SlideShare a Scribd company logo

Cloud Computing - Security Benefits and Risks

ā€¢Download as PPT, PDFā€¢
ā€¢
William McBorrough
William McBorrough

This document discusses cloud computing characteristics, service models, deployment models, risks, and security benefits. It defines cloud computing as on-demand access to configurable computing resources over a network. Key characteristics include rapid elasticity, broad network access, resource pooling, measured service, and self-service. Common models are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Risks include vendor lock-in, loss of governance, and isolation failures, but cloud security can also be improved through large-scale implementation.

Technology
1 of 45
Cloud Assurance Information Assurance in the Cloud by William McBorrough MSIA, CISSP, CISA, CEH Security Principal, Secure Intervention
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What is Cloud Computing? ,[object Object]
Soā€¦.what is the ā€˜cloudā€ ,[object Object],[object Object]
Technology Still Evolving ,[object Object],[object Object]
NISTā€™s Working Definition ,[object Object],[object Object],[object Object],[object Object],[object Object]
Characteristics ,[object Object],[object Object],[object Object],[object Object],[object Object]
On Demand Self Service ,[object Object]
Broad network access ,[object Object]
Resource pooling ,[object Object]
Rapid elasticity ,[object Object]
Measured Service ,[object Object]
Delivery Models ,[object Object],[object Object],[object Object],[object Object]
Software as a Service (SaaS) ,[object Object]
In other wordsā€¦ ,[object Object],[object Object],[object Object]
SaaS Responsibilities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Platform as a Service (PaaS) ,[object Object]
In other wordsā€¦ ,[object Object],[object Object]
PaaS Responsibilities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Infrastructure as a Service (IaaS) ,[object Object]
In other wordsā€¦ ,[object Object],[object Object]
IaaS Responsibilities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IaaS Responsibilities ā€“ contā€™d ,[object Object],[object Object],[object Object],[object Object]
Deployment Models ,[object Object],[object Object],[object Object],[object Object]
Public ,[object Object]
Private ,[object Object]
Community ,[object Object]
Hybrid ,[object Object]
That ā€™s greatā€¦ ,[object Object]
Advantages ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
So what ā€™s the downside? ,[object Object],[object Object]
Just to be clearā€¦. ,[object Object],[object Object]
Understanding Risk ,[object Object],[object Object]
ENISAā€™s Top Cloud Risk ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Risk Categories ,[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Policy and Organizational Risks
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Technical Risks
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Technical Risks ā€“ contā€™d
[object Object],[object Object],[object Object],[object Object],Legal Risks
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],General Risks ( not cloud specific)
[object Object],[object Object],[object Object],[object Object],General Risks ā€“ contā€™d
Fair and Balanced? ,[object Object],[object Object]
Security Benefits of Cloud ,[object Object],[object Object],[object Object],[object Object],[object Object]
References ,[object Object],[object Object],[object Object]
Questions?

Recommended

Cloud security
Cloud securityCloud security
Cloud security
BikashPokharel3
Ā 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
Avinash Saklani
Ā 
Cloud computing and its security issues
Cloud computing and its security issuesCloud computing and its security issues
Cloud computing and its security issues
Jyoti Srivastava
Ā 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
Akhila Param
Ā 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
Jim Geovedi
Ā 
Multi cloud security architecture
Multi cloud security architecture Multi cloud security architecture
Multi cloud security architecture
Maganathin Veeraragaloo
Ā 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
Amazon Web Services
Ā 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
Kannan Subbiah
Ā 

Recommended

Cloud security
Cloud securityCloud security
Cloud security
BikashPokharel3
Ā 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
Avinash Saklani
Ā 
Cloud computing and its security issues
Cloud computing and its security issuesCloud computing and its security issues
Cloud computing and its security issues
Jyoti Srivastava
Ā 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
Akhila Param
Ā 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
Jim Geovedi
Ā 
Multi cloud security architecture
Multi cloud security architecture Multi cloud security architecture
Multi cloud security architecture
Maganathin Veeraragaloo
Ā 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
Amazon Web Services
Ā 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
Kannan Subbiah
Ā 
Cloud deployment models
Cloud deployment modelsCloud deployment models
Cloud deployment models
Ashok Kumar
Ā 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
Ā 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
Ā 
Cloud computing
Cloud computingCloud computing
Cloud computing
DebrajKarmakar
Ā 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
Capgemini
Ā 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
Moshe Ferber
Ā 
Cloud computing saas
Cloud computing saasCloud computing saas
Cloud computing saas
Yukti Kaura
Ā 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
Keet Sugathadasa
Ā 
Cloud security
Cloud securityCloud security
Cloud security
Niharika Varshney
Ā 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management
Padma Jella
Ā 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
Devyani Vaidya
Ā 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
Ā 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaCloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Edureka!
Ā 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and management
Shamsundar Machale (CISSP, CEH)
Ā 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
Sweta Kumari Barnwal
Ā 
Cloud computing
Cloud computing Cloud computing
Cloud computing
hari krishnan.n
Ā 
Cloud 101: The Basics of Cloud Computing
Cloud 101: The Basics of Cloud ComputingCloud 101: The Basics of Cloud Computing
Cloud 101: The Basics of Cloud Computing
Hostway|HOSTING
Ā 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
Venkatesh Chary
Ā 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
Pascal Flƶschel
Ā 
Understanding SASE
Understanding SASE Understanding SASE
Understanding SASE
Haris Chughtai
Ā 
The Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services ProviderThe Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services Provider
CSI Solutions
Ā 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Piyush Mittal
Ā 

More Related Content

What's hot

Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
Pascal Flƶschel
Ā 

What's hot (20)

Cloud deployment models
Cloud deployment modelsCloud deployment models
Cloud deployment models
Ā 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
Ā 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Ā 
Cloud computing
Cloud computingCloud computing
Cloud computing
Ā 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
Ā 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
Ā 
Cloud computing saas
Cloud computing saasCloud computing saas
Cloud computing saas
Ā 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
Ā 
Cloud security
Cloud securityCloud security
Cloud security
Ā 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management
Ā 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
Ā 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
Ā 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaCloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Ā 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and management
Ā 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
Ā 
Cloud computing
Cloud computing Cloud computing
Cloud computing
Ā 
Cloud 101: The Basics of Cloud Computing
Cloud 101: The Basics of Cloud ComputingCloud 101: The Basics of Cloud Computing
Cloud 101: The Basics of Cloud Computing
Ā 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
Ā 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
Ā 
Understanding SASE
Understanding SASE Understanding SASE
Understanding SASE
Ā 

Viewers also liked

Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Piyush Mittal
Ā 
Cloud computing & Security presentation
Cloud computing & Security presentationCloud computing & Security presentation
Cloud computing & Security presentation
Parveen Yadav
Ā 
Structured Analysis and Structured Design
Structured Analysis and Structured DesignStructured Analysis and Structured Design
Structured Analysis and Structured Design
Sanjay Kumar Chakravarti
Ā 
Summer School Scale Cloud Across the Enterprise
Summer School Scale Cloud Across the EnterpriseSummer School Scale Cloud Across the Enterprise
Summer School Scale Cloud Across the Enterprise
WSO2
Ā 
Simplifying The Cloud Top 10 Questions By SMBs
Simplifying The Cloud Top 10 Questions By SMBsSimplifying The Cloud Top 10 Questions By SMBs
Simplifying The Cloud Top 10 Questions By SMBs
Sun Digital, Inc.
Ā 

Viewers also liked (20)

The Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services ProviderThe Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services Provider
Ā 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Ā 
Cloud computing & Security presentation
Cloud computing & Security presentationCloud computing & Security presentation
Cloud computing & Security presentation
Ā 
Cloud computing security - Insights
Cloud computing security - InsightsCloud computing security - Insights
Cloud computing security - Insights
Ā 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
Ā 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
Ā 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
Ā 
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter PresentationCloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Ā 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issues
Ā 
Cloud Computing Security Issues
Cloud Computing Security Issues Cloud Computing Security Issues
Cloud Computing Security Issues
Ā 
Structured Analysis and Structured Design
Structured Analysis and Structured DesignStructured Analysis and Structured Design
Structured Analysis and Structured Design
Ā 
2013 State of Cloud Survey SMB Results
2013 State of Cloud Survey SMB Results2013 State of Cloud Survey SMB Results
2013 State of Cloud Survey SMB Results
Ā 
Breaking through the Clouds
Breaking through the CloudsBreaking through the Clouds
Breaking through the Clouds
Ā 
2013 Future of Cloud Computing - 3rd Annual Survey Results
2013 Future of Cloud Computing - 3rd Annual Survey Results2013 Future of Cloud Computing - 3rd Annual Survey Results
2013 Future of Cloud Computing - 3rd Annual Survey Results
Ā 
Intro to cloud computing ā€” MegaCOMM 2013, Jerusalem
Intro to cloud computing ā€” MegaCOMM 2013, JerusalemIntro to cloud computing ā€” MegaCOMM 2013, Jerusalem
Intro to cloud computing ā€” MegaCOMM 2013, Jerusalem
Ā 
Can we hack open source #cloud platforms to help reduce emissions?
Can we hack open source #cloud platforms to help reduce emissions?Can we hack open source #cloud platforms to help reduce emissions?
Can we hack open source #cloud platforms to help reduce emissions?
Ā 
Summer School Scale Cloud Across the Enterprise
Summer School Scale Cloud Across the EnterpriseSummer School Scale Cloud Across the Enterprise
Summer School Scale Cloud Across the Enterprise
Ā 
Simplifying The Cloud Top 10 Questions By SMBs
Simplifying The Cloud Top 10 Questions By SMBsSimplifying The Cloud Top 10 Questions By SMBs
Simplifying The Cloud Top 10 Questions By SMBs
Ā 
Penetrating the Cloud: Opportunities & Challenges for Businesses
Penetrating the Cloud: Opportunities & Challenges for BusinessesPenetrating the Cloud: Opportunities & Challenges for Businesses
Penetrating the Cloud: Opportunities & Challenges for Businesses
Ā 
The Inevitable Cloud Outage
The Inevitable Cloud OutageThe Inevitable Cloud Outage
The Inevitable Cloud Outage
Ā 

Similar to Cloud Computing - Security Benefits and Risks

Introduction To Cloud Computing
Introduction To Cloud ComputingIntroduction To Cloud Computing
Introduction To Cloud Computing
kevnikool
Ā 
NIST Definition of Cloud Computing v15
NIST Definition of Cloud Computing v15NIST Definition of Cloud Computing v15
NIST Definition of Cloud Computing v15
Bill Annibell
Ā 

Similar to Cloud Computing - Security Benefits and Risks (20)

Cloud Computing genral for all concepts.pptx
Cloud Computing genral for all concepts.pptxCloud Computing genral for all concepts.pptx
Cloud Computing genral for all concepts.pptx
Ā 
Cloudmod4
Cloudmod4Cloudmod4
Cloudmod4
Ā 
What Is Cloud Computing?
What Is Cloud Computing?What Is Cloud Computing?
What Is Cloud Computing?
Ā 
Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...
Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...
Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...
Ā 
Cloud strategy briefing 101
Cloud strategy briefing 101 Cloud strategy briefing 101
Cloud strategy briefing 101
Ā 
Introduction To Cloud Computing
Introduction To Cloud ComputingIntroduction To Cloud Computing
Introduction To Cloud Computing
Ā 
Data Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentData Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud Environment
Ā 
Literature Review: Security on cloud computing
Literature Review: Security on cloud computingLiterature Review: Security on cloud computing
Literature Review: Security on cloud computing
Ā 
An introduction to the cloud 11 v1
An introduction to the cloud 11 v1An introduction to the cloud 11 v1
An introduction to the cloud 11 v1
Ā 
NSUT_Lecture1_cloud computing[1].pptx
NSUT_Lecture1_cloud computing[1].pptxNSUT_Lecture1_cloud computing[1].pptx
NSUT_Lecture1_cloud computing[1].pptx
Ā 
Cloud computing
Cloud computingCloud computing
Cloud computing
Ā 
Security threats in cloud computing
Security threats in cloud computingSecurity threats in cloud computing
Security threats in cloud computing
Ā 
Cloud def-v15
Cloud def-v15Cloud def-v15
Cloud def-v15
Ā 
NIST Definition of Cloud Computing v15
NIST Definition of Cloud Computing v15NIST Definition of Cloud Computing v15
NIST Definition of Cloud Computing v15
Ā 
Cloud Def V15
Cloud Def V15Cloud Def V15
Cloud Def V15
Ā 
Cloud Ecosystems A Perspective
Cloud Ecosystems A PerspectiveCloud Ecosystems A Perspective
Cloud Ecosystems A Perspective
Ā 
Cs6703 grid and cloud computing unit 3
Cs6703 grid and cloud computing unit 3Cs6703 grid and cloud computing unit 3
Cs6703 grid and cloud computing unit 3
Ā 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
Ā 
Cloud computing and Cloud Security - Basics and Terminologies
Cloud computing and Cloud Security - Basics and TerminologiesCloud computing and Cloud Security - Basics and Terminologies
Cloud computing and Cloud Security - Basics and Terminologies
Ā 
CLOUD COMPUTING.pptx
CLOUD COMPUTING.pptxCLOUD COMPUTING.pptx
CLOUD COMPUTING.pptx
Ā 

More from William McBorrough

MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
William McBorrough
Ā 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_Final
William McBorrough
Ā 
MCG_OnePageBrochure_Final
MCG_OnePageBrochure_FinalMCG_OnePageBrochure_Final
MCG_OnePageBrochure_Final
William McBorrough
Ā 

More from William McBorrough (20)

MCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceMCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance Service
Ā 
MCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance ProgramMCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance Program
Ā 
MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement
Ā 
Cybersecurity Career Information by Next Gen Cyber
Cybersecurity Career Information by Next Gen CyberCybersecurity Career Information by Next Gen Cyber
Cybersecurity Career Information by Next Gen Cyber
Ā 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity Framework
Ā 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
Ā 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
Ā 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
Ā 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
Ā 
MCGlobalTech Enterprise Risk Management Program
MCGlobalTech Enterprise Risk Management ProgramMCGlobalTech Enterprise Risk Management Program
MCGlobalTech Enterprise Risk Management Program
Ā 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_Final
Ā 
MCG_OnePageBrochure_Final
MCG_OnePageBrochure_FinalMCG_OnePageBrochure_Final
MCG_OnePageBrochure_Final
Ā 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
Ā 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management Framework
Ā 
MCGlobalTech Capability Statement
MCGlobalTech Capability StatementMCGlobalTech Capability Statement
MCGlobalTech Capability Statement
Ā 
Managing Security Risks in Manufacturing
Managing Security Risks in ManufacturingManaging Security Risks in Manufacturing
Managing Security Risks in Manufacturing
Ā 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Ā 
Protecting Customer Confidential Information
Protecting Customer Confidential InformationProtecting Customer Confidential Information
Protecting Customer Confidential Information
Ā 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
Ā 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
Ā 

Recently uploaded

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
Ā 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Ā 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
Ā 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
Ā 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Ā 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Ā 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
Ā 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
Ā 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Ā 

Recently uploaded (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
Ā 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Ā 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Ā 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Ā 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Ā 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Ā 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Ā 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Ā 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Ā 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Ā 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Ā 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Ā 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Ā 
šŸ¬ The future of MySQL is Postgres šŸ˜
šŸ¬ The future of MySQL is Postgres šŸ˜šŸ¬ The future of MySQL is Postgres šŸ˜
šŸ¬ The future of MySQL is Postgres šŸ˜
Ā 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Ā 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Ā 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Ā 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Ā 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
Ā 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Ā 

Cloud Computing - Security Benefits and Risks

  • 1. Cloud Assurance Information Assurance in the Cloud by William McBorrough MSIA, CISSP, CISA, CEH Security Principal, Secure Intervention
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.

Editor's Notes

  1. European Network and Information Agency LOSS OF GOVERNANCE: in using cloud infrastructures, the client necessarily cedes control to the Cloud Provider (CP) on a number of issues which may affect security. At the same time, SLAs may not offer a commitment to provide such services on the part of the cloud provider, thus leaving a gap in security defences. LOCK-IN: there is currently little on offer in the way of tools, procedures or standard data formats or services interfaces that could guarantee data, application and service portability. This can make it difficult for the customer to migrate from one provider to another or migrate data and services back to an in-house IT environment. This introduces a dependency on a particular CP for service provision, especially if data portability, as the most fundamental aspect, is not enabled.. ISOLATION FAILURE: multi-tenancy and shared resources are defining characteristics of cloud computing. This risk category covers the failure of mechanisms separating storage, memory, routing and even reputation between different tenants (e.g., so-called guest-hopping attacks). However it should be considered that attacks on resource isolation mechanisms (e.g.,. against hypervisors) are still less numerous and much more difficult for an attacker to put in practice compared to attacks on traditional OSs. COMPLIANCE RISKS: investment in achieving certification (e.g., industry standard or regulatory requirements) may be put at risk by migration to the cloud: ļ‚· if the CP cannot provide evidence of their own compliance with the relevant requirements ļ‚· if the CP does not permit audit by the cloud customer (CC). In certain cases, it also means that using a public cloud infrastructure implies that certain kinds of compliance cannot be achieved (e.g., PCI DSS (4)). MANAGEMENT INTERFACE COMPROMISE: customer management interfaces of a public cloud provider are accessible through the Internet and mediate access to larger sets of resources (than traditional hosting providers) and therefore pose an increased risk, especially when combined with remote access and web browser vulnerabilities. DATA PROTECTION: cloud computing poses several data protection risks for cloud customers and providers. In some cases, it may be difficult for the cloud customer (in its role as data controller) to effectively check the data handling practices of the cloud provider and thus to be sure that the data is handled in a lawful way. This problem is exacerbated in cases of multiple transfers of data, e.g., between federated clouds. On the other hand, some cloud providers do provide information on their data handling practices. Some also offer certification summaries on their data processing and data security activities and the data controls they have in place, e.g., SAS70 certification. INSECURE OR INCOMPLETE DATA DELETION: when a request to delete a cloud resource is made, as with most operating systems, this may not result in true wiping of the data. Adequate or timely data deletion may also be impossible (or undesirable from a customer perspective), either because extra copies of data are stored but are not available, or because the disk to be destroyed also stores data from other clients. In the case of multiple tenancies and the reuse of hardware resources, this represents a higher risk to the customer than with dedicated hardware. MALICIOUS INSIDER: while usually less likely, the damage which may be caused by malicious insiders is often far greater. Cloud architectures necessitate certain roles which are extremely high-risk. Examples include CP system administrators and managed security service providers. NB : the risks listed above do not follow a specific order of criticality; they are just ten of the most important cloud computing specific risks identified during the assessment. The risks of using cloud computing should be compared to the risks of staying with traditional solutions, such as desktop-based models. To facilitate this, in the main document we have included estimates of relative risks as compared with a typical traditional environment. Please note that it is often possible, and in some cases advisable, for the cloud customer to transfer risk to the cloud provider; however not all risks can be transferred : If a risk leads to the failure of a business, serious damage to reputation or legal implications, it is hard or impossible for any other party to compensate for this damage. Ultimately, you can outsource responsibility but you can't outsource accountability.
  2. European Network and Information Agency
  3. European Network and Information Agency
  4. European Network and Information Agency
  5. European Network and Information Agency
  6. European Network and Information Agency
  7. European Network and Information Agency
  8. European Network and Information Agency