1 / 18

Cloud Security Assessment

Cloud Security Assessment . Introduction. The Cloud, a revolution on several levels….

louis
Download Presentation

Cloud Security Assessment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cloud Security Assessment

  2. Introduction The Cloud, a revolution on several levels… • Cloud computing is an approach in which infrastructure and software resources are provided by an external vendor or by your internal IT department over the Internet. These resources are highly scalable and at competitive costs, which make Cloud services highly attractive in a business environment in which organisations are trying to reduce their IT capital expenditure and costs and improve the flexibility of their IT services delivery.

  3. Introduction Reasons for using Cloud Computing Source: Flying Blind in the Cloud, Ponemon Institute, April 2010

  4. Introduction Benefits and risks Adopting Cloud computing can bring significant benefits and challenges for organisations in building trust and confidence in Cloud Computing services, including:

  5. Introduction Atos Sphere™ Security and Compliance

  6. Introduction • Cloud Services as a mix of consumer commodities and enterprise applications have to meet costumer needs for confidentiality and compliance to legal directives. This package provides: • Set of core security principals to assure users and customers of a trustworthy cloud computing environment • Increased level of security to support sensible enterprise applications and data in a cloud environment • Customer adopted best practice rules to handle ignorance of data, processing and application location

  7. Legal Recommendations Business issues • European Commission • Data Protect Directive (Article 29) • Customer notification of data security breaches • eCommerce Directive (Article 12-15) • Minimum data protection standards and privacy certification schemes common across all stated • Country local directives • Germany: TKG, Datenschutzgesetz • Areas of attention • Data Security, Protection and Transfer • Law Enforcement Access • Confidentiality and non-disclosure • Intellectual property • Risk allocation and limitation of liability • Change of control

  8. Security Benefits Security and the benefits of scale Business issues • All security measures are cheaper when implemented in a large scale • Same amount of investment in security buys better protection for all kinds of defensive measures e.g. • Filtering • Patch management • Hardening of virtual machines and hypervisors • Multiple locations • Edge networks • timeliness of response to incidents, treat management • Standardized interface for managed security services (open and readily available market) • Dynamic reallocation of filtering, traffic shaping, authentication, encryption, etc. • Audit and evidence gathering (less downtime for forensic analysis, lower log storage cost) • More timely effective and efficient updates and default • Benefits of resource concentration, beside the risk security is cheaper

  9. Protection of sensitive information in the Cloud Business issues • Only a few organizations have taken proactive steps to protect sensitive information Source: Flying Blind in the Cloud, Ponemon Institute, April 2010

  10. Security RisksTop Risks Business issues • Loss of Governance • Lock-In • Isolation Failure • Compliance Risk • Management interface compromise • Data protection • Insecure or incomplete data deletion • Malicious insider

  11. Security Risks by category Business issues

  12. Areas of Vulnerabilities Cloud relevant Business issues

  13. 7. Research RecommendationsCategories Business issues • Building trust in the cloud • Effects on different forms of breach reporting on security • End-to-end data confidentiality in the cloud and beyond • Higher assurance clouds, virtual private clouds etc. • Data protection in large scale cross-organizational systems • Forensics and evidence gathering mechanisms • Incident handling, monitoring and traceability • International differences in relevant regulations including data protection and privacy • Large scale computer engineering • Resource isolation mechanisms – data, processing, logs, etc • Interoperability between cloud providers • Resilience of cloud computing How can cloud improve resilience.

  14. Compliance and Certifications Business issues

  15. Cloud Security services Our Approach

  16. Cloud Security Assessment Our Approach Customer benefits and business outcomes • Customer benefits • Knowledge of what your digital security weaknesses really are • Knowledge of the legislative and regulatory requirements you really face • Clarity on your cost v risk balance

  17. Cloud Security Assessment Our Approach fig 2

  18. Cloud Security Assessment Our Approach

More Related