Download - Cloud Security Alliance - Guidance
![Page 1: Cloud Security Alliance - Guidance](https://reader031.vdocument.in/reader031/viewer/2022032122/55d5250dbb61eb7e118b46aa/html5/thumbnails/1.jpg)
![Page 2: Cloud Security Alliance - Guidance](https://reader031.vdocument.in/reader031/viewer/2022032122/55d5250dbb61eb7e118b46aa/html5/thumbnails/2.jpg)
www.cloudsecurityalliance.org Copyright © 2009 Cloud Security Alliance
• Global, not-for-profit organization, started Nov. 2008, individual members (free), corporate members and affiliated organizations
• Inclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, and on and on…
• We believe Cloud Computing has a robust future, we want to make it better
“To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud
Computing to help secure all other forms of computing.”
![Page 3: Cloud Security Alliance - Guidance](https://reader031.vdocument.in/reader031/viewer/2022032122/55d5250dbb61eb7e118b46aa/html5/thumbnails/3.jpg)
www.cloudsecurityalliance.org Copyright © 2009 Cloud Security Alliance
• April 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 1
• July 2009: Version 1 translated into Japanese
• November 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 2
• Q4 2009: Top Ten Cloud Threats (monthly)
• Q4 2009: Provider & Customer Checklists
• Q4 2009: eHealth Guidance
• Global CSA Executive Summits
• Q1 2010 – Europe
• Q1 or Q2 2010 - US
![Page 4: Cloud Security Alliance - Guidance](https://reader031.vdocument.in/reader031/viewer/2022032122/55d5250dbb61eb7e118b46aa/html5/thumbnails/4.jpg)
![Page 5: Cloud Security Alliance - Guidance](https://reader031.vdocument.in/reader031/viewer/2022032122/55d5250dbb61eb7e118b46aa/html5/thumbnails/5.jpg)
www.cloudsecurityalliance.org Copyright © 2009 Cloud Security Alliance
![Page 6: Cloud Security Alliance - Guidance](https://reader031.vdocument.in/reader031/viewer/2022032122/55d5250dbb61eb7e118b46aa/html5/thumbnails/6.jpg)
www.cloudsecurityalliance.org Copyright © 2009 Cloud Security Alliance
Focusing the Security Discussion
Software as a Service
Platform as a Service
Infrastructure as a Service
Pub
lic
Priv
ate
Hyb
rid
Application Domains
XaaS
Lay
ers
IaaS, Hybrid,"HPC/
Analytics SaaS, Public,"CRM
IaaS, Public,"Transcoding
![Page 7: Cloud Security Alliance - Guidance](https://reader031.vdocument.in/reader031/viewer/2022032122/55d5250dbb61eb7e118b46aa/html5/thumbnails/7.jpg)
www.cloudsecurityalliance.org Copyright © 2009 Cloud Security Alliance
Governing in the Cloud 1. Governance & Risk Mgt
2. Legal
3. Electronic Discovery
4. Compliance & Audit
5. Information Lifecycle Mgt
6. Portability & Interoperability
Operating in the Cloud 1. Traditional, BCM, DR
2. Data Center Operations
3. Incident Response
4. Application Security
5. Encryption & Key Mgt
6. Identity & Access Mgt
7. Storage
8. Virtualization
1. Architecture & Framework
![Page 8: Cloud Security Alliance - Guidance](https://reader031.vdocument.in/reader031/viewer/2022032122/55d5250dbb61eb7e118b46aa/html5/thumbnails/8.jpg)
www.cloudsecurityalliance.org Copyright © 2009 Cloud Security Alliance
Analyzing Cloud Security • Some key issues:
Trust, multi-tenancy, encryption, key management compliance
• Clouds are massively complex systems can be reduced to simple primitives that are replicated thousands of times and common functional units
• Cloud security is a tractable problem
There are both advantages and challenges
![Page 9: Cloud Security Alliance - Guidance](https://reader031.vdocument.in/reader031/viewer/2022032122/55d5250dbb61eb7e118b46aa/html5/thumbnails/9.jpg)
www.cloudsecurityalliance.org Copyright © 2009 Cloud Security Alliance
Balancing Threat Exposure and Cost Effectiveness
• Private clouds may have less threat exposure than community or hosted clouds which have less threat exposure than public clouds.
• Massive public clouds may be more cost effective than large community clouds which may be more cost effective than small private clouds.
![Page 10: Cloud Security Alliance - Guidance](https://reader031.vdocument.in/reader031/viewer/2022032122/55d5250dbb61eb7e118b46aa/html5/thumbnails/10.jpg)
www.cloudsecurityalliance.org Copyright © 2009 Cloud Security Alliance
General Security Advantages • Democratization of security capabilities
• Shifting public data to a external cloud reduces the exposure of the internal sensitive data
• Forcing functions to add security controls
• Clouds enable automated security management
• Redundancy / Disaster Recovery
![Page 11: Cloud Security Alliance - Guidance](https://reader031.vdocument.in/reader031/viewer/2022032122/55d5250dbb61eb7e118b46aa/html5/thumbnails/11.jpg)
www.cloudsecurityalliance.org Copyright © 2009 Cloud Security Alliance
General Security Challenges • Trusting vendor’s security model
• Customer inability to respond to audit findings
• Obtaining support for investigations
• Indirect administrator accountability
• Proprietary implementations can’t be examined
• Loss of physical control
![Page 12: Cloud Security Alliance - Guidance](https://reader031.vdocument.in/reader031/viewer/2022032122/55d5250dbb61eb7e118b46aa/html5/thumbnails/12.jpg)
www.cloudsecurityalliance.org Copyright © 2009 Cloud Security Alliance
• Geo-location of sensitive data
• Inability to deploy security services (e.g. scanning)
• Risk with shared computing platform (multi-tenant)
• Data confidentiality
• Access via internet – untrusted
• Cloud vendors for the most part non-committal on security
• Company data on 3rd party machine
• Compliance lacking – inability to satisfy auditors
• Vendors not up to speed from a guidance and auditing perspective
• Inability to perform forensic investigation
![Page 13: Cloud Security Alliance - Guidance](https://reader031.vdocument.in/reader031/viewer/2022032122/55d5250dbb61eb7e118b46aa/html5/thumbnails/13.jpg)
www.cloudsecurityalliance.org Copyright © 2009 Cloud Security Alliance
“We have to accept what we all know to be elemental -
that taking a defensive position can, at best, only limit losses.
And we need gains."
Peter F. Drucker
![Page 14: Cloud Security Alliance - Guidance](https://reader031.vdocument.in/reader031/viewer/2022032122/55d5250dbb61eb7e118b46aa/html5/thumbnails/14.jpg)
www.cloudsecurityalliance.org Copyright © 2009 Cloud Security Alliance
• Cloud Computing is real and transformational
• Cloud Computing can be secured but also can carry increased risk due to aggregation of assets
• Broad governance approach needed
• Tactical fixes needed
• Combination of updating existing best practices and creating completely new best practices
• Common sense not optional
![Page 15: Cloud Security Alliance - Guidance](https://reader031.vdocument.in/reader031/viewer/2022032122/55d5250dbb61eb7e118b46aa/html5/thumbnails/15.jpg)
www.cloudsecurityalliance.org Copyright © 2009 Cloud Security Alliance
• Join us, help make our work better
• Discussions & announcements on LinkedIn
• Hold regional CSA Meetups
• Other research initiatives and events being planned
![Page 16: Cloud Security Alliance - Guidance](https://reader031.vdocument.in/reader031/viewer/2022032122/55d5250dbb61eb7e118b46aa/html5/thumbnails/16.jpg)
www.cloudsecurityalliance.org Copyright © 2009 Cloud Security Alliance
• Individual Membership (free)
• Subject matter experts for research
• Interested in learning about the topic
• Administrative & organizational help
• Corporate Sponsorship
• Help fund outreach, events
• Affiliated Organizations (free)
• Joint projects in the community interest
• Contact information on website
![Page 17: Cloud Security Alliance - Guidance](https://reader031.vdocument.in/reader031/viewer/2022032122/55d5250dbb61eb7e118b46aa/html5/thumbnails/17.jpg)
www.cloudsecurityalliance.org Copyright © 2009 Cloud Security Alliance
• www.cloudsecurityalliance.org
• Twitter: @cloudsa, #csaguide
• LinkedIn: www.linkedin.com/groups?gid=1864210
![Page 18: Cloud Security Alliance - Guidance](https://reader031.vdocument.in/reader031/viewer/2022032122/55d5250dbb61eb7e118b46aa/html5/thumbnails/18.jpg)