1 / 10

Cloud Computing Security Considerations

Cloud Computing Security Considerations. Linda Pruss Senior Security Engineer. Security is the Major Issue. The NIST Cloud Definition Framework. Deployment Models. Hybrid Clouds. Service Models. Community Cloud. Public Cloud. Private Cloud. Essential Characteristics.

alisa
Download Presentation

Cloud Computing Security Considerations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cloud Computing Security Considerations Linda Pruss Senior Security Engineer

  2. Security is the Major Issue

  3. The NIST Cloud Definition Framework Deployment Models Hybrid Clouds Service Models Community Cloud Public Cloud Private Cloud Essential Characteristics Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Massive Scale Resilient Computing On Demand Self-Service Homogeneity Geographic Distribution Common Characteristics Broad Network Access Rapid Elasticity Virtualization Service Orientation Resource Pooling Measured Service Low Cost Software Advanced Security Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com

  4. Risk based Analysis • Data classification • Restricted data • Sensitive data • Internal data • Public data • The more restrictive the data, the less likely you’ll want to use a cloud service • The more critical the function, the less likely you’ll want to use a cloud service.

  5. Safeguard Data • Security controls are no different in a cloud than in any IT environment • “Cloud computing is about gracefully losing control while maintaining accountability even if the operational responsibility falls upon one or more third parties.”

  6. Safeguard Data • Increased vendor management • Contractual risk transfer? • Transparency and trust • Understand security environment • Integrate with UW environment

  7. Safeguard Data • Access controls • Need to know, least privilege • Minimize content in the cloud • Avoid storing personally identifying information • Delete data when no longer needed • Understand compliance requirements

  8. Safeguard Data • Logging • monitoring security controls • incident response • Availability • Audits • Revisit service for security/risk changes over time

  9. Privacy Considerations • Information privacy is the ability of an individual or group to stop information about themselves from becoming known to people other than those they choose to give the information to. • consider aliases especially in public cloud • keep on topic • comply with FERPA

  10. Contract Addendum • Madison Data Security Terms and Conditions • University Data Definition • Data Sharing • Data transmission and backup • Notification of Incidents • Security Investigations • Intellectual property • General data protection • Data protection after contract termination

More Related