SlideShare a Scribd company logo

Debashis banerjee cloud_is_as_secure

D
debashisb

The document discusses cloud security. It notes that cloud security depends on how secure users want their cloud deployment to be. It then covers key aspects of cloud computing like public and private clouds. It asks important questions about security like what needs protection, compliance needs, and identity management. Ensuring the cloud has secure identity, access management, data protection, and logging is discussed. Multi-device access and multi-factor authentication are also covered. The conclusion reminds users to consider these security aspects for various personal and financial services.

Technology
Related topics:
Identity and Access Management • Cloud Computing Insights
1 of 13
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
THE CLOUD IS AS SECURE AS YOU WANT IT TO BE Debashis Banerjee (Yahoo! India)
My son’s first day at school Catered Food on my anniversary party Money in my bank My seat on the plane
Today’s Journey Refresher to Multi device the cloud Cloud Security – Mobiles OTP, SMS Ensuring based multi your cloud is Factor auth secure Public, Private and Hybrid Secure Cloud Security APIs Image: FreeDigitalPhotos.net
Cloud Computing - Refresher • Key aspects of using the cloud: Elasticity, On Demand, Multi Tenancy, Multi Device, Ability to measure Service • Type of Clouds - Public Clouds, Private Clouds, Hybrid Clouds, Community/Partner Clouds • SaaS , PaaS , IaaS
Key questions to ask about Cloud Security? • What do you need to protect? Who are your users? • Where does your data live? How does it flow? What geographies? • What are your compliance, logging needs? • Is there SSO and Identity management in place? • Do you have a mix of physical , virtual, cloud? • Who pays for security? Who is accountable for what aspect of security? • How do you react if a security breach takes place?
Ensuring your cloud solution is secure Identity Provider Strong Auth Secure Multi Ingress and Data Egress Security Device In backup Federated SSO Access Public Cloud Privileged Access Geo-Political Multi Tenancy Private Cloud Considerations Logging, Secure Data at Auditing rest, motion Compliance, Playback Enterprise Physical, Virtual and cloud resources Wipeout, Encryption
Security in Public Cloud Deployments • Strong Identity management • Privileged Account Management • Place the appropriate type of data in the cloud • Have access to compliance and logging , auditing • Being a public cloud ensure you impose where you data can or cannot travel • Wipeout policies • Ensure you are comfortable with the security of multi tenancy • Secure keys
Security in the Private & Hybrid Cloud  Private: • Design such that there is scope to move to a hybrid model • Impose SSO  Hybrid: • Segregate your data between clouds • Use SAML and ensure appropriate enterprise credentials are within the perimeter • Have your Federation set up correctly. Enable SSO. • Ensuring enterprise credentials do not travel into the cloud
Multi Device Cloud Security – Mobile Phones • The mobile device as an extension of the Cloud • Secure Mobile Apps on the cloud. • On Cloud and On Device virus scanning • Seamless policies for mobile devices • Credential life cycle management • Secure Roaming Users
Multi Factor Auth – OTPs, SMS based  Use OTPs effectively to protect your data access to the cloud  GoldKey  Multi Factor Auth – AWS/Gemalto  2 Factor Auth using SMS Image: http://commons.wikimedia.org/wiki/File:RSA-SecurID-Tokens.jpg
Some APIs useful in cloud security • Safe Browsing API • VM Safe APIs
In Conclusion • Cloud Security is critical to succeed in the cloud • Choose Private / Public / Hybrid cloud & SaaS / PaaS / IaaS • Identity & Privileged User Management • Compliance, Certification and Logging • Consider Multi Device Scenarios • Use Strong Authentication
Remember your questions about security to 1. Your child’s school 2. Your anniversary party caterers 3. Your airline 4. Your bank And you won’t go wrong with the Cloud Security !!!! Image: FreeDigitalPhotos.net

More Related Content

PDF
Cloud security - The Cloud is as Secure as you want it to be! - Indicthreads ...
IndicThreads
 
PPTX
Have content, will travel securely sharing mobile content in the cloud part II
Proofpoint
 
PDF
The cloud is as secure as you want it to be
Debashis Banerjee
 
PPTX
Wayfs and Strays - Jonathan Richardson
Eduserv
 
ZIP
Context Automation (with video demos)
Phil Windley
 
PDF
9 basic MDM settings to get you started
Peter Hewer
 
PDF
Securityinsideout
gueste69f645
 
PDF
Copyright and Technology London 2012: Content Identification - Werner Strydom...
GiantSteps Media Technology Strategies
 
Cloud security - The Cloud is as Secure as you want it to be! - Indicthreads ...
IndicThreads
 
Have content, will travel securely sharing mobile content in the cloud part II
Proofpoint
 
The cloud is as secure as you want it to be
Debashis Banerjee
 
Wayfs and Strays - Jonathan Richardson
Eduserv
 
Context Automation (with video demos)
Phil Windley
 
9 basic MDM settings to get you started
Peter Hewer
 
Securityinsideout
gueste69f645
 
Copyright and Technology London 2012: Content Identification - Werner Strydom...
GiantSteps Media Technology Strategies
 

What's hot (6)

PPT
Protect Your Passwords, Secure Your Servers
Steven Davis
 
PDF
Identity Assertions Draftv5
Salvatore D'Agostino
 
PPT
P hallam baker_keynote
shindeshekhar
 
PPTX
Sogeti Cloud Seminar Identity In The Clouds
Ron Moerman
 
PDF
La era de los smart devices mexico
GeneXus
 
PDF
New Trends in Web Security
Oliver Pfaff
 
Protect Your Passwords, Secure Your Servers
Steven Davis
 
Identity Assertions Draftv5
Salvatore D'Agostino
 
P hallam baker_keynote
shindeshekhar
 
Sogeti Cloud Seminar Identity In The Clouds
Ron Moerman
 
La era de los smart devices mexico
GeneXus
 
New Trends in Web Security
Oliver Pfaff
 
Ad

Viewers also liked (13)

DOC
1102700 laporan jobsheet 1 - vegi laten haju embulni sanyus
Vegi Laten
 
DOC
atul_resume
atulweb
 
PDF
Debashis banerjee mobile_webappintrosecurity
debashisb
 
PPT
Transaction unit1 topic 2
avniS
 
PPTX
Is there a Golden Ratio? Test Specialist to Developer in an Agile team
debashisb
 
PPT
Changing trends in sw development
avniS
 
PPT
Section 3 resistive circuit analysis ii
midgettossing
 
PPT
Locks with updt nowait
avniS
 
PPT
Normalization
avniS
 
PPT
Overview of query evaluation
avniS
 
PPT
Multivalued dependency
avniS
 
PPT
Sequences
avniS
 
PPT
Locking unit 1 topic 3
avniS
 
1102700 laporan jobsheet 1 - vegi laten haju embulni sanyus
Vegi Laten
 
atul_resume
atulweb
 
Debashis banerjee mobile_webappintrosecurity
debashisb
 
Transaction unit1 topic 2
avniS
 
Is there a Golden Ratio? Test Specialist to Developer in an Agile team
debashisb
 
Changing trends in sw development
avniS
 
Section 3 resistive circuit analysis ii
midgettossing
 
Locks with updt nowait
avniS
 
Normalization
avniS
 
Overview of query evaluation
avniS
 
Multivalued dependency
avniS
 
Sequences
avniS
 
Locking unit 1 topic 3
avniS
 
Ad

Similar to Debashis banerjee cloud_is_as_secure (20)

PDF
Enterprise Strategy for Cloud Security
Bob Rhubart
 
PDF
Cloud Security - Made simple
Sameer Paradia
 
PDF
Who owns security in the cloud
Trend Micro
 
PPTX
Safe Net: Cloud Security Solutions
ASBIS SK
 
PPTX
Cloud security and security architecture
Vladimir Jirasek
 
PPTX
2012 10 cloud security architecture
Vladimir Jirasek
 
PDF
Cloud Security
Hi-Tech College
 
PDF
Security of,for & by cloud
Lakshmi Subramanian
 
PPTX
Smart cloud - single to multi cloud
Abdul Rasheed Feroz Khan
 
PDF
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
OKsystem
 
PDF
Oded Tsur - Ca Cloud Security
CSAIsrael
 
PPTX
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
Khazret Sapenov
 
PDF
Security Considerations for Microservices and Multi cloud
Neelkamal Gaharwar
 
PPTX
Brave new world of encryption v1
Khazret Sapenov
 
PDF
Projecting Enterprise Security Requirements on the Cloud
Scientia Groups
 
PDF
Peering Through the Cloud Forrester EMEA 2010
graywilliams
 
PPTX
Monetizing the Enterprise: Borderless Networks
Cisco Service Provider Mobility
 
PPTX
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Symosis Security (Previously C-Level Security)
 
PPTX
Enterprise Security in Cloud
Lenin Aboagye
 
PDF
Simple cloud security explanation
indianadvisory
 
Enterprise Strategy for Cloud Security
Bob Rhubart
 
Cloud Security - Made simple
Sameer Paradia
 
Who owns security in the cloud
Trend Micro
 
Safe Net: Cloud Security Solutions
ASBIS SK
 
Cloud security and security architecture
Vladimir Jirasek
 
2012 10 cloud security architecture
Vladimir Jirasek
 
Cloud Security
Hi-Tech College
 
Security of,for & by cloud
Lakshmi Subramanian
 
Smart cloud - single to multi cloud
Abdul Rasheed Feroz Khan
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
OKsystem
 
Oded Tsur - Ca Cloud Security
CSAIsrael
 
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
Khazret Sapenov
 
Security Considerations for Microservices and Multi cloud
Neelkamal Gaharwar
 
Brave new world of encryption v1
Khazret Sapenov
 
Projecting Enterprise Security Requirements on the Cloud
Scientia Groups
 
Peering Through the Cloud Forrester EMEA 2010
graywilliams
 
Monetizing the Enterprise: Borderless Networks
Cisco Service Provider Mobility
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Symosis Security (Previously C-Level Security)
 
Enterprise Security in Cloud
Lenin Aboagye
 
Simple cloud security explanation
indianadvisory
 

Recently uploaded (20)

PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Approach and Philosophy of On baking technology
30anthuong17
 
KodekX | Application Modernization Development
KodekX
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 

Debashis banerjee cloud_is_as_secure

  • 1. THE CLOUD IS AS SECURE AS YOU WANT IT TO BE Debashis Banerjee (Yahoo! India)
  • 2. My son’s first day at school Catered Food on my anniversary party Money in my bank My seat on the plane
  • 3. Today’s Journey Refresher to Multi device the cloud Cloud Security – Mobiles OTP, SMS Ensuring based multi your cloud is Factor auth secure Public, Private and Hybrid Secure Cloud Security APIs Image: FreeDigitalPhotos.net
  • 4. Cloud Computing - Refresher • Key aspects of using the cloud: Elasticity, On Demand, Multi Tenancy, Multi Device, Ability to measure Service • Type of Clouds - Public Clouds, Private Clouds, Hybrid Clouds, Community/Partner Clouds • SaaS , PaaS , IaaS
  • 5. Key questions to ask about Cloud Security? • What do you need to protect? Who are your users? • Where does your data live? How does it flow? What geographies? • What are your compliance, logging needs? • Is there SSO and Identity management in place? • Do you have a mix of physical , virtual, cloud? • Who pays for security? Who is accountable for what aspect of security? • How do you react if a security breach takes place?
  • 6. Ensuring your cloud solution is secure Identity Provider Strong Auth Secure Multi Ingress and Data Egress Security Device In backup Federated SSO Access Public Cloud Privileged Access Geo-Political Multi Tenancy Private Cloud Considerations Logging, Secure Data at Auditing rest, motion Compliance, Playback Enterprise Physical, Virtual and cloud resources Wipeout, Encryption
  • 7. Security in Public Cloud Deployments • Strong Identity management • Privileged Account Management • Place the appropriate type of data in the cloud • Have access to compliance and logging , auditing • Being a public cloud ensure you impose where you data can or cannot travel • Wipeout policies • Ensure you are comfortable with the security of multi tenancy • Secure keys
  • 8. Security in the Private & Hybrid Cloud  Private: • Design such that there is scope to move to a hybrid model • Impose SSO  Hybrid: • Segregate your data between clouds • Use SAML and ensure appropriate enterprise credentials are within the perimeter • Have your Federation set up correctly. Enable SSO. • Ensuring enterprise credentials do not travel into the cloud
  • 9. Multi Device Cloud Security – Mobile Phones • The mobile device as an extension of the Cloud • Secure Mobile Apps on the cloud. • On Cloud and On Device virus scanning • Seamless policies for mobile devices • Credential life cycle management • Secure Roaming Users
  • 10. Multi Factor Auth – OTPs, SMS based  Use OTPs effectively to protect your data access to the cloud  GoldKey  Multi Factor Auth – AWS/Gemalto  2 Factor Auth using SMS Image: http://commons.wikimedia.org/wiki/File:RSA-SecurID-Tokens.jpg
  • 11. Some APIs useful in cloud security • Safe Browsing API • VM Safe APIs
  • 12. In Conclusion • Cloud Security is critical to succeed in the cloud • Choose Private / Public / Hybrid cloud & SaaS / PaaS / IaaS • Identity & Privileged User Management • Compliance, Certification and Logging • Consider Multi Device Scenarios • Use Strong Authentication
  • 13. Remember your questions about security to 1. Your child’s school 2. Your anniversary party caterers 3. Your airline 4. Your bank And you won’t go wrong with the Cloud Security !!!! Image: FreeDigitalPhotos.net