Cloud security Issues

1. Security Issues in
Cloud Computing

2. Contents :
• What is Cloud Computing?
• Is it Really Secure?
• Cases in Cloud Computing
• Security Measures

3. What is Cloud Computing..
• A network of remote servers hosted on the internet to store, manage,
and process data, rather than a local server or a personal computer.

4. • It is divided it into two sections:
The front end and the back end. They connect to each other
through a network, usually the Internet.
The front end is the side the computer user, or client, sees.
The back end is the "cloud" section of the system.
• The front end includes the client's computer and the
application required to access the cloud computing system.
• On the back end of the system are the various computers,
servers and data storage systems that create the "cloud" of
computing services.

5. • It is a Web-based service which hosts all the programs the
user would need for a job.
• Potentially, everything from generic word processing software
to customized computer programs designed for a specific
company could work on a cloud computing system..
• It's called cloud computing.

6. Cloud Oriented ArchitectureCloud Oriented Architecture
Virtual
Data Center
IaaS/PaaS
Physical
Data Center
Mobile
Web Applications

7. ARPANET TCPIP WWW HTML
.COM
SOCIAL
NETWORKS
INTERNET OF
THINGS
100M100M 250M250M
500M500M
25B25B
50B50B
Internet ConnectedInternet Connected
DevicesDevices
12B12B
The Internet of Things is HereThe Internet of Things is Here
In 2012In 2012 2.4 Billion2.4 Billion peoplepeople
connected to the Internetconnected to the Internet

8. Why care about securityWhy care about security
at scale?at scale?
• Perimeter isPerimeter is
changing dramaticallychanging dramatically

9. • Attacks areAttacks are
• non-stopnon-stop
Virtual
Data Center
Physical
Data Center
Mobile
Web Applications
IaaS/PaaS

10. Is It Really Secure ?
• No matter how careful you are with your personal data, by
subscribing to the cloud you will be giving up some control to an
external source. It may also create more space for a third party to
access your information.
• There is a lot of personal information and potentially secure data
that people store on their computers, and this information is now
being transferred to the cloud.
• Cloud computing offers many benefits, but is vulnerable to
threats, and it is equally important to take personal precautions to
secure your data

11. • The cloud is enabling
cybercriminals to conduct highly
automated online banking theft
•Like most online consumer bank fraud,
the attacks started off with a phishing
e-mail and urging the recipient to click a
link to change the account password.
•Once the link is clicked, a Trojan was
downloaded onto the victim's computer,
in early versions of the attacks. In later
versions the malware is operating from a
server.

12. • The server is the brains that does all the transactions in the
bank account
• The criminals don't have to change anything on the end user
side. They can make modifications on the server side. They
still have malware on the user's machine.

13. How many attacks?How many attacks?
• Honestly too manyHonestly too many
to countto count

14. How do breaches happen?How do breaches happen?
•8888%% of all hacking attacksof all hacking attacks
• use remote access from the internetuse remote access from the internet

15. How do breaches happen?How do breaches happen?
(In 2013)(In 2013)
•utilized some formutilized some form
of hackingof hacking8181%%
6969%%
1010%%
77%%
55%%
resulted fromresulted from
privilege misuseprivilege misuse
IncorporatedIncorporated
malwaremalware
Involved physicalInvolved physical
attacksattacks
employed socialemployed social
tacticstactics
+31+31%%
-19-19%%
+20+20%%
-4-4%%
-12-12%%
Source: Verizon data breach report 2012

16. Web application securityWeb application security
is a challengeis a challenge
They areThey are
CustomCustom

17. Web applications are theWeb applications are the
underbelly of the internetunderbelly of the internet
They areThey are
Everywhere!Everywhere!

18. Continuous Security: Case StudyContinuous Security: Case Study
US Department of StateUS Department of State
400 worldwide embassies400 worldwide embassies
Grades based on formulaGrades based on formula
Scan every 3 daysScan every 3 days
85% hosts fixed in 6 days85% hosts fixed in 6 days

20. New Security ArchitectureNew Security Architecture
is neededis needed
•Legacy EnterpriseLegacy Enterprise
Point SolutionsPoint Solutions
Do Not ScaleDo Not Scale

21. Is it enough to scan and pentestIs it enough to scan and pentest
once a quarter?once a quarter?
Security NeedsSecurity Needs
to beto be ContinuousContinuous

22. • More thanMore than
• 8080%% of all breachesof all breaches
• are from known vulnerabilitiesare from known vulnerabilities
Continuous Cloud SecurityContinuous Cloud Security
You CAN protect yourselfYou CAN protect yourself

23. Security Measures
• Are their security standards appropriate?
• Is your data encrypted when being uploaded to or
downloaded from the cloud?
• Understand how access is shared with your cloud folder
• Pick a good password.
• Back up your data

24. COA platform deploymentCOA platform deployment
COA can be a private cloudCOA can be a private cloud

25. Are you ready to protectAre you ready to protect
against this onslaught?against this onslaught?

26. THANK YOU!!!