Cloud security - The Cloud is as Secure as you want it to be! - Indicthreads cloud computing conference 2011
0 likes404 views
The document outlines key aspects of cloud security, including the importance of identity management, multi-factor authentication, and compliance across various cloud deployment models (public, private, hybrid). It highlights security considerations such as data protection, user management, and maintaining secure access across multiple devices. Ultimately, effective cloud security is essential for successfully leveraging cloud services.
Cloud security - The Cloud is as Secure as you want it to be! - Indicthreads cloud computing conference 2011
- 1. The cloud is as secure as you want it to be... Debashis Banerjee Yahoo! India 1
- 2. My son’s first day at school Catered Food on my anniversary party Money in my bank My seat on the plane 2
- 3. Today’s Journey Multi device Refresher to Cloud the cloud Security – Mobiles OTP, SMS Ensuring based multi your cloud Factor auth is secure Public, Private and Hybrid Secure Cloud Security APIs 3 Image: FreeDigitalPhotos.net
- 4. Cloud Computing - Refresher • Key aspects of using the cloud: Elasticity, On Demand, Multi Tenancy, Multi Device, Ability to measure Service • Type of Clouds - Public Clouds, Private Clouds, Hybrid Clouds, Community/Partner Clouds • Deployment models : SaaS , PaaS , IaaS 4
- 5. Key questions to ask about security? • What do you need to protect? Who are your users? • Where does your data live? How does it flow? What geographies? • What are your compliance, logging needs? • Is there SSO and Identity management in place? • Do you have a mix of physical , virtual, cloud? • Who pays for security? Who is accountable for what aspect of • security? • How do you react if a security breach takes place? 5
- 6. Ensuring your cloud solution is secure Identity Provider Strong Auth Secure Multi Ingress and Device Data Egress Security In backup Access Federated SSO Privileged Access Public Cloud Geo-Political Multi Tenancy Private Cloud Considerations Logging, Secure Data at Auditing rest, motion Compliance, Playback Enterprise Physical, Virtual and cloud resources Wipeout, 6 Encryption
- 7. Security in Public Cloud Deployments • Strong Identity management • Privileged Account Management • Place the appropriate type of data in the cloud • Have access to compliance and logging , auditing • Being a public cloud ensure you impose where you data can or cannot travel • Wipeout policies • Ensure you are comfortable with the security of multi tenancy • Secure keys 7
- 8. Security in the Private & Hybrid Cloud Private: • Design such that there is scope to move to a hybrid model • Impose SSO Hybrid: • Segregate your data between clouds • Use SAML and ensure appropriate enterprise credentials are within the perimeter • Have your Federation set up correctly. Enable SSO. • Ensuring enterprise credentials do not travel into the cloud 8
- 9. Multi Device Cloud Security – Mobile Phones • The mobile device as an extension of the Cloud • Secure Mobile Apps on the cloud. • On Cloud and On Device virus scanning • Seamless policies for mobile devices • Credential life cycle management • Secure Roaming Users 9
- 10. Multi Factor Auth – OTPs, SMS based Use OTPs effectively to protect your data access to the cloud GoldKey Multi Factor Auth – AWS/Gemalto 2 Factor Auth using SMS 10 Image: http://commons.wikimedia.org/wiki/File:RSA-SecurID-Tokens.jpg
- 11. Some APIs useful in cloud security • Safe Browsing API • VM Safe APIs 11
- 12. In Conclusion • Cloud Security is critical to succeed in the cloud • Choose Private / Public / Hybrid cloud & SaaS / PaaS / IaaS • Identity & Privileged User Management • Compliance, Certification and Logging • Consider Multi Device Scenarios • Use Strong Authentication 12
- 13. Remember your questions about security to 1. Your child’s school 2. Your anniversary party caterers 3. Your airline 4. Your bank And you won’t go wrong with the Cloud Security !!!! Image: FreeDigitalPhotos.net 13