Cloud Computing - Security (BIG Data)
-
Upload
vasanth-ganesan -
Category
Technology
-
view
746 -
download
3
description
Transcript of Cloud Computing - Security (BIG Data)
Cloud ComputingSecurity – The BIG Data
Vasanth GanesanMS Telecommunications & BusinessUniversity of Maryland, College Park
What is Cloud Computing?
Its all about “Sharing”
Like with anything new, the primary concern is security
RISKS are ALWAYS there!
The Stack
SaaS
PaaS
IaaSClou
d Se
curit
y Co
ncer
ns
Ope
ratio
nal E
ffici
ency
Low
LowHigh
High
Security Risks &
Potential Opportunities
What are your main concerns in your approach to Cloud Computing?
Source: ENISA – An SME Perspective on Cloud, 2009
Security
Snap
Copy
Mount
Yesterday Today
In Brief – “Data”
• Trust Boundary• Data Security• Identity and Access Management (IAM)• Privacy Considerations
Information Assurance Concerns
CSA Security Guidance v2.1
Trust Boundary
• Trust Boundaries have changed with cloud computing
• Note: Different cloud providers might have different trust boundaries
• Data barriers• Need for transparency
Source: Cloud Security and Privacy – Tim Mather
Governance
Enterprise Risk Management
Compliance and Audit
Data Security
• Provider’s data collection efforts and monitoring of such
• Use of encryption– Data in Transit– Data at Rest– Key management is a significant issue
• Data lineage• Data provenance• Data remanence
Source: Cloud Security and Privacy – Tim Mather
Information Lifecycle Management
Encryption and Key Management
Compliance and Audit
Identity and Access Management
• One of the biggest challenges today• Currently inadequate for Enterprises• Access Control tool
Source: Cloud Security and Privacy – Tim Mather
Identity and Access Management
Traditional security
Compliance and Audit
Privacy Considerations
• Data is no longer static• Transborder data issues may be exacerbated– Privacy laws (inconsistent among different
jurisdictions)• Data governance is weak– Encryption is not pervasive– Cloud Providers absolve themselves– Data remanence still is a “?”
Source: Cloud Security and Privacy – Tim Mather
Information Lifecycle Management
Traditional security
Compliance and Audit
Then why the Cloud?
Lowers TCO
Time to Market
Flexibility
ScalabilityFocus on
Core Business
Potential Questions from the Clients
• Does the provider hold certifications such as ISO 27001/2, SAS 70? If yes, what is the scope of the certifications?
• Does the provider share with the physical location of the servers?• To what extent are storage, memory and other data traces erased from the
machines before being reallocated to a different customer? i.e. Data remanence • Does the provider support the data classification scheme used?• How does the provider guarantee isolation of resources from other customers?• Learn from the Cloud service provider (CSP) about key management. Who
handles and manages the key?• How does the CSP report on its security management?• Does the CSP have an analytics tool to monitor your cloud?• What are the CSP’s control monitoring processes?• Is your data bound by local jurisdiction?