cloud security discussion isaca, jacksonville security discussion isaca, jacksonville chapter ......
Post on 28-Apr-2018
215 views
Embed Size (px)
TRANSCRIPT
Cloud Security Discussion ISACA, Jacksonville Chapter
October 2017 Meeting
Craig GalleyInformation Security OfficerSANS Mentor
Intro and Bio
Jacksonville Resident 34 years
16 years involvement in Information Security
Information Security Officer for the City of Jacksonville
SANS Instructor
Former Biker, now full time Dance Dad
Searching for my next hobby (fishing?, crochet?, gardening?)
Why Cloud Services?
Lower Total Cost of Ownership
Reduce head count
Performance gains and higher Return on Investment
High Availability / Disaster Recovery
Transfer Risk
Security
Security?
Lost laptops are a billion dollar business problem. And potentially greater than the loss of an expensive piece of kit is the loss of the sensitive data inside it. Cloud computing gives you greater security when this happens. Because your data is stored in the cloud, you can access it no matter what happens to your machine. And you can even remotely wipe data from lost laptops so it doesnt get into the wrong hands.
ref - https://www.salesforce.com/uk/blog/2015/11/why-move-to-the-cloud-10-benefits-of-cloud-computing.html
http://www.salesforce.com/uk/blog/2015/11/why-move-to-the-cloud-10-benefits-of-cloud-computing.html
Cloud Service Provider (CSP)
Cloud Customer
Cloud Access Security Broker (CASB)
Public, Private, Community, and Hybrid
IaaS
PaaS
SaaS
Cloud Security Responsibility?
Cloud Customer!!!
Cannot transfer the risk of housing PII data in the Cloud
Ultimately responsible for ensuring that the Business Requirements are met when utilizing services in the Cloud
Security concerns evolve rapidly; the Cloud Customer must understand how this impacts the organization.
Initial Considerations
Reliability of the Cloud Service Provider
Location of Service and Data
Breach reports and history of the Cloud Service Provider
Auditors and Regulation
Resource considerations
Long Term Concerns
Retention Policies
What is the out strategy?
Data Remnants
Compliance
Crypto-shredding
SaaS Security Concerns
Cloud Provider
Platform, Infrastructure, Physical
Cloud Customer
GRC, Data
Shared Responsibilities
Application
PaaS Security Concerns
Cloud Provider
Physical, Infrastructure
Cloud Customer
GRC, Data, Application
Shared Responsibilities
Platform
IaaS Security Concerns
Cloud Provider
Physical
Cloud Customer
GRC, Data, Application, Platform
Shared Responsibilities
Infrastructure
Continuous Monitoring
Breach and Incident notifications
Centralized logging
Access to Cloud stored logs
Cloud Application Security
Not all applications are Cloud ready
CSA - The Treacherous 12
Data Breaches
Insufficient Identity, Credential and Access Management
Insecure Interfaces and APIs
System Vulnerabilities
Account Hijacking
Malicious Insiders
ref - https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf
http://www.salesforce.com/uk/blog/2015/11/why-move-to-the-cloud-10-benefits-of-cloud-computing.html
CSA - The Treacherous 12 (cont.)
Advanced Persistent Threats
Data Loss
Insufficient Due Diligence
Abuse and Nefarious Use of Cloud Services
Denial of Service
Shared Technology issues
ref - https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf
http://www.salesforce.com/uk/blog/2015/11/why-move-to-the-cloud-10-benefits-of-cloud-computing.html
At the end of the day.
Cloud Customer is always responsible for GRC and Data
Cloud Services offer many advertised cost benefits
Risk is present in many forms throughout Cloud models
Information Security Professionals must be involved to voice the risk
Senior Managers weigh the cost benefits vs the risk and make the decision based on risk appetite.
InfoSecJax
ISACA, Infragard, ISSA, (ISC)2
Tech Coast Conference
B-Sides Jacksonville
2600 Meetings
Hack@FSCJ
Craig Galleys SANS Schedule
MGT414: SANS Training Program for CISSP Certification
Not a bootcamp!
Next Class starts on January 23rd, 2018 runs through March 6th 2018
7 weeks
Each Tuesday from 6:00pm - 9:00pm
Location: TBD
Questions???
CISSP, CSSLP, GSLC, GSEC, GISP, Security+
galleyc@outlook.com
@bullpwr (Twitter) or LinkedIn
Recommended