SlideShare a Scribd company logo

Securing data in the cloud

Download as PPTX, PDF
Eyal Estrin
Eyal Estrin

Explanation about security controls in public cloud

Technology
1 of 15
@eyalestrin
Agenda Encryption in the cloud Controlling access to customer's data Logging, Auditing and Incident Response Compliance to Law and Regulation 2
Encryption – Common Terms Symmetric encryption – The same encryption key is used for encryption and decryption Asymmetric encryption – A public key is used for encryption, while a private key is used for decryption Key Encryption Key (KEK) – The master key used for encryption and decryption of data keys Data Encryption Key (DEK) – The key used for encryption and decryption of the customer’s data Vault – A secure location for storing encryption keys HSM – Hardware based vault for storing encryption keys 3
Encryption – Type of data encryption Client Side Encryption – Encrypting customer’s data before storing it in public cloud services Server Side Encryption – Encrypting data at rest on the public cloud services (such as storage, database, etc.), while the cloud vendor controls the encryption keys Customer Managed Key / Bring Your Own Key - Encrypting data at rest on the public cloud services (such as storage, database, etc.), while the customer controls the encryption keys 4
Encryption – Key Hierarchy Customer’s data is stored in an object file store or in a database Data encryption key (DEK) encrypts that customer’s data The DEK is stored near the data itself Key encryption key (KEK) / Master key, encrypts the Data encryption key (DEK) The KEK is stored in a secured vault / HSM 5
6
7
Encryption – Reference Azure Key Vault https://azure.microsoft.com/en-us/services/key-vault/ AWS Key Management Service (KMS) https://aws.amazon.com/kms/ Google Cloud Key Management Service (KMS) https://cloud.google.com/kms/ Oracle Break Glass https://docs.oracle.com/en/cloud/get-started/subscriptions- cloud/mmocs/overview-oracle-break-glass.html Salesforce Shield Platform Encryption https://www.salesforce.com/eu/products/platform/products/shi eld/ 8
Controlling access to customer's data  According to the “Shared Responsibility Model”, cloud providers maintain the lower layers of the infrastructure (Hardware, network, storage, virtualization, etc.)  In the rare cases where cloud vendor support engineer may need access to customer content to resolve a customer issue, there are access control mechanisms to allow the support engineer temporary access rights to customer data  Examples:  Customer Lockbox for Office 365: https://www.microsoft.com/en-us/microsoft-365/blog/2015/04/21/announcing- customer-lockbox-for-office-365/  Customer Lockbox for Azure VM: https://azure.microsoft.com/en-us/blog/approve-audit-support-access-requests-to- vms-using-customer-lockbox-for-azure/  Oracle Break Glass for Fusion Cloud Service: https://cloud.oracle.com/opc/saas/fsdep/datasheets/oracle-break-glass-for-fusion- cloud-ds.pdf 9
Controlling access to customer's data – Workflow 10
Logging, Auditing and Incident Response Major public cloud vendors provides customer with a unified interface for managing security compliance, identify threats and perform automatic actions Examples: Azure Security Center: https://azure.microsoft.com/en-us/services/security-center/ Amazon Guard​Duty: https://aws.amazon.com/guardduty/ Google Cloud Security Command Center: https://cloud.google.com/security-command-center/ 11
Azure Security Center 12
Amazon GuardDuty 13
Google Cloud Security Command Center 14
Reference for Compliance to Law and Regulations Azure: https://www.microsoft.com/en- us/trustcenter/compliance/complianceofferings AWS: https://aws.amazon.com/compliance/programs/ Google Cloud Platform: https://cloud.google.com/security/compliance/#/ Oracle Cloud: https://cloud.oracle.com/cloud-compliance 15

Recommended

Choosing Encryption for Microsoft SQL Server
Choosing Encryption for Microsoft SQL ServerChoosing Encryption for Microsoft SQL Server
Choosing Encryption for Microsoft SQL ServerJerome J. Penna
 
SQL Server Encryption - Adi Cohn
SQL Server Encryption - Adi CohnSQL Server Encryption - Adi Cohn
SQL Server Encryption - Adi Cohnsqlserver.co.il
 
SQL Server Column Based Encryption
SQL Server Column Based EncryptionSQL Server Column Based Encryption
SQL Server Column Based EncryptionDavid Dye
 
Column Level Encryption in Microsoft SQL Server
Column Level Encryption in Microsoft SQL ServerColumn Level Encryption in Microsoft SQL Server
Column Level Encryption in Microsoft SQL ServerBehnam Mohammadi
 
Your only as strong as your weakest link – Edward Ogden
Your only as strong as your weakest link – Edward OgdenYour only as strong as your weakest link – Edward Ogden
Your only as strong as your weakest link – Edward Ogdenowaspsuffolk
 
Techgate's Business Cloud Backup
Techgate's Business Cloud BackupTechgate's Business Cloud Backup
Techgate's Business Cloud BackupTechgate plc
 
How does "Self-Defending Data" Work?
How does "Self-Defending Data" Work?How does "Self-Defending Data" Work?
How does "Self-Defending Data" Work?Vic Winkler
 
AWS Summit London - Keynote - Stephen Schmidt
AWS Summit London - Keynote - Stephen SchmidtAWS Summit London - Keynote - Stephen Schmidt
AWS Summit London - Keynote - Stephen SchmidtAmazon Web Services
 

Recommended

Choosing Encryption for Microsoft SQL Server
Choosing Encryption for Microsoft SQL ServerChoosing Encryption for Microsoft SQL Server
Choosing Encryption for Microsoft SQL ServerJerome J. Penna
 
SQL Server Encryption - Adi Cohn
SQL Server Encryption - Adi CohnSQL Server Encryption - Adi Cohn
SQL Server Encryption - Adi Cohnsqlserver.co.il
 
SQL Server Column Based Encryption
SQL Server Column Based EncryptionSQL Server Column Based Encryption
SQL Server Column Based EncryptionDavid Dye
 
Column Level Encryption in Microsoft SQL Server
Column Level Encryption in Microsoft SQL ServerColumn Level Encryption in Microsoft SQL Server
Column Level Encryption in Microsoft SQL ServerBehnam Mohammadi
 
Your only as strong as your weakest link – Edward Ogden
Your only as strong as your weakest link – Edward OgdenYour only as strong as your weakest link – Edward Ogden
Your only as strong as your weakest link – Edward Ogdenowaspsuffolk
 
Techgate's Business Cloud Backup
Techgate's Business Cloud BackupTechgate's Business Cloud Backup
Techgate's Business Cloud BackupTechgate plc
 
How does "Self-Defending Data" Work?
How does "Self-Defending Data" Work?How does "Self-Defending Data" Work?
How does "Self-Defending Data" Work?Vic Winkler
 
AWS Summit London - Keynote - Stephen Schmidt
AWS Summit London - Keynote - Stephen SchmidtAWS Summit London - Keynote - Stephen Schmidt
AWS Summit London - Keynote - Stephen SchmidtAmazon Web Services
 
Cloud storage security
Cloud storage securityCloud storage security
Cloud storage securityPankaj Watekar
 
Thales bloombase store_safe_sb
Thales bloombase store_safe_sbThales bloombase store_safe_sb
Thales bloombase store_safe_sbBloombase
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingDLT Solutions
 
9i R2 Checklist
9i R2 Checklist9i R2 Checklist
9i R2 ChecklistLiquidHub
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...MongoDB
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Oracle BH
 
Oracle Key Vault Overview
Oracle Key Vault OverviewOracle Key Vault Overview
Oracle Key Vault OverviewTroy Kitch
 
12
1212
12Technology_solution
 
What is the Future of SIEM?
What is the Future of SIEM? What is the Future of SIEM?
What is the Future of SIEM? Elasticsearch
 
Storage datasheet
Storage datasheetStorage datasheet
Storage datasheetOry Chhean
 
Bloombase store safe mf solution brief 2017 pdf
Bloombase store safe mf solution brief 2017 pdfBloombase store safe mf solution brief 2017 pdf
Bloombase store safe mf solution brief 2017 pdfBloombase
 
Is your distributed system secure?
Is your distributed system secure?Is your distributed system secure?
Is your distributed system secure?Lacey Trebaol
 
Raabit and bacteria
Raabit and bacteriaRaabit and bacteria
Raabit and bacteriasabin kafle
 
Big data security in AWS.pptx
Big data security in AWS.pptxBig data security in AWS.pptx
Big data security in AWS.pptxAshish210583
 
Using encryption with_aws
Using encryption with_awsUsing encryption with_aws
Using encryption with_awssaifam
 
Protect your Data on AWS using the Encryption method.pdf
Protect your Data on AWS using the Encryption method.pdfProtect your Data on AWS using the Encryption method.pdf
Protect your Data on AWS using the Encryption method.pdfZen Bit Tech
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Adnene Guabtni
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPandreasschuster
 
Secure Channels Financal Institution Presentation
Secure Channels Financal Institution PresentationSecure Channels Financal Institution Presentation
Secure Channels Financal Institution PresentationRichard Blech
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionCSCJournals
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021lior mazor
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
 

More Related Content

What's hot

Cloud storage security
Cloud storage securityCloud storage security
Cloud storage securityPankaj Watekar
 
Thales bloombase store_safe_sb
Thales bloombase store_safe_sbThales bloombase store_safe_sb
Thales bloombase store_safe_sbBloombase
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingDLT Solutions
 
9i R2 Checklist
9i R2 Checklist9i R2 Checklist
9i R2 ChecklistLiquidHub
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...MongoDB
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Oracle BH
 
Oracle Key Vault Overview
Oracle Key Vault OverviewOracle Key Vault Overview
Oracle Key Vault OverviewTroy Kitch
 
What is the Future of SIEM?
What is the Future of SIEM? What is the Future of SIEM?
What is the Future of SIEM? Elasticsearch
 
Storage datasheet
Storage datasheetStorage datasheet
Storage datasheetOry Chhean
 
Bloombase store safe mf solution brief 2017 pdf
Bloombase store safe mf solution brief 2017 pdfBloombase store safe mf solution brief 2017 pdf
Bloombase store safe mf solution brief 2017 pdfBloombase
 
Is your distributed system secure?
Is your distributed system secure?Is your distributed system secure?
Is your distributed system secure?Lacey Trebaol
 
Raabit and bacteria
Raabit and bacteriaRaabit and bacteria
Raabit and bacteriasabin kafle
 

What's hot (13)

Cloud storage security
Cloud storage securityCloud storage security
Cloud storage security
 
Thales bloombase store_safe_sb
Thales bloombase store_safe_sbThales bloombase store_safe_sb
Thales bloombase store_safe_sb
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and Masking
 
9i R2 Checklist
9i R2 Checklist9i R2 Checklist
9i R2 Checklist
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2
 
Oracle Key Vault Overview
Oracle Key Vault OverviewOracle Key Vault Overview
Oracle Key Vault Overview
 
12
1212
12
 
What is the Future of SIEM?
What is the Future of SIEM? What is the Future of SIEM?
What is the Future of SIEM?
 
Storage datasheet
Storage datasheetStorage datasheet
Storage datasheet
 
Bloombase store safe mf solution brief 2017 pdf
Bloombase store safe mf solution brief 2017 pdfBloombase store safe mf solution brief 2017 pdf
Bloombase store safe mf solution brief 2017 pdf
 
Is your distributed system secure?
Is your distributed system secure?Is your distributed system secure?
Is your distributed system secure?
 
Raabit and bacteria
Raabit and bacteriaRaabit and bacteria
Raabit and bacteria
 

Similar to Securing data in the cloud

Big data security in AWS.pptx
Big data security in AWS.pptxBig data security in AWS.pptx
Big data security in AWS.pptxAshish210583
 
Using encryption with_aws
Using encryption with_awsUsing encryption with_aws
Using encryption with_awssaifam
 
Protect your Data on AWS using the Encryption method.pdf
Protect your Data on AWS using the Encryption method.pdfProtect your Data on AWS using the Encryption method.pdf
Protect your Data on AWS using the Encryption method.pdfZen Bit Tech
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Adnene Guabtni
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPandreasschuster
 
Secure Channels Financal Institution Presentation
Secure Channels Financal Institution PresentationSecure Channels Financal Institution Presentation
Secure Channels Financal Institution PresentationRichard Blech
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionCSCJournals
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021lior mazor
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
 
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitData protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitAmazon Web Services
 
How to implement data encryption at rest in compliance with enterprise requir...
How to implement data encryption at rest in compliance with enterprise requir...How to implement data encryption at rest in compliance with enterprise requir...
How to implement data encryption at rest in compliance with enterprise requir...Steffen Mazanek
 
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
Protecting Your Key Asset – Data Protection Best Practices V2.0 FinalProtecting Your Key Asset – Data Protection Best Practices V2.0 Final
Protecting Your Key Asset – Data Protection Best Practices V2.0 FinalVinod Kumar
 
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionWell-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionAmazon Web Services
 
Hadoop Distributed File System (HDFS) Encryption with Cloudera Navigator Key ...
Hadoop Distributed File System (HDFS) Encryption with Cloudera Navigator Key ...Hadoop Distributed File System (HDFS) Encryption with Cloudera Navigator Key ...
Hadoop Distributed File System (HDFS) Encryption with Cloudera Navigator Key ...Cloudera, Inc.
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
Azure Key Vault with a PaaS Architecture and ARM Template DeploymentAzure Key Vault with a PaaS Architecture and ARM Template Deployment
Azure Key Vault with a PaaS Architecture and ARM Template DeploymentRoy Kim
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)Julien SIMON
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Amazon Web Services
 
EXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATA
EXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATAEXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATA
EXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATAIRJET Journal
 

Similar to Securing data in the cloud (20)

Big data security in AWS.pptx
Big data security in AWS.pptxBig data security in AWS.pptx
Big data security in AWS.pptx
 
Using encryption with_aws
Using encryption with_awsUsing encryption with_aws
Using encryption with_aws
 
Protect your Data on AWS using the Encryption method.pdf
Protect your Data on AWS using the Encryption method.pdfProtect your Data on AWS using the Encryption method.pdf
Protect your Data on AWS using the Encryption method.pdf
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLP
 
Secure Channels Financal Institution Presentation
Secure Channels Financal Institution PresentationSecure Channels Financal Institution Presentation
Secure Channels Financal Institution Presentation
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data Encryption
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
 
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitData protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
 
How to implement data encryption at rest in compliance with enterprise requir...
How to implement data encryption at rest in compliance with enterprise requir...How to implement data encryption at rest in compliance with enterprise requir...
How to implement data encryption at rest in compliance with enterprise requir...
 
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
Protecting Your Key Asset – Data Protection Best Practices V2.0 FinalProtecting Your Key Asset – Data Protection Best Practices V2.0 Final
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
 
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionWell-Architected for Security: Advanced Session
Well-Architected for Security: Advanced Session
 
Encryption in the Cloud
Encryption in the CloudEncryption in the Cloud
Encryption in the Cloud
 
Hadoop Distributed File System (HDFS) Encryption with Cloudera Navigator Key ...
Hadoop Distributed File System (HDFS) Encryption with Cloudera Navigator Key ...Hadoop Distributed File System (HDFS) Encryption with Cloudera Navigator Key ...
Hadoop Distributed File System (HDFS) Encryption with Cloudera Navigator Key ...
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
Azure Key Vault with a PaaS Architecture and ARM Template DeploymentAzure Key Vault with a PaaS Architecture and ARM Template Deployment
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017
 
EXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATA
EXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATAEXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATA
EXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATA
 

Recently uploaded

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 

Recently uploaded (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Securing data in the cloud

  • 2. Agenda Encryption in the cloud Controlling access to customer's data Logging, Auditing and Incident Response Compliance to Law and Regulation 2
  • 3. Encryption – Common Terms Symmetric encryption – The same encryption key is used for encryption and decryption Asymmetric encryption – A public key is used for encryption, while a private key is used for decryption Key Encryption Key (KEK) – The master key used for encryption and decryption of data keys Data Encryption Key (DEK) – The key used for encryption and decryption of the customer’s data Vault – A secure location for storing encryption keys HSM – Hardware based vault for storing encryption keys 3
  • 4. Encryption – Type of data encryption Client Side Encryption – Encrypting customer’s data before storing it in public cloud services Server Side Encryption – Encrypting data at rest on the public cloud services (such as storage, database, etc.), while the cloud vendor controls the encryption keys Customer Managed Key / Bring Your Own Key - Encrypting data at rest on the public cloud services (such as storage, database, etc.), while the customer controls the encryption keys 4
  • 5. Encryption – Key Hierarchy Customer’s data is stored in an object file store or in a database Data encryption key (DEK) encrypts that customer’s data The DEK is stored near the data itself Key encryption key (KEK) / Master key, encrypts the Data encryption key (DEK) The KEK is stored in a secured vault / HSM 5
  • 6. 6
  • 7. 7
  • 8. Encryption – Reference Azure Key Vault https://azure.microsoft.com/en-us/services/key-vault/ AWS Key Management Service (KMS) https://aws.amazon.com/kms/ Google Cloud Key Management Service (KMS) https://cloud.google.com/kms/ Oracle Break Glass https://docs.oracle.com/en/cloud/get-started/subscriptions- cloud/mmocs/overview-oracle-break-glass.html Salesforce Shield Platform Encryption https://www.salesforce.com/eu/products/platform/products/shi eld/ 8
  • 9. Controlling access to customer's data  According to the “Shared Responsibility Model”, cloud providers maintain the lower layers of the infrastructure (Hardware, network, storage, virtualization, etc.)  In the rare cases where cloud vendor support engineer may need access to customer content to resolve a customer issue, there are access control mechanisms to allow the support engineer temporary access rights to customer data  Examples:  Customer Lockbox for Office 365: https://www.microsoft.com/en-us/microsoft-365/blog/2015/04/21/announcing- customer-lockbox-for-office-365/  Customer Lockbox for Azure VM: https://azure.microsoft.com/en-us/blog/approve-audit-support-access-requests-to- vms-using-customer-lockbox-for-azure/  Oracle Break Glass for Fusion Cloud Service: https://cloud.oracle.com/opc/saas/fsdep/datasheets/oracle-break-glass-for-fusion- cloud-ds.pdf 9
  • 10. Controlling access to customer's data – Workflow 10
  • 11. Logging, Auditing and Incident Response Major public cloud vendors provides customer with a unified interface for managing security compliance, identify threats and perform automatic actions Examples: Azure Security Center: https://azure.microsoft.com/en-us/services/security-center/ Amazon Guard​Duty: https://aws.amazon.com/guardduty/ Google Cloud Security Command Center: https://cloud.google.com/security-command-center/ 11
  • 14. Google Cloud Security Command Center 14
  • 15. Reference for Compliance to Law and Regulations Azure: https://www.microsoft.com/en- us/trustcenter/compliance/complianceofferings AWS: https://aws.amazon.com/compliance/programs/ Google Cloud Platform: https://cloud.google.com/security/compliance/#/ Oracle Cloud: https://cloud.oracle.com/cloud-compliance 15