Sie sind auf Seite 1von 14

The current state of the art in cloud

security
WEI WANG & MUHAMMAD NADEEM

Agenda

What is cloud computing?


What is cloud security?
Security As a Service
Security Challenges

What is cloud computing?


The US National Institute of Standards and
Technology (NIST, http://csrc.nist.gov) defines it as
follows:
On-demand self-service
Broad network access
Resource pooling
Rapid elasticity or expansion
Measured service

What is cloud computing?

What is cloud security?

Cloud
Computing
Security

Security of
cloud
computing

Provide security
as a service

Secured
Cloud

What is cloud security?

Saa
S
PasS
IaaS

Salesforce
NetSuite

Google App Engine


Microsoft Azure
Heroku
Amazons EC2
Rackspace
Nimbus

What is cloud security?

SaaS
Data Security
App Security
Identity Authentication
PasS
Data and Computing Availability
Data Security
Disaster Recovery

What is cloud security?

IaaS
Data center construction
Physical Security
Network Security
Transmission Security
System Security

Concerns when Implementing Security As a Service

Physical and personnel security

Lack of visibility into security controls


Fragility of the relationship

Data leakage between virtual instances

Advantages of Implementing Security As a Service

Competitive Advantages

Understanding the risk proposition of a given IT strategy


Able to stem the inclusion of undesirable content

Improved Vendor Client Relationship

Transparency
Migration services

Diversity of Existing Security as a Service Offerings

Identity Services and Access Management Services


Data Loss Prevention (DLP)
Web Security
Email Security
Security Assessments
Intrusion Management, Detection, and Prevention
(IDS/IPS)
Security Information and Event Management (SIEM)
Encryption
Business Continuity and Disaster Recovery
Network Security

Threats

Threat #1: Abuse and Nefarious Use of Cloud


Computing
Threat #2: Insecure Interfaces and APIs
Threat #3: Malicious Insiders
Threat #4: Shared Technology Issues
Threat #5: Data Loss or Leakage
Threat #6: Account or Service Hijacking
Threat #7: Unknown Risk Profile

Security Challenges in the Cloud

Establishing trust in the remote execution


Protecting the execution of one cloud instance from
other instances on the same base system or
infrastructure.
Protecting the execution of a cloud instance from
external adversaries.

Next steps: Improvements

Customers will need verifiably security-critical


processing to the cloud.
Cloud vendors will have to reconsider cloud services
design.
We see a benefit to having the base system perform
enforcement on its cloud instances behalf.