SlideShare une entreprise Scribd logo

Chap 6 cloud security

Télécharger en tant que PPTX, PDF
Raj Sarode
Raj Sarode

in this cahper we learn Cloud Security challenges, issues & privacy in cloud, cloud security architecture, identity management and access control

Internet
1  sur  17
Chapter 6 Cloud Security By Prof. Raj Sarode
Cloud Security Fundamentals • There are a lot of security myths about cloud security needed to be clarified. lot of people think that as soon as they give something to the cloud, they do not have to worry about compliance with security. That is absolutely not correct. If you are a business, your clients are looking at you for security. Whether you go to the cloud or you do it internally using your private infrastructure, that doesn’t change your responsibility in terms of who owns compliance to security. There needs to be a Has to do with black and white, that either cloud is insecure by default or cloud is secure by default. None of that is correct. It really depends on the controls. You’re not reinventing or eliminating any controls. You’re just moving where the controls reside and changing who owns the controls. Cloud by default is neither insecure nor secure, end of the day it’s how everything is implemented and how the data flows. very clear demarcation line. By Prof. Raj Sarode 2
Cloud Security Fundamentals Data is encrypted all the time. It really depends, and that’s a big myth. Some cloud service providers encrypt your data; some do not. You need to find and understand how your data is handled. Does your service providers have the key or does not. It all depends on the model of the cloud. Whether you are at box.com or Dropbox or Salesforce, it all depends on various processes that they’re doing on your data and whether your data is really encrypted or not. “It’s my data, I’ll get it back when I need it.” It’s not necessarily, it depends on where typically the data has been residing. And there are country specific laws that you need to know and understand how to get your data ba Cloud security considerations, whether it is compliance, identity and access management, service integrity, endpoint integrity, information protection, IP specific protection, all needs to be taken into consideration no matter how you are using cloud and for what reasons. By Prof. Raj Sarode 3
Cloud Security Fundamentals Cloud Security: The security and risk management mechanisms and operational proce As a consumer of a cloud platform, application or service, it is the customer’s responsibility to understand the inner-workings of the cloud model and inherent risks with applicable available controls. This includes understanding not only the services being provided but the back-end processes including governance, physical security, network security and other critical controls. The Cloud Security Alliance (CSA) maintains an active body of work titled the Cloud Controls Matrix, or CCM, currently in version 3.0.1 (here: https:// cloudsecurityalliance.org/research/ccm/), which provides an excellent way to understand common available security controls for cloud services. sses supporting the cloud computing IT model. By Prof. Raj Sarode 4
Vulnerability Assessment Tool For Cloud By Prof. Raj Sarode 5
Vulnerability Assessment Tool For Cloud • Clouds provide a powerful computing platform that enables individuals and organizations to perform variety levels of tasks such as: use of online storage space, adoption of business applications, development of customized computer software, and creation of a “realistic” network environment. • Vulnerability management tools help information security teams stay ahead of the rising tide of security issues in their organizations. • They combine state-of-the art vulnerability detection capabilities with prioritization algorithms that help organizations identify the issues requiring immediate attention, so they can focus efforts on the vulnerabilities most likely to result in a breach. By Prof. Raj Sarode 6
Vulnerability Assessment Life Cycle By Prof. Raj Sarode 7
Vulnerability Management Product Features  Quality and Speed of Updates.  Compatibility with Your Environment.  Support for Cloud Services.  Compliance.  Prioritization.  Active and Passive Detection.  Authenticated and Unauthenticated Scanning.  Remediation Guidance.  Vendor Support. By Prof. Raj Sarode 8
List Of Vulnerability Tools Name Owner Licence Platforms Acunetix WVS Acunetix Commercial / Free (Limited Capability) Windows AppScan IBM Commercial Windows App Scanner Trustwave Commercial Windows AppSpider Rapid7 Commercial Windows AVDS Beyond Security Commercial / Free (Limited Capability) N/A BlueClosure BC Detect BlueClosure Commercial, 2 weeks trial Most platforms supported Burp Suite PortSwiger Commercial / Free (Limited Capability) Most platforms supported Contrast Contrast Security Commercial / Free (Limited Capability) SaaS or On-Premises GamaScan GamaSec Commercial Windows Grabber Romain Gaucher Open Source Python 2.4, BeautifulSoup and PyXML Grendel-Scan David Byrne Open Source Windows, Linux and Macintosh GoLismero GoLismero Team GPLv2.0 Windows, Linux and Macintosh IKare ITrust Commercial N/A Indusface Web Application Scanning Indusface Commercial SaaS N-Stealth N-Stalker Commercial Windows Netsparker MavitunaSecurity Commercial Windows Nexpose Rapid7 Commercial / Free (Limited Capability) Windows/Linux Nikto CIRT Open Source Unix/Linux ParosPro MileSCAN Commercial Windows Proxy.app Websecurify Commercial Macintosh QualysGuard Qualys Commercial N/A Retina BeyondTrust Commercial Windows By Prof. Raj Sarode 9
List Of Vulnerability Tools By Prof. Raj Sarode 10 Securus Orvant, Inc Commercial N/A Sentinel WhiteHat Security Commercial N/A SOATest Parasoft Commercial Windows / Linux / Solaris Tinfoil Security Tinfoil Security, Inc. Commercial / Free (Limited Capability) SaaS or On-Premises Trustkeeper Scanner Trustwave SpiderLabs Commercial SaaS Vega Subgraph Open Source Windows, Linux and Macintosh Wapiti Informática Gesfor Open Source Windows, Unix/Linux and Macintosh WebApp360 TripWire Commercial Windows WebInspect HP Commercial Windows WebReaver Websecurify Commercial Macintosh WebScanService German Web Security Commercial N/A Websecurify Suite Websecurify Commercial / Free (Limited Capability) Windows, Linux, Macintosh Wikto Sensepost Open Source Windows w3af w3af.org GPLv2.0 Linux and Mac Xenotix XSS Exploit Framework OWASP Open Source Windows Zed Attack Proxy OWASP Open Source Windows, Unix/Linux and Macintosh
Privacy and Security in Cloud By Prof. Raj Sarode 11 • Cloud computing security or, more simply, cloud security refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security. • Well-known security issues such as data loss, phishing, botnet (running remotely on a collection of machines) pose serious threats to organization's data and software. • Moreover, the multi- tenancy model and the pooled computing resources in cloud computing has introduced new security challenges that require novel techniques to tackle with. • For example, hackers can use Cloud to organize botnet as Cloud often provides more reliable infrastructure services at a relatively cheaper price for them to start an attack
Cloud Security Architecture By Prof. Raj Sarode 12
Cloud Security Architecture By Prof. Raj Sarode 13
Identity Management & Access Control By Prof. Raj Sarode 14 • Business demands on Identity Management & Access Control are changing rapidly, resulting in the requirement to adopt emerging technologies • Identity Management: Your online identity is established when you register. During registration, some attributes are collected and stored in the database. • The registration process can be quite different depending on what kind of digital identity you will be issued. • An identity management access (IAM) system is a framework for business processes that facilitates the management of electronic identities. • Access Control: So when the user identity is established he can access the service? Wrong. Authentication != Authorization (!= is nerd language and means “not equal”). After authentication there needs to be an access control decision. • The decision is based on the information available about the user. This is where the attributes come into play. • If the authentication process can deliver the required set of attributes to the access control decision point, the process can then evaluate the attributes and make the Yes/No decision.
Identity Management & Access Control By Prof. Raj Sarode 15 • The difference between identity management and access management is thus: • Identity Management is about managing the attributes related to the user • Access Management is about evaluating the attributes based on policies and making Yes/No decisions
Cloud computing security challenges By Prof. Raj Sarode 16 • Cloud computing security challenges fall into three broad categories: • Data Protection: Securing your data both at rest and in transit User Authentication: Limiting access to data and monitoring who accesses the data. • Disaster and Data Breach: Contingency Planning • Advanced Attacks & Cyber Conflicts • Service Provider Visibility • Translating Enterprise Requirements into the Cloud
Thank You By Prof. Raj Sarode 17

Recommandé

Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsViresh Suri
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
Cloud computing and data security
Cloud computing and data securityCloud computing and data security
Cloud computing and data securityMohammed Fazuluddin
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud security
Cloud securityCloud security
Cloud securityNiharika Varshney
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 

Recommandé

Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsViresh Suri
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
Cloud computing and data security
Cloud computing and data securityCloud computing and data security
Cloud computing and data securityMohammed Fazuluddin
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud security
Cloud securityCloud security
Cloud securityNiharika Varshney
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
Cloud security
Cloud security Cloud security
Cloud security Mohamed Shalash
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud IBM Security
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud ComputingKeet Sugathadasa
 
Cloud security
Cloud securityCloud security
Cloud securityTushar Kayande
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Cloud Based Disaster Recovery (DRaaS)
Cloud Based Disaster Recovery (DRaaS)Cloud Based Disaster Recovery (DRaaS)
Cloud Based Disaster Recovery (DRaaS)PT Datacomm Diangraha
 
Lecture5 virtualization
Lecture5 virtualizationLecture5 virtualization
Lecture5 virtualizationhktripathy
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarJoseph Holbrook, Chief Learning Officer (CLO)
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Identacor
 
Cloud security
Cloud securityCloud security
Cloud securityBikashPokharel3
 
Cloud Computing Architecture
Cloud Computing ArchitectureCloud Computing Architecture
Cloud Computing ArchitectureAnimesh Chaturvedi
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management Padma Jella
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security GovernanceShankar Subramaniyan
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Samrat Das
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computingJithin Parakka
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computingNitish Awasthi (anitish_225)
 
Chap 5 software as a service (saass)
Chap 5 software as a service (saass)Chap 5 software as a service (saass)
Chap 5 software as a service (saass)Raj Sarode
 
Chap 3 infrastructure as a service(iaas)
Chap 3 infrastructure as a service(iaas)Chap 3 infrastructure as a service(iaas)
Chap 3 infrastructure as a service(iaas)Raj Sarode
 

Contenu connexe

Tendances

Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud IBM Security
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud ComputingKeet Sugathadasa
 
Cloud Based Disaster Recovery (DRaaS)
Cloud Based Disaster Recovery (DRaaS)Cloud Based Disaster Recovery (DRaaS)
Cloud Based Disaster Recovery (DRaaS)PT Datacomm Diangraha
 
Lecture5 virtualization
Lecture5 virtualizationLecture5 virtualization
Lecture5 virtualizationhktripathy
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Identacor
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management Padma Jella
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Samrat Das
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computingJithin Parakka
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computingNitish Awasthi (anitish_225)
 

Tendances (20)

Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
 
Cloud security
Cloud security Cloud security
Cloud security
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud Based Disaster Recovery (DRaaS)
Cloud Based Disaster Recovery (DRaaS)Cloud Based Disaster Recovery (DRaaS)
Cloud Based Disaster Recovery (DRaaS)
 
Lecture5 virtualization
Lecture5 virtualizationLecture5 virtualization
Lecture5 virtualization
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cloud Computing Architecture
Cloud Computing ArchitectureCloud Computing Architecture
Cloud Computing Architecture
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computing
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computing
 

En vedette

Chap 5 software as a service (saass)
Chap 5 software as a service (saass)Chap 5 software as a service (saass)
Chap 5 software as a service (saass)Raj Sarode
 
Chap 3 infrastructure as a service(iaas)
Chap 3 infrastructure as a service(iaas)Chap 3 infrastructure as a service(iaas)
Chap 3 infrastructure as a service(iaas)Raj Sarode
 
Chap 2 virtulizatin
Chap 2 virtulizatinChap 2 virtulizatin
Chap 2 virtulizatinRaj Sarode
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing securityGahya Pandian
 
Chap 1 introduction to cloud computing
Chap 1 introduction to cloud computingChap 1 introduction to cloud computing
Chap 1 introduction to cloud computingRaj Sarode
 
Chap 4 platform as a service (paa s)
Chap 4 platform as a service (paa s)Chap 4 platform as a service (paa s)
Chap 4 platform as a service (paa s)Raj Sarode
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingJim Geovedi
 
The Economic Gains of Cloud Computing
The Economic Gains of Cloud ComputingThe Economic Gains of Cloud Computing
The Economic Gains of Cloud ComputingGovCloud Network
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesDheeraj Negi
 
Datastructures and algorithms prepared by M.V.Brehmanada Reddy
Datastructures and algorithms prepared by M.V.Brehmanada ReddyDatastructures and algorithms prepared by M.V.Brehmanada Reddy
Datastructures and algorithms prepared by M.V.Brehmanada ReddyMalikireddy Bramhananda Reddy
 
IDC Infographic - How Flash Fits into Your Cloud
IDC Infographic - How Flash Fits into Your CloudIDC Infographic - How Flash Fits into Your Cloud
IDC Infographic - How Flash Fits into Your CloudWestern Digital
 
Chapter 5 data processing
Chapter 5 data processingChapter 5 data processing
Chapter 5 data processingUMaine
 
Government Applications of Cloud Computing
Government Applications of Cloud ComputingGovernment Applications of Cloud Computing
Government Applications of Cloud ComputingRoger Smith
 
Chap 7 binary threaded tree
Chap 7 binary threaded treeChap 7 binary threaded tree
Chap 7 binary threaded treeRaj Sarode
 

En vedette (20)

Chap 5 software as a service (saass)
Chap 5 software as a service (saass)Chap 5 software as a service (saass)
Chap 5 software as a service (saass)
 
Chap 3 infrastructure as a service(iaas)
Chap 3 infrastructure as a service(iaas)Chap 3 infrastructure as a service(iaas)
Chap 3 infrastructure as a service(iaas)
 
Chap 2 virtulizatin
Chap 2 virtulizatinChap 2 virtulizatin
Chap 2 virtulizatin
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
 
Chap 1 introduction to cloud computing
Chap 1 introduction to cloud computingChap 1 introduction to cloud computing
Chap 1 introduction to cloud computing
 
Chap 4 platform as a service (paa s)
Chap 4 platform as a service (paa s)Chap 4 platform as a service (paa s)
Chap 4 platform as a service (paa s)
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
 
The Economic Gains of Cloud Computing
The Economic Gains of Cloud ComputingThe Economic Gains of Cloud Computing
The Economic Gains of Cloud Computing
 
stack
stackstack
stack
 
Queue
QueueQueue
Queue
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
cloud computing ppt
cloud computing pptcloud computing ppt
cloud computing ppt
 
Datastructures and algorithms prepared by M.V.Brehmanada Reddy
Datastructures and algorithms prepared by M.V.Brehmanada ReddyDatastructures and algorithms prepared by M.V.Brehmanada Reddy
Datastructures and algorithms prepared by M.V.Brehmanada Reddy
 
IDC Infographic - How Flash Fits into Your Cloud
IDC Infographic - How Flash Fits into Your CloudIDC Infographic - How Flash Fits into Your Cloud
IDC Infographic - How Flash Fits into Your Cloud
 
Chapter 5 data processing
Chapter 5 data processingChapter 5 data processing
Chapter 5 data processing
 
Chap 8 graph
Chap 8 graphChap 8 graph
Chap 8 graph
 
Government Applications of Cloud Computing
Government Applications of Cloud ComputingGovernment Applications of Cloud Computing
Government Applications of Cloud Computing
 
Iaas storage-170302090824
Iaas storage-170302090824Iaas storage-170302090824
Iaas storage-170302090824
 
Chap 7 binary threaded tree
Chap 7 binary threaded treeChap 7 binary threaded tree
Chap 7 binary threaded tree
 
Brain gate system
Brain gate systemBrain gate system
Brain gate system
 

Similaire à Chap 6 cloud security

the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Amazon Web Services
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAmazon Web Services
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfTop Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfForgeahead Solutions
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices Cloudride LTD
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxLokNathRegmi1
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
 
Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --SymantecAbhishek Sood
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityCryptzone
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityVAST
 
R ramya devi cloud computing
R ramya devi cloud computingR ramya devi cloud computing
R ramya devi cloud computingPriyadharshiniVS
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 

Similaire à Chap 6 cloud security (20)

the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
CCSK.pptx
CCSK.pptxCCSK.pptx
CCSK.pptx
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfTop Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
 
Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
 
Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --Symantec
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud Security
 
R ramya devi cloud computing
R ramya devi cloud computingR ramya devi cloud computing
R ramya devi cloud computing
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
 

Dernier

PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Intellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxIntellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxBipin Adhikari
 

Dernier (20)

PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Intellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxIntellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptx
 

Chap 6 cloud security

  • 1. Chapter 6 Cloud Security By Prof. Raj Sarode
  • 2. Cloud Security Fundamentals • There are a lot of security myths about cloud security needed to be clarified. lot of people think that as soon as they give something to the cloud, they do not have to worry about compliance with security. That is absolutely not correct. If you are a business, your clients are looking at you for security. Whether you go to the cloud or you do it internally using your private infrastructure, that doesn’t change your responsibility in terms of who owns compliance to security. There needs to be a Has to do with black and white, that either cloud is insecure by default or cloud is secure by default. None of that is correct. It really depends on the controls. You’re not reinventing or eliminating any controls. You’re just moving where the controls reside and changing who owns the controls. Cloud by default is neither insecure nor secure, end of the day it’s how everything is implemented and how the data flows. very clear demarcation line. By Prof. Raj Sarode 2
  • 3. Cloud Security Fundamentals Data is encrypted all the time. It really depends, and that’s a big myth. Some cloud service providers encrypt your data; some do not. You need to find and understand how your data is handled. Does your service providers have the key or does not. It all depends on the model of the cloud. Whether you are at box.com or Dropbox or Salesforce, it all depends on various processes that they’re doing on your data and whether your data is really encrypted or not. “It’s my data, I’ll get it back when I need it.” It’s not necessarily, it depends on where typically the data has been residing. And there are country specific laws that you need to know and understand how to get your data ba Cloud security considerations, whether it is compliance, identity and access management, service integrity, endpoint integrity, information protection, IP specific protection, all needs to be taken into consideration no matter how you are using cloud and for what reasons. By Prof. Raj Sarode 3
  • 4. Cloud Security Fundamentals Cloud Security: The security and risk management mechanisms and operational proce As a consumer of a cloud platform, application or service, it is the customer’s responsibility to understand the inner-workings of the cloud model and inherent risks with applicable available controls. This includes understanding not only the services being provided but the back-end processes including governance, physical security, network security and other critical controls. The Cloud Security Alliance (CSA) maintains an active body of work titled the Cloud Controls Matrix, or CCM, currently in version 3.0.1 (here: https:// cloudsecurityalliance.org/research/ccm/), which provides an excellent way to understand common available security controls for cloud services. sses supporting the cloud computing IT model. By Prof. Raj Sarode 4
  • 5. Vulnerability Assessment Tool For Cloud By Prof. Raj Sarode 5
  • 6. Vulnerability Assessment Tool For Cloud • Clouds provide a powerful computing platform that enables individuals and organizations to perform variety levels of tasks such as: use of online storage space, adoption of business applications, development of customized computer software, and creation of a “realistic” network environment. • Vulnerability management tools help information security teams stay ahead of the rising tide of security issues in their organizations. • They combine state-of-the art vulnerability detection capabilities with prioritization algorithms that help organizations identify the issues requiring immediate attention, so they can focus efforts on the vulnerabilities most likely to result in a breach. By Prof. Raj Sarode 6
  • 7. Vulnerability Assessment Life Cycle By Prof. Raj Sarode 7
  • 8. Vulnerability Management Product Features  Quality and Speed of Updates.  Compatibility with Your Environment.  Support for Cloud Services.  Compliance.  Prioritization.  Active and Passive Detection.  Authenticated and Unauthenticated Scanning.  Remediation Guidance.  Vendor Support. By Prof. Raj Sarode 8
  • 9. List Of Vulnerability Tools Name Owner Licence Platforms Acunetix WVS Acunetix Commercial / Free (Limited Capability) Windows AppScan IBM Commercial Windows App Scanner Trustwave Commercial Windows AppSpider Rapid7 Commercial Windows AVDS Beyond Security Commercial / Free (Limited Capability) N/A BlueClosure BC Detect BlueClosure Commercial, 2 weeks trial Most platforms supported Burp Suite PortSwiger Commercial / Free (Limited Capability) Most platforms supported Contrast Contrast Security Commercial / Free (Limited Capability) SaaS or On-Premises GamaScan GamaSec Commercial Windows Grabber Romain Gaucher Open Source Python 2.4, BeautifulSoup and PyXML Grendel-Scan David Byrne Open Source Windows, Linux and Macintosh GoLismero GoLismero Team GPLv2.0 Windows, Linux and Macintosh IKare ITrust Commercial N/A Indusface Web Application Scanning Indusface Commercial SaaS N-Stealth N-Stalker Commercial Windows Netsparker MavitunaSecurity Commercial Windows Nexpose Rapid7 Commercial / Free (Limited Capability) Windows/Linux Nikto CIRT Open Source Unix/Linux ParosPro MileSCAN Commercial Windows Proxy.app Websecurify Commercial Macintosh QualysGuard Qualys Commercial N/A Retina BeyondTrust Commercial Windows By Prof. Raj Sarode 9
  • 10. List Of Vulnerability Tools By Prof. Raj Sarode 10 Securus Orvant, Inc Commercial N/A Sentinel WhiteHat Security Commercial N/A SOATest Parasoft Commercial Windows / Linux / Solaris Tinfoil Security Tinfoil Security, Inc. Commercial / Free (Limited Capability) SaaS or On-Premises Trustkeeper Scanner Trustwave SpiderLabs Commercial SaaS Vega Subgraph Open Source Windows, Linux and Macintosh Wapiti Informática Gesfor Open Source Windows, Unix/Linux and Macintosh WebApp360 TripWire Commercial Windows WebInspect HP Commercial Windows WebReaver Websecurify Commercial Macintosh WebScanService German Web Security Commercial N/A Websecurify Suite Websecurify Commercial / Free (Limited Capability) Windows, Linux, Macintosh Wikto Sensepost Open Source Windows w3af w3af.org GPLv2.0 Linux and Mac Xenotix XSS Exploit Framework OWASP Open Source Windows Zed Attack Proxy OWASP Open Source Windows, Unix/Linux and Macintosh
  • 11. Privacy and Security in Cloud By Prof. Raj Sarode 11 • Cloud computing security or, more simply, cloud security refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security. • Well-known security issues such as data loss, phishing, botnet (running remotely on a collection of machines) pose serious threats to organization's data and software. • Moreover, the multi- tenancy model and the pooled computing resources in cloud computing has introduced new security challenges that require novel techniques to tackle with. • For example, hackers can use Cloud to organize botnet as Cloud often provides more reliable infrastructure services at a relatively cheaper price for them to start an attack
  • 12. Cloud Security Architecture By Prof. Raj Sarode 12
  • 13. Cloud Security Architecture By Prof. Raj Sarode 13
  • 14. Identity Management & Access Control By Prof. Raj Sarode 14 • Business demands on Identity Management & Access Control are changing rapidly, resulting in the requirement to adopt emerging technologies • Identity Management: Your online identity is established when you register. During registration, some attributes are collected and stored in the database. • The registration process can be quite different depending on what kind of digital identity you will be issued. • An identity management access (IAM) system is a framework for business processes that facilitates the management of electronic identities. • Access Control: So when the user identity is established he can access the service? Wrong. Authentication != Authorization (!= is nerd language and means “not equal”). After authentication there needs to be an access control decision. • The decision is based on the information available about the user. This is where the attributes come into play. • If the authentication process can deliver the required set of attributes to the access control decision point, the process can then evaluate the attributes and make the Yes/No decision.
  • 15. Identity Management & Access Control By Prof. Raj Sarode 15 • The difference between identity management and access management is thus: • Identity Management is about managing the attributes related to the user • Access Management is about evaluating the attributes based on policies and making Yes/No decisions
  • 16. Cloud computing security challenges By Prof. Raj Sarode 16 • Cloud computing security challenges fall into three broad categories: • Data Protection: Securing your data both at rest and in transit User Authentication: Limiting access to data and monitoring who accesses the data. • Disaster and Data Breach: Contingency Planning • Advanced Attacks & Cyber Conflicts • Service Provider Visibility • Translating Enterprise Requirements into the Cloud
  • 17. Thank You By Prof. Raj Sarode 17