Cloud Security by CK
-
Upload
chaiyakorn-apiwathanokul -
Category
Education
-
view
607 -
download
1
description
Transcript of Cloud Security by CK
Cloud Security ConcernsBy Chaiyakorn ApiwathanokulBy Chaiyakorn Apiwathanokul
C3O, S-Generation Co., Ltd.
• CSO ASEAN Award 2010 by International Data Group (IDG)
• 2010 Asia-Pacific Information Security Leadership Achievements (ISLA) by (ISC)2
• Security Sub-commission under Thailand Electronic Transaction Commission (ET Act B.E. 2544)
Name:
Title:Company:
Certificates:
Chaiyakorn Apiwathanokul ไชยกร อภวิัฒโนกุลChief Executive OfficerS-GENERATION Company LimitedS-FORENSICS Company LimitedCISSP, CSSLP, IRCA:ISMS (ISO27001), SANS:GCFA
1997 1999 2000 2004 2006 2011
• Security Sub-commission under Thailand Electronic Transaction Commission (ET Act B.E. 2544)
• Contribute to Thailand Cyber Crime Act B.E.2550
• Workgroup for CA service standard development
• Committee of national standard adoption of ISO27001/ISO27002
• Committee of Thailand Information Security Association (TISA)
• Committee of Cybersecurity workforce development, Division of Skill Development, Ministry of Labour
• Advisor to Department of Special Investigation (DSI)
• Advisor to Cybersecurity Monitoring Center, Ministry of Defense (MOD)
chai
yako
rna@
ho
tmai
l.co
m
CLOUD!How is it like?How is it like?
What do you think of when it
comes to CLOUD?comes to CLOUD?
Now!
Cheaper Cost Efficiency
Resiliency High Availability
Elasticity On-DemandElasticity On-Demand
Quick Deployment
Out-sourcing
Then what stop you?
GO!!! or NO GO?
What to worry about?
Surveys Show
SECURITY & PRIVACY SECURITY & PRIVACY
#1 Concern
Top Threats to Cloud Computing
Survey Results Update 2012
Top Threats to Cloud Computing
1. Abuse & Nefarious Use of Cloud Computing
2. Insecure Interfaces & APIs
3. Malicious Insiders
© 2012 S-Generation Co., Ltd.© 2012 S-Generation Co., Ltd.
3. Malicious Insiders
4. Shared Technology Issues
5. Data Loss or Leakage
6. Account or Service Hijacking
7. Unknown Risk Profile
ENISA Cloud Risks
1. Loss of governance
2. Lock-in
3. Isolation failure
4. Compliance risks
15
© 2012 S-Generation Co., Ltd.© 2012 S-Generation Co., Ltd.
4. Compliance risks
5. Management interface compromise
6. Data protection
7. Insecure or incomplete data deletion
8. Malicious insider
© 2012 S-Generation Co., Ltd.© 2012 S-Generation Co., Ltd.
NIST SP800-144
Key Security and Privacy Issues
1 Governance
2 Compliance
3 Trust
4 Architecture
© 2012 S-Generation Co., Ltd.© 2012 S-Generation Co., Ltd.
4 Architecture
5 Identity and Access Management
6 Software Isolation
7 Data Protection
8 Availability
9 Incident Response
Certificate of Cloud Security
Knowledge
• First certification on cloud computing security
• Most prestigious cloud computing certification
© 2012 S-Generation Co., Ltd.© 2012 S-Generation Co., Ltd.
• Most prestigious cloud computing certification
• Measures mastery of CSA guidance and ENISA cloud risks whitepaper
• Understand cloud issues
• Look for the CCSKs at cloud providers, consulting partners
• Online web-based examination
• www.cloudsecurityalliance.org/certifyme
13 Domains of CCSK
© 2012 S-Generation Co., Ltd.© 2012 S-Generation Co., Ltd.
0.5 Lifecycle considerations “Information”
Create
StoreDestroy
© 2012 S-Generation Co., Ltd.© 2012 S-Generation Co., Ltd.
Process
Use
Transmit
20
0.5 Lifecycle considerations “Information
System”
Conceive Implement Use
© 2012 S-Generation Co., Ltd.© 2012 S-Generation Co., Ltd.
Specify
Design Develop
Test Maintain
Dispose
21
Domain 5: Information Management &
Data Security
5.6 Data Security
5.6.1 Detecting and Preventing Data Migrations to The Cloud
5.6.2 Protecting Data Moving to (And Within) The Cloud
5.6.3 Protecting Data in The Cloud
© 2012 S-Generation Co., Ltd.© 2012 S-Generation Co., Ltd.
5.6.3 Protecting Data in The Cloud
5.6.4 Data Lost Prevention
5.6.5 Database and File Activity Monitoring
5.6.6 Application Security
5.6.7 Privacy Preserving Storage
5.6.8 Digital Rights Management (DRM)
Back to The Basic
• Classify everything– Data
– Network
– Platform
– App
© 2012 S-Generation Co., Ltd.© 2012 S-Generation Co., Ltd.
– App
– Provider
– Personnel involved
• Owner, who, R&R
• Custodian, who, R&R
Conclusion
• Cloud is here to stay
• Cloud help reduce capital and operational cost
• Cost of data breach is in question
• It’s not about go or no-go, it’s about how to go effectively
• We are not living in a business (only) world
© 2012 S-Generation Co., Ltd.© 2012 S-Generation Co., Ltd.
• We are not living in a business (only) world
• There are underground economy, cyber criminal, terrorism, and state intelligence
• Secure development and secure operation
• Does cloud computing helps your operation more secure?
– Operation - may be
– Data security framework - ?
http://www. thailand.org
© 2012 S-Generation Co., Ltd.© 2012 S-Generation Co., Ltd.
Happy New Year to ICTSEC
• Free web security health check
1 scan 1 report
• Promotion code:
ICTSEC@EGAT
© 2012 S-Generation Co., Ltd.© 2012 S-Generation Co., Ltd.
ICTSEC@EGAT
• Contact:
– Tel. 02-613-0500
– Mail. [email protected]
– http://www.EZWebSec.com
Start at 5,000 THB/month
T hank Y ou
Please visit
ht tp: / /www.S-GENERATION.comfor more information
27
T hank Y ou
Please visit
ht tp: / /www.S-FORENSICS.comfor more information