SlideShare une entreprise Scribd logo

Cloud Security Risks and Awareness

Shahar Geiger Maor
Shahar Geiger Maor

The document discusses cloud security risks and awareness. It covers various types of cloud models including public, private, hybrid clouds. It identifies top threats to cloud computing such as abuse and malicious use, account hijacking, and data leakage. The document examines how to secure the cloud from the perspective of cloud providers and clients. It addresses concerns around governance, compliance and trust between cloud providers and organizations. Finally, it discusses the lack of regulations and standards in cloud computing and calls for the development of standards to improve cloud security.

TechnologieBusiness
1  sur  22
Télécharger pour lire hors ligne
Cloud Security: Risks and Awareness Shahar Geiger Maor, Senior Analyst www.shaharmaor.blogspot.com http://www.facebook.com/shahar.maor http://twitter.com/shaharmaor
We Should Know, by now, What Cloud Means http://www.opengroup.org/jericho/cloud_cube_model_v1.0.pdf Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 2
Game Changer #7 Hybrid Clouds Private Clouds Public Clouds – BPaaS – PaaS – SaaS – IaaS Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 3
4 types: Enterprise Clouds http://www.readwriteweb.com/cloud/201 1/04/the-cloud-stratosphere-infogra.php source or attribution from any graphic or portion of graphic Shahar Maor’s work Copyright 2011 @STKI Do not remove 4
Cloudy IT: the hybrid world ISPs will become strategic Developers are now doing most of their By 2014 : development work for public cloud versions. 80% of Israeli companies But will have private cloud versions 2015 Will run hybrid clouds Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 5
How does a private “cloud” looks Like ? Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 6
Enterprise Benefits from Cloud Computing Capability From To Server/Storage 10-20% 70-90% Utilization Cloud accelerates business value Self service None Unlimited across a wide Test variety of Weeks Minutes Provisioning domains. Change Months Days/Hours Management Release Weeks Minutes Management Time to market bad Better Fixed cost Metering/Billing Granular model Focus on the Not really Much better Core Legacy environments Cloud enabled enterprise Shahar Maor’s work Copyright 2011 @STKI Do IBM STKI modifications from any graphic or portion of graphic Source: not remove source or attribution 7
Technologies Categorization 20102011 Cyber Warfare Market Curiosity Mobile “Social” Sec Security IT Project Major DLP Changes IRM Cloud Size of figure = Application Security complexity/ Security cost of project Endpoint Security Security Management Network Security Using Implementing Looking Market Maturity Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic Source: STKI 8
Cloud Security Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic http://securosis.com/research 9
Top Threats To Cloud Computing Abuse and Nefarious Use of Cloud Computing Unknown Risk Malicious Profile Insiders Shared Account or Technology Service Hijacking Issues Insecure Data Loss or Interfaces and Leakage APIs http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 10
Cloud Provider Vs. Organization Governance Compliance Trust Identity and Access Software Architecture Isolation Management Incident Data Protection Availability Response Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf 11
Division of Liabilities in the Cloud http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-information-assurance- Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic framework/ 12
How to Secure the Cloud? –Provider’s Side Technologies believed to be most important in securing the cloud computing environment Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 13
Cloud Services Concerns –Client’s Side Security (especially access issues) is still considered a top concern Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic Source: InformationWeek, State of Cloud, Jan 2011 14
Cloud Services Concerns –Client’s Side “We won’t be involving our security team in this project until the last possible moment, because the answer will be ‘no.’” -VP at one of the largest retailers in the world Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic Source: InformationWeek, State of Cloud, Jan 2011 15
Lack of Confidence in IT? Who is responsible for ensuring a secure cloud computing environment? Isn't cloud security an IT responsibility??? -So why is it 3rd? Don’t let it scatter Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 16
Regulations, Standards and Certifications Regulations????? Looking for regulations? …Please wait for the next -Nothing (so far…) disaster Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 17
Regulations, Standards and Certifications • Standards: – AICPA: SAS 70: • there is no published list of SAS 70 standards (Recommendation: ask to review your cloud provider’s SAS 70 type Ⅰ/Ⅱ report!!!) • Certifications: – NIST (National Institute of Standards and Technology) • Recommended Security Controls for Federal Information Systems and Organizations* === > FISMA (Federal Information Security Management Act) ATO (Authorization to Operate). – CSA: • CCSK –Certified Cloud Security Knowledge * Not related directly to cloud security Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 18
Regulations, Standards and Certifications • Guidelines: – CSA (Cloud Security Alliance): • CCM -Cloud Controls Matrix – NIST (National Institute of Standards and Technology): • DRAFT Guidelines on Security and Privacy in Public Cloud Computing – ENISA (European Network and Information Security Agency): • Cloud Security Information Assurance Framework Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 19
Addressing Cloud Issues in the Israeli Government ‫0102/01 מתוך נייר עמדה בנושא: עקרונות להגנת הפרטיות במידע אישי במיקור חוץ בישראל‬ http://www.justice.gov.il/NR/rdonlyres/1FB266DE-95A0-4C31-939B-3796DCB0C232/23065/positionmikurhuz.pdf ? Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 20
In Short Security is an …”We put The cloud is EASY our money in No rush! here to stay showstopper the cloud” Find yourself Look for a solid standards partner Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 21
Thank you! Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 22

Recommandé

Cloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaCloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaAsheem Chandna
 
Connect the Cloud: A Strategy for Enterprise, Mobile and Developer APIs
Connect the Cloud: A Strategy for Enterprise, Mobile and Developer APIs Connect the Cloud: A Strategy for Enterprise, Mobile and Developer APIs
Connect the Cloud: A Strategy for Enterprise, Mobile and Developer APIsRyan Boyles
 
As oportunidades para a Indústria Geradas pela Computação em Nuvem
As oportunidades para a Indústria Geradas pela Computação em NuvemAs oportunidades para a Indústria Geradas pela Computação em Nuvem
As oportunidades para a Indústria Geradas pela Computação em NuvemSoluções NEI
 
5 Cloud Commandments - Why Cloud Management Makes Sense
5 Cloud Commandments - Why Cloud Management Makes Sense5 Cloud Commandments - Why Cloud Management Makes Sense
5 Cloud Commandments - Why Cloud Management Makes SenseRightScale
 
Virtualisation with service management as enabler for cloud computing - Kingd...
Virtualisation with service management as enabler for cloud computing - Kingd...Virtualisation with service management as enabler for cloud computing - Kingd...
Virtualisation with service management as enabler for cloud computing - Kingd...Ciro Puglisi
 
The marriage between Cloud and ITSM
The marriage between Cloud and ITSMThe marriage between Cloud and ITSM
The marriage between Cloud and ITSMITpreneurs
 
Cloud ibm per pmi - Roberto Menghini
Cloud ibm per pmi - Roberto MenghiniCloud ibm per pmi - Roberto Menghini
Cloud ibm per pmi - Roberto MenghiniCentro di competenza ICT-SUD
 
Cloud Computing: Practice Makes Perfect
Cloud Computing: Practice Makes PerfectCloud Computing: Practice Makes Perfect
Cloud Computing: Practice Makes Perfectitnewsafrica
 

Recommandé

Cloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaCloud Computing - Jan 2011 - Chandna
Cloud Computing - Jan 2011 - ChandnaAsheem Chandna
 
Connect the Cloud: A Strategy for Enterprise, Mobile and Developer APIs
Connect the Cloud: A Strategy for Enterprise, Mobile and Developer APIs Connect the Cloud: A Strategy for Enterprise, Mobile and Developer APIs
Connect the Cloud: A Strategy for Enterprise, Mobile and Developer APIsRyan Boyles
 
As oportunidades para a Indústria Geradas pela Computação em Nuvem
As oportunidades para a Indústria Geradas pela Computação em NuvemAs oportunidades para a Indústria Geradas pela Computação em Nuvem
As oportunidades para a Indústria Geradas pela Computação em NuvemSoluções NEI
 
5 Cloud Commandments - Why Cloud Management Makes Sense
5 Cloud Commandments - Why Cloud Management Makes Sense5 Cloud Commandments - Why Cloud Management Makes Sense
5 Cloud Commandments - Why Cloud Management Makes SenseRightScale
 
Virtualisation with service management as enabler for cloud computing - Kingd...
Virtualisation with service management as enabler for cloud computing - Kingd...Virtualisation with service management as enabler for cloud computing - Kingd...
Virtualisation with service management as enabler for cloud computing - Kingd...Ciro Puglisi
 
The marriage between Cloud and ITSM
The marriage between Cloud and ITSMThe marriage between Cloud and ITSM
The marriage between Cloud and ITSMITpreneurs
 
Cloud ibm per pmi - Roberto Menghini
Cloud ibm per pmi - Roberto MenghiniCloud ibm per pmi - Roberto Menghini
Cloud ibm per pmi - Roberto MenghiniCentro di competenza ICT-SUD
 
Cloud Computing: Practice Makes Perfect
Cloud Computing: Practice Makes PerfectCloud Computing: Practice Makes Perfect
Cloud Computing: Practice Makes Perfectitnewsafrica
 
Smart Analytics Cloud med Cognos (IBM Information Management)
Smart Analytics Cloud med Cognos (IBM Information Management)Smart Analytics Cloud med Cognos (IBM Information Management)
Smart Analytics Cloud med Cognos (IBM Information Management)IBM Danmark
 
System Center 2012: Bringing the Microsoft Private Cloud Down to Earth
System Center 2012: Bringing the Microsoft Private Cloud Down to EarthSystem Center 2012: Bringing the Microsoft Private Cloud Down to Earth
System Center 2012: Bringing the Microsoft Private Cloud Down to EarthInnoTech
 
Cloud Computing in Organization
Cloud Computing in OrganizationCloud Computing in Organization
Cloud Computing in OrganizationInformation Studies, University of the Thai Chamber of Commerce
 
Fujitsu 23feb2012
Fujitsu 23feb2012Fujitsu 23feb2012
Fujitsu 23feb2012Agora Group
 
Lax breakfast forum_developing_your_cloud_strategy_05_10_2012
Lax breakfast forum_developing_your_cloud_strategy_05_10_2012Lax breakfast forum_developing_your_cloud_strategy_05_10_2012
Lax breakfast forum_developing_your_cloud_strategy_05_10_2012Internap
 
Lockheed Martin Deployment Cloud Design Patterns
Lockheed Martin Deployment Cloud Design PatternsLockheed Martin Deployment Cloud Design Patterns
Lockheed Martin Deployment Cloud Design PatternsGovCloud Network
 
IT Management Firestarter
IT Management FirestarterIT Management Firestarter
IT Management FirestarterBala Subra
 
Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...
Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...
Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...Intergen
 
493144 infosys slides_v5
493144 infosys slides_v5493144 infosys slides_v5
493144 infosys slides_v5Accenture
 
Nyc lunch and learn 03 15 2012 final
Nyc lunch and learn 03 15 2012 finalNyc lunch and learn 03 15 2012 final
Nyc lunch and learn 03 15 2012 finalInternap
 
Roa holdings vp, 소 쿠니노리
Roa holdings vp, 소 쿠니노리Roa holdings vp, 소 쿠니노리
Roa holdings vp, 소 쿠니노리Jayoung Lim
 
Cloud Computing Why, What, How
Cloud Computing Why, What, HowCloud Computing Why, What, How
Cloud Computing Why, What, HowKennisportal
 
PCTY 2012, IBM SmartCloud-Strategi v. Anthony Doyle
PCTY 2012, IBM SmartCloud-Strategi v. Anthony DoylePCTY 2012, IBM SmartCloud-Strategi v. Anthony Doyle
PCTY 2012, IBM SmartCloud-Strategi v. Anthony DoyleIBM Danmark
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureDarren Cunningham
 
Kaavo MSP Introduction 08182011
Kaavo MSP Introduction 08182011Kaavo MSP Introduction 08182011
Kaavo MSP Introduction 08182011sams2618
 
MISA Cloud Workshop_ Roadmap to a municipal community cloud in canada
MISA Cloud Workshop_ Roadmap to a municipal community cloud in canadaMISA Cloud Workshop_ Roadmap to a municipal community cloud in canada
MISA Cloud Workshop_ Roadmap to a municipal community cloud in canadaMISA Ontario Cloud SIG
 
Avner Algom IGT Opening HP Seminar
Avner Algom IGT Opening HP SeminarAvner Algom IGT Opening HP Seminar
Avner Algom IGT Opening HP SeminarAvner Algom
 
Avner algom igt cloud igtdld event
Avner algom igt cloud igtdld eventAvner algom igt cloud igtdld event
Avner algom igt cloud igtdld eventAvner Algom
 
Agile 2012 Conference briefing deck for Analyst and Press
Agile 2012 Conference briefing deck for Analyst and Press Agile 2012 Conference briefing deck for Analyst and Press
Agile 2012 Conference briefing deck for Analyst and Press Laszlo Szalvay
 
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...LicensingLive! - SafeNet
 
Oracle Enterprise Manager
Oracle Enterprise ManagerOracle Enterprise Manager
Oracle Enterprise ManagerBob Rhubart
 
Avner algom feb 7 2012
Avner algom feb 7 2012Avner algom feb 7 2012
Avner algom feb 7 2012Avner Algom
 

Contenu connexe

Tendances

Smart Analytics Cloud med Cognos (IBM Information Management)
Smart Analytics Cloud med Cognos (IBM Information Management)Smart Analytics Cloud med Cognos (IBM Information Management)
Smart Analytics Cloud med Cognos (IBM Information Management)IBM Danmark
 
System Center 2012: Bringing the Microsoft Private Cloud Down to Earth
System Center 2012: Bringing the Microsoft Private Cloud Down to EarthSystem Center 2012: Bringing the Microsoft Private Cloud Down to Earth
System Center 2012: Bringing the Microsoft Private Cloud Down to EarthInnoTech
 
Fujitsu 23feb2012
Fujitsu 23feb2012Fujitsu 23feb2012
Fujitsu 23feb2012Agora Group
 
Lax breakfast forum_developing_your_cloud_strategy_05_10_2012
Lax breakfast forum_developing_your_cloud_strategy_05_10_2012Lax breakfast forum_developing_your_cloud_strategy_05_10_2012
Lax breakfast forum_developing_your_cloud_strategy_05_10_2012Internap
 
Lockheed Martin Deployment Cloud Design Patterns
Lockheed Martin Deployment Cloud Design PatternsLockheed Martin Deployment Cloud Design Patterns
Lockheed Martin Deployment Cloud Design PatternsGovCloud Network
 
IT Management Firestarter
IT Management FirestarterIT Management Firestarter
IT Management FirestarterBala Subra
 
Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...
Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...
Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...Intergen
 
493144 infosys slides_v5
493144 infosys slides_v5493144 infosys slides_v5
493144 infosys slides_v5Accenture
 
Nyc lunch and learn 03 15 2012 final
Nyc lunch and learn 03 15 2012 finalNyc lunch and learn 03 15 2012 final
Nyc lunch and learn 03 15 2012 finalInternap
 
Roa holdings vp, 소 쿠니노리
Roa holdings vp, 소 쿠니노리Roa holdings vp, 소 쿠니노리
Roa holdings vp, 소 쿠니노리Jayoung Lim
 
Cloud Computing Why, What, How
Cloud Computing Why, What, HowCloud Computing Why, What, How
Cloud Computing Why, What, HowKennisportal
 
PCTY 2012, IBM SmartCloud-Strategi v. Anthony Doyle
PCTY 2012, IBM SmartCloud-Strategi v. Anthony DoylePCTY 2012, IBM SmartCloud-Strategi v. Anthony Doyle
PCTY 2012, IBM SmartCloud-Strategi v. Anthony DoyleIBM Danmark
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureDarren Cunningham
 
Kaavo MSP Introduction 08182011
Kaavo MSP Introduction 08182011Kaavo MSP Introduction 08182011
Kaavo MSP Introduction 08182011sams2618
 
MISA Cloud Workshop_ Roadmap to a municipal community cloud in canada
MISA Cloud Workshop_ Roadmap to a municipal community cloud in canadaMISA Cloud Workshop_ Roadmap to a municipal community cloud in canada
MISA Cloud Workshop_ Roadmap to a municipal community cloud in canadaMISA Ontario Cloud SIG
 

Tendances (16)

Smart Analytics Cloud med Cognos (IBM Information Management)
Smart Analytics Cloud med Cognos (IBM Information Management)Smart Analytics Cloud med Cognos (IBM Information Management)
Smart Analytics Cloud med Cognos (IBM Information Management)
 
System Center 2012: Bringing the Microsoft Private Cloud Down to Earth
System Center 2012: Bringing the Microsoft Private Cloud Down to EarthSystem Center 2012: Bringing the Microsoft Private Cloud Down to Earth
System Center 2012: Bringing the Microsoft Private Cloud Down to Earth
 
Cloud Computing in Organization
Cloud Computing in OrganizationCloud Computing in Organization
Cloud Computing in Organization
 
Fujitsu 23feb2012
Fujitsu 23feb2012Fujitsu 23feb2012
Fujitsu 23feb2012
 
Lax breakfast forum_developing_your_cloud_strategy_05_10_2012
Lax breakfast forum_developing_your_cloud_strategy_05_10_2012Lax breakfast forum_developing_your_cloud_strategy_05_10_2012
Lax breakfast forum_developing_your_cloud_strategy_05_10_2012
 
Lockheed Martin Deployment Cloud Design Patterns
Lockheed Martin Deployment Cloud Design PatternsLockheed Martin Deployment Cloud Design Patterns
Lockheed Martin Deployment Cloud Design Patterns
 
IT Management Firestarter
IT Management FirestarterIT Management Firestarter
IT Management Firestarter
 
Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...
Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...
Pushing the Technology Envelope to Deliver Business Innovation an IDC Perspec...
 
493144 infosys slides_v5
493144 infosys slides_v5493144 infosys slides_v5
493144 infosys slides_v5
 
Nyc lunch and learn 03 15 2012 final
Nyc lunch and learn 03 15 2012 finalNyc lunch and learn 03 15 2012 final
Nyc lunch and learn 03 15 2012 final
 
Roa holdings vp, 소 쿠니노리
Roa holdings vp, 소 쿠니노리Roa holdings vp, 소 쿠니노리
Roa holdings vp, 소 쿠니노리
 
Cloud Computing Why, What, How
Cloud Computing Why, What, HowCloud Computing Why, What, How
Cloud Computing Why, What, How
 
PCTY 2012, IBM SmartCloud-Strategi v. Anthony Doyle
PCTY 2012, IBM SmartCloud-Strategi v. Anthony DoylePCTY 2012, IBM SmartCloud-Strategi v. Anthony Doyle
PCTY 2012, IBM SmartCloud-Strategi v. Anthony Doyle
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and Infrastructure
 
Kaavo MSP Introduction 08182011
Kaavo MSP Introduction 08182011Kaavo MSP Introduction 08182011
Kaavo MSP Introduction 08182011
 
MISA Cloud Workshop_ Roadmap to a municipal community cloud in canada
MISA Cloud Workshop_ Roadmap to a municipal community cloud in canadaMISA Cloud Workshop_ Roadmap to a municipal community cloud in canada
MISA Cloud Workshop_ Roadmap to a municipal community cloud in canada
 

Similaire à Cloud Security Risks and Awareness

Avner Algom IGT Opening HP Seminar
Avner Algom IGT Opening HP SeminarAvner Algom IGT Opening HP Seminar
Avner Algom IGT Opening HP SeminarAvner Algom
 
Avner algom igt cloud igtdld event
Avner algom igt cloud igtdld eventAvner algom igt cloud igtdld event
Avner algom igt cloud igtdld eventAvner Algom
 
Agile 2012 Conference briefing deck for Analyst and Press
Agile 2012 Conference briefing deck for Analyst and Press Agile 2012 Conference briefing deck for Analyst and Press
Agile 2012 Conference briefing deck for Analyst and Press Laszlo Szalvay
 
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...LicensingLive! - SafeNet
 
Oracle Enterprise Manager
Oracle Enterprise ManagerOracle Enterprise Manager
Oracle Enterprise ManagerBob Rhubart
 
Avner algom feb 7 2012
Avner algom feb 7 2012Avner algom feb 7 2012
Avner algom feb 7 2012Avner Algom
 
Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Cisco Public Relations
 
Managing Security and Delivering Performance in the Cloud
Managing Security and Delivering Performance in the Cloud Managing Security and Delivering Performance in the Cloud
Managing Security and Delivering Performance in the Cloud Software Park Thailand
 
Palestra "Technology Trends To Watch In 2012 and beyond"
Palestra "Technology Trends To Watch In 2012 and beyond"Palestra "Technology Trends To Watch In 2012 and beyond"
Palestra "Technology Trends To Watch In 2012 and beyond"Dígitro Tecnologia
 
MySQL HA Solutions
MySQL HA SolutionsMySQL HA Solutions
MySQL HA SolutionsMat Keep
 
A Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-CloudA Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-CloudGovCloud Network
 
Cisco tec de beer, andersen, o'sullivan - video & collaboration
Cisco tec de beer, andersen, o'sullivan - video & collaborationCisco tec de beer, andersen, o'sullivan - video & collaboration
Cisco tec de beer, andersen, o'sullivan - video & collaborationCisco Public Relations
 
Summit 2011 trends in information security
Summit 2011 trends in information securitySummit 2011 trends in information security
Summit 2011 trends in information securityShahar Geiger Maor
 
Cloud Clf 2011 12 Big Things To Know Idc Analysts 2011
Cloud Clf 2011 12 Big Things To Know Idc Analysts 2011Cloud Clf 2011 12 Big Things To Know Idc Analysts 2011
Cloud Clf 2011 12 Big Things To Know Idc Analysts 2011Job Voorhoeve
 
Cisco pat adamiak navigating with a world of many clouds
Cisco pat adamiak navigating with a world of many cloudsCisco pat adamiak navigating with a world of many clouds
Cisco pat adamiak navigating with a world of many cloudsKhazret Sapenov
 
Cloud Deployment Models
Cloud Deployment ModelsCloud Deployment Models
Cloud Deployment ModelsStanton Jones
 
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 PredictionsFlexera
 
Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)GovCloud Network
 
Turbocharge Your Business with a High Performance Cloud
Turbocharge Your Business with a High Performance CloudTurbocharge Your Business with a High Performance Cloud
Turbocharge Your Business with a High Performance Cloudarudger
 
Ibm test & development cloud + rational service delivery services platform
Ibm test & development cloud + rational service delivery services platformIbm test & development cloud + rational service delivery services platform
Ibm test & development cloud + rational service delivery services platformBabak Hosseinzadeh
 

Similaire à Cloud Security Risks and Awareness (20)

Avner Algom IGT Opening HP Seminar
Avner Algom IGT Opening HP SeminarAvner Algom IGT Opening HP Seminar
Avner Algom IGT Opening HP Seminar
 
Avner algom igt cloud igtdld event
Avner algom igt cloud igtdld eventAvner algom igt cloud igtdld event
Avner algom igt cloud igtdld event
 
Agile 2012 Conference briefing deck for Analyst and Press
Agile 2012 Conference briefing deck for Analyst and Press Agile 2012 Conference briefing deck for Analyst and Press
Agile 2012 Conference briefing deck for Analyst and Press
 
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
 
Oracle Enterprise Manager
Oracle Enterprise ManagerOracle Enterprise Manager
Oracle Enterprise Manager
 
Avner algom feb 7 2012
Avner algom feb 7 2012Avner algom feb 7 2012
Avner algom feb 7 2012
 
Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012Tech editors conf tucker yen-jacoby revised final for may 24 2012
Tech editors conf tucker yen-jacoby revised final for may 24 2012
 
Managing Security and Delivering Performance in the Cloud
Managing Security and Delivering Performance in the Cloud Managing Security and Delivering Performance in the Cloud
Managing Security and Delivering Performance in the Cloud
 
Palestra "Technology Trends To Watch In 2012 and beyond"
Palestra "Technology Trends To Watch In 2012 and beyond"Palestra "Technology Trends To Watch In 2012 and beyond"
Palestra "Technology Trends To Watch In 2012 and beyond"
 
MySQL HA Solutions
MySQL HA SolutionsMySQL HA Solutions
MySQL HA Solutions
 
A Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-CloudA Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-Cloud
 
Cisco tec de beer, andersen, o'sullivan - video & collaboration
Cisco tec de beer, andersen, o'sullivan - video & collaborationCisco tec de beer, andersen, o'sullivan - video & collaboration
Cisco tec de beer, andersen, o'sullivan - video & collaboration
 
Summit 2011 trends in information security
Summit 2011 trends in information securitySummit 2011 trends in information security
Summit 2011 trends in information security
 
Cloud Clf 2011 12 Big Things To Know Idc Analysts 2011
Cloud Clf 2011 12 Big Things To Know Idc Analysts 2011Cloud Clf 2011 12 Big Things To Know Idc Analysts 2011
Cloud Clf 2011 12 Big Things To Know Idc Analysts 2011
 
Cisco pat adamiak navigating with a world of many clouds
Cisco pat adamiak navigating with a world of many cloudsCisco pat adamiak navigating with a world of many clouds
Cisco pat adamiak navigating with a world of many clouds
 
Cloud Deployment Models
Cloud Deployment ModelsCloud Deployment Models
Cloud Deployment Models
 
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
 
Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)
 
Turbocharge Your Business with a High Performance Cloud
Turbocharge Your Business with a High Performance CloudTurbocharge Your Business with a High Performance Cloud
Turbocharge Your Business with a High Performance Cloud
 
Ibm test & development cloud + rational service delivery services platform
Ibm test & development cloud + rational service delivery services platformIbm test & development cloud + rational service delivery services platform
Ibm test & development cloud + rational service delivery services platform
 

Plus de Shahar Geiger Maor

Cyber economics v2 -Measuring the true cost of Cybercrime
Cyber economics v2 -Measuring the true cost of CybercrimeCyber economics v2 -Measuring the true cost of Cybercrime
Cyber economics v2 -Measuring the true cost of CybercrimeShahar Geiger Maor
 
Networking stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maorNetworking stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maorShahar Geiger Maor
 
Information security stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maorInformation security stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maorShahar Geiger Maor
 
Endpoints stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maorEndpoints stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maorShahar Geiger Maor
 
Risk, regulation and data protection
Risk, regulation and data protectionRisk, regulation and data protection
Risk, regulation and data protectionShahar Geiger Maor
 
STKI Mobile brainstorming -MDM Panel
STKI Mobile brainstorming -MDM PanelSTKI Mobile brainstorming -MDM Panel
STKI Mobile brainstorming -MDM PanelShahar Geiger Maor
 
Summit 2011 trends in infrastructure services
Summit 2011 trends in infrastructure servicesSummit 2011 trends in infrastructure services
Summit 2011 trends in infrastructure servicesShahar Geiger Maor
 
כנס אבטחת מידע מוטו תקשורת V2
כנס אבטחת מידע מוטו תקשורת V2כנס אבטחת מידע מוטו תקשורת V2
כנס אבטחת מידע מוטו תקשורת V2Shahar Geiger Maor
 
Stki Summit 2010 Infra Services V8
Stki Summit 2010 Infra Services V8Stki Summit 2010 Infra Services V8
Stki Summit 2010 Infra Services V8Shahar Geiger Maor
 
Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010Shahar Geiger Maor
 
Info Sec C T O Forum Nov 2009 V1
Info Sec C T O Forum Nov 2009 V1Info Sec C T O Forum Nov 2009 V1
Info Sec C T O Forum Nov 2009 V1Shahar Geiger Maor
 

Plus de Shahar Geiger Maor (20)

Cyber economics v2 -Measuring the true cost of Cybercrime
Cyber economics v2 -Measuring the true cost of CybercrimeCyber economics v2 -Measuring the true cost of Cybercrime
Cyber economics v2 -Measuring the true cost of Cybercrime
 
From creeper to stuxnet
From creeper to stuxnetFrom creeper to stuxnet
From creeper to stuxnet
 
Mobile payment v3
Mobile payment v3Mobile payment v3
Mobile payment v3
 
Networking stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maorNetworking stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maor
 
Information security stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maorInformation security stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maor
 
Endpoints stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maorEndpoints stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maor
 
Risk, regulation and data protection
Risk, regulation and data protectionRisk, regulation and data protection
Risk, regulation and data protection
 
STKI Mobile brainstorming -MDM Panel
STKI Mobile brainstorming -MDM PanelSTKI Mobile brainstorming -MDM Panel
STKI Mobile brainstorming -MDM Panel
 
Social Sec infosec -pptx
Social Sec infosec -pptxSocial Sec infosec -pptx
Social Sec infosec -pptx
 
Summit 2011 trends in infrastructure services
Summit 2011 trends in infrastructure servicesSummit 2011 trends in infrastructure services
Summit 2011 trends in infrastructure services
 
DLP Trends -Dec 2010
DLP Trends -Dec 2010DLP Trends -Dec 2010
DLP Trends -Dec 2010
 
כנס אבטחת מידע מוטו תקשורת V2
כנס אבטחת מידע מוטו תקשורת V2כנס אבטחת מידע מוטו תקשורת V2
כנס אבטחת מידע מוטו תקשורת V2
 
Cloud security v2
Cloud security v2Cloud security v2
Cloud security v2
 
PCI Challenges
PCI ChallengesPCI Challenges
PCI Challenges
 
Stki Summit 2010 Infra Services V8
Stki Summit 2010 Infra Services V8Stki Summit 2010 Infra Services V8
Stki Summit 2010 Infra Services V8
 
Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010
 
Info Sec C T O Forum Nov 2009 V1
Info Sec C T O Forum Nov 2009 V1Info Sec C T O Forum Nov 2009 V1
Info Sec C T O Forum Nov 2009 V1
 
Security Summit July 2009
Security Summit July 2009Security Summit July 2009
Security Summit July 2009
 
Green Security
Green SecurityGreen Security
Green Security
 
IPv6
IPv6IPv6
IPv6
 

Dernier

DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 

Cloud Security Risks and Awareness

  • 1. Cloud Security: Risks and Awareness Shahar Geiger Maor, Senior Analyst www.shaharmaor.blogspot.com http://www.facebook.com/shahar.maor http://twitter.com/shaharmaor
  • 2. We Should Know, by now, What Cloud Means http://www.opengroup.org/jericho/cloud_cube_model_v1.0.pdf Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 2
  • 3. Game Changer #7 Hybrid Clouds Private Clouds Public Clouds – BPaaS – PaaS – SaaS – IaaS Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 3
  • 4. 4 types: Enterprise Clouds http://www.readwriteweb.com/cloud/201 1/04/the-cloud-stratosphere-infogra.php source or attribution from any graphic or portion of graphic Shahar Maor’s work Copyright 2011 @STKI Do not remove 4
  • 5. Cloudy IT: the hybrid world ISPs will become strategic Developers are now doing most of their By 2014 : development work for public cloud versions. 80% of Israeli companies But will have private cloud versions 2015 Will run hybrid clouds Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 5
  • 6. How does a private “cloud” looks Like ? Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 6
  • 7. Enterprise Benefits from Cloud Computing Capability From To Server/Storage 10-20% 70-90% Utilization Cloud accelerates business value Self service None Unlimited across a wide Test variety of Weeks Minutes Provisioning domains. Change Months Days/Hours Management Release Weeks Minutes Management Time to market bad Better Fixed cost Metering/Billing Granular model Focus on the Not really Much better Core Legacy environments Cloud enabled enterprise Shahar Maor’s work Copyright 2011 @STKI Do IBM STKI modifications from any graphic or portion of graphic Source: not remove source or attribution 7
  • 8. Technologies Categorization 20102011 Cyber Warfare Market Curiosity Mobile “Social” Sec Security IT Project Major DLP Changes IRM Cloud Size of figure = Application Security complexity/ Security cost of project Endpoint Security Security Management Network Security Using Implementing Looking Market Maturity Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic Source: STKI 8
  • 9. Cloud Security Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic http://securosis.com/research 9
  • 10. Top Threats To Cloud Computing Abuse and Nefarious Use of Cloud Computing Unknown Risk Malicious Profile Insiders Shared Account or Technology Service Hijacking Issues Insecure Data Loss or Interfaces and Leakage APIs http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 10
  • 11. Cloud Provider Vs. Organization Governance Compliance Trust Identity and Access Software Architecture Isolation Management Incident Data Protection Availability Response Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf 11
  • 12. Division of Liabilities in the Cloud http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-information-assurance- Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic framework/ 12
  • 13. How to Secure the Cloud? –Provider’s Side Technologies believed to be most important in securing the cloud computing environment Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 13
  • 14. Cloud Services Concerns –Client’s Side Security (especially access issues) is still considered a top concern Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic Source: InformationWeek, State of Cloud, Jan 2011 14
  • 15. Cloud Services Concerns –Client’s Side “We won’t be involving our security team in this project until the last possible moment, because the answer will be ‘no.’” -VP at one of the largest retailers in the world Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic Source: InformationWeek, State of Cloud, Jan 2011 15
  • 16. Lack of Confidence in IT? Who is responsible for ensuring a secure cloud computing environment? Isn't cloud security an IT responsibility??? -So why is it 3rd? Don’t let it scatter Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 16
  • 17. Regulations, Standards and Certifications Regulations????? Looking for regulations? …Please wait for the next -Nothing (so far…) disaster Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 17
  • 18. Regulations, Standards and Certifications • Standards: – AICPA: SAS 70: • there is no published list of SAS 70 standards (Recommendation: ask to review your cloud provider’s SAS 70 type Ⅰ/Ⅱ report!!!) • Certifications: – NIST (National Institute of Standards and Technology) • Recommended Security Controls for Federal Information Systems and Organizations* === > FISMA (Federal Information Security Management Act) ATO (Authorization to Operate). – CSA: • CCSK –Certified Cloud Security Knowledge * Not related directly to cloud security Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 18
  • 19. Regulations, Standards and Certifications • Guidelines: – CSA (Cloud Security Alliance): • CCM -Cloud Controls Matrix – NIST (National Institute of Standards and Technology): • DRAFT Guidelines on Security and Privacy in Public Cloud Computing – ENISA (European Network and Information Security Agency): • Cloud Security Information Assurance Framework Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 19
  • 20. Addressing Cloud Issues in the Israeli Government ‫0102/01 מתוך נייר עמדה בנושא: עקרונות להגנת הפרטיות במידע אישי במיקור חוץ בישראל‬ http://www.justice.gov.il/NR/rdonlyres/1FB266DE-95A0-4C31-939B-3796DCB0C232/23065/positionmikurhuz.pdf ? Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 20
  • 21. In Short Security is an …”We put The cloud is EASY our money in No rush! here to stay showstopper the cloud” Find yourself Look for a solid standards partner Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 21
  • 22. Thank you! Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 22