Cloud security and adoption

Cloud Security Issues andCloud Security Issues andCloud Security Issues andCloud Security Issues and
Adoption Guideline for ThaiAdoption Guideline for ThaiAdoption Guideline for ThaiAdoption Guideline for Thai
Government AgenciesGovernment AgenciesGovernment AgenciesGovernment Agencies
July 26, 2016
Dr. Sudsanguan Ngamsuriyaroj
Faculty of ICT, Mahidol University

About Me
Assistant Professor
Faculty of ICT, Mahidol University
Teaching
Parallel computing, Cloud computing
Security
Computer Ethics
Research
Security (network, cloud, database)
Parallel computing
Healthcare applications
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY 2
sudsanguan.nga@mahidol.ac.th

Agenda
Cloud Adoption
General Security Concepts
Cloud Security Model
Cloud Security Issues
3SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

Cloud Adoption
from Data Center to Cloud
4
http://www.stratoscale.com/blog/cloud/the-journey-from-virtualization-to-cloud-computing/
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY

Cloud Adoption – Why?

Cloud Adoption – Why?
Cost Reduction
6
http://www.opengroup.org/cloud/whitepapers/ccroi/roi.htm

Are you ready for Cloud?
Which applications will be moved to cloud
Readiness of existing infrastructure
Development of IT personnel (infrastructure and
developers)
How to migrate to cloud
◦ Which cloud model/platform (public, private, hybrid) to use
Budget / ROI
Application users
Schedule to deliver products/services

Categories of Applications
1. Public applications: for everyone: web sites
2. External based applications: for customers/ partners
3. Internal based applications: for staff only - emails
4. Private applications: for administration: ERP, HR
8
Which applications will be
moved to Cloud

Network infrastructure
System infrastructure
Application platforms
BCP – Business Continuity Plan
Infrastructure Maintenance
Audit process
9
Readiness of Existing Infrastructure

Physical / Logical network diagram (latest update?)
All existing equipment and their capacity
Report of network usage
◦ Bandwidth enough?
◦ Any usage abuse?
What links needed to be updated
10
Readiness of Existing Infrastructure:
Network Ready?

List of all servers and the applications running
List of all servers no longer used
How long a server will be used
Is there any maintenance?
What workload running and how much the
utilization is?
If there is a new server, a plan to use VM ?
11
Readiness of Existing Infrastructure:
System Ready?

Workload Forecasted
12
http://www.americanis.net/2013/shift-your-risk-in-the-cloud/

Workload Analysis

What would be Barriers?
Data security and privacy
People with effective skills
Different cloud service providers and platforms
Vendor lock-in
Cloud providers’ reliability and availability
Risks
14
http://www.slideshare.net/ISS-NUS/security-in-smart-city-implementation-
infrastructure-and-people

General Security Concept
15
http://www.slideshare.net/dr_edw777/chapter-1-overview-11741038

NIST Reference Architecture
16
Source: NIST Special Publication 500-292, NIST Cloud Computing Reference Architecture

Cloud Security Model
17
http://www.softwaretestpro.com/ItemAssets/5590/Fig4.jpg

1. Data breaches/ leaks
2. Data loss
3. Account or service traffic hijacking
4. Insecure interfaces and APIs
5. Denial of services
6. Malicious Insiders
7. Cloud abuse
8. Insufficient due diligence
9. Shared technology vulnerabilities
CSA Notorious 9CSA Notorious 9CSA Notorious 9CSA Notorious 9
Cloud Top Threats in 2013
18
https://downloads.cloudsecurityalliance.org/initiatives/top_
threats/The_Notorious_Nine_Cloud_Computing_Top_Threa
ts_in_2013.pdf

CSA TreacherousCSA TreacherousCSA TreacherousCSA Treacherous 12121212
Cloud Top Threats in 2016
1. Data Breaches
2. Weak Identity,
Credential and Access
Management
3. Insecure APIs
4. System and Application
Vulnerabilities
5. Account Hijacking
6. Malicious Insiders
19
7. Advanced Persistent
Threats (APTs)
8. Data Loss
9. Insufficient Due Diligence
10.Abuse and Nefarious Use
of Cloud Services
11.Denial of Service
12.Shared Technology Issues
https://cloudsecurityalliance.org/download/the-treacherous-twelve-cloud-
computing-top-threats-in-2016/

Data Breaches
World's Biggest Data Breaches
Selected losses greater than 30,000 records (updated 11th July 2016)
20
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Data Loss
21
http://www.theregister.co.uk
/2016/05/13/salesforcecom_
crash_caused_data_loss/
http://www.computerworld.com/a
rticle/2973600/cloud-
computing/google-cloud-loses-
data-belgium-itbwcw.html

Data Security on Cloud
How to protect your data from being observed?
Data Encryption
what about KEY? and Key Management?
encryption algorithm?
How about “homomorphic encryption”?
Data Masking for Sensitive data like bank accounts
maintain a mapping between real and
masked data

Data Life Cycle
23
https://securosis.com/tag/data+security+lifecycle

Cloud Threats and Vulnerabilities
24
Adopted from “Realizing the Benefits of Vulnerability Management in the Cloud” by Gordon MacKay, CTO, Digital
Defense, Inc.

25
https://www.eitdigital.eu/fileadmin/files/docs/documents_helsinki/TheoDimitrakos-
EIT_ICT_Labs_Symposium_on_Trusted_Cloud_and_Future_Enterprises-email-no-demo.pdf

26

27

28

Q&A
Thank you
SIPA TECHNOLOGY MEETUP 2016 - HIGH PERFORMANCE COMPUTING TRENDS AND TECHNOLOGY 29

Cloud security and adoption

More Related Content

What's hot (20)

Viewers also liked (6)

Similar to Cloud security and adoption (20)

Recently uploaded (20)

Cloud security and adoption