cloud computing security
DESCRIPTION
http://www.zinatullin.comTRANSCRIPT
Leron Zinatullin
Cloud Computing Security
www.zinatullin.com
Summary
• Overview• Benefits• Concerns• Threats• Vulnerabilities• Countermeasures• Conclusion
Typical Network Security Threats
“I don’t understand what we would do differently in the light of cloud computing other than change the wording of some of our ads. ” Larry Ellison, CEO, Oracle
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.Mell, Peter, and Timothy Grance. "The NIST definition of cloud computing." NIST special publication 800 (2011): 145.
Cloud Definition Framework
Benefits of Cloud Computing
• Minimized capital expenditure• Location and device independence• Utilization and efficiency
improvement• Very high scalability• High computing power
Concerns in using Cloud Computing
Aspects of Cloud Computing Security
Pronemon Institute – April 2011 – Survey of 127 US and EU cloud service providers
Threats-Vulnerabilities-Countermeasures
Threats
• Data Breaches• Data Loss • Account or Service Traffic Hijacking• Insecure APIs• Denial of Service (DoS)• Malicious insiders • Abuse of Nefarious Use • Insufficient due diligence • Shared Technology Vulnerabilities
Vulnerabilities
• Session Riding and Hijacking • Reliability and Availability of Service • Insecure Cryptography • Data Protection and Portability • Virtual Machine Escape • Vendor Lock-in • Internet Dependency
Countermeasures
• Policies and procedures• Software configurations• Encryption• Separation of duties • Identity management • Good Service Level Agreement
Pros and Cons
NIST Guidelines on Security and Privacy in Public Cloud Computing
Summary
• Overview• Benefits• Concerns• Threats• Vulnerabilities• Countermeasures• Conclusion
Thank you!
Questions?