SlideShare una empresa de Scribd logo

Cloud Computing Security

Arunvignesh Venkatesh
Arunvignesh Venkatesh
1 de 12
Descargar para leer sin conexión
Cloud Computing Security ARUNVIGNESH VENKATESH 1 Cloud Computing Security
Cloud Computing Security ARUNVIGNESH VENKATESH 2 Content  Cloud Computing Growth  Recent Attacks on Cloud Computing  Cloud Security Threats  Cloud Security: Things to be taken care  Solution Architecture: Secured Cloud Design  View point
Cloud Computing Security ARUNVIGNESH VENKATESH 3 1. Cloud Computing Growth in recent years I wouldn’t be surprised, if I don’t hear the word ‘cloud’ from ANY IT Techie, today. That’s the growth of cloud computing in the market. Here’s another classic example - The interest of Google Search for ‘cloud computing’ has drastically increased from 20% (in 2009) to around 95% (in 2015). Not only the techies, but Global Industries are also slowly turning their steering to Cloud World because of its fascinating factors - ‘No CapEx, Pay-as-You-Go pricing model, no infrastructure management, ‘as a service’ options, etc.,
Cloud Computing Security ARUNVIGNESH VENKATESH 4 By looking at the Enterprise’s Interest in Cloud, Leading technology vendor’s such as Oracle, Redhat, Windows, Symantec have landed their products in Cloud Model on subscription basis over the traditional license model. 2. Recent Attacks on Cloud Computing As they say – “When Good goes in its way, the bad follows”, when all the eyes are blind folded with Cloud computing’s facts, they fail to build their cloud stronger. As the cloud emerges in recent years, the attacks on the cloud environments also increases.
Cloud Computing Security ARUNVIGNESH VENKATESH 5 The Home Depot (HD), JPMorgan Chase (JPM) and even the White House were breached 2015. Reconnaissance increased significantly in 2014. Some of the most common scans we detected included ZmEu, Morfeus, VNCScan, and Nessus scans, as well as multiple generic scans. Over the recent years, the numbers around healthcare data breaches can be quit sobering.  Total Breaches: 495  Total Records: 21.12 million  Total Cost: $4.1 billion  Average Size: 42,659 records  Average Cost: $8.27 million  Average Time to Identify: 84.78 days  Average Time to Notify: 68.31 days According to a recent Cloud Security Alliance Report, insider attacks are the sixth biggest threat in cloud computing. 3. Major Threats of Cloud Computing The Cloud Security Alliance (CSA) leads a number of ongoing research initiatives through which it provides white papers, tools and reports to help companies and vendors secure cloud computing services. CSA has created “The Treacherous 12” - Cloud Computing’s Top 12 Threats in 2016. 1) DATA BREACHES Cloud providers become an attractive target to this attack, due to “vast amount of data”. When a data breach occurs, companies may incur fines, or they may face lawsuits or criminal charges. Cloud providers typically deploy security controls to protect their environments, but ultimately, organizations are responsible for protecting their own data in the cloud. Remedy: The CSA has recommended organizations use multifactor authentication and encryption to protect against data breaches.
Cloud Computing Security ARUNVIGNESH VENKATESH 6 2) COMPROMISED CREDENTIALS AND BROKEN AUTHENTICATION: Organizations often struggle with identity management as they try to allocate permissions appropriate to the user’s job role. Data breaches frequently result from lack of scalable identity access management systems, failure to use multifactor authentication, weak password use, and a lack of ongoing automated rotation of cryptographic keys, passwords and certificates. Remedy: Identity systems are becoming increasingly interconnected, and federating identity with a cloud provider (e.g. SAML assertions) is becoming more prevalent to ease the burden of user maintenance. Multifactor authentication systems such as smart card, OTP, and phone authentication are required for cloud computing end users. It is recommended to use Cryptographic keys, including TLS certificates, keys used to protect cloud services. 3) HACKED INTERFACES AND APIS Practically every cloud service and application now offers APIs. The security of the cloud depends upon the security of these interfaces. Some problems are:  Weak credential  Insufficient authorization checks  Insufficient input-data validation Also, cloud APIs are still immature which means that are frequently updated. A fixed bug can introduce another security hole in the application. Remedy: The CSA also recommends adequate controls as the “first line of defense and detection.” security-focused code reviews and rigorous penetration testing are the key security walls for these attacks. 4) EXPLOITED SYSTEM VULNERABILITIES ‘Bugs’ in any server became exploitable remotely when networks were created. but they've become a bigger problem with the advent of multitenancy in cloud computing. Organizations share memory, databases, and other resources in close proximity to one another, creating new attack surfaces. Remedy: Best practices include regular vulnerability scanning, prompt patch management, and quick follow-up on reported system threats, says CSA. 5) ACCOUNT HIJACKING Cloud solutions add a new threat called ‘Account Hijacking’ to the landscape. If an attacker gains access to customer’s credentials, they can eavesdrop on customer’s activities and transactions, manipulate data, return falsified information and redirect end user to illegitimate sites. Remedy: Organizations should look to prohibit the sharing of account credentials among users and services and leverage strong two-factor authentication techniques where possible. All accounts and account activities should be monitored and traceable to a human owner, even service accounts. 6) MALICIOUS INSIDERS A malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system,
Cloud Computing Security ARUNVIGNESH VENKATESH 7 or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems. In a cloud scenario, a hell-bent insider can destroy whole infrastructures or manipulate data. Systems that depend solely on the cloud service provider for security, such as encryption, are at greatest risk. Remedy: The CSA recommends that organizations control the encryption process and keys, segregating duties and minimizing access given to users. Effective logging, monitoring, and auditing administrator activities are also critical. Proper training and management to prevent such mistakes becomes more critical in the cloud, due to greater potential exposure. 7) THE APT PARASITE APTs (Advanced Persistent Threats) infiltrate systems to establish a foothold, then stealthily infiltrate data and intellectual property over an extended period of time. Remedy: Awareness programs that are regularly reinforced are one of the best defenses against these types of attacks, because many of these vulnerabilities require user intervention or action. Staff should be ingrained with thinking twice before opening an attachment or clicking a link. 8) PERMANENT DATA LOSS As the cloud has matured, reports of permanent data loss due to provider error have become extremely rare. But malicious hackers have been known to permanently delete cloud data to harm businesses, and cloud data centers are as vulnerable to natural disasters as any facility. Remedy: providers should offer solutions for geographic redundancy, data backup within the cloud, and premise-to-cloud backups. Cloud providers also recommend their customers distributing data and applications across multiple zones for added protection. If a customer encrypts data before uploading it to the cloud, then that customer must be careful to protect the encryption key. Once the key is lost, so is the data. 9) INADEQUATE DUE-DILIGENCE Due diligence applies whether the organization is trying to migrate to the cloud or merging (or working) with another company in the cloud. An organization that rushes to adopt cloud technologies and choose CSPs without performing due diligence exposes itself to a myriad of commercial, financial, technical, legal and compliance risks that jeopardize its success. Remedy: The CSA reminds organizations they must perform extensive due diligence to understand the risks they assume when they subscribe to each cloud service. 10) CLOUD SERVICE ABUSES Abuses that includes Poorly secured cloud service deployments, free cloud service trials and fraudulent account sign-ups via payment instrument fraud expose cloud computing models such as IaaS, PaaS, and SaaS to malicious attacks. Remedy: Providers need to recognize types of abuse -- such as scrutinizing traffic to recognize DDoS attacks -- and offer tools for customers to monitor the health of their cloud environments.
Cloud Computing Security ARUNVIGNESH VENKATESH 8 Customers should make sure providers offer a mechanism for reporting abuse. Although customers may not be direct prey for malicious actions, cloud service abuse can still result in service availability issues and data loss. 11) DOS ATTACKS Denial-of-service (DoS) attacks are attacks meant to prevent users of a service from being able to access their data or their applications. Systems may slow to a crawl or simply time out. Remedy: Cloud providers tend to be better poised to handle DoS attacks than their customers, the CSA said. System administrators must be able to immediately access resources that can be used as mitigation. 12) SHARED TECHNOLOGY, SHARED DANGERS Cloud service providers deliver their services scalable by sharing infrastructure, platforms or applications. Cloud technology divides the “as a Service” offering without substantially changing the off the-shelf hardware/software—sometimes at the expense of security. The key is that a single vulnerability or misconfiguration can lead to a compromise across an entire provider’s cloud. If an integral component gets compromised -- say, a hypervisor, a shared platform component, or an application -- it exposes the entire environment to potential compromise and breach. Remedy: It is recommended to enable Multi-factor authentication on all hosts, Host based Intrusion Detection System (HIDS) and Network-based Intrusion Detection Systems (NIDS) on internal networks, applying concepts of networking least privilege and segmentation, and keeping shared resources patched. 4. Securing Cloud: Cloud always comes on Shared Responsibility model, between the service provider such as Amazon, Azure, Google and the customers using their services. Provider’s Security: 1. PHYSICAL SECURITY Cloud service providers physically secure the IT hardware (servers, routers, cables etc.) against unauthorized access, interference, theft, fires, floods etc. and ensure that essential supplies (such as
Cloud Computing Security ARUNVIGNESH VENKATESH 9 electricity) are sufficiently robust to minimize the possibility of disruption. This is normally achieved by serving cloud applications from 'world-class' (i.e. professionally specified, designed, constructed, managed, monitored and maintained) data centers. 2. PERSONNEL SECURITY Various information security concerns relating to the IT and other professionals associated with cloud services are typically handled through pre-, para- and post-employment activities such as security screening potential recruits, security awareness and training programs, proactive 3. PRIVACY Providers ensure that all critical data (credit card numbers, for example) are masked or encrypted and that only authorized users have access to data in its entirety. Moreover, digital identities and credentials must be protected as should any data that the provider collects or produces about customer activity in the cloud. Customer’s Responsibility: End using Customers share the equal responsibility with Providers, on securing their cloud infrastructure. Below are the key areas where customer need to focus on their cloud security.  Provide the Security Architecture Drawing  Have Specialized Protections for the Perimeter  Hold the Firewall Segregating All Networks, Including Server Environment Operators and Users  Segregate Functions Inside the Provider  Allow Vulnerability Analysis and Ethical Hacking  Allow Access to the Environment Log and Systems  Allow the Use of Correlation Tools and Log Retention  Share the Business Continuity Policy and Disaster Recovery Plan  Detail Procedures in Case of DDoS Attacks  Access Control 5. Secured Cloud Design The key player in Cloud Security is Solution Architect and he/she makes sure that security measures on Customer’s Cloud Space is met, while Cloud Service provider takes care of measures in their on-prem.
Cloud Computing Security ARUNVIGNESH VENKATESH 10 AMAZON WEB SERVICES (AWS)’S SECURITY DESIGN AZURE’S SECURITY DESIGN
Cloud Computing Security ARUNVIGNESH VENKATESH 11 6. View Point Though these many incidents have been reported, still it can’t be denied that there is a gradual Raise in cloud computing adoption in the global market. The Best way to avoid unwanted security issues in cloud would be, Customer is required to perform the detailed due-diligence before moving to Cloud World. Solution Architect is the Guide for customer in terms of Security, Compatibility and Performance, in making their Cloud Journey Successful. With this, customers can enjoy the benefits of Cloud Computing with the same security as ‘in-house’.
Cloud Computing Security ARUNVIGNESH VENKATESH 12 CONTACT: Arunvignesh Venkatesh, Enteprise Cloud Consultant, Mindtree India, Global village, RVCE post, Mysore Road, Bangalore - 560 059 E-mail: Arunvignesh.Venkatesh@mindtree.com Linked-In: https://in.linkedin.com/in/arunvignesh-venkatesh-5456602b Social Network: https://www.facebook.com/arun.vignesh.7 Mobile: +91 805 053 5547 | Phone: +91 80 3395 7791 | Fax: +91 80 6706 4100

Recomendados

MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
Kumar Goud
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud
kairostech
 
Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011
Atlantic Security Conference
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)
Brian K. Dickard
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_Piece
Paul Richards
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trends
Christopher Bennett
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb final
Christophe Monnier
 
Cloud computing & IAAS The Dual Edged Sword of New Technology
Cloud computing & IAAS The Dual Edged Sword of New Technology Cloud computing & IAAS The Dual Edged Sword of New Technology
Cloud computing & IAAS The Dual Edged Sword of New Technology
Mekhi Da ‘Quay Daniels
 

Recomendados

MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
Kumar Goud
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud
kairostech
 
Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011Winston morton - intrusion prevention - atlseccon2011
Winston morton - intrusion prevention - atlseccon2011
Atlantic Security Conference
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)
Brian K. Dickard
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_Piece
Paul Richards
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trends
Christopher Bennett
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb final
Christophe Monnier
 
Cloud computing & IAAS The Dual Edged Sword of New Technology
Cloud computing & IAAS The Dual Edged Sword of New Technology Cloud computing & IAAS The Dual Edged Sword of New Technology
Cloud computing & IAAS The Dual Edged Sword of New Technology
Mekhi Da ‘Quay Daniels
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
technext1
 
6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins
Intronis MSP Solutions by Barracuda
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton Ravindran
GSTF
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud Security
VAST
 
Darktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalDarktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digital
CMR WORLD TECH
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromise
CMR WORLD TECH
 
Cloud intrusion detection System
Cloud intrusion detection SystemCloud intrusion detection System
Cloud intrusion detection System
sadegh salehi
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Martin Ruubel
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
EMC
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
IJECEIAES
 
Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. Model
Vishal Sharma
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
Best-Practices-Web-Usability
Best-Practices-Web-UsabilityBest-Practices-Web-Usability
Best-Practices-Web-Usability
Larry Wilson
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Ahmed Banafa
 
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Project
 
Big Data Dectives
Big Data DectivesBig Data Dectives
Big Data Dectives
- Mark - Fullbright
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
Svetlana Belyaeva
 
DDoS Protection For Top 4 Industries | MazeBolt Technologies
DDoS Protection For Top 4 Industries | MazeBolt TechnologiesDDoS Protection For Top 4 Industries | MazeBolt Technologies
DDoS Protection For Top 4 Industries | MazeBolt Technologies
MazeBolt Technologies
 
Cloud Security Issues 1.04.10
Cloud Security Issues 1.04.10Cloud Security Issues 1.04.10
Cloud Security Issues 1.04.10
Rugby7277
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
NJVC, LLC
 
Rhel7 vs rhel6
Rhel7 vs rhel6Rhel7 vs rhel6
Rhel7 vs rhel6
Arunvignesh Venkatesh
 
Ignite Presentation
Ignite PresentationIgnite Presentation
Ignite Presentation
Hope Cunningham
 

Más contenido relacionado

La actualidad más candente

Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
technext1
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud Security
VAST
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Martin Ruubel
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
IJECEIAES
 
Best-Practices-Web-Usability
Best-Practices-Web-UsabilityBest-Practices-Web-Usability
Best-Practices-Web-Usability
Larry Wilson
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
Svetlana Belyaeva
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
NJVC, LLC
 

La actualidad más candente (20)

Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton Ravindran
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud Security
 
Darktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalDarktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digital
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromise
 
Cloud intrusion detection System
Cloud intrusion detection SystemCloud intrusion detection System
Cloud intrusion detection System
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime Whitepaper
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
 
Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. Model
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
Best-Practices-Web-Usability
Best-Practices-Web-UsabilityBest-Practices-Web-Usability
Best-Practices-Web-Usability
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by Design
 
Big Data Dectives
Big Data DectivesBig Data Dectives
Big Data Dectives
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
 
DDoS Protection For Top 4 Industries | MazeBolt Technologies
DDoS Protection For Top 4 Industries | MazeBolt TechnologiesDDoS Protection For Top 4 Industries | MazeBolt Technologies
DDoS Protection For Top 4 Industries | MazeBolt Technologies
 
Cloud Security Issues 1.04.10
Cloud Security Issues 1.04.10Cloud Security Issues 1.04.10
Cloud Security Issues 1.04.10
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
 

Destacado

Summary_presentation_TL
Summary_presentation_TLSummary_presentation_TL
Summary_presentation_TL
Tianyuan Liu
 

Destacado (19)

Rhel7 vs rhel6
Rhel7 vs rhel6Rhel7 vs rhel6
Rhel7 vs rhel6
 
Ignite Presentation
Ignite PresentationIgnite Presentation
Ignite Presentation
 
Comportamiento metabólico en adolescentes
Comportamiento metabólico en adolescentesComportamiento metabólico en adolescentes
Comportamiento metabólico en adolescentes
 
Summary_presentation_TL
Summary_presentation_TLSummary_presentation_TL
Summary_presentation_TL
 
Analisis skripsi
Analisis skripsiAnalisis skripsi
Analisis skripsi
 
Basic of textile
Basic of textileBasic of textile
Basic of textile
 
Religious systems of belief that deal with questions
Religious systems of belief that deal with questionsReligious systems of belief that deal with questions
Religious systems of belief that deal with questions
 
Five year plans
Five year plansFive year plans
Five year plans
 
Copy of bills resume
Copy of bills resumeCopy of bills resume
Copy of bills resume
 
Cv jk-2016 - 08115458466
Cv jk-2016 - 08115458466Cv jk-2016 - 08115458466
Cv jk-2016 - 08115458466
 
Nawabi
NawabiNawabi
Nawabi
 
aplikom_UNSRI_2.Skripsi dan Bulkona_Restie Amelia
aplikom_UNSRI_2.Skripsi dan Bulkona_Restie Ameliaaplikom_UNSRI_2.Skripsi dan Bulkona_Restie Amelia
aplikom_UNSRI_2.Skripsi dan Bulkona_Restie Amelia
 
Staff Appreciation Day ~ AUGUST 6, 2015
Staff Appreciation Day ~ AUGUST 6, 2015Staff Appreciation Day ~ AUGUST 6, 2015
Staff Appreciation Day ~ AUGUST 6, 2015
 
Collage
CollageCollage
Collage
 
Dobner- Event Recap
Dobner- Event RecapDobner- Event Recap
Dobner- Event Recap
 
Factors of production
Factors of productionFactors of production
Factors of production
 
Slide master gerund
Slide master gerund Slide master gerund
Slide master gerund
 
Td 2 ho dao 2 d C2Cstudy.com
Td 2 ho dao 2 d C2Cstudy.comTd 2 ho dao 2 d C2Cstudy.com
Td 2 ho dao 2 d C2Cstudy.com
 
How to Retrieve/SHOW Some Hidden Files by Viruses On storage devices like US...
How to Retrieve/SHOW Some Hidden Files by Viruses On storage devices like US...How to Retrieve/SHOW Some Hidden Files by Viruses On storage devices like US...
How to Retrieve/SHOW Some Hidden Files by Viruses On storage devices like US...
 

Similar a Cloud Computing Security

Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environment
Iaetsd Iaetsd
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and services
Jas Preet
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
ijcnes
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
cscpconf
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
csandit
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunal
Kashyap Kunal
 
Security for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi CloudsSecurity for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi Clouds
Editor IJCATR
 

Similar a Cloud Computing Security (20)

Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfCloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
 
Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environment
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and services
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
WP_ Five Reasons Why_Jan_2023.pdf
WP_ Five Reasons Why_Jan_2023.pdfWP_ Five Reasons Why_Jan_2023.pdf
WP_ Five Reasons Why_Jan_2023.pdf
 
A017130104
A017130104A017130104
A017130104
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud Computing
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
 
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
 
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdfUNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar report
 
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsProposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunal
 
Project 3
Project 3Project 3
Project 3
 
Security for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi CloudsSecurity for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi Clouds
 

Cloud Computing Security

  • 1. Cloud Computing Security ARUNVIGNESH VENKATESH 1 Cloud Computing Security
  • 2. Cloud Computing Security ARUNVIGNESH VENKATESH 2 Content  Cloud Computing Growth  Recent Attacks on Cloud Computing  Cloud Security Threats  Cloud Security: Things to be taken care  Solution Architecture: Secured Cloud Design  View point
  • 3. Cloud Computing Security ARUNVIGNESH VENKATESH 3 1. Cloud Computing Growth in recent years I wouldn’t be surprised, if I don’t hear the word ‘cloud’ from ANY IT Techie, today. That’s the growth of cloud computing in the market. Here’s another classic example - The interest of Google Search for ‘cloud computing’ has drastically increased from 20% (in 2009) to around 95% (in 2015). Not only the techies, but Global Industries are also slowly turning their steering to Cloud World because of its fascinating factors - ‘No CapEx, Pay-as-You-Go pricing model, no infrastructure management, ‘as a service’ options, etc.,
  • 4. Cloud Computing Security ARUNVIGNESH VENKATESH 4 By looking at the Enterprise’s Interest in Cloud, Leading technology vendor’s such as Oracle, Redhat, Windows, Symantec have landed their products in Cloud Model on subscription basis over the traditional license model. 2. Recent Attacks on Cloud Computing As they say – “When Good goes in its way, the bad follows”, when all the eyes are blind folded with Cloud computing’s facts, they fail to build their cloud stronger. As the cloud emerges in recent years, the attacks on the cloud environments also increases.
  • 5. Cloud Computing Security ARUNVIGNESH VENKATESH 5 The Home Depot (HD), JPMorgan Chase (JPM) and even the White House were breached 2015. Reconnaissance increased significantly in 2014. Some of the most common scans we detected included ZmEu, Morfeus, VNCScan, and Nessus scans, as well as multiple generic scans. Over the recent years, the numbers around healthcare data breaches can be quit sobering.  Total Breaches: 495  Total Records: 21.12 million  Total Cost: $4.1 billion  Average Size: 42,659 records  Average Cost: $8.27 million  Average Time to Identify: 84.78 days  Average Time to Notify: 68.31 days According to a recent Cloud Security Alliance Report, insider attacks are the sixth biggest threat in cloud computing. 3. Major Threats of Cloud Computing The Cloud Security Alliance (CSA) leads a number of ongoing research initiatives through which it provides white papers, tools and reports to help companies and vendors secure cloud computing services. CSA has created “The Treacherous 12” - Cloud Computing’s Top 12 Threats in 2016. 1) DATA BREACHES Cloud providers become an attractive target to this attack, due to “vast amount of data”. When a data breach occurs, companies may incur fines, or they may face lawsuits or criminal charges. Cloud providers typically deploy security controls to protect their environments, but ultimately, organizations are responsible for protecting their own data in the cloud. Remedy: The CSA has recommended organizations use multifactor authentication and encryption to protect against data breaches.
  • 6. Cloud Computing Security ARUNVIGNESH VENKATESH 6 2) COMPROMISED CREDENTIALS AND BROKEN AUTHENTICATION: Organizations often struggle with identity management as they try to allocate permissions appropriate to the user’s job role. Data breaches frequently result from lack of scalable identity access management systems, failure to use multifactor authentication, weak password use, and a lack of ongoing automated rotation of cryptographic keys, passwords and certificates. Remedy: Identity systems are becoming increasingly interconnected, and federating identity with a cloud provider (e.g. SAML assertions) is becoming more prevalent to ease the burden of user maintenance. Multifactor authentication systems such as smart card, OTP, and phone authentication are required for cloud computing end users. It is recommended to use Cryptographic keys, including TLS certificates, keys used to protect cloud services. 3) HACKED INTERFACES AND APIS Practically every cloud service and application now offers APIs. The security of the cloud depends upon the security of these interfaces. Some problems are:  Weak credential  Insufficient authorization checks  Insufficient input-data validation Also, cloud APIs are still immature which means that are frequently updated. A fixed bug can introduce another security hole in the application. Remedy: The CSA also recommends adequate controls as the “first line of defense and detection.” security-focused code reviews and rigorous penetration testing are the key security walls for these attacks. 4) EXPLOITED SYSTEM VULNERABILITIES ‘Bugs’ in any server became exploitable remotely when networks were created. but they've become a bigger problem with the advent of multitenancy in cloud computing. Organizations share memory, databases, and other resources in close proximity to one another, creating new attack surfaces. Remedy: Best practices include regular vulnerability scanning, prompt patch management, and quick follow-up on reported system threats, says CSA. 5) ACCOUNT HIJACKING Cloud solutions add a new threat called ‘Account Hijacking’ to the landscape. If an attacker gains access to customer’s credentials, they can eavesdrop on customer’s activities and transactions, manipulate data, return falsified information and redirect end user to illegitimate sites. Remedy: Organizations should look to prohibit the sharing of account credentials among users and services and leverage strong two-factor authentication techniques where possible. All accounts and account activities should be monitored and traceable to a human owner, even service accounts. 6) MALICIOUS INSIDERS A malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system,
  • 7. Cloud Computing Security ARUNVIGNESH VENKATESH 7 or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems. In a cloud scenario, a hell-bent insider can destroy whole infrastructures or manipulate data. Systems that depend solely on the cloud service provider for security, such as encryption, are at greatest risk. Remedy: The CSA recommends that organizations control the encryption process and keys, segregating duties and minimizing access given to users. Effective logging, monitoring, and auditing administrator activities are also critical. Proper training and management to prevent such mistakes becomes more critical in the cloud, due to greater potential exposure. 7) THE APT PARASITE APTs (Advanced Persistent Threats) infiltrate systems to establish a foothold, then stealthily infiltrate data and intellectual property over an extended period of time. Remedy: Awareness programs that are regularly reinforced are one of the best defenses against these types of attacks, because many of these vulnerabilities require user intervention or action. Staff should be ingrained with thinking twice before opening an attachment or clicking a link. 8) PERMANENT DATA LOSS As the cloud has matured, reports of permanent data loss due to provider error have become extremely rare. But malicious hackers have been known to permanently delete cloud data to harm businesses, and cloud data centers are as vulnerable to natural disasters as any facility. Remedy: providers should offer solutions for geographic redundancy, data backup within the cloud, and premise-to-cloud backups. Cloud providers also recommend their customers distributing data and applications across multiple zones for added protection. If a customer encrypts data before uploading it to the cloud, then that customer must be careful to protect the encryption key. Once the key is lost, so is the data. 9) INADEQUATE DUE-DILIGENCE Due diligence applies whether the organization is trying to migrate to the cloud or merging (or working) with another company in the cloud. An organization that rushes to adopt cloud technologies and choose CSPs without performing due diligence exposes itself to a myriad of commercial, financial, technical, legal and compliance risks that jeopardize its success. Remedy: The CSA reminds organizations they must perform extensive due diligence to understand the risks they assume when they subscribe to each cloud service. 10) CLOUD SERVICE ABUSES Abuses that includes Poorly secured cloud service deployments, free cloud service trials and fraudulent account sign-ups via payment instrument fraud expose cloud computing models such as IaaS, PaaS, and SaaS to malicious attacks. Remedy: Providers need to recognize types of abuse -- such as scrutinizing traffic to recognize DDoS attacks -- and offer tools for customers to monitor the health of their cloud environments.
  • 8. Cloud Computing Security ARUNVIGNESH VENKATESH 8 Customers should make sure providers offer a mechanism for reporting abuse. Although customers may not be direct prey for malicious actions, cloud service abuse can still result in service availability issues and data loss. 11) DOS ATTACKS Denial-of-service (DoS) attacks are attacks meant to prevent users of a service from being able to access their data or their applications. Systems may slow to a crawl or simply time out. Remedy: Cloud providers tend to be better poised to handle DoS attacks than their customers, the CSA said. System administrators must be able to immediately access resources that can be used as mitigation. 12) SHARED TECHNOLOGY, SHARED DANGERS Cloud service providers deliver their services scalable by sharing infrastructure, platforms or applications. Cloud technology divides the “as a Service” offering without substantially changing the off the-shelf hardware/software—sometimes at the expense of security. The key is that a single vulnerability or misconfiguration can lead to a compromise across an entire provider’s cloud. If an integral component gets compromised -- say, a hypervisor, a shared platform component, or an application -- it exposes the entire environment to potential compromise and breach. Remedy: It is recommended to enable Multi-factor authentication on all hosts, Host based Intrusion Detection System (HIDS) and Network-based Intrusion Detection Systems (NIDS) on internal networks, applying concepts of networking least privilege and segmentation, and keeping shared resources patched. 4. Securing Cloud: Cloud always comes on Shared Responsibility model, between the service provider such as Amazon, Azure, Google and the customers using their services. Provider’s Security: 1. PHYSICAL SECURITY Cloud service providers physically secure the IT hardware (servers, routers, cables etc.) against unauthorized access, interference, theft, fires, floods etc. and ensure that essential supplies (such as
  • 9. Cloud Computing Security ARUNVIGNESH VENKATESH 9 electricity) are sufficiently robust to minimize the possibility of disruption. This is normally achieved by serving cloud applications from 'world-class' (i.e. professionally specified, designed, constructed, managed, monitored and maintained) data centers. 2. PERSONNEL SECURITY Various information security concerns relating to the IT and other professionals associated with cloud services are typically handled through pre-, para- and post-employment activities such as security screening potential recruits, security awareness and training programs, proactive 3. PRIVACY Providers ensure that all critical data (credit card numbers, for example) are masked or encrypted and that only authorized users have access to data in its entirety. Moreover, digital identities and credentials must be protected as should any data that the provider collects or produces about customer activity in the cloud. Customer’s Responsibility: End using Customers share the equal responsibility with Providers, on securing their cloud infrastructure. Below are the key areas where customer need to focus on their cloud security.  Provide the Security Architecture Drawing  Have Specialized Protections for the Perimeter  Hold the Firewall Segregating All Networks, Including Server Environment Operators and Users  Segregate Functions Inside the Provider  Allow Vulnerability Analysis and Ethical Hacking  Allow Access to the Environment Log and Systems  Allow the Use of Correlation Tools and Log Retention  Share the Business Continuity Policy and Disaster Recovery Plan  Detail Procedures in Case of DDoS Attacks  Access Control 5. Secured Cloud Design The key player in Cloud Security is Solution Architect and he/she makes sure that security measures on Customer’s Cloud Space is met, while Cloud Service provider takes care of measures in their on-prem.
  • 10. Cloud Computing Security ARUNVIGNESH VENKATESH 10 AMAZON WEB SERVICES (AWS)’S SECURITY DESIGN AZURE’S SECURITY DESIGN
  • 11. Cloud Computing Security ARUNVIGNESH VENKATESH 11 6. View Point Though these many incidents have been reported, still it can’t be denied that there is a gradual Raise in cloud computing adoption in the global market. The Best way to avoid unwanted security issues in cloud would be, Customer is required to perform the detailed due-diligence before moving to Cloud World. Solution Architect is the Guide for customer in terms of Security, Compatibility and Performance, in making their Cloud Journey Successful. With this, customers can enjoy the benefits of Cloud Computing with the same security as ‘in-house’.
  • 12. Cloud Computing Security ARUNVIGNESH VENKATESH 12 CONTACT: Arunvignesh Venkatesh, Enteprise Cloud Consultant, Mindtree India, Global village, RVCE post, Mysore Road, Bangalore - 560 059 E-mail: Arunvignesh.Venkatesh@mindtree.com Linked-In: https://in.linkedin.com/in/arunvignesh-venkatesh-5456602b Social Network: https://www.facebook.com/arun.vignesh.7 Mobile: +91 805 053 5547 | Phone: +91 80 3395 7791 | Fax: +91 80 6706 4100