Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Cloud Security

No description
by

Faham Usman

on 5 June 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Cloud Security

Information Security
Cloud Security
Awareness Campaign
Agenda
About aeCERT
aeCERT
Salim (aeCERT)
@salim_aecert
For more information
www.aecert.ae
info@aecert.ae
What is Cloud Computing?
Cloud Computing Characteristics
You Use the Cloud With
“Infrastructure” Cloud
(Network,Copmpute,storage,Middleware)
“Service” Cloud
Web Services, Component
“Application” Cloud
SaaS
Cloud Computing as Gartner Sees it
Cloud Services
Fast Growing Trend
Cloud Security
Rise in
Employee
Mobility
Growing Usage
of Cloud Services
for Data Storage
Rise in Cloud
Specific
Attacks
Growing Adaption
in Government
Departments
Increased
Usage
Why is Cloud Security important?
Cloud Security – Private Cloud
Cloud Security – Public Cloud
Syrian Electronic Army
How To Practice Secure Cloud Computing in our Daily Lives?
Never go for weak
passwords
Use Two Step
Verification
Verification
Password
Customize your Security Settings
Conclusion
aeCERT is the United
Arab Emirates
Computer Emergency
Response Team.

One of the initiatives
of the UAE
Telecommunications
Regulatory Authority.

Aims at promoting,
building and ensuring a
safer and secure cyber
environment and
culture in the UAE.

Salim is your Cyber
Security Advisor.

"Cloud Vision"
About aeCERT
What is Cloud Computing?
Cloud Services
Boost Productivity
Conclusion
Recent Incidents
Best Practices
Cloud Security
Cloud Services
Source: Cloud Hypermarket (http://www.cloudhypermarket.com)

Types Of Cloud
Source: Quocirca study for CA Technologies
http://www.computerweekly.com/news/2240203295/Comp
anies-avoid-cloud-due-to-lack-of-security-skills (2013)

Keeping up with Technology and
Taking into Consideration the
Possible Security Risks is Crucial
Recent Incident
On 15th July
Twitter disclosed
that a hacker had
accessed
company data
stored on Google
Apps.

Domain Name System (DNS) Attack
Sources: http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/27/the new-york-times-web-site-was-taken-down-by-dns-hijacking-heres-what-that-means/.
Microsoft Security Intelligence Report volume 15, Jan-June 2013

Distributed Denial of Service
(DDoS) Attack
Botnet
Hacked Computers
Malformed TCP and UDP packets

SYN flood
DNS amplification
14kb x 5
HardCore Charlie
Source: https://www.informationweek.com/security/attacks/vmware-breached-more-hypervisor-source-c/232901025,
http://www.darkreading.com/applications/vmware-confirms-hacker-leaked-source-cod/232900971

Top Security Concerns in the Cloud
01
02
03
04
05
Domain Name System (DNS) attacks

Distributed Denial of Service (DDoS )

You are putting security into the hands of another company.

Your IT people will have less access to certain functions.
New technology means new devices to hack.
Source: Microsoft Security Intelligence Report volume 15, Jan-June 2013

Cloud Security Best Practices
Governance & Compliance

Skills Set

Data Portability

Data Protection

User Authentication

Security Assessment

Applications Security
- Dennis Hurst, Hewlett Packard.

Boost Productivity, Enhance Security: The Cloud
Boost Productivity, Enhance
Security: Virtualization
Source: https://www.informationweek.com/security/attacks/vmware-breached-more-hypervisor-source-c/232901025

Companies are moving to the cloud to reduce costs
and boost productivity.
Cloud security issues are the same as non-cloud
platforms plus new concerns related to the cloud.
Nothing is hack proof. Beware that you can be
hacked and plan for that.
Use best practices while putting your data on cloud.
Use two-factor verification and other access control
techniques to limit access to the data on the cloud.

Boost Productivity:
Cloud Database
Boost Productivity:
Networking in the Cloud
Software Defined Networking (SDN)
Network Function Virtualization (VFN)

What functions can I push to SDN & VFN?

01
02
03
04
05
06
Backups
Why backing up data on the cloud is a risk?

Questions
What is Cloud Computing?
Deployment Models

Private
Cloud


Hybrid Cloud

Public
Cloud
Community
Cloud
Share
Customize
Login
LCS
Full transcript