1 / 13

Securing the Cloud NIST Draft SP 800-144

Securing the Cloud NIST Draft SP 800-144. By Kevin Stevens. What is Cloud Computing?. Cloud computing can be described several ways. NIST provides the following definition:

markgardner
Download Presentation

Securing the Cloud NIST Draft SP 800-144

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Securing the CloudNIST Draft SP 800-144 By Kevin Stevens

  2. What is Cloud Computing? Cloud computing can be described several ways. NIST provides the following definition: “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

  3. How we use the Cloud • Software as a Service (SaaS) • Platform as a Service (PaaS) • Infrastructure as a Service (IaaS) The “cloud” provides a virtual environment without the physical infrastructure in typically deployments. This offloading of assets creates new issues for information security.

  4. Why the Cloud? Simple! • Reduced costs • Increased efficiency Can you say greater ROI

  5. So what is the problem? Cloud computing is an emerging technology that is being implemented across all industries. New technologies always come with greater risk. • Privacy • Security

  6. Who provides Security? • Many aspects of security fall in the hands of a third party. • Security also falls in the hands on the client organization as well.

  7. Important Factors in the Cloud • SLA – Service level agreement should outline the level of services provided by the cloud provider. • Security • Privacy • Policy & Procedures • Technical controls • Data ownership • Exit rights • Date encryption • Compliance

  8. What is the biggest obstacle? And the winner is…. Security

  9. FISMA “FISMA requires federal agencies to adequately protect their information and information systems against unauthorized access, use, disclosure, disruption, modification, or destruction [HR2458].” EVEN in the cloud!

  10. Detailed Concerns • System Complexity • Shared Multi-tenant Environment • Internet facing Services • Loss of control

  11. Summary of Recommendations • Duplicate physical network security controls • Require cloud provider to immediately report intrusions • Secure management of virtual images • Secure both client and server, including physical and logical controls. (virtual firewall, common hardening, etc) • Dual Identity and Access Management • Isolation of client resources • Data Isolation (may be done by encryption to data at rest and in transit)

  12. Summary of Recommendations-continued- • Data sanitization • Availability • Incident Response

  13. References FISMApedia. Retrieved March 25, 2011, from http://www.fismapedia.org/index.php?title=Main_Page NIST.gov - Computer Security Division - Computer Security Resource Center. Retrieved March 27, 2011, from http://csrc.nist.gov/groups/SNS/cloud-computing/

More Related