Beruflich Dokumente
Kultur Dokumente
Protegiendo nuestros
Datos
Mauro Flores
mauflores@deloitte.com
@mauro_fcib
@DeloitteUySeg
OWASP Top 10 Risks
R10 - Non
Production
R4 - Business Environment
Continuity and Exposure
R1 - Accountability Resiliency
R7 - Multi Tenancy
and Data and Physical
Ownership Security
R5 - User Privacy
and Secondary
R2 - User Identity Usage of Data
R8 - Incidence
Federation Analysis and
Forensic Support
R6 - Service and
Data Integration
R3 Regulatory
R9 - Infrastructure
Compliance
Security
https://www.owasp.org/index.php/Category:OWASP_Cloud__10_Project
Imposible!! El proveedor
nunca lo va a haceradems,
para que le sirve?
http://www2.itif.org/2013-cloud-computing-costs.pdf
https://spideroak.com/privacypost/online-privacy/will-prism-destroy-the-u-s-cloud/
5 2015 Deloitte S.C. Todos los derechos reservados
R1/R5 Data Ownership, Privacy and Secondary Usage
https://cloudsecurityalliance.org/download/cloud-adoption-practices-priorities-survey-report/
6 2015 Deloitte S.C. Todos los derechos reservados
R1/R5 Data Ownership, Privacy and Secondary Usage
La nube despus de PRISM
SSLv3
SSLv3
Java: SecureString()
https://github.com/c-a-
m/passfault/blob/master/core/src/main/java/org/owasp/passfault/SecureString.java
.Net: SecureString()
http://msdn.microsoft.com/en-us/library/system.security.securestring%28v=vs.110%29.aspx