1 / 30

NETE4631 Cloud Privacy and Security

NETE4631 Cloud Privacy and Security. Lecture Notes #9. Managing the Cloud - Recap. Capacity Planning – Recap (2). Steps for capacity planner Examine what systems are in place Measuring their workload Resources - CPU, RAM, disk, and network Load testing and identifying resource ceiling

nitesh
Download Presentation

NETE4631 Cloud Privacy and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NETE4631Cloud Privacy and Security Lecture Notes #9

  2. Managing the Cloud - Recap

  3. Capacity Planning – Recap (2) • Steps for capacity planner • Examine what systems are in place • Measuring their workload • Resources - CPU, RAM, disk, and network • Load testing and identifying resource ceiling • Determining usage pattern & predict future demand • Add or tear down resources to meet demand Scenario • Scale vertically (scale up) • Scale horizontally (scale out)

  4. Lecture Outline • Statistical challenges in the cloud • Security implications • Security and privacy challenges • Security mapping • Security responsibilities • Security service boundary • Approaches • Securing data • Identity management • Standard compliance

  5. Characteristics of Cloud (NIST)

  6. Statistical Challenges in the Cloud

  7. Security Implications • Outsourcing Data and Applications • Extensibility and Shared Responsibility • Service-Level Agreements (SLAs) • Virtualization and Hypervisors • Heterogeneity • Compliance and Regulations

  8. Security & Privacy Challenges • Authentication and Identity Management • Access Control and Accounting • Trust Management and Policy Integration • Secure-Service Management • Privacy and Data Protection • Organizational Security Management

  9. Security Mapping • Determine which resources you are planning to move to the cloud • Determine the sensitivity of the resources to risk • Determine the risk associated with the particular cloud deployment type (public, private, or hybrid models) of a resource • Take into account the particular cloud service model that you will be using • If you have selected a particular cloud provider, you need to evaluate its system to understand how data is transferred, where it is stored, and how to move data both in and out of the cloud

  10. The AWS Security Center

  11. Security Responsibilities • Cloud Deployment Models (NIST) • Public clouds • Private clouds • Hybrid clouds

  12. Security Service Boundary By Cloud Security Alliance (CSA)

  13. Approaches • Techniques for securing applications, data, management, network, and physical hardware • Data-Centric Security and Privacy • Identity Management • Comply to compliance standards

  14. Techniques for securing resources Picture from Alexandra Institute

  15. Securing Data • Access control • Authentication • Authorization • Encryption

  16. Brokered Cloud Storage Access

  17. Establishing Identities • What is the identity? • Things you are • Things you know • Things you have • Things you relate to • They can be used to • authenticate client requests for services • Control access to data in the cloud • Preventing unauthorized used • Maintain user roles

  18. Steps for establishing identities for cloud computing • Establish an identity • Identity be authenticated • Authentication can be portable • Authentication provide access to resources

  19. Defining Identity as a Service (IDaaS) • Store the information that associates with a digital entity used in electronic transactions • Core functions • Data store • Query engine • Policy engine

  20. Core IDaaS applications

  21. Authentication Protocol Standards • OpenID 2.0 http://openid.net • OAuth http://oauth.net

  22. Policy Engine (XACML)

  23. SAML Single Sign On Request/ Response Mechanism

  24. Auditing • Auditing is the ability to monitor the events to understand performance • Proprietary log formats • Might not be co-located

  25. Auditing (2) Picture from Alexandra Institute

  26. Regulatory Compliance • All regulations were written without keeping Cloud Computing in mind. • Clients are held responsible for compliance under the laws that apply to the location where the processing or storage takes place. • Security laws that requires companies providing sensitive personal information have to encrypt data transmitted and stored on their systems (Massachusetts March, 2012).

  27. Regulatory Compliance (2) • You have to ensure the followings: • Contracts reviewed by your legal staff • The right to audit in your SLA • Review cloud service providers their security and regulatory compliance • Understand the scope of the regulations that apply to your cloud-based applications • Consider what steps to take to comply with the demand of regulations that apply and/ or adjusting your procedures to this matter • Collect and maintain the evidence of your compliance with regulations

  28. Defining Compliance as a Service (CaaS) • CaaS needs to • Serve as a trusted party • Be able to manage cloud relationships • Be able to understand security policies and procedures • Be able to know how to handle information and administer policy • Be aware of geographic location • Provide an incidence response, archive, and allow for the system to be queried, all to a level that can be captured in a SLA

  29. Defining Compliance as a Service (CaaS) (2) • Examples of clouds that advertise CaaS capabilities include the following: • Athenahealth for the medical industry • Bankserv for the banking industry • ClearPoint PCI for mechant transactions • FedCloud for goverment

  30. References • Chapter 4, 12 of Course Book: Cloud Computing Bible, 2011, Wiley Publishing Inc. • Research paper - Security and Privacy Challenges in Cloud Computing Environments, Hassan Takabi and James B.D. Joshi, University of Pittsburgh

More Related