall hardware costs, head count, and increase revenue. The “on-demand” ability to scale up or down seamlessly offers a dynamic value add to DR (Disaster Recovery), and HA (High Availability), as well as the “pay for what you use” model offer a great value-add to small, medium, and enterprise customers across the board. Hybrid Cloud usage combines public and private fabrics, allowing the ability to gain functionality from public cloud resources, and in tandem, utilize private cloud resources internally. Although these models are best of breed, they exhibitsome of thesame characteristics regarding security, and even add more legitimacy as the solutions breed more complexity. Proportionally the public cloud is utilized, under the auspices of an unsecured fabric. Although security itself, if you want to route requests through a physical portal, is rather robust. There are several organizations offering solutions stacks, surrounding the usage of public cloud without the necessity of rerouting data, mostly packages, which rely on agent based architectures, or virtual appliances utilizing agents within the virtual instance itself. These solutions, although robust in nature, are somewhat diluted by the inability to manage multiple rule sets, and/or the ability to communicate with other virtual appliances within the fabric, and functionally forget about the hypervisor structure itself. The idea of managing a singular blade server, through one virtual appliance, has been brought up in many different fashions, from usability to the assumption of managing each blade server in a separate virtual container.6 Some issues surrounding these architecture genres’ stem from the idea of resource pools, and the presence of multiple virtual appliances within pools. From this we can discern that the possibilities of collisions between these appliances are a definite possibility, as well as manageability concerns of the pools themselves, i.e. “what handles what and where?” 3 "Hype Cycle for Cloud Application Infrastructure Services (PaaS), 2011") – Gartner Review Cloud Application Infrastructure Services. Cloud application infrastructure services (also known as platform as a service, or PaaS) form the foundation of a cloud computing platform by enabling development, execution, management and life cycle control for cloud-based application solutions (see"Hype Cycle for Cloud Application Infrastructure Services (PaaS), 2011"). It is a less developed and less understood layer in the cloud computing architecture when compared with system infrastructure services (IaaS) and application services (SaaS), but is the fastest growing with innovation and new vendor investments. 4 http://www.marketsandmarkets.com/Market-Reports/cloud-computing-234.html The global cloud computing market is expected to grow from $37.8 billion in 2010 to $121.1 billion in 2015 at a CAGR of 26.2% from 2010 to 2015. SaaS is the largest segment of the cloud computing services market, accounting for 73% of the market’s revenues 2010. The major SaaS-providers include Adobe Web Connect, Google Mail, Cisco WebEx, and Yahoo Mail. Content, communications, and collaboration (CCC) accounts for about 30% of the SaaS market revenues. 5 Cloud computing's fear factor: Acknowledge, reduce, move on http://radar.oreilly.com/2010/12/cloud-computing-the-fear-facto.htmlYou also need to be aware and mitigate your security concerns. It's possible the security risk is over-stated. Most of us do personal online banking don't we? And aren't huge components of our infrastructure such as energy, financial markets, and the military already large consumers of the cloud? (Little consolation, I agree, when there is a breach -- but a fact on the ground you can't deny). I argue that in the short-term these issues are about deliberate and diligent organizational planning and in the long-term it's simply about normal business continuity design. When something innovative becomes widely adopted, it just becomes business as normal. 6 Hype Cycle for Privacy, 2011 http://www.gartner.com/DisplayDocument?doc_cd=214943&ref=g_fromdocPrivacy. The first "Hype Cycle for Privacy, 2011" is a tool for privacy officers and other IT professionals who have a responsibility for privacy in the organization. As attention to privacy as a whole reaches a peak, it justifies a closer look at which regulations are emerging and which have matured, and which technologies are deployed to deal with legal requirements and cultural expectations 5
  • 6. What is the future of Cloud Security? March 16, 2012 In any Cloud scenario, the presence of a “Single Pane of Glass” management methodology should be commonplace to function as a “Manager of Managers”, offering the capability of “Cross Platform Management”, and a central point of configuration. Within the typical data security model, this becomes a little bit more difficult, as communication between devices, is considered to be bad practice. However, there are various ways in which management of solutions could be learned, without direct connection and/or communication. Offeringmanagement structures allows the administrators to streamline operations across multiple machines, resources pools, and the ability to manage heterogeneous, multitenant environments, which are becoming more prevalent in the cloud industry. Programmaticallymodifying these methodologies, as our technological capabilities increase, is a must, as we are faced with novel attack scenarios that hamper our securitypolicies and procedures. Intelligent systems, with the capability of learning patterns within these transmissions, “protocol and application behavior analysis”, “packet assembly and de-assembly”, are becoming more established, as these threats matrixes mature, some utilizing the same signatures, but altering behavior. As our tool-sets develop, utilizing new technology to assess, interrogate, track, and assemble, transmissions are becoming more difficult to decode, as threats are focusing on applications, rather than the typical hardware based communications. These new genres‟ of attacks have surfaced, bringing a new mantra on how we protect our assets. We hear more about theft of proprietary information, infiltration of financial institutions, andintrusions within the defense industry. Advanced threats take on a new intonation, one of singularity, the focus is to either obtain information through illegal means, funneling monetary value from an institution, or disseminating information over the wire to discredit an organization or cause harm to individuals. 7 7 http://superconductor.voltage.com/2011/07/breaches-vs-european-countries.html 6
  • 7. What is the future of Cloud Security? March 16, 2012 All thesedevelopments focus on one subject, causing disruption for monetary gain, the ability to use stealth like technologies to mask intrusion over multiple sessions, resembling internally to avoid detection. Although there have always been those whom have desired to gain from these acts, the ever growing presence of ones who have a harmful intent, have drastically increased. With that increase, so have their technologies, as attack methods become more sophisticated.8 The ability to forensically approach these issues, and “dig deeper” into the behavior of either the protocol or applications being assessed, the way in which the packets are being transmitting, or the destination of the request itself. All thesepoints must be met, in order to secure a fabric such as the “cloud”. How “we” manage these issues will be key in stopping the intrusion, and/or the unlawful dissemination of proprietary data. Delving into the behavior of such transmissions, and the protocol or application itself is where technology is headed. The ability to assess the transmission, and the way in which the protocol, or application, is behaving is the essence in which we can discern its‟ true nature, or the proper use of the transmission destination. Focusing on the behavior is key, whether that is protocol, or application based transmission, being able to interrogate that data assists in the ability of alerting or stopping the intrusion or transmission of proprietary information. By way of cohesively applying target based processors assigned to a varied number of protocols or applications,it is possible to determine if there is a malicious nature to a transmission, in which, again is possible to alert or drop associated packets or sessions, depending on the destination or the desire of dropping vs. alerting. This is accomplished by encapsulating the virtual instance, or instances, in which affords the capability of interrogating packets and transmissions through protocol/application analysis and/or behavior. 8 Common Monitoring and Management Solutions http://www.infosecurity-magazine.com/blog/2011/5/3/who-moved-my-cloud/334.aspx A single pane of glass is often required to provide a unified look of the entire infrastructure. This will provide an auditor the ability to verify the provider is delivering the level of service guaranteed by the solution. Auditors often look for event handling and common management across all systems. By automating the deployment of such monitoring solutions, and relying on a common platform for the management (including patch management, software revision control, and system lockdown procedures) a level of assurance can be provided to the auditor that all systems are uniform and follow the controls of the monitoring and management criteria. 7
  • 8. What is the future of Cloud Security? March 16, 2012 In reality, the logical way of determining attack protocols is to measure what is normal vs. what isn‟t. In kind, that measurement should incorporate the “normal” behavior of a system, thereby being able to determine, or decipher what isn‟t. This realization elevates the need for determining the behavior of like application or system attacks. Attaching or capturing the “DNA” or “foot print” of normal activity within the actions or behavior of such protocols, applications, or servers one will be able to determine the actions of any malicious activity, including emerging threats, being able to remediate such activity in an in-line, or on-tap scenario. The same concept holds true in reference to the cloud, public, hybrid or private,again being far underutilized, mainly because worries of the inability to remain compliant, and the underlying factor, lack of a cohesive security solution. The same does not hold true in other locations, as use is increasing, especially in Europe as the market expands. Some of the reasoning for the anomaly is compliancy restrictions, referred to above, as well as the loss of control, security concerns, and the ability to operate autonomously throughout the fabric. These anxieties arise from the inability to control our own infrastructure, someone else having access to that technology, and/or the ability to access information remotely.9 9 http://wallstreetandtech.com/2012-outlook/the-cloudThe move to the public cloud also will be dictated by the size of the institution. Small to mid-size firms that do not have their own proprietary data centers will be among the first to move to the low-cost capacity the public cloud offers, while larger banks will initially continue to utilize their large, private clouds. 8
  • 9. What is the future of Cloud Security? March 16, 2012 EncapsulatingCloud environments, whether that be physical, virtual, or Hybrid/Public Cloud based, allows for “dual vector” protection from the „outside in‟, and „inside out‟, affords organizations a value add, gaining back some of that control. Increasing the ability to see what is emerging, not only within the IaaS (Infrastructure-as-a-Service) layer, but also in the SaaS (Software-as-a-Service) or application layer. This allows the use to gain control, by protecting resources as if they were internal. This is accomplished via location parameters, and use of proprietary models that encompass the resources in a secured mesh, thereby allowing for protection of the resources through a holistic model. This enables the deployment of high-value, high-risk Cloud applications, while mitigating the risks associated with such applications. Intrusion detection and Prevention must include attack recognition beyond simple signature matching, and the ability to drop malicious sessions as opposed to simple resetting of connections.10 We must become more knowledgeable in way we conduct security operations, and how we design systems to manage and remediate breaches. Intelligent systems capable of managing such traffic, network discovery, analyzing traffic patterns and protocols, officiates processes, as they do not rely on application changes or structure. These tool- sets attendto traffic, patterns, and protocol behavior, adopting a set of rules capable of matching like patterns to suspicious activity. There must be an ability to incorporate intelligence, and machine learning technology, to combat these changes, capitalizing onprotocol and application behavior, and DNA patterns of the transmissions. These actions must be met with a robust, like minded, response to a malicious action, with the capability of forensic level capture, affording the capability to stay compliant, in a time where compliancy is so integral to vital business initiatives. 10 Public sector cloud use on the rise http://www.thecloudcircle.com/article/public-sector-cloud-use-rise The number of public sector organizations using the cloud is rising steadily, if not spectacularly, the Cloud Industry Forum, with 11 per cent increased clouds usage over the last nine months. The independent study of the latest cloud adoption rates showed that of the 300 UK-based organizations surveyed, 53 per cent are utilizing cloud services in some form. The private sector continues to lead the public sector with 56 per cent and 49 per cent respectively. 9