Embed Size (px)
DESCRIPTION
Cloud security Issues
Citation preview
Security Issues in Cloud Computing
Contents :
• What is Cloud Computing?
• Is it Really Secure?
• Cases in Cloud Computing
• Security Measures
What is Cloud Computing..
• A network of remote servers hosted on the internet to store, manage, and process data, rather than a local server or a personal computer.
• It is divided it into two sections:
The front end and the back end. They connect to each other through a network, usually the Internet.
The front end is the side the computer user, or client, sees. The back end is the "cloud" section of the system.
• The front end includes the client's computer and the application required to access the cloud computing system.
• On the back end of the system are the various computers, servers and data storage systems that create the "cloud" of computing services.
• It is a Web-based service which hosts all the programs the user would need for a job.
• Potentially, everything from generic word processing software to customized computer programs designed for a specific company could work on a cloud computing system..
• It's called cloud computing.
Cloud Oriented ArchitectureCloud Oriented Architecture
VirtualData Center
IaaS/PaaS
PhysicalData Center
Mobile
Web Applications
ARPANET TCPIP WWW HTML .COM
SOCIALNETWORKS
INTERNET OFTHINGS
100M100M 250M250M
500M500M
25B25B
50B50B
Internet Connected Internet Connected DevicesDevices
12B12B
The Internet of Things is HereThe Internet of Things is Here
In 2012 In 2012 2.4 Billion2.4 Billion peoplepeople
connected to the Internetconnected to the Internet
Why care about securityWhy care about securityat scale?at scale?
• Perimeter isPerimeter ischanging dramaticallychanging dramatically
• Attacks areAttacks are• non-stopnon-stop
VirtualData Center
PhysicalData Center
Mobile
Web Applications
IaaS/PaaS
Is It Really Secure ?
• No matter how careful you are with your personal data, by subscribing to the cloud you will be giving up some control to an external source. It may also create more space for a third party to access your information.
• There is a lot of personal information and potentially secure data that people store on their computers, and this information is now being transferred to the cloud.
• Cloud computing offers many benefits, but is vulnerable to threats, and it is equally important to take personal precautions to secure your data
• The cloud is enabling cybercriminals to conduct highly automated online banking theft
•Like most online consumer bank fraud, the attacks started off with a phishing e-mail and urging the recipient to click a link to change the account password.
•Once the link is clicked, a Trojan was downloaded onto the victim's computer, in early versions of the attacks. In later versions the malware is operating from a server.
• The server is the brains that does all the transactions in the bank account
• The criminals don't have to change anything on the end user side. They can make modifications on the server side. They still have malware on the user's machine.
How many attacks?How many attacks?
• Honestly too manyHonestly too manyto countto count
How do breaches happen?How do breaches happen?How do breaches happen?How do breaches happen?
•8888%% of all hacking attacks of all hacking attacks
• use remote access from the internetuse remote access from the internet
• *Source: Verizon data breach report 2012*Source: Verizon data breach report 2012
How do breaches happen?How do breaches happen?(In 2013)(In 2013)
How do breaches happen?How do breaches happen?(In 2013)(In 2013)
•utilized some formutilized some formof hackingof hacking8181%%
6969%%
1010%%
77%%
55%%resulted fromresulted fromprivilege misuse privilege misuse
IncorporatedIncorporatedmalwaremalware
Involved physicalInvolved physicalattacksattacks
employed socialemployed socialtacticstactics
+31+31%%
-19-19%%
+20+20%%
-4-4%%
-12-12%%*Source: Verizon data breach report 2012
Web application securityWeb application security is a challenge is a challenge
They are They are CustomCustom
Web applications are the Web applications are the underbelly of the internetunderbelly of the internet
They are They are Everywhere!Everywhere!
Continuous Security: Case Study Continuous Security: Case Study Continuous Security: Case Study Continuous Security: Case Study
US Department of StateUS Department of State400 worldwide embassies400 worldwide embassiesGrades based on formulaGrades based on formula
Scan every 3 daysScan every 3 days85% hosts fixed in 6 days85% hosts fixed in 6 days
New Security ArchitectureNew Security Architectureis neededis needed
•Legacy Enterprise Legacy Enterprise Point SolutionsPoint Solutions
Do Not ScaleDo Not Scale
Is it enough to scan and pentest Is it enough to scan and pentest once a quarter?once a quarter?
Is it enough to scan and pentest Is it enough to scan and pentest once a quarter?once a quarter?
Security NeedsSecurity Needsto be to be ContinuousContinuous
• More thanMore than
• 8080%% of all breaches of all breaches• are from known vulnerabilitiesare from known vulnerabilities
Continuous Cloud SecurityContinuous Cloud SecurityYou CAN protect yourselfYou CAN protect yourself
Security Measures
• Are their security standards appropriate?
• Is your data encrypted when being uploaded to or
downloaded from the cloud?
• Understand how access is shared with your cloud folder
• Pick a good password.
• Back up your data
COA platform deploymentCOA platform deploymentCOA platform deploymentCOA platform deployment
COA can be a private cloudCOA can be a private cloud
Are you ready to protectAre you ready to protectagainst this onslaught?against this onslaught?
Are you ready to protectAre you ready to protectagainst this onslaught?against this onslaught?
THANK YOU!!!
![Federated Cloud Security Architecture for Secure and … · Federated Cloud Security Architecture 171 2 Cloud Security We briefly review cloud security [40] and related prior work](https://img.dokumen.tips/doc/110x75/5b19fbfc7f8b9a32258cef49/federated-cloud-security-architecture-for-secure-and-federated-cloud-security.jpg)
