Enviar búsqueda
Cargar
Presd1 10
•
2 recomendaciones
•
658 vistas
N
Niels Groeneveld
Seguir
Tecnología
Empresariales
Denunciar
Compartir
Denunciar
Compartir
1 de 20
Descargar ahora
Descargar para leer sin conexión
Recomendados
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak
Cloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
Wise Pacific Venture
Cloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and Techniques
Gokul Alex
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)
Brian K. Dickard
Cloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing Capabilities
SusanneT
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
Joseph Holbrook, Chief Learning Officer (CLO)
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
IBM Security
Recomendados
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak
Cloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
Wise Pacific Venture
Cloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and Techniques
Gokul Alex
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)
Brian K. Dickard
Cloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing Capabilities
SusanneT
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
Joseph Holbrook, Chief Learning Officer (CLO)
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
IBM Security
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
Cloud Security
Cloud Security
Giovanni Mazzeo
Chap 6 cloud security
Chap 6 cloud security
Raj Sarode
Cloud Security
Cloud Security
AWS User Group Bengaluru
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Venkateswar Reddy Melachervu
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)
Brian K. Dickard
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and Frontiers
Gokul Alex
The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing
Moshe Ferber
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
NJVC, LLC
4.5.cloud security
4.5.cloud security
DrRajapraveenkN
Cloud computing-security-issues
Cloud computing-security-issues
Aleem Mohammed
Cloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
Cloud Security Demystified
Cloud Security Demystified
Michael Torres
Security Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
Cloud Security And Privacy
Cloud Security And Privacy
tmather
Cloud Security Governance
Cloud Security Governance
Shankar Subramaniyan
Cloud security
Cloud security
Mohamed Shalash
Cloud computing understanding security risk and management
Cloud computing understanding security risk and management
Shamsundar Machale (CISSP, CEH)
Cloud security privacy- org
Cloud security privacy- org
Dharmalingam S
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Norm Barber
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
UnifyCloud
security and compliance in the cloud
security and compliance in the cloud
Ajay Rathi
Más contenido relacionado
La actualidad más candente
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
Cloud Security
Cloud Security
Giovanni Mazzeo
Chap 6 cloud security
Chap 6 cloud security
Raj Sarode
Cloud Security
Cloud Security
AWS User Group Bengaluru
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Venkateswar Reddy Melachervu
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)
Brian K. Dickard
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and Frontiers
Gokul Alex
The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing
Moshe Ferber
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
NJVC, LLC
4.5.cloud security
4.5.cloud security
DrRajapraveenkN
Cloud computing-security-issues
Cloud computing-security-issues
Aleem Mohammed
Cloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
Cloud Security Demystified
Cloud Security Demystified
Michael Torres
Security Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
Cloud Security And Privacy
Cloud Security And Privacy
tmather
Cloud Security Governance
Cloud Security Governance
Shankar Subramaniyan
Cloud security
Cloud security
Mohamed Shalash
Cloud computing understanding security risk and management
Cloud computing understanding security risk and management
Shamsundar Machale (CISSP, CEH)
Cloud security privacy- org
Cloud security privacy- org
Dharmalingam S
La actualidad más candente
(19)
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
Cloud Security
Cloud Security
Chap 6 cloud security
Chap 6 cloud security
Cloud Security
Cloud Security
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and Frontiers
The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
4.5.cloud security
4.5.cloud security
Cloud computing-security-issues
Cloud computing-security-issues
Cloud Security: A New Perspective
Cloud Security: A New Perspective
Cloud Security Demystified
Cloud Security Demystified
Security Issues of Cloud Computing
Security Issues of Cloud Computing
Cloud Security And Privacy
Cloud Security And Privacy
Cloud Security Governance
Cloud Security Governance
Cloud security
Cloud security
Cloud computing understanding security risk and management
Cloud computing understanding security risk and management
Cloud security privacy- org
Cloud security privacy- org
Similar a Presd1 10
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Norm Barber
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
UnifyCloud
security and compliance in the cloud
security and compliance in the cloud
Ajay Rathi
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
Viresh Suri
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?
Mark Williams
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptx
TrongMinhHoang1
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14
L S Subramanian
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
Moshe Ferber
Cloud Security Alliance - Guidance
Cloud Security Alliance - Guidance
Subra Kumaraswamy CISSP CISM
Introduction Of Cloud Computing
Introduction Of Cloud Computing
Md Nazrul Islam Roxy
Gitex journey to the cloud
Gitex journey to the cloud
Jorge Sebastiao
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloud
nooralmousa
Cloud security ppt
Cloud security ppt
Venkatesh Chary
The Cloud Crossover
The Cloud Crossover
Armor
Cloud Security
Cloud Security
AWS User Group Bengaluru
Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”
Vivek Maurya
chapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptx
GhofraneFerchichi2
Keys to success and security in the cloud
Keys to success and security in the cloud
Scalar Decisions
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
patmisasi
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdf
Ciente
Similar a Presd1 10
(20)
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
security and compliance in the cloud
security and compliance in the cloud
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptx
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud Security Alliance - Guidance
Cloud Security Alliance - Guidance
Introduction Of Cloud Computing
Introduction Of Cloud Computing
Gitex journey to the cloud
Gitex journey to the cloud
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloud
Cloud security ppt
Cloud security ppt
The Cloud Crossover
The Cloud Crossover
Cloud Security
Cloud Security
Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”
chapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptx
Keys to success and security in the cloud
Keys to success and security in the cloud
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdf
Más de Niels Groeneveld
Presd2 06
Presd2 06
Niels Groeneveld
Presd2 04
Presd2 04
Niels Groeneveld
Presd2 02
Presd2 02
Niels Groeneveld
Presd1 17
Presd1 17
Niels Groeneveld
Presd1 14
Presd1 14
Niels Groeneveld
Presd1 13
Presd1 13
Niels Groeneveld
Presd1 11
Presd1 11
Niels Groeneveld
Presd1 09
Presd1 09
Niels Groeneveld
Presd1 04
Presd1 04
Niels Groeneveld
Más de Niels Groeneveld
(9)
Presd2 06
Presd2 06
Presd2 04
Presd2 04
Presd2 02
Presd2 02
Presd1 17
Presd1 17
Presd1 14
Presd1 14
Presd1 13
Presd1 13
Presd1 11
Presd1 11
Presd1 09
Presd1 09
Presd1 04
Presd1 04
Último
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
Zilliz
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
MadyBayot
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Zilliz
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
Último
(20)
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
Presd1 10
1.
Cloud Security:
Identifying the Risks Jim Reavis, Executive Director May, 2010
2.
About the Cloud
Security Alliance • Global, not-for-profit organization • Inclusive membership, supporting broad spectrum of subject matter expertise • Building best practices and a trusted cloud ecosystem • CSA Guidance V2.1 – Released Dec 2009 • CSA Top Threats Research – Released March 2010 • CSA Cloud Controls Matrix – Released April 2010 • Trusted Cloud Initiative – Release Q4 2010 • CSA Cloud Metrics Working Group – release TBA • Consensus Assessment Initiative “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.” Copyright © 2010 Cloud Security Alliance www.cloudsecurityalliance.org
3.
Is Cloud Computing
Working? • Eli Lilly • New drug research project • IT promised system in 3 months, > $100,000 USD • Scientist completed in one day in cloud, < $500 USD • Japanese government agencies • RFP for custom software development • Chose PaaS for 25% of cost and deployment time over traditional software house Copyright © 2010 Cloud Security Alliance www.cloudsecurityalliance.org
4.
What is Cloud
Computing? • Compute as a utility: third major era of computing • Mainframe • PC Client/Server • Cloud computing: On demand model for allocation and consumption of computing • Cloud enabled by • Moore‟s Law: Costs of compute & storage approaching zero • Hyperconnectivity: Robust bandwidth from dotcom investments • Service Oriented Architecture (SOA) • Scale: Major providers create massive IT capabilities • Disruptive to IT and IT Security • Challenges many of our IT definitions, e.g. what is data? Copyright © 2010 Cloud Security Alliance www.cloudsecurityalliance.org
5.
Defining Cloud •
On demand provisioning • Elasticity • Multi-tenancy • Key types • Infrastructure as a Service (IaaS): basic O/S & storage • Platform as a Service (PaaS): IaaS + rapid app development • Software as a Service (SaaS): complete application • Public, Private, Community & Hybrid Cloud deployments Copyright © 2010 Cloud Security Alliance www.cloudsecurityalliance.org
6.
S-P-I Framework
You “RFP” security in SaaS Software as a Service You build security in PaaS Platform as a Service IaaS Infrastructure as a Service Copyright © 2010 Cloud Security Alliance www.cloudsecurityalliance.org
7.
Top Threats to
Cloud Computing Cloud Security Risks / Threats • Shared Technology Vulnerabilities • Data Loss/Data Leakage • Malicious Insiders • Account Service or Hijacking of Traffic • Insecure APIs • Nefarious Use of Service • Unknown Risk Profile Copyright © 2010 Cloud Security Alliance www.cloudsecurityalliance.org
8.
Shared Technology Vulnerabilities
Description • Exposed hardware, operating systems, middleware, application stacks and network components may posses known vulnerabilities Impact • Successful exploitation could impact multiple customers Example • Cloudburst - Kostya Kortchinksy (Blackhat 2009) • Arbitrary code execution vulnerability identified in VMware SVGA II device, a virtualized PCI Display Adapter • Vulnerable component present on VMware Workstation, VMware Player, VMware Server and VMware ESX Copyright © 2010 Cloud Security Alliance www.cloudsecurityalliance.org
9.
Data Loss /
Data Leakage Description • Data compromise due to improper access controls or weak encryption • Poorly secured data is at greater risk due to the multi-tenant architecture Impact • Data integrity and confidentiality Example • Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third- Party Compute Clouds (UCSD/MIT) • Research detailing techniques to ensure that images are deployed on the same physical hardware as a victim and then leveraging cross- VM attacks to identify data leakage Copyright © 2010 Cloud Security Alliance www.cloudsecurityalliance.org
10.
Malicious Insiders Description
• Employees of the cloud vendor may abuse privileges to access customer data/functionality • Reduced visibility into internal processes may inhibit detection of the breach Impact • Data confidentiality and integrity • Reputational damage • Legal repercussions Example • Google Investigates Insider Threat After China Hack (eWeek) • “Google is investigating whether some of its own staff are behind the repeated attempts to hack into the Gmail accounts of Chinese human rights activists” Copyright © 2010 Cloud Security Alliance www.cloudsecurityalliance.org
11.
Interception or Hijacking
of Traffic Description • Intercept and/or redirect traffic destined for the clients or cloud • Steal credentials to eavesdrop or manipulate account information / services Impact • Confidentiality and integrity of data • Damage to reputation • Consequences (legal) from malicious use of resources Example • Twitter DNS account compromise • Zeus botnet C&Cs on compromised Amazon EC2 accounts Copyright © 2010 Cloud Security Alliance www.cloudsecurityalliance.org
12.
Insecure APIs Description
• APIs designed to permit access to functionality and data may be vulnerable or improperly utilized, exposing applications to attack Impact • Data confidentiality and integrity • Denial of service Example • P0wning the Programmable Web (Websense – AusCERT 2009_ • 80% of tested applications not using available security in APIs (e.g. unencrypted traffic and basic authentication) • Demonstrated CSRF, MITM and data leakage attacks Copyright © 2010 Cloud Security Alliance www.cloudsecurityalliance.org
13.
Nefarious Use of
Service Description • Attackers are drawn to the cloud for the same reasons as legitimate consumers – access to massive proceesing power at a low cost Impact • Password cracking, DDoS, malware hosting, spam, C&C servers, CAPTCHA cracking, etc. Example • Current search of MalwareDomainList.com for „amazonaws.com‟ returns 21 results • “In the past three years, ScanSafe has recorded 80 unique malware incidents involving amazonaws” – ScanSafe blog • Amazon's EC2 Having Problems With Spam and Malware - Slashdot Copyright © 2010 Cloud Security Alliance www.cloudsecurityalliance.org
14.
Unknown Risk Profile
Description • A lack of visibility into security controls could leave cloud consumers exposed to unnecessary risk. Impact • Significant data breaches could occur, possibly without the knowledge of the cloud consumer. Example • Heartland Payment Systems was “willing to do only the bare minimum and comply with state laws instead of taking the extra effort to notify every single customer, regardless of law, about whether their data [had] been stolen.” http://www.pcworld.com/article/158038/heartland_has_no_heart_for_violated_customers.html Copyright © 2010 Cloud Security Alliance www.cloudsecurityalliance.org
15.
Survey Results Top Ranked
Threats RANK THREAT PERCENT 1) Data Loss/Leakage 28.8% 2) Abuse and Nefarious use of Cloud 17.8% Computing 3) Insecure API‟s 15.1% 4) Malicious Insiders 11.0% 5) Account/Service and Traffic Hijacking 9.6% 6) Unknown Risk Profile 9.6% 7) Shared Technology Vulnerabilities 8.2% Copyright © 2010 Cloud Security Alliance www.cloudsecurityalliance.org
16.
Status Revisions •
Top threats list will be updated 2x per year Process • Recommended changes will be solicited from CSA participants • Panel of judges will be established with representation from the security community, solution providers and cloud consumers • Recommendations will be summarized and solicited to judges for review • Judges will vote on any recommended changes • Contact project team to recommend judges Copyright © 2010 Cloud Security Alliance www.cloudsecurityalliance.org
17.
CSA Guidance Domains
Cloud Architecture Governance and Enterprise Risk Management Governing the Legal and Electronic Discovery Cloud • Popular best practices Compliance and Audit Information Lifecycle Management for securing cloud Portability and Interoperability computing Security, Bus. Cont,, and Disaster Recovery Operating in the Cloud Data Center Operations • 13 Domains of concern – Incident Response, Notification, Remediation governing & operating Application Security Encryption and Key Management groupings Identity and Access Management Virtualization Guidance > 100k downloads: cloudsecurityalliance.org/guidance Copyright © 2010 Cloud Security Alliance www.cloudsecurityalliance.org
18.
Summary •
Cloud Computing is real and transformational • Challenges for People, Process, Technology, Organizations and Countries • Broad governance approach needed • Tactical fixes needed • Combination of updating existing best practices and creating completely new best practices • Common sense not optional Copyright © 2010 Cloud Security Alliance www.cloudsecurityalliance.org
19.
Contact • Help us
secure cloud computing • www.cloudsecurityalliance.org • info@cloudsecurityalliance.org • LinkedIn: www.linkedin.com/groups?gid=1864210 • Twitter: @cloudsa Copyright © 2010 Cloud Security Alliance www.cloudsecurityalliance.org
20.
Thank you!
www.cloudsecurityalliance.org
Descargar ahora