SlideShare a Scribd company logo
2
Most read
5
Most read
7
Most read
Susanne Tedrick
1
Introduction to
Cloud Security
Agenda
 Why Cloud?
 Security Implications of Cloud Service and Deployment Models
 Cloud Security Risks and Threats (A Sampler)
 What is Cloud Security?
 NIST Cybersecurity Framework
 Additional Resources
W hy Cloud?
Scalability Pay as you go Resource sharing
Collaboration/
mobility
Competitiveness
W hat About Cloud Security?
The Shared Responsibility of Cloud Security
On-Premises
Infrastructure as a
Service (IaaS)
Platform as a
Service
(PaaS)
Software as a
Service
(SaaS)
User Access User Access User Access User Access
Data Data Data Data
Applications Applications Applications Applications
Operating System Operating System Operating System Operating System
Network Traffic Network Traffic Network Traffic Network Traffic
Hypervisor Hypervisor Hypervisor Hypervisor
Infrastructure Infrastructure Infrastructure Infrastructure
Physical Physical Physical Physical
White –Customer Responsibility Shaded –Cloud Provider Responsibility
Cloud Deployments Models
Hybrid Private
Cloud security
responsibility
completely
owned by client
Shared cloud
security
responsibility
between client and
cloud provider
Cloud security
retained by cloud
provider; no
client control
Public
M ulticloud Lack of Visibility
Most US based enterprises are using at least two public cloud providers. This approach
adds even more security complexity.
Source: Cisco
Data Leakage
Data is no longer under
your control
Loss of confidentiality
Data Loss
Data Damage
A correct copy of the
data is no longer
available
Compromise of integrity
or availability
M alware Injections
The attacker attempts to inject an
implementation of a malicious service
or virtual machine into the cloud.
Source: F5
Distributed Denial of Service
(DDoS)
These types of attacks cause the
availability of data or services to go
down because of an overload of
traffic to the server.
Source: F5
Insecure Application
Programming Interfaces (APIs)
APIs become an open doorway to an application or cloud platform - it is critical that
they are secured.
Source: F5
Containerization
With the wide adoption of
container-based applications,
systems became more complex
and security risks increased.
Source: Devopedia
W hat Is Cloud Security?
CLOUD
Policies, procedures and tools used to protect data,
applications and networks in cloud environments.
K ey Questions
RESPONSIBILITY FORTIFICATION CONTROLS
What is my
responsibility?
How do I secure
my cloud
environment?
What security
controls work
best?
NIST Cybersecurity
Framework
Established in 2014
M ain goals:
■ H elp manage cyber risks
■ Provide a “common language” for
discussing cyber risks
■ H elp create and assess and
improve cybersecurity
programs
16
NIST Cybersecurity
Framework
■ Asset identification
■ User identification
■ Data identification and
governance
17
NIST Cybersecurity
Framework
■ Data security
■ Application security
■ Network security
18
NIST Cybersecurity
Framework
■ Logging
■ Continuous
monitoring
■ Detection processes
19
NIST Cybersecurity
Framework
■ Develop and maintain
response playbooks
■ Address compliance and
privacy notification
regulations
■ Eliminate technology silos
■ Automate security incident
investigations
20
NIST Cybersecurity
Framework
■ Backup and restore
■ Disaster recovery
■ Improvements and
communication
■ Remediation
21
Best Practices
• Research Your Cloud Service Provider’s Security Program
• Read Your Cloud Services Provider’s Terms of Use
• Utilize NIST’s Cybersecurity Framework
• Prevent, detect and respond to cyberattacks - nist.gov/cyberframework
• Utilize NIST’s Guidelines on Security and Privacy in Public Cloud
Computing
• nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf
Additional Resources
■ NIST Cybersecurity Framework
nist.gov/cyberframework
■ NIST Guidelines on Security and Privacy in Public Cloud Computing
nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf
■ Cloud Security Alliance
cloudsecurityalliance.org
■ (ISC)2 2020 Cloud Security Report
isc2.org/resource-center/reports/2020-cloud-security-report
Thank
You!

More Related Content

PDF
Cloud Security
PPT
Cloud Security
PPTX
Cloud computing and Cloud security fundamentals
PPTX
Cloud Security
PPTX
Cloud computing and data security
PPT
security Issues of cloud computing
PPT
Cloud security
PPTX
Chap 6 cloud security
Cloud Security
Cloud Security
Cloud computing and Cloud security fundamentals
Cloud Security
Cloud computing and data security
security Issues of cloud computing
Cloud security
Chap 6 cloud security

What's hot (20)

PPTX
security and privacy-Internet of things
PDF
IOT Security
PPTX
Network Security
PDF
Memory Virtualization In Cloud Computing.pdf
PPTX
Firewall Basing
PPTX
IOS security
PPTX
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
PPT
Secure shell ppt
PPTX
Intrusion detection
PPT
Software security
PPT
Lecture 4 mobile database system
PDF
Cybersecurity Fundamental Course by Haris Chughtai.pdf
PPTX
system Security
PPTX
Operating Systems: Computer Security
PPTX
Security and privacy in cloud computing.pptx
PDF
Cloud security
PPTX
DDoS in cloud computing | Distributed Denial of Service | Chandan Singh Ghodela
PPT
protection in general-purpose_OS.ppt
security and privacy-Internet of things
IOT Security
Network Security
Memory Virtualization In Cloud Computing.pdf
Firewall Basing
IOS security
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
Secure shell ppt
Intrusion detection
Software security
Lecture 4 mobile database system
Cybersecurity Fundamental Course by Haris Chughtai.pdf
system Security
Operating Systems: Computer Security
Security and privacy in cloud computing.pptx
Cloud security
DDoS in cloud computing | Distributed Denial of Service | Chandan Singh Ghodela
protection in general-purpose_OS.ppt
Ad

Similar to Introduction to Cloud Security (20)

PDF
Cloud_security_v2_chpater_9_s_version.pdf
PPTX
I am sharing 'Unit-2' with youuuuuu.PPTX
PDF
cloud1_aggy.pdf
PDF
Cloud Computing Security Organization Assessments Service Categories Responsi...
PPTX
Cloud Security using NIST guidelines
PPTX
Cloud Security using NIST guidelines
PPTX
Cloud Security: Risks and Recommendations for New Entrants
PPTX
Cloud security: Risks and Rewards for New Entrants
PPTX
Cloud Security in 2025_ Top Challenges, Daily Risks & Key Threats You Need to...
PPTX
18CSE442 Cloud Security Introduction SRM.pptx
PDF
Cloud Application Security Best Practices To follow.pdf
PDF
Cloud Application Security Best Practices To follow.pdf
PPT
Cloud Security_Module2.ppt
PDF
Cloud Security 101 by Madhav Chablani
PPTX
Practical Security for the Cloud
PDF
Cloud Security Risks Challenges and Preventive Solutions - DigitDefence
PPTX
cloud computer security fundamentals Unit-5.pptx
PDF
The 3 Recommendations for Cloud Security
PPTX
talk6securingcloudamarprusty-191030091632.pptx
PPTX
CLOUD SECURITY 117 presentation diploma ppt
Cloud_security_v2_chpater_9_s_version.pdf
I am sharing 'Unit-2' with youuuuuu.PPTX
cloud1_aggy.pdf
Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Security using NIST guidelines
Cloud Security using NIST guidelines
Cloud Security: Risks and Recommendations for New Entrants
Cloud security: Risks and Rewards for New Entrants
Cloud Security in 2025_ Top Challenges, Daily Risks & Key Threats You Need to...
18CSE442 Cloud Security Introduction SRM.pptx
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
Cloud Security_Module2.ppt
Cloud Security 101 by Madhav Chablani
Practical Security for the Cloud
Cloud Security Risks Challenges and Preventive Solutions - DigitDefence
cloud computer security fundamentals Unit-5.pptx
The 3 Recommendations for Cloud Security
talk6securingcloudamarprusty-191030091632.pptx
CLOUD SECURITY 117 presentation diploma ppt
Ad

Recently uploaded (20)

PPT
Teaching material agriculture food technology
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
PDF
KodekX | Application Modernization Development
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
PDF
Empathic Computing: Creating Shared Understanding
PDF
Network Security Unit 5.pdf for BCA BBA.
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
PDF
Approach and Philosophy of On baking technology
PDF
cuic standard and advanced reporting.pdf
PDF
Chapter 3 Spatial Domain Image Processing.pdf
PPTX
Big Data Technologies - Introduction.pptx
PDF
Spectral efficient network and resource selection model in 5G networks
PDF
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
PPTX
Understanding_Digital_Forensics_Presentation.pptx
Teaching material agriculture food technology
Dropbox Q2 2025 Financial Results & Investor Presentation
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
“AI and Expert System Decision Support & Business Intelligence Systems”
KodekX | Application Modernization Development
The Rise and Fall of 3GPP – Time for a Sabbatical?
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Empathic Computing: Creating Shared Understanding
Network Security Unit 5.pdf for BCA BBA.
Reach Out and Touch Someone: Haptics and Empathic Computing
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
20250228 LYD VKU AI Blended-Learning.pptx
Approach and Philosophy of On baking technology
cuic standard and advanced reporting.pdf
Chapter 3 Spatial Domain Image Processing.pdf
Big Data Technologies - Introduction.pptx
Spectral efficient network and resource selection model in 5G networks
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
Diabetes mellitus diagnosis method based random forest with bat algorithm
Understanding_Digital_Forensics_Presentation.pptx

Introduction to Cloud Security

  • 2. Agenda  Why Cloud?  Security Implications of Cloud Service and Deployment Models  Cloud Security Risks and Threats (A Sampler)  What is Cloud Security?  NIST Cybersecurity Framework  Additional Resources
  • 3. W hy Cloud? Scalability Pay as you go Resource sharing Collaboration/ mobility Competitiveness
  • 4. W hat About Cloud Security?
  • 5. The Shared Responsibility of Cloud Security On-Premises Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Software as a Service (SaaS) User Access User Access User Access User Access Data Data Data Data Applications Applications Applications Applications Operating System Operating System Operating System Operating System Network Traffic Network Traffic Network Traffic Network Traffic Hypervisor Hypervisor Hypervisor Hypervisor Infrastructure Infrastructure Infrastructure Infrastructure Physical Physical Physical Physical White –Customer Responsibility Shaded –Cloud Provider Responsibility
  • 6. Cloud Deployments Models Hybrid Private Cloud security responsibility completely owned by client Shared cloud security responsibility between client and cloud provider Cloud security retained by cloud provider; no client control Public
  • 7. M ulticloud Lack of Visibility Most US based enterprises are using at least two public cloud providers. This approach adds even more security complexity. Source: Cisco
  • 8. Data Leakage Data is no longer under your control Loss of confidentiality Data Loss Data Damage A correct copy of the data is no longer available Compromise of integrity or availability
  • 9. M alware Injections The attacker attempts to inject an implementation of a malicious service or virtual machine into the cloud. Source: F5
  • 10. Distributed Denial of Service (DDoS) These types of attacks cause the availability of data or services to go down because of an overload of traffic to the server. Source: F5
  • 11. Insecure Application Programming Interfaces (APIs) APIs become an open doorway to an application or cloud platform - it is critical that they are secured. Source: F5
  • 12. Containerization With the wide adoption of container-based applications, systems became more complex and security risks increased. Source: Devopedia
  • 13. W hat Is Cloud Security? CLOUD Policies, procedures and tools used to protect data, applications and networks in cloud environments.
  • 14. K ey Questions RESPONSIBILITY FORTIFICATION CONTROLS What is my responsibility? How do I secure my cloud environment? What security controls work best?
  • 15. NIST Cybersecurity Framework Established in 2014 M ain goals: ■ H elp manage cyber risks ■ Provide a “common language” for discussing cyber risks ■ H elp create and assess and improve cybersecurity programs 16
  • 16. NIST Cybersecurity Framework ■ Asset identification ■ User identification ■ Data identification and governance 17
  • 17. NIST Cybersecurity Framework ■ Data security ■ Application security ■ Network security 18
  • 18. NIST Cybersecurity Framework ■ Logging ■ Continuous monitoring ■ Detection processes 19
  • 19. NIST Cybersecurity Framework ■ Develop and maintain response playbooks ■ Address compliance and privacy notification regulations ■ Eliminate technology silos ■ Automate security incident investigations 20
  • 20. NIST Cybersecurity Framework ■ Backup and restore ■ Disaster recovery ■ Improvements and communication ■ Remediation 21
  • 21. Best Practices • Research Your Cloud Service Provider’s Security Program • Read Your Cloud Services Provider’s Terms of Use • Utilize NIST’s Cybersecurity Framework • Prevent, detect and respond to cyberattacks - nist.gov/cyberframework • Utilize NIST’s Guidelines on Security and Privacy in Public Cloud Computing • nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf
  • 22. Additional Resources ■ NIST Cybersecurity Framework nist.gov/cyberframework ■ NIST Guidelines on Security and Privacy in Public Cloud Computing nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf ■ Cloud Security Alliance cloudsecurityalliance.org ■ (ISC)2 2020 Cloud Security Report isc2.org/resource-center/reports/2020-cloud-security-report