SlideShare une entreprise Scribd logo

Strategies for assessing cloud security

IBM India Smarter Computing
IBM India Smarter Computing
TechnologieBusiness
1  sur  6
Télécharger pour lire hors ligne
IBM Global Technology Services November 2010 Thought Leadership White Paper Strategies for assessing cloud security
2 Securing the cloud: from strategy development to ongoing assessment Executive summary compliance. Even if IT workloads are transitioned to the Cloud computing provides flexible, cost-effective delivery of cloud, users are still responsible for compliance and data secu- business or consumer IT services over the Internet. Cloud rity. As a result, subscribers must establish trust relationships resources can be rapidly deployed and easily scaled, with all with their cloud providers and understand the risk posed by processes, applications, and services provisioned on demand, public and/or private cloud computing environments. regardless of the user location or device. As a result, cloud computing helps organizations improve service delivery, Security challenges in the cloud—the streamline IT management and better align IT services with need for a trusted third party evaluation dynamic business requirements. Cloud computing can also One of the most significant differences between cloud simultaneously support core business functions and provide security and traditional IT security stems from the sharing of capacity for new and innovative services. infrastructure on a massive scale. Users spanning different cor- porations and trust levels often interact with the same set of Both public and private cloud models, or a hybrid approach computing resources. And public cloud services are increas- using both models, are now in use. Available to anyone with ingly being offered by a chain of providers—all storing and Internet access, public clouds are acquired as a service and processing data externally in multiple unspecified locations. paid for on a per-usage basis or by subscription. Private clouds are owned and used by a single organization. They offer many Inside the cloud, it is difficult to physically locate where data is of the same benefits as public clouds, but give the owner stored. Security processes that were once visible are now hid- greater flexibility and control. den behind layers of abstraction. This lack of visibility can cause concerns about data exposure and compromise, service Although the benefits of cloud computing are clear, so is the reliability, ability to demonstrate compliance and meet SLAs, need to develop proper security for cloud implementations— and overall security management. whether public or private. Embracing cloud computing with- out adequate security controls can place the entire IT Visibility can be especially critical for compliance. The infrastructure at risk. Cloud computing introduces another Sarbanes-Oxley Act, the Health Insurance Portability and level of risk because essential services are often outsourced to Accountability Act (HIPAA), European privacy laws, and many a third party, making it harder to maintain data integrity and privacy, support data and service availability, and demonstrate
IBM Global Technology Services 3 other regulations require comprehensive auditing capabilities. Developing a strategic cloud security Many public clouds may indeed be a black box to the sub- roadmap with IBM scriber, thus clients may not be able to demonstrate compli- There is no one-size-fits-all model for security in the cloud. ance. (A private or hybrid cloud, on the other hand, can be Organizations have different security requirements that are configured to meet those requirements.) determined by the unique characteristics of the business work- load they intend to migrate to the cloud or the services they In addition, providers are sometimes required to support are providing from their cloud. It is important when evaluat- third-party audits, or support e-Discovery initiatives and ing risk in a cloud computing model, that a cloud security forensic investigations. This adds even more importance to strategy be developed. maintaining proper visibility into the cloud. Legal discovery of a co-tenant’s data may affect the confidentiality of other ten- By partnering with IBM, clients can benefit from proven ants’ data if the data is not properly segmented. This may assessment methodologies and best practices that help mean that some sensitive data may not be appropriate for cer- ensure consistent, reliable results. They can also leverage com- tain cloud environments. prehensive frameworks that address enterprise cloud strategy, implementation and management in a holistic approach that Organizations considering cloud-based services must under- maximizes the business value of cloud investments while mini- stand the associated risks and ensure appropriate visibility. mizing business risk. IBM guidelines for securing cloud implementations focus on the following areas: Defining business and IT strategy The first step to understanding security risks posed by a cloud ● Building a security program computing model is to analyze business and IT strategies. ● Confidential data protection What is the value of the information that will be stored, ● Implementing strong access and identity accessed and transmitted via the cloud? Is it business critical ● Application provisioning and de-provisioning and/or confidential? Is it subject to regulatory compliance? ● Governance audit management Clients must also consider availability requirements. After ● Vulnerability management determining the business and IT strategy and evaluating the ● Testing and validation data, clients can make a more informed, risk-based decision about which cloud computing model to pursue. Because cloud computing is available in several service models (and hybrids of these models), each presents different levels of responsibility for security management. Trusted third parties can help companies apply cloud security best practices to their specific business needs.
4 Securing the cloud: from strategy development to ongoing assessment Identifying the risks The IBM cloud security assessment reviews cloud architecture Each type of cloud—public, private and hybrid—carries a from a security standpoint, including policies and processes for different level of IT security risk. Security experts from data access and storage. IBM security experts assess the cur- IBM can help clients identify the vulnerabilities, threats and rent state of cloud security against best practices, and against other values at risk based on public, private or hybrid cloud providers’ own security objectives. Security requirements and architecture. From there, IBM will work with clients to design best practices criteria is based on unique characteristics of the initial mechanisms and controls to mitigate risk, and outline subject cloud, including workload, trust level of end users, the maintenance and testing procedures that will help ensure data protection requirements and more. For example, clouds ongoing risk mitigation. supporting email will have different security requirements than those supporting electronic Protected Health Documenting the plan Information (ePHI). IBM clients will benefit from a documented roadmap address- ing cloud security strategy. The plan should identify the types A gap assessment against security objectives and best practices of workloads or applications that are candidates for cloud will reveal strengths and weaknesses of the current security computing and should account for the legal, regulatory and architecture and processes. IBM experts will provide recom- security requirements. IBM will work with clients to plan for mendations for improvements and continuous security compensating controls to mitigate perceived risks, including measures to bridge the gaps. These can include the use of how to address identity and access management, and how to additional network security controls, modifications to existing balance security controls between the cloud provider and the security policies and procedures, implementation of new iden- subscriber. tity and access management controls, acquisition of managed security services for offloading critical security management Assessing cloud security with IBM tasks, or any number of other remediation steps. In addition to developing a strategy for cloud security, IBM can perform a cloud security assessment for public or In addition to a thorough review of the cloud security pro- private cloud offerings. This service can provide helpful due gram, IBM advises steady state technical testing of the cloud’s diligence for cloud providers, or help subscribers understand network infrastructure and supporting applications via remote the security posture of their provider’s cloud. penetration and application testing. This provides a “hacker’s eye” view of cloud components and provides insight into how cloud security weaknesses can significantly impact data and information protection.
IBM Global Technology Services 5 Why IBM? security services that enable a business-driven approach to To fully benefit from cloud computing, clients must ensure securing your cloud computing as well as your physical IT that data, applications and systems are properly secured so that environments. cloud infrastructure won’t expose the organization to risk. Cloud computing has the usual requirements of traditional IT IBM’s capabilities empower you to dynamically monitor and security, though it presents an added level of risk because of quantify security risks, enabling you to better: the external aspects of a cloud model. This can make it more difficult to maintain data integrity and privacy, support data ● Understand threats and vulnerabilities in terms of business and service availability, and demonstrate compliance. impact, ● Respond to security events with security controls that opti- Assessing the risks associated with cloud computing, such as mize business results, data integrity, recovery, privacy, and tenant isolation is critical ● Prioritize and balance your security investments. to the adoption of cloud technologies. These risks call for automated end-to-end security with a heavier emphasis on IBM also securely operates its own public clouds, including strong isolation, integrity and resiliency in order to provide IBM LotusLive™. IBM continuously invests in research and visibility, control and automation across the cloud computing development of stronger isolation at all levels of the network, infrastructure. server, hypervisor, process and storage infrastructure to sup- port massive multitenancy while mitigating risk. IBM helps clients put risk management strategies into action by transforming security from a cost of doing business to a Through world-class solutions that address risk across all way to improve the business. IBM draws from a broad portfo- aspects of your business, IBM is able to help you create an lio of consulting services, software and hardware and managed intelligent infrastructure that drives down costs, is secure, and is just as dynamic as today’s business climate. IBM cloud secu- rity solutions and services build on the strong foundation of the IBM security framework to extend benefits from tradi- tional IT environments to cloud computing environments.
For more information To learn more about the IBM Cloud Security Services, please contact your IBM marketing representative or IBM Business Partner, or visit the following website: ibm.com/cloud Additionally, financing solutions from IBM Global Financing © Copyright IBM Corporation 2010 Route 100 can enable effective cash management, protection from tech- Somers, NY 10589 U.S.A. nology obsolescence, improved total cost of ownership and Produced in the United States of America return on investment. Also, our Global Asset Recovery November 2010 Services help address environmental concerns with new, All Rights Reserved more energy-efficient solutions. For more information on IBM, the IBM logo, ibm.com and LotusLive are trademarks or IBM Global Financing, visit: ibm.com/financing registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Other company, product or service names may be trademarks or service marks of others. Please Recycle SEW03022-USEN-01

Recommandé

Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Surveyinventionjournals
 
Cloud implementation security challenges
Cloud implementation security challengesCloud implementation security challenges
Cloud implementation security challengesbornresearcher
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Symosis Security (Previously C-Level Security)
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the CloudEpoch Universal, Inc.
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET Journal
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIJIR JOURNALS IJIRUSA
 
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET Journal
 

Recommandé

Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Surveyinventionjournals
 
Cloud implementation security challenges
Cloud implementation security challengesCloud implementation security challenges
Cloud implementation security challengesbornresearcher
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Symosis Security (Previously C-Level Security)
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the CloudEpoch Universal, Inc.
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET Journal
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIJIR JOURNALS IJIRUSA
 
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET Journal
 
International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4sophiabelthome
 
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...IRJET Journal
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesKresimir Popovic
 
Data Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentData Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentIOSR Journals
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...IJIR JOURNALS IJIRUSA
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile securityJAYANT RAJURKAR
 
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...IJCNCJournal
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...IJERA Editor
 
Various Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud ComputingVarious Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud ComputingINFOGAIN PUBLICATION
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesNJVC, LLC
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
Security in a Virtualised Computing
Security in a Virtualised ComputingSecurity in a Virtualised Computing
Security in a Virtualised ComputingIOSR Journals
 
Trusted computing for infrastructure
Trusted computing for infrastructureTrusted computing for infrastructure
Trusted computing for infrastructureEricsson
 
CLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEWCLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEWJournal For Research
 
An study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computingAn study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computingijsrd.com
 
Cloud Audit and Compliance
Cloud Audit and ComplianceCloud Audit and Compliance
Cloud Audit and ComplianceQuadrisk
 
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET Journal
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewPeter HJ van Eijk
 
The Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxThe Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxcherry686017
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
Requirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesRequirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesIOSR Journals
 

Contenu connexe

Tendances

International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4sophiabelthome
 
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...IRJET Journal
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesKresimir Popovic
 
Data Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentData Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentIOSR Journals
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...IJIR JOURNALS IJIRUSA
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile securityJAYANT RAJURKAR
 
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...IJCNCJournal
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...IJERA Editor
 
Various Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud ComputingVarious Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud ComputingINFOGAIN PUBLICATION
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesNJVC, LLC
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
Security in a Virtualised Computing
Security in a Virtualised ComputingSecurity in a Virtualised Computing
Security in a Virtualised ComputingIOSR Journals
 
Trusted computing for infrastructure
Trusted computing for infrastructureTrusted computing for infrastructure
Trusted computing for infrastructureEricsson
 
An study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computingAn study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computingijsrd.com
 
Cloud Audit and Compliance
Cloud Audit and ComplianceCloud Audit and Compliance
Cloud Audit and ComplianceQuadrisk
 
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET Journal
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewPeter HJ van Eijk
 

Tendances (19)

International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4
 
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Data Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentData Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud Environment
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile security
 
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
 
Various Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud ComputingVarious Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud Computing
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
 
Security in a Virtualised Computing
Security in a Virtualised ComputingSecurity in a Virtualised Computing
Security in a Virtualised Computing
 
Trusted computing for infrastructure
Trusted computing for infrastructureTrusted computing for infrastructure
Trusted computing for infrastructure
 
CLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEWCLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEW
 
An study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computingAn study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computing
 
Cloud Audit and Compliance
Cloud Audit and ComplianceCloud Audit and Compliance
Cloud Audit and Compliance
 
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overview
 

Similaire à Strategies for assessing cloud security

The Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxThe Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxcherry686017
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
Requirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesRequirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesIOSR Journals
 
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...AJASTJournal
 
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...AJASTJournal
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)ijceronline
 
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...IBM India Smarter Computing
 
A Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesA Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesIJCSIS Research Publications
 
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfCloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfDataSpace Academy
 
IRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET Journal
 
Cloud computing risk assesment report
Cloud computing risk assesment reportCloud computing risk assesment report
Cloud computing risk assesment reportAhmad El Tawil
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhShah Sheikh
 
chapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptxchapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptxGhofraneFerchichi2
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar reportshafzonly
 
Cloud computing-overview
Cloud computing-overviewCloud computing-overview
Cloud computing-overviewjaimehra05
 
Cloud computing-overview
Cloud computing-overviewCloud computing-overview
Cloud computing-overviewsri_kanth0526
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkIOSR Journals
 

Similaire à Strategies for assessing cloud security (20)

The Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxThe Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docx
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
 
Requirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesRequirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and Services
 
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
 
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...A Comprehensive Review on Data Security and Threats for Data Management in Cl...
A Comprehensive Review on Data Security and Threats for Data Management in Cl...
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
cloud1_aggy.pdf
cloud1_aggy.pdfcloud1_aggy.pdf
cloud1_aggy.pdf
 
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
 
A Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesA Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust Issues
 
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfCloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
 
IRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital Forensic
 
Cloud computing risk assesment report
Cloud computing risk assesment reportCloud computing risk assesment report
Cloud computing risk assesment report
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
 
chapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptxchapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptx
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar report
 
3822424.ppt
3822424.ppt3822424.ppt
3822424.ppt
 
Cloud computing-overview
Cloud computing-overviewCloud computing-overview
Cloud computing-overview
 
Cloud computing-overview
Cloud computing-overviewCloud computing-overview
Cloud computing-overview
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
 

Plus de IBM India Smarter Computing

Using the IBM XIV Storage System in OpenStack Cloud Environments
Using the IBM XIV Storage System in OpenStack Cloud Environments Using the IBM XIV Storage System in OpenStack Cloud Environments
Using the IBM XIV Storage System in OpenStack Cloud Environments IBM India Smarter Computing
 
TSL03104USEN Exploring VMware vSphere Storage API for Array Integration on th...
TSL03104USEN Exploring VMware vSphere Storage API for Array Integration on th...TSL03104USEN Exploring VMware vSphere Storage API for Array Integration on th...
TSL03104USEN Exploring VMware vSphere Storage API for Array Integration on th...IBM India Smarter Computing
 
A Comparison of PowerVM and Vmware Virtualization Performance
A Comparison of PowerVM and Vmware Virtualization PerformanceA Comparison of PowerVM and Vmware Virtualization Performance
A Comparison of PowerVM and Vmware Virtualization PerformanceIBM India Smarter Computing
 
IBM pureflex system and vmware vcloud enterprise suite reference architecture
IBM pureflex system and vmware vcloud enterprise suite reference architectureIBM pureflex system and vmware vcloud enterprise suite reference architecture
IBM pureflex system and vmware vcloud enterprise suite reference architectureIBM India Smarter Computing
 

Plus de IBM India Smarter Computing (20)

Using the IBM XIV Storage System in OpenStack Cloud Environments
Using the IBM XIV Storage System in OpenStack Cloud Environments Using the IBM XIV Storage System in OpenStack Cloud Environments
Using the IBM XIV Storage System in OpenStack Cloud Environments
 
All-flash Needs End to End Storage Efficiency
All-flash Needs End to End Storage EfficiencyAll-flash Needs End to End Storage Efficiency
All-flash Needs End to End Storage Efficiency
 
TSL03104USEN Exploring VMware vSphere Storage API for Array Integration on th...
TSL03104USEN Exploring VMware vSphere Storage API for Array Integration on th...TSL03104USEN Exploring VMware vSphere Storage API for Array Integration on th...
TSL03104USEN Exploring VMware vSphere Storage API for Array Integration on th...
 
IBM FlashSystem 840 Product Guide
IBM FlashSystem 840 Product GuideIBM FlashSystem 840 Product Guide
IBM FlashSystem 840 Product Guide
 
IBM System x3250 M5
IBM System x3250 M5IBM System x3250 M5
IBM System x3250 M5
 
IBM NeXtScale nx360 M4
IBM NeXtScale nx360 M4IBM NeXtScale nx360 M4
IBM NeXtScale nx360 M4
 
IBM System x3650 M4 HD
IBM System x3650 M4 HDIBM System x3650 M4 HD
IBM System x3650 M4 HD
 
IBM System x3300 M4
IBM System x3300 M4IBM System x3300 M4
IBM System x3300 M4
 
IBM System x iDataPlex dx360 M4
IBM System x iDataPlex dx360 M4IBM System x iDataPlex dx360 M4
IBM System x iDataPlex dx360 M4
 
IBM System x3500 M4
IBM System x3500 M4IBM System x3500 M4
IBM System x3500 M4
 
IBM System x3550 M4
IBM System x3550 M4IBM System x3550 M4
IBM System x3550 M4
 
IBM System x3650 M4
IBM System x3650 M4IBM System x3650 M4
IBM System x3650 M4
 
IBM System x3500 M3
IBM System x3500 M3IBM System x3500 M3
IBM System x3500 M3
 
IBM System x3400 M3
IBM System x3400 M3IBM System x3400 M3
IBM System x3400 M3
 
IBM System x3250 M3
IBM System x3250 M3IBM System x3250 M3
IBM System x3250 M3
 
IBM System x3200 M3
IBM System x3200 M3IBM System x3200 M3
IBM System x3200 M3
 
IBM PowerVC Introduction and Configuration
IBM PowerVC Introduction and ConfigurationIBM PowerVC Introduction and Configuration
IBM PowerVC Introduction and Configuration
 
A Comparison of PowerVM and Vmware Virtualization Performance
A Comparison of PowerVM and Vmware Virtualization PerformanceA Comparison of PowerVM and Vmware Virtualization Performance
A Comparison of PowerVM and Vmware Virtualization Performance
 
IBM pureflex system and vmware vcloud enterprise suite reference architecture
IBM pureflex system and vmware vcloud enterprise suite reference architectureIBM pureflex system and vmware vcloud enterprise suite reference architecture
IBM pureflex system and vmware vcloud enterprise suite reference architecture
 
X6: The sixth generation of EXA Technology
X6: The sixth generation of EXA TechnologyX6: The sixth generation of EXA Technology
X6: The sixth generation of EXA Technology
 

Dernier

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Dernier (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Strategies for assessing cloud security

  • 1. IBM Global Technology Services November 2010 Thought Leadership White Paper Strategies for assessing cloud security
  • 2. 2 Securing the cloud: from strategy development to ongoing assessment Executive summary compliance. Even if IT workloads are transitioned to the Cloud computing provides flexible, cost-effective delivery of cloud, users are still responsible for compliance and data secu- business or consumer IT services over the Internet. Cloud rity. As a result, subscribers must establish trust relationships resources can be rapidly deployed and easily scaled, with all with their cloud providers and understand the risk posed by processes, applications, and services provisioned on demand, public and/or private cloud computing environments. regardless of the user location or device. As a result, cloud computing helps organizations improve service delivery, Security challenges in the cloud—the streamline IT management and better align IT services with need for a trusted third party evaluation dynamic business requirements. Cloud computing can also One of the most significant differences between cloud simultaneously support core business functions and provide security and traditional IT security stems from the sharing of capacity for new and innovative services. infrastructure on a massive scale. Users spanning different cor- porations and trust levels often interact with the same set of Both public and private cloud models, or a hybrid approach computing resources. And public cloud services are increas- using both models, are now in use. Available to anyone with ingly being offered by a chain of providers—all storing and Internet access, public clouds are acquired as a service and processing data externally in multiple unspecified locations. paid for on a per-usage basis or by subscription. Private clouds are owned and used by a single organization. They offer many Inside the cloud, it is difficult to physically locate where data is of the same benefits as public clouds, but give the owner stored. Security processes that were once visible are now hid- greater flexibility and control. den behind layers of abstraction. This lack of visibility can cause concerns about data exposure and compromise, service Although the benefits of cloud computing are clear, so is the reliability, ability to demonstrate compliance and meet SLAs, need to develop proper security for cloud implementations— and overall security management. whether public or private. Embracing cloud computing with- out adequate security controls can place the entire IT Visibility can be especially critical for compliance. The infrastructure at risk. Cloud computing introduces another Sarbanes-Oxley Act, the Health Insurance Portability and level of risk because essential services are often outsourced to Accountability Act (HIPAA), European privacy laws, and many a third party, making it harder to maintain data integrity and privacy, support data and service availability, and demonstrate
  • 3. IBM Global Technology Services 3 other regulations require comprehensive auditing capabilities. Developing a strategic cloud security Many public clouds may indeed be a black box to the sub- roadmap with IBM scriber, thus clients may not be able to demonstrate compli- There is no one-size-fits-all model for security in the cloud. ance. (A private or hybrid cloud, on the other hand, can be Organizations have different security requirements that are configured to meet those requirements.) determined by the unique characteristics of the business work- load they intend to migrate to the cloud or the services they In addition, providers are sometimes required to support are providing from their cloud. It is important when evaluat- third-party audits, or support e-Discovery initiatives and ing risk in a cloud computing model, that a cloud security forensic investigations. This adds even more importance to strategy be developed. maintaining proper visibility into the cloud. Legal discovery of a co-tenant’s data may affect the confidentiality of other ten- By partnering with IBM, clients can benefit from proven ants’ data if the data is not properly segmented. This may assessment methodologies and best practices that help mean that some sensitive data may not be appropriate for cer- ensure consistent, reliable results. They can also leverage com- tain cloud environments. prehensive frameworks that address enterprise cloud strategy, implementation and management in a holistic approach that Organizations considering cloud-based services must under- maximizes the business value of cloud investments while mini- stand the associated risks and ensure appropriate visibility. mizing business risk. IBM guidelines for securing cloud implementations focus on the following areas: Defining business and IT strategy The first step to understanding security risks posed by a cloud ● Building a security program computing model is to analyze business and IT strategies. ● Confidential data protection What is the value of the information that will be stored, ● Implementing strong access and identity accessed and transmitted via the cloud? Is it business critical ● Application provisioning and de-provisioning and/or confidential? Is it subject to regulatory compliance? ● Governance audit management Clients must also consider availability requirements. After ● Vulnerability management determining the business and IT strategy and evaluating the ● Testing and validation data, clients can make a more informed, risk-based decision about which cloud computing model to pursue. Because cloud computing is available in several service models (and hybrids of these models), each presents different levels of responsibility for security management. Trusted third parties can help companies apply cloud security best practices to their specific business needs.
  • 4. 4 Securing the cloud: from strategy development to ongoing assessment Identifying the risks The IBM cloud security assessment reviews cloud architecture Each type of cloud—public, private and hybrid—carries a from a security standpoint, including policies and processes for different level of IT security risk. Security experts from data access and storage. IBM security experts assess the cur- IBM can help clients identify the vulnerabilities, threats and rent state of cloud security against best practices, and against other values at risk based on public, private or hybrid cloud providers’ own security objectives. Security requirements and architecture. From there, IBM will work with clients to design best practices criteria is based on unique characteristics of the initial mechanisms and controls to mitigate risk, and outline subject cloud, including workload, trust level of end users, the maintenance and testing procedures that will help ensure data protection requirements and more. For example, clouds ongoing risk mitigation. supporting email will have different security requirements than those supporting electronic Protected Health Documenting the plan Information (ePHI). IBM clients will benefit from a documented roadmap address- ing cloud security strategy. The plan should identify the types A gap assessment against security objectives and best practices of workloads or applications that are candidates for cloud will reveal strengths and weaknesses of the current security computing and should account for the legal, regulatory and architecture and processes. IBM experts will provide recom- security requirements. IBM will work with clients to plan for mendations for improvements and continuous security compensating controls to mitigate perceived risks, including measures to bridge the gaps. These can include the use of how to address identity and access management, and how to additional network security controls, modifications to existing balance security controls between the cloud provider and the security policies and procedures, implementation of new iden- subscriber. tity and access management controls, acquisition of managed security services for offloading critical security management Assessing cloud security with IBM tasks, or any number of other remediation steps. In addition to developing a strategy for cloud security, IBM can perform a cloud security assessment for public or In addition to a thorough review of the cloud security pro- private cloud offerings. This service can provide helpful due gram, IBM advises steady state technical testing of the cloud’s diligence for cloud providers, or help subscribers understand network infrastructure and supporting applications via remote the security posture of their provider’s cloud. penetration and application testing. This provides a “hacker’s eye” view of cloud components and provides insight into how cloud security weaknesses can significantly impact data and information protection.
  • 5. IBM Global Technology Services 5 Why IBM? security services that enable a business-driven approach to To fully benefit from cloud computing, clients must ensure securing your cloud computing as well as your physical IT that data, applications and systems are properly secured so that environments. cloud infrastructure won’t expose the organization to risk. Cloud computing has the usual requirements of traditional IT IBM’s capabilities empower you to dynamically monitor and security, though it presents an added level of risk because of quantify security risks, enabling you to better: the external aspects of a cloud model. This can make it more difficult to maintain data integrity and privacy, support data ● Understand threats and vulnerabilities in terms of business and service availability, and demonstrate compliance. impact, ● Respond to security events with security controls that opti- Assessing the risks associated with cloud computing, such as mize business results, data integrity, recovery, privacy, and tenant isolation is critical ● Prioritize and balance your security investments. to the adoption of cloud technologies. These risks call for automated end-to-end security with a heavier emphasis on IBM also securely operates its own public clouds, including strong isolation, integrity and resiliency in order to provide IBM LotusLive™. IBM continuously invests in research and visibility, control and automation across the cloud computing development of stronger isolation at all levels of the network, infrastructure. server, hypervisor, process and storage infrastructure to sup- port massive multitenancy while mitigating risk. IBM helps clients put risk management strategies into action by transforming security from a cost of doing business to a Through world-class solutions that address risk across all way to improve the business. IBM draws from a broad portfo- aspects of your business, IBM is able to help you create an lio of consulting services, software and hardware and managed intelligent infrastructure that drives down costs, is secure, and is just as dynamic as today’s business climate. IBM cloud secu- rity solutions and services build on the strong foundation of the IBM security framework to extend benefits from tradi- tional IT environments to cloud computing environments.
  • 6. For more information To learn more about the IBM Cloud Security Services, please contact your IBM marketing representative or IBM Business Partner, or visit the following website: ibm.com/cloud Additionally, financing solutions from IBM Global Financing © Copyright IBM Corporation 2010 Route 100 can enable effective cash management, protection from tech- Somers, NY 10589 U.S.A. nology obsolescence, improved total cost of ownership and Produced in the United States of America return on investment. Also, our Global Asset Recovery November 2010 Services help address environmental concerns with new, All Rights Reserved more energy-efficient solutions. For more information on IBM, the IBM logo, ibm.com and LotusLive are trademarks or IBM Global Financing, visit: ibm.com/financing registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Other company, product or service names may be trademarks or service marks of others. Please Recycle SEW03022-USEN-01