SlideShare une entreprise Scribd logo

The security of SAAS and private cloud

Télécharger en tant que PPSX, PDF
Azure Group
Azure Group

Ian Farquhar from RAS shares his slides on the security aspects of cloud computing

Technologie
1  sur  10
Security of SaaS and Private CloudConsiderations for CFO’s Ian Farquhar Advisory Technology Consultant
Profile: Ian Farquhar Career: RSA, The Security Division of EMC (2008-Present) Cisco Systems (2004-2008) Sun Microsystems (1999-2004) Silicon Graphics/Cray Research (1994-1999) Macquarie University Department of Research Electronics (1993-1994) Macquarie University Office of Computing Services (1988-1993) Twenty years of experience in computer and information security Technology Evangelist for RSA RSA specialist for ANZ in: Data Loss Prevention Cryptography Policy Security evaluation
Definitions: Public vs. Private Cloud According to Gartner: The distinguishing characteristics of a private cloud environment are that the infrastructure is internally owned and operated, and that systems can be dynamically provisioned and activated. The distinguishing characteristics of a public cloud environment that are most important for security assessment and monitoring are that the infrastructure is not owned by the customer and that the service is provided via a shared infrastructure. Or... (from the RSA Conference): A private cloud is inside the firewall, a private cloud is outside. Security CIA: Confidentiality, Integrity and Availability
Definition: Software-as-a-Service (SaaS) SaaS is the provision of software in a services model. Gartner defines SaaS as "software that's owned, delivered and managed remotely by one or more providers." In a pure SaaS model, the provider delivers software based on a single set of common code and data definitions that are consumed in a one-to-many model by all contracted customers anytime, on a pay-for-use basis, or as a subscription based on use metrics. Other *aaS acronyms: PaaS: Platform-as-a-Service IaaS: Infrastructure-as-a-Service SaaS and PaaS are not really new concepts Mainframe-era “Bureau Services” were just SaaS or PaaS Even virtualization is not new: IBM/VM circa 1969
Issues to Consider: SaaS (and Public Cloud) Legal issues If it isn’t in the contract, it should be What are the service level agreements? How are they measured? Do they match your expectations? What is the dispute process? Who owns your data? Where is it processed? Where is the DR site? Where is it replicated? Jurisdictional issues Data location (compliance) Legal issues (eg. US Patriot Act) Legal search and seizure considerations SaaS provider closure or acquisition What legal rights do you have? If you can access the data, in what form? (and don’t forget the backups) How quickly could you migrate this business function?
Issues to Consider: SaaS (and Public Cloud) Provider Terminating Contract How much notice do you get? Do you have any right of appeal? Can they terminate your service and leave you without access to “your” data? “The Forced March” Will upgrades at the SaaS provider introduce unexpected work (cost)? Forced up-sell due to discontinuation of an older version How much notice do you get? What guarantees are in the contract? Connectivity and Performance Issues SaaS makes your business dependent on Internet access Don’t forget the SLA’s from your ISP or carrier How would your business cope with a network outage? Don’t forget to factor in the cost of network management Is your network traffic protected in transit? (SSL issues.)
Issues to Consider: SaaS (and Public Cloud) Expertise If you find you need expertise above basic support, where does it come from and how much does it cost? Generic “Security” Issues Endpoint security still is critical What is the SaaS provider’s security posture? How do they authenticate users? What guarantees do you have that the SaaS provider is implementing best practice? Who can access your data? (Separation). (Not applicable for “pay as you go”). How is the service funded? Fundamentally, HOW DO YOU KNOW? Or, WHAT IS THE RATIONAL BASIS FOR YOUR TRUST?
Issues to Consider: Private Cloud Most of the security issues with Private Cloud are not new Some security features are better on private cloud than on raw hardware (eg. DR) Limiting this to private-cloud specific issues All best IT practice applies similarly to private cloud, as it does to existing IT infrastructure Private cloud is fundamentally about increasing efficiency Issues: Network infrastructure and design Administrative access – a rogue or careless admin can do a lot of damage Proliferation – change control is still critical for a well-run virtual infrastructure Software licensing Orphaned VMs Data sprawl Security patching and offline VMs Legal search and seizure Capacity planning Excellent resource: Cloud Security Alliance http://www.cloudsecurityalliance.org/
In Summary SaaS and Public Cloud Read and understand the contract Do a thorough cost-benefit analysis Plan for the contingencies Trust but verify Private Cloud All current best practices apply to private clouds too Private clouds have some security characteristics which are superior to “raw metal” IT The majority of issues are operational – this is where to focus
The security of SAAS and private cloud

Recommandé

Intel SaaS Security Playbook
Intel SaaS Security PlaybookIntel SaaS Security Playbook
Intel SaaS Security PlaybookIntel IT Center
 
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-serviceSaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-serviceTayyaba Farhat
 
Security concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computingSecurity concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computingClinton DSouza
 
Securing Software-as-a-Service: Cover your SaaS and protect enterprise data
Securing Software-as-a-Service: Cover your SaaS and protect enterprise dataSecuring Software-as-a-Service: Cover your SaaS and protect enterprise data
Securing Software-as-a-Service: Cover your SaaS and protect enterprise dataPistoia Alliance
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Implementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudImplementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudAjit Bhingarkar
 
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseThe Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseMoshe Ferber
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Serviceguest536dd0e
 

Recommandé

Intel SaaS Security Playbook
Intel SaaS Security PlaybookIntel SaaS Security Playbook
Intel SaaS Security PlaybookIntel IT Center
 
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-serviceSaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-serviceTayyaba Farhat
 
Security concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computingSecurity concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computingClinton DSouza
 
Securing Software-as-a-Service: Cover your SaaS and protect enterprise data
Securing Software-as-a-Service: Cover your SaaS and protect enterprise dataSecuring Software-as-a-Service: Cover your SaaS and protect enterprise data
Securing Software-as-a-Service: Cover your SaaS and protect enterprise dataPistoia Alliance
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Implementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudImplementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudAjit Bhingarkar
 
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseThe Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseMoshe Ferber
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Serviceguest536dd0e
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security GovernanceShankar Subramaniyan
 
Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1Priyanka Aash
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A ServiceOlav Tvedt
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentKaashivInfoTech Company
 
Aligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsAligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsMoshe Ferber
 
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Moshe Ferber
 
BlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyBlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyHappiest Minds Technologies
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESHappiest Minds Technologies
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudRightScale
 
Vulnerabilities in SaaS layer of cloud computing
Vulnerabilities in SaaS layer of cloud computingVulnerabilities in SaaS layer of cloud computing
Vulnerabilities in SaaS layer of cloud computingClinton DSouza
 
Sql securitytesting
Sql securitytestingSql securitytesting
Sql securitytestingThilak Pathirage -Senior IT Gov and Risk Consultant
 
Cloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationCloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationPvrtechnologies Nellore
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your OrganizationRaffa Learning Community
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
 
IT Security As A Service
IT Security As A ServiceIT Security As A Service
IT Security As A ServiceMichael Davis
 
Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Moshe Ferber
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
Strategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceStrategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceAberla
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)أحلام انصارى
 
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...IJCNCJournal
 
Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0debbanerjee
 
SaaS as a Security Hazard - Google Apps Security Example
SaaS as a Security Hazard - Google Apps Security ExampleSaaS as a Security Hazard - Google Apps Security Example
SaaS as a Security Hazard - Google Apps Security ExampleNewvewm
 

Contenu connexe

Tendances

Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1Priyanka Aash
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A ServiceOlav Tvedt
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentKaashivInfoTech Company
 
Aligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsAligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsMoshe Ferber
 
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Moshe Ferber
 
BlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyBlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyHappiest Minds Technologies
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudRightScale
 
Vulnerabilities in SaaS layer of cloud computing
Vulnerabilities in SaaS layer of cloud computingVulnerabilities in SaaS layer of cloud computing
Vulnerabilities in SaaS layer of cloud computingClinton DSouza
 
Cloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationCloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationPvrtechnologies Nellore
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your OrganizationRaffa Learning Community
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
 
IT Security As A Service
IT Security As A ServiceIT Security As A Service
IT Security As A ServiceMichael Davis
 
Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Moshe Ferber
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
Strategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceStrategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceAberla
 
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...IJCNCJournal
 

Tendances (20)

Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud Environment
 
Aligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsAligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startups
 
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
 
BlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyBlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network Secuirty
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
 
Vulnerabilities in SaaS layer of cloud computing
Vulnerabilities in SaaS layer of cloud computingVulnerabilities in SaaS layer of cloud computing
Vulnerabilities in SaaS layer of cloud computing
 
Sql securitytesting
Sql securitytestingSql securitytesting
Sql securitytesting
 
Cloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationCloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorization
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...
 
IT Security As A Service
IT Security As A ServiceIT Security As A Service
IT Security As A Service
 
Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
 
Strategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceStrategy Cloud and Security as a Service
Strategy Cloud and Security as a Service
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)
 
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
 

En vedette

Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0debbanerjee
 
SaaS as a Security Hazard - Google Apps Security Example
SaaS as a Security Hazard - Google Apps Security ExampleSaaS as a Security Hazard - Google Apps Security Example
SaaS as a Security Hazard - Google Apps Security ExampleNewvewm
 
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)Manoj Kumar
 
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)Kuniyasu Suzaki
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed Great Bay Software
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security ChallengesYateesh Yadav
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)ClubHack
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingBrent Muir
 
Cloud Forensics
Cloud ForensicsCloud Forensics
Cloud Forensicssdavis532
 
2017 03-01-forensics 1488330715
2017 03-01-forensics 14883307152017 03-01-forensics 1488330715
2017 03-01-forensics 1488330715APNIC
 
(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropbox(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropboxINSIGHT FORENSIC
 
12Nov13 Webinar: Big Data Analysis with Teradata and Revolution Analytics
12Nov13 Webinar: Big Data Analysis with Teradata and Revolution Analytics12Nov13 Webinar: Big Data Analysis with Teradata and Revolution Analytics
12Nov13 Webinar: Big Data Analysis with Teradata and Revolution AnalyticsRevolution Analytics
 
How IoT Is Breaking The Internet
How IoT Is Breaking The InternetHow IoT Is Breaking The Internet
How IoT Is Breaking The InternetCarl J. Levine
 
Assessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsAssessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsDigital Bond
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
 

En vedette (20)

Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0
 
SaaS as a Security Hazard - Google Apps Security Example
SaaS as a Security Hazard - Google Apps Security ExampleSaaS as a Security Hazard - Google Apps Security Example
SaaS as a Security Hazard - Google Apps Security Example
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
 
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
 
The Cloud: Privacy and Forensics
The Cloud: Privacy and ForensicsThe Cloud: Privacy and Forensics
The Cloud: Privacy and Forensics
 
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)
 
Moving To SaaS
Moving To SaaSMoving To SaaS
Moving To SaaS
 
Trying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computingTrying to bottle the cloud forensic challenges with cloud computing
Trying to bottle the cloud forensic challenges with cloud computing
 
Cloud Forensics
Cloud ForensicsCloud Forensics
Cloud Forensics
 
2017 03-01-forensics 1488330715
2017 03-01-forensics 14883307152017 03-01-forensics 1488330715
2017 03-01-forensics 1488330715
 
(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropbox(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropbox
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
 
12Nov13 Webinar: Big Data Analysis with Teradata and Revolution Analytics
12Nov13 Webinar: Big Data Analysis with Teradata and Revolution Analytics12Nov13 Webinar: Big Data Analysis with Teradata and Revolution Analytics
12Nov13 Webinar: Big Data Analysis with Teradata and Revolution Analytics
 
How IoT Is Breaking The Internet
How IoT Is Breaking The InternetHow IoT Is Breaking The Internet
How IoT Is Breaking The Internet
 
Assessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsAssessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS Solutions
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
 
IBM Security SaaS IaaS and PaaS
IBM Security SaaS IaaS and PaaSIBM Security SaaS IaaS and PaaS
IBM Security SaaS IaaS and PaaS
 

Similaire à The security of SAAS and private cloud

Take It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security ArchitectureTake It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security ArchitecturePriyanka Aash
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared CarstensenCloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared Carstensenjaredcarst
 
Cloud Computing Security Needs & Problems Alon Refaeli
Cloud Computing Security Needs & Problems Alon RefaeliCloud Computing Security Needs & Problems Alon Refaeli
Cloud Computing Security Needs & Problems Alon Refaelirefaeli
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Why CCSK with InfosecTrain (1).pdf
Why CCSK with InfosecTrain (1).pdfWhy CCSK with InfosecTrain (1).pdf
Why CCSK with InfosecTrain (1).pdfinfosec train
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
IEEE PHM Cloud Computing
IEEE PHM Cloud ComputingIEEE PHM Cloud Computing
IEEE PHM Cloud ComputingJoseph Williams
 
Going to the SP2013 Cloud - what does a business need to make it successful?
Going to the SP2013 Cloud - what does a business need to make it successful?Going to the SP2013 Cloud - what does a business need to make it successful?
Going to the SP2013 Cloud - what does a business need to make it successful?Matt Groves
 
Whose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudWhose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudSafeNet
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskCloudMask inc.
 
Bringing the Cloud Back to Earth
Bringing the Cloud Back to EarthBringing the Cloud Back to Earth
Bringing the Cloud Back to EarthSri Chalasani
 
Data Security Issues in Cloud Computing
Data Security Issues in Cloud ComputingData Security Issues in Cloud Computing
Data Security Issues in Cloud ComputingAsad Ali
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranGSTF
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
 

Similaire à The security of SAAS and private cloud (20)

Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
Take It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security ArchitectureTake It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security Architecture
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared CarstensenCloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared Carstensen
 
Cloud Computing Security Needs & Problems Alon Refaeli
Cloud Computing Security Needs & Problems Alon RefaeliCloud Computing Security Needs & Problems Alon Refaeli
Cloud Computing Security Needs & Problems Alon Refaeli
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Why CCSK with InfosecTrain (1).pdf
Why CCSK with InfosecTrain (1).pdfWhy CCSK with InfosecTrain (1).pdf
Why CCSK with InfosecTrain (1).pdf
 
htcia-5-2015
htcia-5-2015htcia-5-2015
htcia-5-2015
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
 
IEEE PHM Cloud Computing
IEEE PHM Cloud ComputingIEEE PHM Cloud Computing
IEEE PHM Cloud Computing
 
Going to the SP2013 Cloud - what does a business need to make it successful?
Going to the SP2013 Cloud - what does a business need to make it successful?Going to the SP2013 Cloud - what does a business need to make it successful?
Going to the SP2013 Cloud - what does a business need to make it successful?
 
Whose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudWhose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the Cloud
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
 
Bringing the Cloud Back to Earth
Bringing the Cloud Back to EarthBringing the Cloud Back to Earth
Bringing the Cloud Back to Earth
 
Data Security Issues in Cloud Computing
Data Security Issues in Cloud ComputingData Security Issues in Cloud Computing
Data Security Issues in Cloud Computing
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton Ravindran
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
 
Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the Cloud
 
J3602068071
J3602068071J3602068071
J3602068071
 

Plus de Azure Group

CFO Network Event May 2012 - Presentation by David Hooton
CFO Network Event May 2012 - Presentation by David HootonCFO Network Event May 2012 - Presentation by David Hooton
CFO Network Event May 2012 - Presentation by David HootonAzure Group
 
CFO Network Event May 2012 - Presentation by Stephen Myers
CFO Network Event May 2012 - Presentation by Stephen MyersCFO Network Event May 2012 - Presentation by Stephen Myers
CFO Network Event May 2012 - Presentation by Stephen MyersAzure Group
 
CFO Network Event May 2012 - Presentation by Paul Brooks
CFO Network Event May 2012 - Presentation by Paul BrooksCFO Network Event May 2012 - Presentation by Paul Brooks
CFO Network Event May 2012 - Presentation by Paul BrooksAzure Group
 
Pricing for profit
Pricing for profitPricing for profit
Pricing for profitAzure Group
 
Managing HR risk
Managing HR riskManaging HR risk
Managing HR riskAzure Group
 
Azure redback presentation tax 22 nov11
Azure redback presentation tax 22 nov11Azure redback presentation tax 22 nov11
Azure redback presentation tax 22 nov11Azure Group
 
Rob Antulov CFO Network presentation
Rob Antulov CFO Network presentationRob Antulov CFO Network presentation
Rob Antulov CFO Network presentationAzure Group
 
Jason Cachia CFO Network presentation March 2012
Jason Cachia CFO Network presentation March 2012Jason Cachia CFO Network presentation March 2012
Jason Cachia CFO Network presentation March 2012Azure Group
 
Bill Evans CFO Network presentation March 2012
Bill Evans CFO Network presentation March 2012Bill Evans CFO Network presentation March 2012
Bill Evans CFO Network presentation March 2012Azure Group
 
CFO Network presentation from Janet Young, CFO of Freehills
CFO Network presentation from Janet Young, CFO of FreehillsCFO Network presentation from Janet Young, CFO of Freehills
CFO Network presentation from Janet Young, CFO of FreehillsAzure Group
 
CFO Network presentation by Peter McCelland, CFO of Luxottica
CFO Network presentation by Peter McCelland, CFO of LuxotticaCFO Network presentation by Peter McCelland, CFO of Luxottica
CFO Network presentation by Peter McCelland, CFO of LuxotticaAzure Group
 
Risk management - Alan Bardwell
Risk management - Alan BardwellRisk management - Alan Bardwell
Risk management - Alan BardwellAzure Group
 
Enterprise risk management & insurance - Stephen Rinder
Enterprise risk management & insurance - Stephen Rinder Enterprise risk management & insurance - Stephen Rinder
Enterprise risk management & insurance - Stephen Rinder Azure Group
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
CFO Network – Business valuation
CFO Network – Business valuationCFO Network – Business valuation
CFO Network – Business valuationAzure Group
 
Cloud computing for business
Cloud computing for businessCloud computing for business
Cloud computing for businessAzure Group
 
Grant Turley CFO Network presentation
Grant Turley CFO Network presentationGrant Turley CFO Network presentation
Grant Turley CFO Network presentationAzure Group
 
Private & public capital raisings pjm presentation
Private & public capital raisings pjm presentationPrivate & public capital raisings pjm presentation
Private & public capital raisings pjm presentationAzure Group
 
Private Equity Update
Private Equity UpdatePrivate Equity Update
Private Equity UpdateAzure Group
 

Plus de Azure Group (19)

CFO Network Event May 2012 - Presentation by David Hooton
CFO Network Event May 2012 - Presentation by David HootonCFO Network Event May 2012 - Presentation by David Hooton
CFO Network Event May 2012 - Presentation by David Hooton
 
CFO Network Event May 2012 - Presentation by Stephen Myers
CFO Network Event May 2012 - Presentation by Stephen MyersCFO Network Event May 2012 - Presentation by Stephen Myers
CFO Network Event May 2012 - Presentation by Stephen Myers
 
CFO Network Event May 2012 - Presentation by Paul Brooks
CFO Network Event May 2012 - Presentation by Paul BrooksCFO Network Event May 2012 - Presentation by Paul Brooks
CFO Network Event May 2012 - Presentation by Paul Brooks
 
Pricing for profit
Pricing for profitPricing for profit
Pricing for profit
 
Managing HR risk
Managing HR riskManaging HR risk
Managing HR risk
 
Azure redback presentation tax 22 nov11
Azure redback presentation tax 22 nov11Azure redback presentation tax 22 nov11
Azure redback presentation tax 22 nov11
 
Rob Antulov CFO Network presentation
Rob Antulov CFO Network presentationRob Antulov CFO Network presentation
Rob Antulov CFO Network presentation
 
Jason Cachia CFO Network presentation March 2012
Jason Cachia CFO Network presentation March 2012Jason Cachia CFO Network presentation March 2012
Jason Cachia CFO Network presentation March 2012
 
Bill Evans CFO Network presentation March 2012
Bill Evans CFO Network presentation March 2012Bill Evans CFO Network presentation March 2012
Bill Evans CFO Network presentation March 2012
 
CFO Network presentation from Janet Young, CFO of Freehills
CFO Network presentation from Janet Young, CFO of FreehillsCFO Network presentation from Janet Young, CFO of Freehills
CFO Network presentation from Janet Young, CFO of Freehills
 
CFO Network presentation by Peter McCelland, CFO of Luxottica
CFO Network presentation by Peter McCelland, CFO of LuxotticaCFO Network presentation by Peter McCelland, CFO of Luxottica
CFO Network presentation by Peter McCelland, CFO of Luxottica
 
Risk management - Alan Bardwell
Risk management - Alan BardwellRisk management - Alan Bardwell
Risk management - Alan Bardwell
 
Enterprise risk management & insurance - Stephen Rinder
Enterprise risk management & insurance - Stephen Rinder Enterprise risk management & insurance - Stephen Rinder
Enterprise risk management & insurance - Stephen Rinder
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
 
CFO Network – Business valuation
CFO Network – Business valuationCFO Network – Business valuation
CFO Network – Business valuation
 
Cloud computing for business
Cloud computing for businessCloud computing for business
Cloud computing for business
 
Grant Turley CFO Network presentation
Grant Turley CFO Network presentationGrant Turley CFO Network presentation
Grant Turley CFO Network presentation
 
Private & public capital raisings pjm presentation
Private & public capital raisings pjm presentationPrivate & public capital raisings pjm presentation
Private & public capital raisings pjm presentation
 
Private Equity Update
Private Equity UpdatePrivate Equity Update
Private Equity Update
 

Dernier

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 

Dernier (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

The security of SAAS and private cloud

  • 1. Security of SaaS and Private CloudConsiderations for CFO’s Ian Farquhar Advisory Technology Consultant
  • 2. Profile: Ian Farquhar Career: RSA, The Security Division of EMC (2008-Present) Cisco Systems (2004-2008) Sun Microsystems (1999-2004) Silicon Graphics/Cray Research (1994-1999) Macquarie University Department of Research Electronics (1993-1994) Macquarie University Office of Computing Services (1988-1993) Twenty years of experience in computer and information security Technology Evangelist for RSA RSA specialist for ANZ in: Data Loss Prevention Cryptography Policy Security evaluation
  • 3. Definitions: Public vs. Private Cloud According to Gartner: The distinguishing characteristics of a private cloud environment are that the infrastructure is internally owned and operated, and that systems can be dynamically provisioned and activated. The distinguishing characteristics of a public cloud environment that are most important for security assessment and monitoring are that the infrastructure is not owned by the customer and that the service is provided via a shared infrastructure. Or... (from the RSA Conference): A private cloud is inside the firewall, a private cloud is outside. Security CIA: Confidentiality, Integrity and Availability
  • 4. Definition: Software-as-a-Service (SaaS) SaaS is the provision of software in a services model. Gartner defines SaaS as "software that's owned, delivered and managed remotely by one or more providers." In a pure SaaS model, the provider delivers software based on a single set of common code and data definitions that are consumed in a one-to-many model by all contracted customers anytime, on a pay-for-use basis, or as a subscription based on use metrics. Other *aaS acronyms: PaaS: Platform-as-a-Service IaaS: Infrastructure-as-a-Service SaaS and PaaS are not really new concepts Mainframe-era “Bureau Services” were just SaaS or PaaS Even virtualization is not new: IBM/VM circa 1969
  • 5. Issues to Consider: SaaS (and Public Cloud) Legal issues If it isn’t in the contract, it should be What are the service level agreements? How are they measured? Do they match your expectations? What is the dispute process? Who owns your data? Where is it processed? Where is the DR site? Where is it replicated? Jurisdictional issues Data location (compliance) Legal issues (eg. US Patriot Act) Legal search and seizure considerations SaaS provider closure or acquisition What legal rights do you have? If you can access the data, in what form? (and don’t forget the backups) How quickly could you migrate this business function?
  • 6. Issues to Consider: SaaS (and Public Cloud) Provider Terminating Contract How much notice do you get? Do you have any right of appeal? Can they terminate your service and leave you without access to “your” data? “The Forced March” Will upgrades at the SaaS provider introduce unexpected work (cost)? Forced up-sell due to discontinuation of an older version How much notice do you get? What guarantees are in the contract? Connectivity and Performance Issues SaaS makes your business dependent on Internet access Don’t forget the SLA’s from your ISP or carrier How would your business cope with a network outage? Don’t forget to factor in the cost of network management Is your network traffic protected in transit? (SSL issues.)
  • 7. Issues to Consider: SaaS (and Public Cloud) Expertise If you find you need expertise above basic support, where does it come from and how much does it cost? Generic “Security” Issues Endpoint security still is critical What is the SaaS provider’s security posture? How do they authenticate users? What guarantees do you have that the SaaS provider is implementing best practice? Who can access your data? (Separation). (Not applicable for “pay as you go”). How is the service funded? Fundamentally, HOW DO YOU KNOW? Or, WHAT IS THE RATIONAL BASIS FOR YOUR TRUST?
  • 8. Issues to Consider: Private Cloud Most of the security issues with Private Cloud are not new Some security features are better on private cloud than on raw hardware (eg. DR) Limiting this to private-cloud specific issues All best IT practice applies similarly to private cloud, as it does to existing IT infrastructure Private cloud is fundamentally about increasing efficiency Issues: Network infrastructure and design Administrative access – a rogue or careless admin can do a lot of damage Proliferation – change control is still critical for a well-run virtual infrastructure Software licensing Orphaned VMs Data sprawl Security patching and offline VMs Legal search and seizure Capacity planning Excellent resource: Cloud Security Alliance http://www.cloudsecurityalliance.org/
  • 9. In Summary SaaS and Public Cloud Read and understand the contract Do a thorough cost-benefit analysis Plan for the contingencies Trust but verify Private Cloud All current best practices apply to private clouds too Private clouds have some security characteristics which are superior to “raw metal” IT The majority of issues are operational – this is where to focus