SlideShare a Scribd company logo

Cloud Computing Security Frameworks - our view from exoscale

Download as PPTX, PDF
Antoine COETSIER
Antoine COETSIER

With this short 15 min presentation done at the EPFL engineering school in Lausanne, May 2014, we brushed the concepts and recommandations when choosing and benchmarking cloud providers towards security. The Cloud Security Alliance framework is at the moment the best matrix to establish such evaluation as it embraces the full service offered by provider and not only one aspect like Datacenter or Helpdesk. Antoine Coetsier - CEO at Exoscale

Internet
1 of 19
Cloud Security Frameworks GITI May 8, 2014
about: me 2 CEO: Antoine Coetsier Infrastructure and datacenters expert Team and datacenter Manager for more than 10 years Experience Managing Director of exoscale since inception (2011) Responsible for strategy and cloud offering at VeePee (2008-2012) Systems Architect and Project Manager of large IT operations at Bouygues Telecom Education IT Engineer degree at École centrale d’Electronique (1999-2002) CCSK: Certificate of Cloud Security Knowledge (2012)
... an IaaS provider and beyond Cloud hosting based on latest technology  Flexible server and storage infrastructure  Trimmed for performance, intuitive usability and tooling Market place for value added applications  One-stop-shop to reduce infrastructure complexity for developers and sysadmins exoscale in a nutshell... The safe home for your cloud applications ... with a solid background Spin-off from Veltigroup  Started 2011 within Veltigroup Swiss company  Proximity to EMEA clients  Swiss data privacy standards IaaS: Infrastructure-as-a-Service EMEA: Europe, Middle East and Africa 3
exoscale offering overview Solid cloud hosting and add-on services 4 Open Cloud Open Cloud Compute Open Cloud Storage Managed Cloud Swiss Support Virtual data center Zones & Networking Market place / add-on services Vendor backed Transition product for business IT migrating to cloud – Hybrid Cloud Pure-play cloud offering (web-based purchase) Worldwide market pricing
Open Cloud compute: a unique portal One comprehensive portal for instance management, support, documentation and billing information
Migrating to a cloud service 6 1st concern is always security Existing guidelines are not fit for purpose –ISO 27001 –... What is the data at stake ? Dealing with issues
Cloud computing segmentation Traditionnal IT DC facilities Networking Storage Servers O/S Middleware Runtime Data Applications Youmanage IaaS O/S Middleware Runtime Data Applications Youmanage SaaS DC facilities Networking Storage Servers O/S Middleware Runtime Data Applications DeliveredasaService PaaS Data Applications Youmanage DC facilities Networking Storage Servers DeliveredasaService DC facilities Networking Storage Servers O/S Middleware Runtime DeliveredasaService
Roles and responsibilities Roles and responsibilities vary upon the cloud model chosen : –“The lower down the stack the cloud service provider stops, the more security capabilities and management consumers are responsible for implementing and managing themselves.” Security responsability ProviderCustomer
Existing frameworks 9 They focus on on aspect: –Datacenter –Acces control process –... Not on the service SCOPE PROBLEM
Framework for cloud services Best practices for providing security within the Cloud, Provide education for the use of Cloud solutions Define guidance and actionable documents Non profit organization formed to promote Established in 2008, gained significant traction in 2011 Not (too) commercial or one sided governed Alliance
Cloud Security Alliance +130 points dealing with a large scale of competences : – Data Governance – Facility – HR – Information Security – Legal – Risk Management – Security Architecture Define best practices in a Cloud Control Matrix (CCM) Commercial note: exoscale has documented all points of the CCM
Example 12 Human Resources Background Screening HRS-02 Pursuant to local laws, regulations, ethics, and contractual constraints, all employment candidates, contractors, and third parties shall be subject to background verification proportional to the data classification to be accessed, the business requirements, and acceptable risk. CAIQ: consensus assessments initiative questionnaire Data GovernanceClassificationDG-02 DG-02.1 Do you provide a capability to identify virtual machines via policy tags/metadata (ex. Tags can be used to limit g
Cloud Security Alliance mapping v 3 Released Controls baselined and mapped to: – COBIT – HIPAA / HITECH Act – ISO/IEC 27001-2005 – NISTSP800-53 – FedRAMP – PCI DSSv2.0 – BITS Shared Assessments – GAPP ... OCF Level 1 : The Cloud Control Matrix
Risk Management regarding data 14 What is the data at stake ? Personal/employees data Sensible data Regulated data Is this data meaning full or valuable to someone else ?
Data classification Any data we handle, has been classified in our systems and been given policies regarding the following actions: –Create –Store –Use –Share –Archive –Destroy Each class has its own rules and level of protection: Standard classes: –Low: civility,... –Medium: logs,... –High: authentication secret Special classes: –Credit card information: not stored –Forbidden information: racial, political,...
Reversibility 16 Using a cloud service, should not enable the transfer of ownership of the data As a general rule: –IaaS and PaaS services must stipulate that the data remains your property –SaaS services: look closely, especially for main stream services Can I reclaim/transmit data at any time? What happens in case of contract breach, bad SLAs, change of control of the provider, discontinuation of the service,... The answer has to be both technical and legal Ownership Reclaim
The key is contractual 17 Read the contract or terms and conditions Track changes –Initiatives like http://tosdr.org/ “Terms of Services: didn’t read” emerged
Wrap up 18 Classify your data Request a security alignment Review your contracts –Reversibility Hosting locally (in Switzerland) is easier –But does not prevent all the above
My recommendations Be ready ! 1.Test even if you do not have a business case 2.Make a proof of concept 3.Rent a tenant 4.Security is about CONTROL PROACTIVE REACTIVE

Recommended

1 App,
1 App, 1 App,
1 App,
Antoine COETSIER
 
"The RMS Cloud" - Presented at the RAA's Cat Modeling Conference 2014
"The RMS Cloud" - Presented at the RAA's Cat Modeling Conference 2014 "The RMS Cloud" - Presented at the RAA's Cat Modeling Conference 2014
"The RMS Cloud" - Presented at the RAA's Cat Modeling Conference 2014
RMS
 
Maximize Software Investments with ePlus and Cisco ONE
Maximize Software Investments with ePlus and Cisco ONEMaximize Software Investments with ePlus and Cisco ONE
Maximize Software Investments with ePlus and Cisco ONE
ePlus
 
Security Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference ArchitectureSecurity Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference Architecture
Stefaan Van daele
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Standards Customer Council
 
Open Digital Framework from TMFORUM
Open Digital Framework from TMFORUMOpen Digital Framework from TMFORUM
Open Digital Framework from TMFORUM
Maganathin Veeraragaloo
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
Kannan Subbiah
 
Cloud Security ("securing the cloud")
Cloud Security ("securing the cloud")Cloud Security ("securing the cloud")
Cloud Security ("securing the cloud")
Vic Winkler
 

Recommended

1 App,
1 App, 1 App,
1 App,
Antoine COETSIER
 
"The RMS Cloud" - Presented at the RAA's Cat Modeling Conference 2014
"The RMS Cloud" - Presented at the RAA's Cat Modeling Conference 2014 "The RMS Cloud" - Presented at the RAA's Cat Modeling Conference 2014
"The RMS Cloud" - Presented at the RAA's Cat Modeling Conference 2014
RMS
 
Maximize Software Investments with ePlus and Cisco ONE
Maximize Software Investments with ePlus and Cisco ONEMaximize Software Investments with ePlus and Cisco ONE
Maximize Software Investments with ePlus and Cisco ONE
ePlus
 
Security Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference ArchitectureSecurity Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference Architecture
Stefaan Van daele
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Standards Customer Council
 
Open Digital Framework from TMFORUM
Open Digital Framework from TMFORUMOpen Digital Framework from TMFORUM
Open Digital Framework from TMFORUM
Maganathin Veeraragaloo
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
Kannan Subbiah
 
Cloud Security ("securing the cloud")
Cloud Security ("securing the cloud")Cloud Security ("securing the cloud")
Cloud Security ("securing the cloud")
Vic Winkler
 
NetScaler: One Device, Every Need Guiding Enterprise IT to New Heights
NetScaler: One Device, Every Need Guiding Enterprise IT to New HeightsNetScaler: One Device, Every Need Guiding Enterprise IT to New Heights
NetScaler: One Device, Every Need Guiding Enterprise IT to New Heights
ePlus
 
ePlus Virtualized Network
ePlus Virtualized NetworkePlus Virtualized Network
ePlus Virtualized Network
ePlus
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
Raj Sarode
 
Glue con2011 future_of_net_systems
Glue con2011 future_of_net_systemsGlue con2011 future_of_net_systems
Glue con2011 future_of_net_systems
James Urquhart
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
guest536dd0e
 
Powering IT Transformation For Any Business
Powering IT Transformation For Any BusinessPowering IT Transformation For Any Business
Powering IT Transformation For Any Business
ePlus
 
Cloud security training, certified cloud security professional
Cloud security training, certified cloud security professionalCloud security training, certified cloud security professional
Cloud security training, certified cloud security professional
Bryan Len
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overview
Peter HJ van Eijk
 
Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)
InTechnology Managed Services (part of Redcentric)
 
Addressing the Cyber-Security Landscape
Addressing the Cyber-Security LandscapeAddressing the Cyber-Security Landscape
Addressing the Cyber-Security Landscape
ePlus
 
Get Informed About Cloud Computing for Enterprise IT by Opus Interactive
Get Informed About Cloud Computing for Enterprise IT by Opus InteractiveGet Informed About Cloud Computing for Enterprise IT by Opus Interactive
Get Informed About Cloud Computing for Enterprise IT by Opus Interactive
jerianasmith
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Symosis Security (Previously C-Level Security)
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud
IBM Security
 
Xaas infotech (2)
Xaas infotech (2)Xaas infotech (2)
Xaas infotech (2)
Prabod Abhinov Gunupudi
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
Techcello
 
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK CertificationGetting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
ITpreneurs
 
The Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCThe Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYC
Patrick Sklodowski
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
Yateesh Yadav
 
ePlus Intelligent Branch
ePlus Intelligent BranchePlus Intelligent Branch
ePlus Intelligent Branch
ePlus
 
exoscale at the CloudStack User Group London - June 26th 2014
exoscale at the CloudStack User Group London - June 26th 2014exoscale at the CloudStack User Group London - June 26th 2014
exoscale at the CloudStack User Group London - June 26th 2014
Antoine COETSIER
 
CoreOS and cloud provider integration: simple cloud-init example at Exoscale
CoreOS and cloud provider integration: simple cloud-init example at ExoscaleCoreOS and cloud provider integration: simple cloud-init example at Exoscale
CoreOS and cloud provider integration: simple cloud-init example at Exoscale
Antoine COETSIER
 

More Related Content

What's hot

Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
guest536dd0e
 
Cloud security training, certified cloud security professional
Cloud security training, certified cloud security professionalCloud security training, certified cloud security professional
Cloud security training, certified cloud security professional
Bryan Len
 
Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)
InTechnology Managed Services (part of Redcentric)
 

What's hot (20)

NetScaler: One Device, Every Need Guiding Enterprise IT to New Heights
NetScaler: One Device, Every Need Guiding Enterprise IT to New HeightsNetScaler: One Device, Every Need Guiding Enterprise IT to New Heights
NetScaler: One Device, Every Need Guiding Enterprise IT to New Heights
 
ePlus Virtualized Network
ePlus Virtualized NetworkePlus Virtualized Network
ePlus Virtualized Network
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Glue con2011 future_of_net_systems
Glue con2011 future_of_net_systemsGlue con2011 future_of_net_systems
Glue con2011 future_of_net_systems
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Powering IT Transformation For Any Business
Powering IT Transformation For Any BusinessPowering IT Transformation For Any Business
Powering IT Transformation For Any Business
 
Cloud security training, certified cloud security professional
Cloud security training, certified cloud security professionalCloud security training, certified cloud security professional
Cloud security training, certified cloud security professional
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overview
 
Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)
 
Addressing the Cyber-Security Landscape
Addressing the Cyber-Security LandscapeAddressing the Cyber-Security Landscape
Addressing the Cyber-Security Landscape
 
Get Informed About Cloud Computing for Enterprise IT by Opus Interactive
Get Informed About Cloud Computing for Enterprise IT by Opus InteractiveGet Informed About Cloud Computing for Enterprise IT by Opus Interactive
Get Informed About Cloud Computing for Enterprise IT by Opus Interactive
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud
 
Xaas infotech (2)
Xaas infotech (2)Xaas infotech (2)
Xaas infotech (2)
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK CertificationGetting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
 
The Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCThe Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYC
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
 
ePlus Intelligent Branch
ePlus Intelligent BranchePlus Intelligent Branch
ePlus Intelligent Branch
 

Viewers also liked

exoscale at the CloudStack User Group London - June 26th 2014
exoscale at the CloudStack User Group London - June 26th 2014exoscale at the CloudStack User Group London - June 26th 2014
exoscale at the CloudStack User Group London - June 26th 2014
Antoine COETSIER
 
盧廣《中國的污染》
盧廣《中國的污染》盧廣《中國的污染》
盧廣《中國的污染》
saymynames
 
Sensors and Data Management for Autonomous Vehicles report 2015 by Yole Devel...
Sensors and Data Management for Autonomous Vehicles report 2015 by Yole Devel...Sensors and Data Management for Autonomous Vehicles report 2015 by Yole Devel...
Sensors and Data Management for Autonomous Vehicles report 2015 by Yole Devel...
Yole Developpement
 
The Race to 2021: The State of Autonomous Vehicles and a "Who's Who" of Indus...
The Race to 2021: The State of Autonomous Vehicles and a "Who's Who" of Indus...The Race to 2021: The State of Autonomous Vehicles and a "Who's Who" of Indus...
The Race to 2021: The State of Autonomous Vehicles and a "Who's Who" of Indus...
Altimeter, a Prophet Company
 

Viewers also liked (20)

exoscale at the CloudStack User Group London - June 26th 2014
exoscale at the CloudStack User Group London - June 26th 2014exoscale at the CloudStack User Group London - June 26th 2014
exoscale at the CloudStack User Group London - June 26th 2014
 
CoreOS and cloud provider integration: simple cloud-init example at Exoscale
CoreOS and cloud provider integration: simple cloud-init example at ExoscaleCoreOS and cloud provider integration: simple cloud-init example at Exoscale
CoreOS and cloud provider integration: simple cloud-init example at Exoscale
 
Can you trust the cloud provider?
Can you trust the cloud provider?Can you trust the cloud provider?
Can you trust the cloud provider?
 
Personalized search
Personalized searchPersonalized search
Personalized search
 
해외 사례로 보는 Billing for OpenStack Solution
해외 사례로 보는 Billing for OpenStack Solution해외 사례로 보는 Billing for OpenStack Solution
해외 사례로 보는 Billing for OpenStack Solution
 
Personalized Web Search
Personalized Web SearchPersonalized Web Search
Personalized Web Search
 
Facebook to provide free internet for all
Facebook to provide free internet for allFacebook to provide free internet for all
Facebook to provide free internet for all
 
Intoduction to Neural Network
Intoduction to Neural NetworkIntoduction to Neural Network
Intoduction to Neural Network
 
Neural
NeuralNeural
Neural
 
Exoscale: a swiss cloud provider built with Apache Cloudstack
Exoscale: a swiss cloud provider built with Apache CloudstackExoscale: a swiss cloud provider built with Apache Cloudstack
Exoscale: a swiss cloud provider built with Apache Cloudstack
 
盧廣《中國的污染》
盧廣《中國的污染》盧廣《中國的污染》
盧廣《中國的污染》
 
Amazon Echo
Amazon EchoAmazon Echo
Amazon Echo
 
Quantum computing - Introduction
Quantum computing - IntroductionQuantum computing - Introduction
Quantum computing - Introduction
 
Autonomous Vehicles: Technologies, Economics, and Opportunities
Autonomous Vehicles: Technologies, Economics, and OpportunitiesAutonomous Vehicles: Technologies, Economics, and Opportunities
Autonomous Vehicles: Technologies, Economics, and Opportunities
 
Smart note-taker
Smart note-takerSmart note-taker
Smart note-taker
 
Sensors and Data Management for Autonomous Vehicles report 2015 by Yole Devel...
Sensors and Data Management for Autonomous Vehicles report 2015 by Yole Devel...Sensors and Data Management for Autonomous Vehicles report 2015 by Yole Devel...
Sensors and Data Management for Autonomous Vehicles report 2015 by Yole Devel...
 
Speech recognition
Speech recognitionSpeech recognition
Speech recognition
 
Quantum computing - A Compilation of Concepts
Quantum computing - A Compilation of ConceptsQuantum computing - A Compilation of Concepts
Quantum computing - A Compilation of Concepts
 
Neural network & its applications
Neural network & its applications Neural network & its applications
Neural network & its applications
 
The Race to 2021: The State of Autonomous Vehicles and a "Who's Who" of Indus...
The Race to 2021: The State of Autonomous Vehicles and a "Who's Who" of Indus...The Race to 2021: The State of Autonomous Vehicles and a "Who's Who" of Indus...
The Race to 2021: The State of Autonomous Vehicles and a "Who's Who" of Indus...
 

Similar to Cloud Computing Security Frameworks - our view from exoscale

Imperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. DImperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
scoopnewsgroup
 
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
Glenn Ambler
 
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Miriade Spa
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
fanc1985
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
patmisasi
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
promediakw
 
Emerging Technology in the Cloud! Real Life Examples. Pol Mac Aonghusa
Emerging Technology in the Cloud! Real Life Examples. Pol Mac AonghusaEmerging Technology in the Cloud! Real Life Examples. Pol Mac Aonghusa
Emerging Technology in the Cloud! Real Life Examples. Pol Mac Aonghusa
catherinewall
 

Similar to Cloud Computing Security Frameworks - our view from exoscale (20)

5787355.ppt
5787355.ppt5787355.ppt
5787355.ppt
 
Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2
 
SAP HANA Cloud Security
SAP HANA Cloud SecuritySAP HANA Cloud Security
SAP HANA Cloud Security
 
Presentation cisco cloud security
Presentation cisco cloud securityPresentation cisco cloud security
Presentation cisco cloud security
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. DImperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
 
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
Securing The Journey To The Cloud
Securing The Journey To The Cloud Securing The Journey To The Cloud
Securing The Journey To The Cloud
 
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...
 
Deliver Business Value Through Cloud Computing
Deliver Business Value Through Cloud ComputingDeliver Business Value Through Cloud Computing
Deliver Business Value Through Cloud Computing
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
 
The Canopy Cloud Vision
The Canopy Cloud VisionThe Canopy Cloud Vision
The Canopy Cloud Vision
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
 
Emerging Technology in the Cloud! Real Life Examples. Pol Mac Aonghusa
Emerging Technology in the Cloud! Real Life Examples. Pol Mac AonghusaEmerging Technology in the Cloud! Real Life Examples. Pol Mac Aonghusa
Emerging Technology in the Cloud! Real Life Examples. Pol Mac Aonghusa
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
 

Recently uploaded

一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
F
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Monica Sydney
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Priya Reddy
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
Monica Sydney
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
F
 

Recently uploaded (20)

一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 

Cloud Computing Security Frameworks - our view from exoscale

  • 2. about: me 2 CEO: Antoine Coetsier Infrastructure and datacenters expert Team and datacenter Manager for more than 10 years Experience Managing Director of exoscale since inception (2011) Responsible for strategy and cloud offering at VeePee (2008-2012) Systems Architect and Project Manager of large IT operations at Bouygues Telecom Education IT Engineer degree at École centrale d’Electronique (1999-2002) CCSK: Certificate of Cloud Security Knowledge (2012)
  • 3. ... an IaaS provider and beyond Cloud hosting based on latest technology  Flexible server and storage infrastructure  Trimmed for performance, intuitive usability and tooling Market place for value added applications  One-stop-shop to reduce infrastructure complexity for developers and sysadmins exoscale in a nutshell... The safe home for your cloud applications ... with a solid background Spin-off from Veltigroup  Started 2011 within Veltigroup Swiss company  Proximity to EMEA clients  Swiss data privacy standards IaaS: Infrastructure-as-a-Service EMEA: Europe, Middle East and Africa 3
  • 4. exoscale offering overview Solid cloud hosting and add-on services 4 Open Cloud Open Cloud Compute Open Cloud Storage Managed Cloud Swiss Support Virtual data center Zones & Networking Market place / add-on services Vendor backed Transition product for business IT migrating to cloud – Hybrid Cloud Pure-play cloud offering (web-based purchase) Worldwide market pricing
  • 5. Open Cloud compute: a unique portal One comprehensive portal for instance management, support, documentation and billing information
  • 6. Migrating to a cloud service 6 1st concern is always security Existing guidelines are not fit for purpose –ISO 27001 –... What is the data at stake ? Dealing with issues
  • 7. Cloud computing segmentation Traditionnal IT DC facilities Networking Storage Servers O/S Middleware Runtime Data Applications Youmanage IaaS O/S Middleware Runtime Data Applications Youmanage SaaS DC facilities Networking Storage Servers O/S Middleware Runtime Data Applications DeliveredasaService PaaS Data Applications Youmanage DC facilities Networking Storage Servers DeliveredasaService DC facilities Networking Storage Servers O/S Middleware Runtime DeliveredasaService
  • 8. Roles and responsibilities Roles and responsibilities vary upon the cloud model chosen : –“The lower down the stack the cloud service provider stops, the more security capabilities and management consumers are responsible for implementing and managing themselves.” Security responsability ProviderCustomer
  • 9. Existing frameworks 9 They focus on on aspect: –Datacenter –Acces control process –... Not on the service SCOPE PROBLEM
  • 10. Framework for cloud services Best practices for providing security within the Cloud, Provide education for the use of Cloud solutions Define guidance and actionable documents Non profit organization formed to promote Established in 2008, gained significant traction in 2011 Not (too) commercial or one sided governed Alliance
  • 11. Cloud Security Alliance +130 points dealing with a large scale of competences : – Data Governance – Facility – HR – Information Security – Legal – Risk Management – Security Architecture Define best practices in a Cloud Control Matrix (CCM) Commercial note: exoscale has documented all points of the CCM
  • 12. Example 12 Human Resources Background Screening HRS-02 Pursuant to local laws, regulations, ethics, and contractual constraints, all employment candidates, contractors, and third parties shall be subject to background verification proportional to the data classification to be accessed, the business requirements, and acceptable risk. CAIQ: consensus assessments initiative questionnaire Data GovernanceClassificationDG-02 DG-02.1 Do you provide a capability to identify virtual machines via policy tags/metadata (ex. Tags can be used to limit g
  • 13. Cloud Security Alliance mapping v 3 Released Controls baselined and mapped to: – COBIT – HIPAA / HITECH Act – ISO/IEC 27001-2005 – NISTSP800-53 – FedRAMP – PCI DSSv2.0 – BITS Shared Assessments – GAPP ... OCF Level 1 : The Cloud Control Matrix
  • 14. Risk Management regarding data 14 What is the data at stake ? Personal/employees data Sensible data Regulated data Is this data meaning full or valuable to someone else ?
  • 15. Data classification Any data we handle, has been classified in our systems and been given policies regarding the following actions: –Create –Store –Use –Share –Archive –Destroy Each class has its own rules and level of protection: Standard classes: –Low: civility,... –Medium: logs,... –High: authentication secret Special classes: –Credit card information: not stored –Forbidden information: racial, political,...
  • 16. Reversibility 16 Using a cloud service, should not enable the transfer of ownership of the data As a general rule: –IaaS and PaaS services must stipulate that the data remains your property –SaaS services: look closely, especially for main stream services Can I reclaim/transmit data at any time? What happens in case of contract breach, bad SLAs, change of control of the provider, discontinuation of the service,... The answer has to be both technical and legal Ownership Reclaim
  • 17. The key is contractual 17 Read the contract or terms and conditions Track changes –Initiatives like http://tosdr.org/ “Terms of Services: didn’t read” emerged
  • 18. Wrap up 18 Classify your data Request a security alignment Review your contracts –Reversibility Hosting locally (in Switzerland) is easier –But does not prevent all the above
  • 19. My recommendations Be ready ! 1.Test even if you do not have a business case 2.Make a proof of concept 3.Rent a tenant 4.Security is about CONTROL PROACTIVE REACTIVE