Richard marshall information_security_in_the_government_workshop6
1. Information Security in the
Government Workshop
Cloud and e-Service Security
Disaster, Data Loss and the Cloud
Dr. Richard H.L. Marshall, Esq.
2. Disaster, Data Loss and the Cloud
• Many Companies and USG agencies consider their data to be their
most valuable asset.
• However, they’ve been challenged trying to keep their “crown
jewels” safe, especially from the increasing number of natural
disasters as well as host of man-made problems.
• The cloud offers a way to better protect their data. The growing
acceptance of using the cloud to safely store data will continue to
increase as costs come down and ease of accessibility increases.
• Storage and backup solutions are the most popular cloud
applications.
• The cloud provides many benefits over traditional methods of
storing and backing up data such as using USB flash drives or
CDs/DVDs.
• Cloud backup is automatic and restoration is simplified.
3. Reassing Cloud Security
• The cloud provides numerous mechanisms for safeguarding data.
• Traditionally, a program runs on a dedicated physical machine and
any system outage or physical issue would impact the program
directly and result in data loss.
• With the cloud, the program runs on a virtual machine. The
physical layer is separated from the software layer.
• This pools all the physical resources, allocating them when they are
needed, and eliminates the single point of failure in the traditional
approach.
• The cloud operating system supports data storage by distribution
mode or mirror mode, meaning that the data will be duplicated and
stored in different physical disks in the pool.
• Cloud advocates assert that this guarantees data safety and allows
for easy data recovery
4. Reassing Cloud Security
• Organizations such as the USG opt to implement a multipronged
approach to data protection.
• It can provide automatic data encryption, auditing of operation
logs, more stringent ways to authenticate users and other security
mechanisms.
• Security concerns include authentication, authorization, accounting
(AAA) services; encryption; storage; security breaches; regulatory
compliance; location of data and users; and other risks associated
with isolating sensitive corporate data.
• Add to this array of concerns the potential loss of control over your
data, and the cloud model starts to get a little scary.
• No matter where your applications live in the cloud or how they are
being served, one theme is consistent: You are hosting and
delivering your critical data at a third-party location, not within your
four walls, and keeping that data safe is a top priority.
5. Reassing Cloud Security
• The problem is that you really do not know where in the cloud the
data is at any given moment.
• IT departments are already anxious about the confidentially and
integrity of sensitive data.
• Hosting this data in the cloud highlights not only concerns about
protecting critical data in a third-party location but also role-based
access control to that data for normal business functions.
• The cloud does not lend itself to static security controls.
• Like all other elements within cloud architecture, security must be
integrated into a centralized, dynamic control plane.
• In the cloud, security solutions must have the capability to intercept
all data traffic, interpret its context, and then make appropriate
decisions about that traffic, including instructing other cloud
elements how to handle it.
6. Reassing Cloud Security
• One of the biggest areas of concern for both cloud vendors and
customers alike is strong authentication, authorization, and
automatic encryption of data to and from the cloud.
• Users and administrators alike need to be authenticated—with
strong or two-factor authentication—to ensure that only authorized
personnel are able to access data.
• And, the data itself needs to be segmented to ensure there is no
leakage to other users or systems.
• AAA services along with secure, encrypted tunnels to manage your
cloud infrastructure should be at the top of the basic cloud services
offered by vendors.
• Since data can be housed at a distant location where you have less
physical control, logical control becomes paramount, and enforcing
strict access to raw data and protecting data in transit (such as
uploading new data) becomes critical to the business.