1 / 18

About ENISA

Cloud services security Prof. Manel Medina Head of Unit CERT Operations support ENISA manel.medina@enisa.europa.eu. About ENISA. The European Network and Information Security Agency gives advice on information security issues to national authorities, EU institutions, citizens, businesses

james-french
Download Presentation

About ENISA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cloud services securityProf. Manel MedinaHead of Unit CERT Operations supportENISAmanel.medina@enisa.europa.eu

  2. About ENISA • The European Network and Information Security Agency • gives advice on information security issues • to national authorities, EU institutions, citizens, businesses • acts as a forum for sharing good NIS practices • facilitates information exchange and collaboration • Set up in 2004 – EC proposed a new mandate for 2013. New mandate pending of Council and Parliament approval. • Around 35 security experts and 25 supporting staff. • ENISA has an advisory role (not operational) and the focus is on prevention and preparedness.

  3. Information Security Risks information security risks time

  4. Part of the solution Part of the solution Cloud computing Smartphones and apps Social media

  5. The Shining Cloud

  6. ENISA’s cloud security work • 2009 Cloud computing risk assessment • 2009 Cloud security control framework • 2011 Security and resilience for gov clouds • 2011 Security parameters in gov cloud SLAs • 2011 EU Cloud strategy • 2012 Procure secure • 2012 Critical clouds

  7. Leverage

  8. Resilience Resilience

  9. Security will drive adoption of cloud computing

  10. Trust

  11. Security and assurance standards

  12. Penetration tests

  13. Backup/failover tests

  14. Data portability tests

  15. From periodic certification to continuous monitoring Cloud security; if you can’t measure it, you can’t manage it

  16. Procure secure • Work started as an ENISA/OASIS/CSA workshop • Guide for customers on monitoring security parameters of cloud services • Checklist with questions to ask • 8 security parameters • What and How to measure. Independence? • When to rise a flag? Responsible (Customer/Provider)? • Examples of security parameters • Service availability • Incident response • Vulnerability management

  17. Procure secure: security parameters • Service availability: monitoring, thresholds • Incident response: Severity classification, management capabilities • Service elasticity and load tolerance: burst tests, who? • Data life-cycle management: back-up frequency & integrity • Technical compliance and Vulnerability management: Configuration, patches, vulnerability discovery & reporting, 3rdparty • Change management: Notification, critical periods, loss of certification status • Data isolation: categories of data, independent test? • Log management and forensics: frequency, granularity, availability, cross checking

  18. Contact Dr. Marnix Dekker <marnix.dekker@enisa.europa.eu>Prof. Manel Medina <manel.medina@enisa.europa.eu>About securely moving to smartphones and cloud computinghttp://www.enisa.europa.eu/act/application-securitySecurity parameters in Cloud SLAshttp://www.enisa.europa.eu/activities/application-security/test/procure-secure-a-guide-to-monitoring-of-security-service-levels-in-cloud-contracts

More Related