Cloud security design considerations

Cloud SecurityDesign Considerations

Kavis Technology Consulting

What level of security is required

Security and Cloud Service Models

Private Cloudshttp://designyoutrust.com

It’s allYou!

Public Clouds

Vendor supplies …- Infrastructure security

You do this

Vendor supplies …- Application Stack Security- Infrastructure Security

You do this

Vendor supplies …- Application Security- Application Stack Security- Infrastructure Security

You do this

Infrastructure Security

Applications Stack Security

Application Security

•••••

User security

Security across all service models

Source:https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf

Key Security Areas of Focus

Security Strategies

Centralize

Standardize

Automate

Security Actions

Application

Detection

Prevention

Policy Enforcement

”Golden” Image

Cloud Servers

Deploy

••

Policy Enforcement

••

Client Server

Data Store

Deploy

Admin Console

Policies

Encryption

••

Encryption

• Compliance

• Security

Usability

• Complexity

• Performance

Encryption

•••••

••••

••

Encryption

• Compliance

• Security

Usability

• Complexity

• Performance

Key Management

••

Applications

Organizations

Account

Web Security

API Token Management

Do Not Roll Your Own

API Token Management

••

Patch Management

••

Monitoring

Security

Performance

Capacity

Uptime

Throughput

User metrics

Log file analysis

IntrusionDetection

TroubleShooting

Logging

Source: http://www.thoughtworks.com/continuous-delivery

Continuous Deployments

Maintaining Consistent Environments

AutomationManage

TrackAdminister

• Self Provision

• Charge Back

• Access Control

• Policies

• Audits

ID Management

Centralized

Facade

Entity 1 Entity 2 Entity n

CSP 1 CSP 2 CSP 3

USE CASEs Business to Business

Internal costumers

Known Customers

Advantages Central control

Roles, and groups

termination

ID Management

deCentralizedUSE CASEs Business to Consumer

Open registration

Large Number of

enrollees

Advantages Must accept terms

Simple integration

with Partners

Source: http://static.springsource.org/spring-social/docs/1.0.x/reference/html/serviceprovider.html

Thank You

For details on this topic and others go to my blog

www Kavistechnology com

Images courtesy of www.thinkstockphotos.com

Cloud security design considerations

Technology

Planning Guide Cloud Security - Intel · one barrier to implementing cloud initiatives for many companies. Cloud computing security is a broad topic with hundreds of considerations—from

Security in the Cloud - AT&T BusinessSecurity in the Cloud . What can enterprise IT professionals do to ensure that their cloud ... enterprises grasp security considerations for SaaS

雲端運算的安全注意事項 Cloud Computing Security Considerations

Dr. Susan Cole, CISSP, CCSK scole@faculty.ctuonline.edu CLOUD SECURITY: Concerns, Complications and Considerations

Top Ten Security Considerations when Setting up your OpenNebula Cloud

Security Considerations for the Cloud - NIST · cloud providers certified by FedRAMP. • Risk assessment should be performed before moving to the cloud. In some cases moving to the

ITSP.50.105 Guidance on Cloud Security Assessment and ... · cloud-specific security considerations are addressed, and security controls of cloud-based services are properly assessed

Using AWS in the Context of Common Privacy & Data ... · Common Privacy & Data Protection Considerations May 2018 ... While AWS manages security of the cloud, security in the cloud

Security Considerations for Private vs. Public Clouds · PDF file© 2015 Cloud Security Alliance ... Security Considerations for Private vs. Public Clouds ... Security Considerations

Medical Device Security Considerations Case Study · PDF fileMedical Device Security Considerations –Case Study ... Medical Device Security Considerations 8 Risks: ... //mdrap.mdiss.org

Cloud Computing Security Considerations - acsc.gov.au · Microsoft SharePoint Online, Microsoft Dynamics CRM Online and ... Cloud computing has the potential to help agencies leverage

National Cyber Security Centre (NCSC) Cloud Security ... · Cloud Security Principle 4: Governance 23 Cloud Security Principle 5: Operational Security 25 Cloud Security Principle

Cloud Computing Information Security and Privacy ... · All-of-Government Cloud Computing: Information Security and Privacy Considerations April 2014 3 Contents 1 Introduction 4 2

Cloud Computing Security Considerations...Cloud computing offers potential benefits including cost savings and improved business outcomes for organisations. However, there are a variety

Application Considerations for Cloud

Cloud Computing Security Considerations · Salesforce.com Customer Relationship Management (CRM), Google Docs, Google Gmail and Microsoft Office 365. A vendor adding the words cloud

Security Considerations Cloud Computing

Norm Barber Migrating Critical Applications to the Cloud - Security and Compliance Considerations

Cloud Computing Security Considerations · PDF fileCloud Computing Security Considerations ... Public cloud involves an organisation using a vendor’s cloud infrastructure which is

VMware Horizon Cloud Service on Microsoft Azure Security …€¦ · VMware Horizon Cloud Service on Microsoft Azure Security Considerations SUMMARY DESCRIPTION Collected from the