Leron Zinatullin

Cloud Computing Security

www.zinatullin.com

Summary

• Overview• Benefits• Concerns• Threats• Vulnerabilities• Countermeasures• Conclusion

Typical Network Security Threats

“I don’t understand what we would do differently in the light of cloud computing other than change the wording of some of our ads. ” Larry Ellison, CEO, Oracle

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.Mell, Peter, and Timothy Grance. "The NIST definition of cloud computing." NIST special publication 800 (2011): 145.

Cloud Definition Framework

Benefits of Cloud Computing

• Minimized capital expenditure• Location and device independence• Utilization and efficiency

improvement• Very high scalability• High computing power

Concerns in using Cloud Computing

Aspects of Cloud Computing Security

Pronemon Institute – April 2011 – Survey of 127 US and EU cloud service providers

Threats-Vulnerabilities-Countermeasures

Threats

• Data Breaches• Data Loss • Account or Service Traffic Hijacking• Insecure APIs• Denial of Service (DoS)• Malicious insiders • Abuse of Nefarious Use • Insufficient due diligence • Shared Technology Vulnerabilities

Vulnerabilities

• Session Riding and Hijacking • Reliability and Availability of Service • Insecure Cryptography • Data Protection and Portability • Virtual Machine Escape • Vendor Lock-in • Internet Dependency

Countermeasures

• Policies and procedures• Software configurations• Encryption• Separation of duties • Identity management • Good Service Level Agreement

Pros and Cons

NIST Guidelines on Security and Privacy in Public Cloud Computing

Summary

• Overview• Benefits• Concerns• Threats• Vulnerabilities• Countermeasures• Conclusion

Thank you!

Questions?