NETE4631 Cloud Privacy and Security - PowerPoint PPT Presentation

1 / 30
About This Presentation
Title:

NETE4631 Cloud Privacy and Security

Description:

NETE4631 Cloud Privacy and Security Lecture Notes #9 * * Although cloud can reduce up-front cost and operational cost + using resource when needed, its unique ... – PowerPoint PPT presentation

Number of Views:421
Avg rating:3.0/5.0
Slides: 31
Provided by: SuthepVich91
Category:

less

Transcript and Presenter's Notes

Title: NETE4631 Cloud Privacy and Security


1
NETE4631Cloud Privacy and Security
  • Lecture Notes 9

2
Managing the Cloud - Recap
3
Capacity Planning Recap (2)
  • Steps for capacity planner
  • Examine what systems are in place
  • Measuring their workload
  • Resources - CPU, RAM, disk, and network
  • Load testing and identifying resource ceiling
  • Determining usage pattern predict future demand
  • Add or tear down resources to meet demand
    Scenario
  • Scale vertically (scale up)
  • Scale horizontally (scale out)

4
Lecture Outline
  • Statistical challenges in the cloud
  • Security implications
  • Security and privacy challenges
  • Security mapping
  • Security responsibilities
  • Security service boundary
  • Approaches
  • Securing data
  • Identity management
  • Standard compliance

5
Characteristics of Cloud (NIST)
6
Statistical Challenges in the Cloud
7
Security Implications
  • Outsourcing Data and Applications
  • Extensibility and Shared Responsibility
  • Service-Level Agreements (SLAs)
  • Virtualization and Hypervisors
  • Heterogeneity
  • Compliance and Regulations

8
Security Privacy Challenges
  • Authentication and Identity Management
  • Access Control and Accounting
  • Trust Management and Policy Integration
  • Secure-Service Management
  • Privacy and Data Protection
  • Organizational Security Management

9
Security Mapping
  • Determine which resources you are planning to
    move to the cloud
  • Determine the sensitivity of the resources to
    risk
  • Determine the risk associated with the particular
    cloud deployment type (public, private, or hybrid
    models) of a resource
  • Take into account the particular cloud service
    model that you will be using
  • If you have selected a particular cloud provider,
    you need to evaluate its system to understand how
    data is transferred, where it is stored, and how
    to move data both in and out of the cloud

10
The AWS Security Center
11
Security Responsibilities
  • Cloud Deployment Models (NIST)
  • Public clouds
  • Private clouds
  • Hybrid clouds

12
Security Service Boundary
By Cloud Security Alliance (CSA)
13
Approaches
  • Techniques for securing applications, data,
    management, network, and physical hardware
  • Data-Centric Security and Privacy
  • Identity Management
  • Comply to compliance standards

14
Techniques for securing resources
  • Picture from Alexandra Institute

15
Securing Data
  • Access control
  • Authentication
  • Authorization
  • Encryption

16
Brokered Cloud Storage Access
17
Establishing Identities
  • What is the identity?
  • Things you are
  • Things you know
  • Things you have
  • Things you relate to
  • They can be used to
  • authenticate client requests for services
  • Control access to data in the cloud
  • Preventing unauthorized used
  • Maintain user roles

18
Steps for establishing identities for cloud
computing
  • Establish an identity
  • Identity be authenticated
  • Authentication can be portable
  • Authentication provide access to resources

19
Defining Identity as a Service (IDaaS)
  • Store the information that associates with a
    digital entity used in electronic transactions
  • Core functions
  • Data store
  • Query engine
  • Policy engine

20
Core IDaaS applications
21
Authentication Protocol Standards
  • OpenID 2.0 http//openid.net
  • OAuth http//oauth.net

22
Policy Engine (XACML)
23
SAML Single Sign On Request/ Response Mechanism
24
Auditing
  • Auditing is the ability to monitor the events to
    understand performance
  • Proprietary log formats
  • Might not be co-located

25
Auditing (2)
Picture from Alexandra Institute
26
Regulatory Compliance
  • All regulations were written without keeping
    Cloud Computing in mind.
  • Clients are held responsible for compliance under
    the laws that apply to the location where the
    processing or storage takes place.
  • Security laws that requires companies providing
    sensitive personal information have to encrypt
    data transmitted and stored on their systems
    (Massachusetts March, 2012).

27
Regulatory Compliance (2)
  • You have to ensure the followings
  • Contracts reviewed by your legal staff
  • The right to audit in your SLA
  • Review cloud service providers their security and
    regulatory compliance
  • Understand the scope of the regulations that
    apply to your cloud-based applications
  • Consider what steps to take to comply with the
    demand of regulations that apply and/ or
    adjusting your procedures to this matter
  • Collect and maintain the evidence of your
    compliance with regulations

28
Defining Compliance as a Service (CaaS)
  • CaaS needs to
  • Serve as a trusted party
  • Be able to manage cloud relationships
  • Be able to understand security policies and
    procedures
  • Be able to know how to handle information and
    administer policy
  • Be aware of geographic location
  • Provide an incidence response, archive, and allow
    for the system to be queried, all to a level that
    can be captured in a SLA

29
Defining Compliance as a Service (CaaS) (2)
  • Examples of clouds that advertise CaaS
    capabilities include the following
  • Athenahealth for the medical industry
  • Bankserv for the banking industry
  • ClearPoint PCI for mechant transactions
  • FedCloud for goverment

30
References
  • Chapter 4, 12 of Course Book Cloud Computing
    Bible, 2011, Wiley Publishing Inc.
  • Research paper - Security and Privacy Challenges
    in Cloud Computing Environments, Hassan Takabi
    and James B.D. Joshi, University of Pittsburgh
Write a Comment
User Comments (0)
About PowerShow.com