SlideShare a Scribd company logo

Secure Cloud Reference Architecture

Download as PPTX, PDF
Mithilesh Kumar - AWS, VCP,ITIL,SSCA
Mithilesh Kumar - AWS, VCP,ITIL,SSCA

A reference guide for cloud security based on security and risk Management (SRM) framework.

Technology
1 of 15
By - Mithilesh Kumar (kumar.mithilesh@gmail.com) 1Reference :- cloudsecurityalliance.org
 Define protections that enable trust in the cloud.  Develop cross-platform capabilities and patterns for proprietary and open-source providers.  Will facilitate trusted and efficient access, administration and resiliency to the customer/consumer.  Provide direction to secure information that is protected by regulations.  The Architecture must facilitate proper and efficient identification, authentication, authorization, administration and auditability.  Centralize security policy, maintenance operation and oversight functions.  Access to information must be secure yet still easy to obtain.  Delegate or Federate access control where appropriate.  Must be easy to adopt and consume, supporting the design of security patterns.  The Architecture must be elastic, flexible and resilient supporting multi-tenant, multi-landlord platforms.  The architecture must address and support multiple levels of protection, including network, operating system, and application security needs. 2
3
4
SRM 5
SRM Security & Risk Management 6 When every business is a digital business, IT security and business risk become one and the same.
 Privilege Management Infrastructure  Threat andVulnerability Management  Infrastructure Protection Services  Data Protection  Policies and Standards  Governance Risk & Compliance  InfoSec Management 7
Identity Management Domain Unique Identifier Identity Provisioning Attribute Provisioning Federated IDM Authentication Services SAMLToken Risk Based Auth Multifactor OTP Smart Card Password Management Biometrics NetworkAuthentication Single Sign On WS-Security Middleware Authentication IdentityVerification OTBAutN Authorization Services Entitlement Review Policy Enforcement Policy Definition Policy Management Principal Data Management Resource Data Management XACML Role Management Obligation Out of the Box (OTB)AutZ Privilege Usage Management Keystroke/Session Logging PasswordVaulting Privilege Usage Gateway Resource Protection Hypervisor Governance and Compliance 8
ComplianceTesting Network Server Database PenetrationTesting Internal External Vulnerability Management Application Database Infrastructure Threat Management Source Code Scanning Risk Management 9
Server Behavioral Malware Prevention White Listing Sensitive File Protection Anti-Virus HIPS / HIDS Host Firewall End-Point Anti-Virus,Anti-Spam,Anti-Malware HIPS /HIDS Host Firewall Media Lockdown Hardware BasedTrustedAssets Behavioral Malware Prevention InventoryControl Content Filtering ForensicTools White Listing Network Behavioral Malware Prevention Firewall Content Filtering Deep Packet Inspection NIPS / NIDS Wireless Protection Link Layer Network Security Black Listing Filtering Application Application Firewall Secure Messaging Secure Collaboration RealTime Filtering XML Application 10
Data lifecycle management Meta Data Control Data De-Identification Data Masking DataTagging Data Obscuring Data Seeding Life cycle management eSignature (Unstructured data) Data Loss Prevention Data Discovery Network (Data inTransit) End-Point (Data in Use) Server (Data at Rest) Intellectual Property Protection Intellectual Property Digital Rights Management Cryptographic Services Symmetric Key Management Asymmetric Key Management PKI Signature Services Data-in-use Encryption (Memory) Data-in-Transit Encryption (Transitory, Fixed) Data-at-Rest Encryption (DB, File, SAN, Desktop, Mobile) 11
Operational Security Baselines Job Aid Guidelines Role Based Awareness Information Security Policies Technical Security Standards Data/Asset Classification Best Practices & Regulatory correlation 12
Compliance Management Policy Management Exceptions Self Assessment Vendor Management Audit Management IT Risk Management TechnicalAwareness andTraining 13
Capability Mapping Risk Portfolio Management Risk Dashboard Residual Risk Management 14
 Email:- kumar.mithilesh@gmail.com  LinkedIn :- https://in.linkedin.com/in/kumarmithilesh 15

Recommended

Data Security
Data SecurityData Security
Data SecurityqmsWrapper
 
Data security
Data securityData security
Data securityTapan Khilar
 
How can cas bs help
How can cas bs helpHow can cas bs help
How can cas bs helpCipherCloud
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation pptvaishalshah01
 
03 cia
03 cia03 cia
03 ciaJadavsejal
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreSeclore
 
Inbound Data Protection
Inbound Data ProtectionInbound Data Protection
Inbound Data ProtectionSeclore
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 

Recommended

Data Security
Data SecurityData Security
Data SecurityqmsWrapper
 
Data security
Data securityData security
Data securityTapan Khilar
 
How can cas bs help
How can cas bs helpHow can cas bs help
How can cas bs helpCipherCloud
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation pptvaishalshah01
 
03 cia
03 cia03 cia
03 ciaJadavsejal
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreSeclore
 
Inbound Data Protection
Inbound Data ProtectionInbound Data Protection
Inbound Data ProtectionSeclore
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Application Data Security | Seclore
Application Data Security | SecloreApplication Data Security | Seclore
Application Data Security | SecloreSeclore
 
Brochure Imperva Securesphere Vormetric Encryption
Brochure Imperva Securesphere Vormetric EncryptionBrochure Imperva Securesphere Vormetric Encryption
Brochure Imperva Securesphere Vormetric EncryptionMichelle Guerrero Montalvo
 
Umer Khalid Thesis Abstract
Umer Khalid Thesis AbstractUmer Khalid Thesis Abstract
Umer Khalid Thesis AbstractUmer Khalid
 
In data security
In data securityIn data security
In data securityadithdev
 
Data Security For Insurance Solutions
Data Security For Insurance SolutionsData Security For Insurance Solutions
Data Security For Insurance SolutionsSeclore
 
Data Security
Data SecurityData Security
Data Securityankita_kashyap
 
Csa about-threats-june-2010-ibm
Csa about-threats-june-2010-ibmCsa about-threats-june-2010-ibm
Csa about-threats-june-2010-ibmSergio Loureiro
 
Seclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information ProtectionMicrosoft Österreich
 
C:\fakepath\wg xcs data_lossprevention
C:\fakepath\wg xcs data_losspreventionC:\fakepath\wg xcs data_lossprevention
C:\fakepath\wg xcs data_losspreventionYustinus Simon
 
Data Governance Solutions With Seclore and Stash
Data Governance Solutions With Seclore and StashData Governance Solutions With Seclore and Stash
Data Governance Solutions With Seclore and StashSeclore
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Seclore
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyClickSSL
 
Data Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS SolutionsData Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS SolutionsJone Smith
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Microsoft Österreich
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonAdam Levithan
 
Securing MS SharePoint with IRM
Securing MS SharePoint with IRMSecuring MS SharePoint with IRM
Securing MS SharePoint with IRMSeclore
 
Microsoft+securitate agora-rtm
Microsoft+securitate agora-rtmMicrosoft+securitate agora-rtm
Microsoft+securitate agora-rtmAgora Group
 
Benefits of automating data protection | Seclore
Benefits of automating data protection | SecloreBenefits of automating data protection | Seclore
Benefits of automating data protection | SecloreSeclore
 
NIST Compliance & Data Centric Security
NIST Compliance & Data Centric Security NIST Compliance & Data Centric Security
NIST Compliance & Data Centric Security Seclore
 
Massvs Weight 1
Massvs Weight 1Massvs Weight 1
Massvs Weight 1zglazenburg
 
matemātika 4.klase integrēta stunda
matemātika 4.klase integrēta stundamatemātika 4.klase integrēta stunda
matemātika 4.klase integrēta stundal7sakumskola
 

More Related Content

What's hot

Application Data Security | Seclore
Application Data Security | SecloreApplication Data Security | Seclore
Application Data Security | SecloreSeclore
 
Brochure Imperva Securesphere Vormetric Encryption
Brochure Imperva Securesphere Vormetric EncryptionBrochure Imperva Securesphere Vormetric Encryption
Brochure Imperva Securesphere Vormetric EncryptionMichelle Guerrero Montalvo
 
Umer Khalid Thesis Abstract
Umer Khalid Thesis AbstractUmer Khalid Thesis Abstract
Umer Khalid Thesis AbstractUmer Khalid
 
In data security
In data securityIn data security
In data securityadithdev
 
Data Security For Insurance Solutions
Data Security For Insurance SolutionsData Security For Insurance Solutions
Data Security For Insurance SolutionsSeclore
 
Csa about-threats-june-2010-ibm
Csa about-threats-june-2010-ibmCsa about-threats-june-2010-ibm
Csa about-threats-june-2010-ibmSergio Loureiro
 
Seclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information ProtectionMicrosoft Österreich
 
C:\fakepath\wg xcs data_lossprevention
C:\fakepath\wg xcs data_losspreventionC:\fakepath\wg xcs data_lossprevention
C:\fakepath\wg xcs data_losspreventionYustinus Simon
 
Data Governance Solutions With Seclore and Stash
Data Governance Solutions With Seclore and StashData Governance Solutions With Seclore and Stash
Data Governance Solutions With Seclore and StashSeclore
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Seclore
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyClickSSL
 
Data Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS SolutionsData Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS SolutionsJone Smith
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Microsoft Österreich
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonAdam Levithan
 
Securing MS SharePoint with IRM
Securing MS SharePoint with IRMSecuring MS SharePoint with IRM
Securing MS SharePoint with IRMSeclore
 
Microsoft+securitate agora-rtm
Microsoft+securitate agora-rtmMicrosoft+securitate agora-rtm
Microsoft+securitate agora-rtmAgora Group
 
Benefits of automating data protection | Seclore
Benefits of automating data protection | SecloreBenefits of automating data protection | Seclore
Benefits of automating data protection | SecloreSeclore
 
NIST Compliance & Data Centric Security
NIST Compliance & Data Centric Security NIST Compliance & Data Centric Security
NIST Compliance & Data Centric Security Seclore
 

What's hot (20)

Application Data Security | Seclore
Application Data Security | SecloreApplication Data Security | Seclore
Application Data Security | Seclore
 
Brochure Imperva Securesphere Vormetric Encryption
Brochure Imperva Securesphere Vormetric EncryptionBrochure Imperva Securesphere Vormetric Encryption
Brochure Imperva Securesphere Vormetric Encryption
 
Umer Khalid Thesis Abstract
Umer Khalid Thesis AbstractUmer Khalid Thesis Abstract
Umer Khalid Thesis Abstract
 
In data security
In data securityIn data security
In data security
 
Data Security For Insurance Solutions
Data Security For Insurance SolutionsData Security For Insurance Solutions
Data Security For Insurance Solutions
 
Data Security
Data SecurityData Security
Data Security
 
Csa about-threats-june-2010-ibm
Csa about-threats-june-2010-ibmCsa about-threats-june-2010-ibm
Csa about-threats-june-2010-ibm
 
Seclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore for Forcepoint DLP
Seclore for Forcepoint DLP
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information Protection
 
C:\fakepath\wg xcs data_lossprevention
C:\fakepath\wg xcs data_losspreventionC:\fakepath\wg xcs data_lossprevention
C:\fakepath\wg xcs data_lossprevention
 
Data Governance Solutions With Seclore and Stash
Data Governance Solutions With Seclore and StashData Governance Solutions With Seclore and Stash
Data Governance Solutions With Seclore and Stash
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption Strategy
 
Data Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS SolutionsData Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS Solutions
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
 
Securing MS SharePoint with IRM
Securing MS SharePoint with IRMSecuring MS SharePoint with IRM
Securing MS SharePoint with IRM
 
Microsoft+securitate agora-rtm
Microsoft+securitate agora-rtmMicrosoft+securitate agora-rtm
Microsoft+securitate agora-rtm
 
Benefits of automating data protection | Seclore
Benefits of automating data protection | SecloreBenefits of automating data protection | Seclore
Benefits of automating data protection | Seclore
 
NIST Compliance & Data Centric Security
NIST Compliance & Data Centric Security NIST Compliance & Data Centric Security
NIST Compliance & Data Centric Security
 

Viewers also liked

matemātika 4.klase integrēta stunda
matemātika 4.klase integrēta stundamatemātika 4.klase integrēta stunda
matemātika 4.klase integrēta stundal7sakumskola
 
1.septembris 3.klasē
1.septembris 3.klasē1.septembris 3.klasē
1.septembris 3.klasēl7sakumskola
 
Professionalism Award J Mataung
Professionalism Award J MataungProfessionalism Award J Mataung
Professionalism Award J MataungJafter Motaung
 
Security Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference ArchitectureSecurity Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference ArchitectureStefaan Van daele
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?rbrockway
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - OverviewSai Kesavamatham
 
032616 week3 conservation of mechanical energy
032616 week3 conservation of mechanical energy032616 week3 conservation of mechanical energy
032616 week3 conservation of mechanical energySubas Nandy
 
Cuentos con el abecedario 1º
Cuentos con el abecedario 1ºCuentos con el abecedario 1º
Cuentos con el abecedario 1ºLuz Milagro
 
school and community/linkages and networking
school and community/linkages and networkingschool and community/linkages and networking
school and community/linkages and networkingjoeri Neri
 
NIST Cloud Computing Security Reference Architecture 800-299
NIST Cloud Computing Security Reference Architecture 800-299NIST Cloud Computing Security Reference Architecture 800-299
NIST Cloud Computing Security Reference Architecture 800-299David Sweigert
 
The Top Skills That Can Get You Hired in 2017
The Top Skills That Can Get You Hired in 2017The Top Skills That Can Get You Hired in 2017
The Top Skills That Can Get You Hired in 2017LinkedIn
 

Viewers also liked (13)

Massvs Weight 1
Massvs Weight 1Massvs Weight 1
Massvs Weight 1
 
matemātika 4.klase integrēta stunda
matemātika 4.klase integrēta stundamatemātika 4.klase integrēta stunda
matemātika 4.klase integrēta stunda
 
1.septembris 3.klasē
1.septembris 3.klasē1.septembris 3.klasē
1.septembris 3.klasē
 
Professionalism Award J Mataung
Professionalism Award J MataungProfessionalism Award J Mataung
Professionalism Award J Mataung
 
Security Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference ArchitectureSecurity Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference Architecture
 
Energy 1
Energy 1Energy 1
Energy 1
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - Overview
 
032616 week3 conservation of mechanical energy
032616 week3 conservation of mechanical energy032616 week3 conservation of mechanical energy
032616 week3 conservation of mechanical energy
 
Cuentos con el abecedario 1º
Cuentos con el abecedario 1ºCuentos con el abecedario 1º
Cuentos con el abecedario 1º
 
school and community/linkages and networking
school and community/linkages and networkingschool and community/linkages and networking
school and community/linkages and networking
 
NIST Cloud Computing Security Reference Architecture 800-299
NIST Cloud Computing Security Reference Architecture 800-299NIST Cloud Computing Security Reference Architecture 800-299
NIST Cloud Computing Security Reference Architecture 800-299
 
The Top Skills That Can Get You Hired in 2017
The Top Skills That Can Get You Hired in 2017The Top Skills That Can Get You Hired in 2017
The Top Skills That Can Get You Hired in 2017
 

Similar to Secure Cloud Reference Architecture

CLOUD SECURITY.pptx
CLOUD SECURITY.pptxCLOUD SECURITY.pptx
CLOUD SECURITY.pptxMrPrathapG
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- orgDharmalingam S
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Andris Soroka
 
CISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfCISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfshyedshahriar
 
eMAS Multifactor Authentication
eMAS Multifactor AuthenticationeMAS Multifactor Authentication
eMAS Multifactor AuthenticationKalyana Sundaram
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...PlatformSecurityManagement
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxTrongMinhHoang1
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
Mobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security TrainingMobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security TrainingTonex
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 

Similar to Secure Cloud Reference Architecture (20)

Tci reference architecture_v2.0
Tci reference architecture_v2.0Tci reference architecture_v2.0
Tci reference architecture_v2.0
 
CLOUD SECURITY.pptx
CLOUD SECURITY.pptxCLOUD SECURITY.pptx
CLOUD SECURITY.pptx
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- org
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
 
CISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfCISSP Cheatsheet.pdf
CISSP Cheatsheet.pdf
 
Web security
Web securityWeb security
Web security
 
eMAS Multifactor Authentication
eMAS Multifactor AuthenticationeMAS Multifactor Authentication
eMAS Multifactor Authentication
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
Cloud computing
Cloud computing Cloud computing
Cloud computing
 
CC ss.pptx
CC ss.pptxCC ss.pptx
CC ss.pptx
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptx
 
Information Security
Information SecurityInformation Security
Information Security
 
Mobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security TrainingMobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security Training
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 

Recently uploaded

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 

Recently uploaded (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 

Secure Cloud Reference Architecture

  • 1. By - Mithilesh Kumar (kumar.mithilesh@gmail.com) 1Reference :- cloudsecurityalliance.org
  • 2.  Define protections that enable trust in the cloud.  Develop cross-platform capabilities and patterns for proprietary and open-source providers.  Will facilitate trusted and efficient access, administration and resiliency to the customer/consumer.  Provide direction to secure information that is protected by regulations.  The Architecture must facilitate proper and efficient identification, authentication, authorization, administration and auditability.  Centralize security policy, maintenance operation and oversight functions.  Access to information must be secure yet still easy to obtain.  Delegate or Federate access control where appropriate.  Must be easy to adopt and consume, supporting the design of security patterns.  The Architecture must be elastic, flexible and resilient supporting multi-tenant, multi-landlord platforms.  The architecture must address and support multiple levels of protection, including network, operating system, and application security needs. 2
  • 3. 3
  • 4. 4
  • 6. SRM Security & Risk Management 6 When every business is a digital business, IT security and business risk become one and the same.
  • 7.  Privilege Management Infrastructure  Threat andVulnerability Management  Infrastructure Protection Services  Data Protection  Policies and Standards  Governance Risk & Compliance  InfoSec Management 7
  • 8. Identity Management Domain Unique Identifier Identity Provisioning Attribute Provisioning Federated IDM Authentication Services SAMLToken Risk Based Auth Multifactor OTP Smart Card Password Management Biometrics NetworkAuthentication Single Sign On WS-Security Middleware Authentication IdentityVerification OTBAutN Authorization Services Entitlement Review Policy Enforcement Policy Definition Policy Management Principal Data Management Resource Data Management XACML Role Management Obligation Out of the Box (OTB)AutZ Privilege Usage Management Keystroke/Session Logging PasswordVaulting Privilege Usage Gateway Resource Protection Hypervisor Governance and Compliance 8
  • 10. Server Behavioral Malware Prevention White Listing Sensitive File Protection Anti-Virus HIPS / HIDS Host Firewall End-Point Anti-Virus,Anti-Spam,Anti-Malware HIPS /HIDS Host Firewall Media Lockdown Hardware BasedTrustedAssets Behavioral Malware Prevention InventoryControl Content Filtering ForensicTools White Listing Network Behavioral Malware Prevention Firewall Content Filtering Deep Packet Inspection NIPS / NIDS Wireless Protection Link Layer Network Security Black Listing Filtering Application Application Firewall Secure Messaging Secure Collaboration RealTime Filtering XML Application 10
  • 11. Data lifecycle management Meta Data Control Data De-Identification Data Masking DataTagging Data Obscuring Data Seeding Life cycle management eSignature (Unstructured data) Data Loss Prevention Data Discovery Network (Data inTransit) End-Point (Data in Use) Server (Data at Rest) Intellectual Property Protection Intellectual Property Digital Rights Management Cryptographic Services Symmetric Key Management Asymmetric Key Management PKI Signature Services Data-in-use Encryption (Memory) Data-in-Transit Encryption (Transitory, Fixed) Data-at-Rest Encryption (DB, File, SAN, Desktop, Mobile) 11
  • 12. Operational Security Baselines Job Aid Guidelines Role Based Awareness Information Security Policies Technical Security Standards Data/Asset Classification Best Practices & Regulatory correlation 12
  • 13. Compliance Management Policy Management Exceptions Self Assessment Vendor Management Audit Management IT Risk Management TechnicalAwareness andTraining 13
  • 14. Capability Mapping Risk Portfolio Management Risk Dashboard Residual Risk Management 14
  • 15.  Email:- kumar.mithilesh@gmail.com  LinkedIn :- https://in.linkedin.com/in/kumarmithilesh 15