SlideShare una empresa de Scribd logo

Cloud computing and Cloud security fundamentals

Descargar como PPTX, PDF
Viresh Suri
Viresh Suri

Presentation on Cloud Computing and Cloud Security fundamentals

Tecnología
1 de 40
Fundamentals of Cloud & Cloud Security Viresh Suri GlobalLogic 16th December 2015 | Delhi Innerve - 2015
CLOUD COMPUTING Fundamentals of
What is Cloud Computing?
Evolution of IT Computing Models http://mydocumentum.wordpress.com/2011/05/14/monday-may-9-2011/
The NIST Definition of Cloud Computing Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. National Institute of Standards and Technology (NIST) www.nist.gov
Cloud Computing Taxonomy - NIST http://www.csrc.nist.gov/groups/SNS/cloud-computing/index.html
Private (On-Premise) Infrastructure (as a Service) Platform (as a Service) Service Models Storage Server HW Networking Servers Databases Virtualization Runtimes Applications Security & Integration Storage Server HW Networking Servers Databases Virtualization Runtimes Applications Security & Integration Storage Server HW Networking Servers Databases Virtualization Runtimes Applications Security & Integration Software (as a Service) Storage Server HW Networking Servers Databases Virtualization Runtimes Security & Integration Applications Managed by you Managed by vendor
Virtualization – The Cloud Backbone Hypervisor
Cloud Architecture
What is driving Cloud adoption ?
Enterprise challenges Speed of provisioning constraints business execution Disaster Recovery, Fault Tolerance, High Availability Existing hardware has reached end of serviceable life Datacenter capacity limits are being reached Applications & processes have variable demand High Maintenance Costs Software License Costs
How Cloud helps … Elastic Capacity Infinitely Scalable (Almost) Quick and Easy Deployment Provisioning in Minutes Business Agility No CapEx, only OpEx., Fine grained billing (hourly) Pay as You go Leverage Global Scalability & DR Be Free from IT Management Hassles Metering, Monitoring, Alerts
Cloud Challenges Legal & Compliance Security Lack of Standards, Compatibility Reliability & Performance
A Snapshot of Cloud Providers
Holistic Migration Process Cloud Assessment •Cost Analysis •Security & Compliance •Migration Tools •Application Compatibility •Defining Success Criteria Cloud Platform Validation •Understand a particular platform •Platform capabilities •Services Offered •Security considerations •Pricing •Build POCs •Compatibility issues •Identify Migration tools Data Migration •DB Options & Management •Storage Options • HA & DR support • Migration Tools •Backup / Restore points •Define success criteria Application Migration •Full Migration •Partial Migration •Run in parallel •Integration with On-Premise systems •Integration tools & Management •Create / Identify images to be used Cloud Deployment •Configure Auto- Scaling •Monitoring & Notifications •Security Configuration •Dashboards for resource management •Business Continuity Planning Cloud Optimization •Cost Saving Opportunities •Analyze usage patterns •Application Performance Tuning
Public v/s Private Cloud Decision Key Question Private Cloud Preferable Public Cloud Preferable Demand Constant Variable Growth Predictable Unpredictable Users Concentrated Dispersed Customization High Minimal to none Data Privacy & Security Stringent Requirement Moderate Requirement Performance Very High Moderate to High
CLOUD SECURITY Fundamentals of
Important Points to know Top cyberattack methods aimed at cloud deployments grew 45 per cent (Application Attacks), 36 per cent (Suspicious Activity) and 27 per cent (Brute Force attacks) respectively over the previous year, while top attacks aimed at on-premises deployments remained relatively flat. Read more: http://www.itproportal.com/2015/11/16/interview-charting-the-cloud- security-landscape/#ixzz3uT1S7EQ8 As per 2014 KPMG Cloud Security Report • When it comes to selecting a cloud solution, Security is the no. 1 concern • Compared to 2012 survey, security and data privacy are greater concerns than cost efficiency • Security is a lesser challenge now, compared to 2012. Cloud providers better prepared to secure data, and manage security breaches when they occur
CSA’s “Notorious 9” Security Threats • Data Breaches • Data Loss • Account or Service Hijacking • Insecure APIs • Denial of Service • Malicious Insiders • Abuse of Cloud Services • Insufficient Due Diligence • Shared Technology
Key Security Considerations in a Public Cloud
Network Security • Built-in firewalls, control of network access to instances and subnets • Private / Dedicated Connectivity options from office / on-premises environments • Encryption in transit • DDoS mitigation
Configuration Management • Inventory and Configuration Management tools to identify resources, track to manage them • Template definition and management tools to create standard / pre-configured VMs • Deployment Tools to manage creation and decommissioning of resources as per org. standard
Data Encryption • Available for data at rest in Storage services • Flexible Key Management options, including Cloud Managed keys / self-managed keys • Hardware based cryptographic key storage options • APIs for you to integrate encryption and data protection with any service developed / deployed on the cloud
Access Control • Capabilities to define, enforce and manage user access policies across services • Identity and Access Management • Multifactor authentication, including hardware based authentication options • Integration and federation with corporate directories
Monitoring and Logging • Deep visibility into API calls, including Who ? What ? When ? From Where ? • Log aggregation, streamlining investigations, compliance reporting • Alert notifications
Cloud Security Landscape http://www.josephfloyd.com/blog/cloud-security-landscape
Cloud Security Comparison http://fortycloud.com/iaas-security-state-of-the-industry/
The Road Ahead • Clouds are more prone to security attacks than on-perm deployments • Doesn’t mean that those attacks are successful • Cloud Providers are better enabled to handle security now • 2016 will be the first year when people choose cloud because of security benefits, and not elasticity / cost • However, stay cautious ! More serious attacks could be expected as well
Security in AWS
Standards Supported GxP ISO 13485 AS9100 ISO/TS 16949
Shared Responsibility AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network, & Firewall Configuration Customer applications & content Customers
AWS CloudTrail CloudTrail records API calls on services, delivers detailed logs Use Cases supported : Security Analysis : Use log files as an input into log management and analysis solutions to perform security analysis and to detect user behavior patterns Track Changes to AWS Resources : Track creation, modification, and deletion of AWS resources such as Amazon EC2 instances, Amazon VPC security groups and Amazon EBS volumes Troubleshoot Operational Issues : Identify the most recent actions made to resources in your AWS account Compliance Aid : Easier to demonstrate compliance with internal policies and regulatory standards
AWS Config AWS Config is a fully managed service that provides you with an inventory of your AWS resources, lets you audit the resource configuration history and notifies you of resource configuration changes. Use Cases : • Am I safe ? : Continuously monitor the configurations of your resources and evaluate these configurations for potential security weaknesses • Where is the evidence ? : A complete inventory of all resources and their configuration attributes is available for any point in time • What will this change effect ? : Relationships between resources are understood, so that you can proactively assess change impact • What has changed ? : You can quickly identify the recent configuration changes to your resources by using the console or by building custom integrations with the regularly exported resource history files
AWS Key Management Service • A managed service that makes it easy for you to create, control, and use your encryption keys • Centralized view of all key usage in the organization • Uses HSMs to protect Key Security • Integrated with AWS CloudTrial to provide logs for all key usage for regulatory and compliance requirements
AWS IAM • Centrally manage users, security credentials such as passwords, access keys, permissions, policies that control which AWS services and resources users can access • Allows creation of multiple AWS users, give them their own user name, password, access keys
AWS CloudHSM • Allows protection of encryption keys within HSMs designed and validated to government standards for secure key management • Keys can be generated, managed and stored cryptographic keys such that they are accessible only by us • Allows regulatory compliance without compromising on application performance • CloudHSM instances are provisioned inside your VPC with an IP address that you specify, providing simple and private network connectivity to your Amazon Elastic Compute Cloud (EC2) instances
AWS VPC • Allows provisioning of logically isolated section of AWS cloud, where AWS resources can be launched in a virtual network defined by you • You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways • You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet • Additionally, you can create a Hardware Virtual Private Network (VPN) connection between your corporate datacenter and your VPC and leverage the AWS cloud as an extension of your corporate datacenter.
AWS WAF • AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. • Gives you control over which traffic to allow or block to your web application by defining customizable web security rules. • You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. • New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.
AWS Inspector (Preview) • Automated security assessment service that helps improve the security and compliance of applications deployed on AWS. • Automatically assesses applications for vulnerabilities or deviations from best practices. • After performing an assessment, Amazon Inspector produces a detailed report with prioritized steps for remediation. • Includes a knowledge base of hundreds of rules mapped to common security compliance standards (e.g. PCI DSS) and vulnerability definitions. Examples of built-in rules include checking for remote root login being enabled, or vulnerable software versions installed. These rules are regularly updated by AWS security researchers.
viresh.suri@globallogic.com http://www.linkedin.com/in/vireshsuri Thank You

Recomendados

Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Ninh Nguyen
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
Venkatesh Chary
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
Jim Geovedi
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
Akhila Param
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
Cloud computing
Cloud computingCloud computing
Cloud computing
MOHIT PANDEY
 

Recomendados

Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Ninh Nguyen
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
Venkatesh Chary
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
Jim Geovedi
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
Akhila Param
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
Cloud computing
Cloud computingCloud computing
Cloud computing
MOHIT PANDEY
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
Devyani Vaidya
 
Cloud security
Cloud security Cloud security
Cloud security
Mohamed Shalash
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud Security
Legal Services National Technology Assistance Project (LSNTAP)
 
Cloud security
Cloud securityCloud security
Cloud security
BikashPokharel3
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
Capgemini
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
Amazon Web Services
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...
Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...
Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...
Edureka!
 
Cloud Computing- components, working, pros and cons
Cloud Computing- components, working, pros and consCloud Computing- components, working, pros and cons
Cloud Computing- components, working, pros and cons
Amritpal Singh Bedi
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
Naveed Farooq
 
cloud computing architecture.pptx
cloud computing architecture.pptxcloud computing architecture.pptx
cloud computing architecture.pptx
SourodeepChakraborty3
 
Cloud Service Models
Cloud Service ModelsCloud Service Models
Cloud Service Models
Abhishek Pachisia
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Siddiq Abu Bakkar
 
Cloud Computing Presentation
Cloud Computing PresentationCloud Computing Presentation
Cloud Computing Presentation
Vivek Ravindran
 
Cloud Computing Forensic Science
Cloud Computing Forensic Science Cloud Computing Forensic Science
Cloud Computing Forensic Science
David Sweigert
 
Virtualization in cloud
Virtualization in cloudVirtualization in cloud
Virtualization in cloud
Ashok Kumar
 
Cloud Architecture
Cloud ArchitectureCloud Architecture
Cloud Architecture
Arief Gunawan
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
Amazon Web Services LATAM
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
Amazon Web Services
 

Más contenido relacionado

La actualidad más candente

Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...
Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...
Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...
Edureka!
 

La actualidad más candente (20)

CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
 
Cloud security
Cloud security Cloud security
Cloud security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud Security
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...
Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...
Cloud Computing Service Models | IaaS PaaS SaaS Explained | Cloud Masters Pro...
 
Cloud Computing- components, working, pros and cons
Cloud Computing- components, working, pros and consCloud Computing- components, working, pros and cons
Cloud Computing- components, working, pros and cons
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
cloud computing architecture.pptx
cloud computing architecture.pptxcloud computing architecture.pptx
cloud computing architecture.pptx
 
Cloud Service Models
Cloud Service ModelsCloud Service Models
Cloud Service Models
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud Computing Presentation
Cloud Computing PresentationCloud Computing Presentation
Cloud Computing Presentation
 
Cloud Computing Forensic Science
Cloud Computing Forensic Science Cloud Computing Forensic Science
Cloud Computing Forensic Science
 
Virtualization in cloud
Virtualization in cloudVirtualization in cloud
Virtualization in cloud
 
Cloud Architecture
Cloud ArchitectureCloud Architecture
Cloud Architecture
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 

Similar a Cloud computing and Cloud security fundamentals

AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
Amazon Web Services
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
Amazon Web Services
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
Amazon Web Services
 
Rackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSRackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWS
Amazon Web Services
 
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
Amazon Web Services
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
Amazon Web Services
 

Similar a Cloud computing and Cloud security fundamentals (20)

1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
Top 10 AWS Security and Compliance best practices
Top 10 AWS Security and Compliance best practicesTop 10 AWS Security and Compliance best practices
Top 10 AWS Security and Compliance best practices
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
 
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the Cloud
 
Rackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSRackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWS
 
AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23
 
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
 
Cloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSCloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWS
 
Security & Compliance
Security & Compliance Security & Compliance
Security & Compliance
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
 
AWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & Compliance
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 

Último

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Último (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

Cloud computing and Cloud security fundamentals

  • 1. Fundamentals of Cloud & Cloud Security Viresh Suri GlobalLogic 16th December 2015 | Delhi Innerve - 2015
  • 3. What is Cloud Computing?
  • 4. Evolution of IT Computing Models http://mydocumentum.wordpress.com/2011/05/14/monday-may-9-2011/
  • 5. The NIST Definition of Cloud Computing Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. National Institute of Standards and Technology (NIST) www.nist.gov
  • 6. Cloud Computing Taxonomy - NIST http://www.csrc.nist.gov/groups/SNS/cloud-computing/index.html
  • 7. Private (On-Premise) Infrastructure (as a Service) Platform (as a Service) Service Models Storage Server HW Networking Servers Databases Virtualization Runtimes Applications Security & Integration Storage Server HW Networking Servers Databases Virtualization Runtimes Applications Security & Integration Storage Server HW Networking Servers Databases Virtualization Runtimes Applications Security & Integration Software (as a Service) Storage Server HW Networking Servers Databases Virtualization Runtimes Security & Integration Applications Managed by you Managed by vendor
  • 8. Virtualization – The Cloud Backbone Hypervisor
  • 10. What is driving Cloud adoption ?
  • 11. Enterprise challenges Speed of provisioning constraints business execution Disaster Recovery, Fault Tolerance, High Availability Existing hardware has reached end of serviceable life Datacenter capacity limits are being reached Applications & processes have variable demand High Maintenance Costs Software License Costs
  • 12. How Cloud helps … Elastic Capacity Infinitely Scalable (Almost) Quick and Easy Deployment Provisioning in Minutes Business Agility No CapEx, only OpEx., Fine grained billing (hourly) Pay as You go Leverage Global Scalability & DR Be Free from IT Management Hassles Metering, Monitoring, Alerts
  • 13. Cloud Challenges Legal & Compliance Security Lack of Standards, Compatibility Reliability & Performance
  • 14. A Snapshot of Cloud Providers
  • 15. Holistic Migration Process Cloud Assessment •Cost Analysis •Security & Compliance •Migration Tools •Application Compatibility •Defining Success Criteria Cloud Platform Validation •Understand a particular platform •Platform capabilities •Services Offered •Security considerations •Pricing •Build POCs •Compatibility issues •Identify Migration tools Data Migration •DB Options & Management •Storage Options • HA & DR support • Migration Tools •Backup / Restore points •Define success criteria Application Migration •Full Migration •Partial Migration •Run in parallel •Integration with On-Premise systems •Integration tools & Management •Create / Identify images to be used Cloud Deployment •Configure Auto- Scaling •Monitoring & Notifications •Security Configuration •Dashboards for resource management •Business Continuity Planning Cloud Optimization •Cost Saving Opportunities •Analyze usage patterns •Application Performance Tuning
  • 16. Public v/s Private Cloud Decision Key Question Private Cloud Preferable Public Cloud Preferable Demand Constant Variable Growth Predictable Unpredictable Users Concentrated Dispersed Customization High Minimal to none Data Privacy & Security Stringent Requirement Moderate Requirement Performance Very High Moderate to High
  • 18. Important Points to know Top cyberattack methods aimed at cloud deployments grew 45 per cent (Application Attacks), 36 per cent (Suspicious Activity) and 27 per cent (Brute Force attacks) respectively over the previous year, while top attacks aimed at on-premises deployments remained relatively flat. Read more: http://www.itproportal.com/2015/11/16/interview-charting-the-cloud- security-landscape/#ixzz3uT1S7EQ8 As per 2014 KPMG Cloud Security Report • When it comes to selecting a cloud solution, Security is the no. 1 concern • Compared to 2012 survey, security and data privacy are greater concerns than cost efficiency • Security is a lesser challenge now, compared to 2012. Cloud providers better prepared to secure data, and manage security breaches when they occur
  • 19. CSA’s “Notorious 9” Security Threats • Data Breaches • Data Loss • Account or Service Hijacking • Insecure APIs • Denial of Service • Malicious Insiders • Abuse of Cloud Services • Insufficient Due Diligence • Shared Technology
  • 20. Key Security Considerations in a Public Cloud
  • 21. Network Security • Built-in firewalls, control of network access to instances and subnets • Private / Dedicated Connectivity options from office / on-premises environments • Encryption in transit • DDoS mitigation
  • 22. Configuration Management • Inventory and Configuration Management tools to identify resources, track to manage them • Template definition and management tools to create standard / pre-configured VMs • Deployment Tools to manage creation and decommissioning of resources as per org. standard
  • 23. Data Encryption • Available for data at rest in Storage services • Flexible Key Management options, including Cloud Managed keys / self-managed keys • Hardware based cryptographic key storage options • APIs for you to integrate encryption and data protection with any service developed / deployed on the cloud
  • 24. Access Control • Capabilities to define, enforce and manage user access policies across services • Identity and Access Management • Multifactor authentication, including hardware based authentication options • Integration and federation with corporate directories
  • 25. Monitoring and Logging • Deep visibility into API calls, including Who ? What ? When ? From Where ? • Log aggregation, streamlining investigations, compliance reporting • Alert notifications
  • 28. The Road Ahead • Clouds are more prone to security attacks than on-perm deployments • Doesn’t mean that those attacks are successful • Cloud Providers are better enabled to handle security now • 2016 will be the first year when people choose cloud because of security benefits, and not elasticity / cost • However, stay cautious ! More serious attacks could be expected as well
  • 31. Shared Responsibility AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network, & Firewall Configuration Customer applications & content Customers
  • 32. AWS CloudTrail CloudTrail records API calls on services, delivers detailed logs Use Cases supported : Security Analysis : Use log files as an input into log management and analysis solutions to perform security analysis and to detect user behavior patterns Track Changes to AWS Resources : Track creation, modification, and deletion of AWS resources such as Amazon EC2 instances, Amazon VPC security groups and Amazon EBS volumes Troubleshoot Operational Issues : Identify the most recent actions made to resources in your AWS account Compliance Aid : Easier to demonstrate compliance with internal policies and regulatory standards
  • 33. AWS Config AWS Config is a fully managed service that provides you with an inventory of your AWS resources, lets you audit the resource configuration history and notifies you of resource configuration changes. Use Cases : • Am I safe ? : Continuously monitor the configurations of your resources and evaluate these configurations for potential security weaknesses • Where is the evidence ? : A complete inventory of all resources and their configuration attributes is available for any point in time • What will this change effect ? : Relationships between resources are understood, so that you can proactively assess change impact • What has changed ? : You can quickly identify the recent configuration changes to your resources by using the console or by building custom integrations with the regularly exported resource history files
  • 34. AWS Key Management Service • A managed service that makes it easy for you to create, control, and use your encryption keys • Centralized view of all key usage in the organization • Uses HSMs to protect Key Security • Integrated with AWS CloudTrial to provide logs for all key usage for regulatory and compliance requirements
  • 35. AWS IAM • Centrally manage users, security credentials such as passwords, access keys, permissions, policies that control which AWS services and resources users can access • Allows creation of multiple AWS users, give them their own user name, password, access keys
  • 36. AWS CloudHSM • Allows protection of encryption keys within HSMs designed and validated to government standards for secure key management • Keys can be generated, managed and stored cryptographic keys such that they are accessible only by us • Allows regulatory compliance without compromising on application performance • CloudHSM instances are provisioned inside your VPC with an IP address that you specify, providing simple and private network connectivity to your Amazon Elastic Compute Cloud (EC2) instances
  • 37. AWS VPC • Allows provisioning of logically isolated section of AWS cloud, where AWS resources can be launched in a virtual network defined by you • You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways • You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet • Additionally, you can create a Hardware Virtual Private Network (VPN) connection between your corporate datacenter and your VPC and leverage the AWS cloud as an extension of your corporate datacenter.
  • 38. AWS WAF • AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. • Gives you control over which traffic to allow or block to your web application by defining customizable web security rules. • You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. • New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.
  • 39. AWS Inspector (Preview) • Automated security assessment service that helps improve the security and compliance of applications deployed on AWS. • Automatically assesses applications for vulnerabilities or deviations from best practices. • After performing an assessment, Amazon Inspector produces a detailed report with prioritized steps for remediation. • Includes a knowledge base of hundreds of rules mapped to common security compliance standards (e.g. PCI DSS) and vulnerability definitions. Examples of built-in rules include checking for remote root login being enabled, or vulnerable software versions installed. These rules are regularly updated by AWS security researchers.

Notas del editor

  1. Azure + System Center + Windows Server gives a hybtid solution Openshift : PaaS from RedHat Office 365 integration with existing on-prem directory services, Lync, Exchange Server, Sharepoint Server
  2. Cyber attacks, Regulatory norms
  3. Cyber attacks, Regulatory norms
  4. state-of-the-industry public IaaS security research examines the following features: Shared Cloud Network: public IaaS environment where different cloud customers share the same cloud service subnet. In this model, each cloud server (VM) usually has a public IP address (permanent or temporary) as well as service IP address for the internal cloud service network Virtual Private Cloud (VPC) Network: the IaaS provider supports an isolation of customers’ cloud deployments, such that a customer can have a private subnet that is not reachable from other customers’ cloud servers or from the public Internet Firewall: Collection of policies and rules to control the traffic allowed to and from a group of cloud servers or static IP Addresses Identity-based access management: these are firewall rules based on user identity, allowing access of specific users to specific set of compute resources Secure extension: ability to securely connect enterprise sites to the cloud deployment (usually a virtual private network) via static IPSec connections Secure remote access to individual server: the ability to access an individual machine (VM) using a secure protocol (like SSH or RDP); this type of remote access is usually based on credentials that are specific to a single user and a single server Remote VPN access: the ability of the organization’s employees to securely connect on demand to the cloud deployment remotely using VPN clients; this includes central authentication of the employees’ identity prior to gaining access to the cloud deployment (part or all of cloud servers)