Security issues in the Cloud

meatcologneInternet and Web Development

Nov 3, 2013 (3 years and 5 months ago)

53 views

Security issues in the Cloud

Presentation for
CloudCamp

2012

(Lagos)


Christopher Odutola

FVC Inc. Dubai

Introduction


What is Cloud Security?
Policies deployed to
protect

cloud computing


Security issues faced by Providers and
subscribers
-

responsibility


Extensive use of Virtualization


Security & Privacy, Compliance,
Legal/Contractual issues

Security and Privacy


Identity Management (IdM


federation or SSO)


Physical and Personnel Security for providers


Availability: regular and predictable access


Application Security: ensure applications are
secure


Privacy: mask critical data, restrict user
access/authority, protect digital IDs


Legal issues vary from country to country

Compliance (PCI DSS, HIPAA, SOX)

Regulations require reporting & audit trails


BC and DR: plans for emergency recovery of data
loss


Logs and audit trails (incl.
eDiscovery
)


Unique compliance requirements for data centers


Legal and contractual issues (SLA, liability,
intellectual property, end
-
of
-
service)


Public records (incl. public agencies)

CSA’s top 7 threats


Abuse and nefarious use of cloud computing
(
IaaS
,
PaaS
)


Insecure interfaces and APIs


Malicious Insiders


Shared Technology Issues


Data Loss or Leakage


Account or Service Hijacking


Unknown Risk Profile

Conclusions


Cloud Security


Old problems


New Problems


New Provider Enhancements


Many well understood problems and solutions
(OWASP, CSA)

Thank You