NETE4631 Cloud Privacy and Security
description
Transcript of NETE4631 Cloud Privacy and Security
![Page 1: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/1.jpg)
1
NETE4631Cloud Privacy and Security
Lecture Notes #9
![Page 2: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/2.jpg)
Managing the Cloud - Recap
2
![Page 3: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/3.jpg)
Capacity Planning – Recap (2)
Steps for capacity planner Examine what systems are in place Measuring their workload
Resources - CPU, RAM, disk, and network Load testing and identifying resource ceiling Determining usage pattern & predict future
demand Add or tear down resources to meet demand
Scenario Scale vertically (scale up) Scale horizontally (scale out)
3
![Page 4: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/4.jpg)
Lecture Outline Statistical challenges in the cloud Security implications Security and privacy challenges Security mapping
Security responsibilities Security service boundary Approaches
Securing data Identity management Standard compliance
4
![Page 5: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/5.jpg)
Characteristics of Cloud (NIST)
5
![Page 6: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/6.jpg)
Statistical Challenges in the Cloud
6
![Page 7: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/7.jpg)
Security Implications
Outsourcing Data and Applications Extensibility and Shared
Responsibility Service-Level Agreements (SLAs) Virtualization and Hypervisors Heterogeneity Compliance and Regulations
7
![Page 8: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/8.jpg)
Security & Privacy Challenges
Authentication and Identity Management
Access Control and Accounting Trust Management and Policy
Integration Secure-Service Management Privacy and Data Protection Organizational Security
Management8
![Page 9: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/9.jpg)
Security Mapping Determine which resources you are planning to
move to the cloud Determine the sensitivity of the resources to risk Determine the risk associated with the particular
cloud deployment type (public, private, or hybrid models) of a resource
Take into account the particular cloud service model that you will be using
If you have selected a particular cloud provider, you need to evaluate its system to understand how data is transferred, where it is stored, and how to move data both in and out of the cloud
9
![Page 10: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/10.jpg)
The AWS Security Center
10
![Page 11: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/11.jpg)
Security Responsibilities
Cloud Deployment Models (NIST) Public clouds Private clouds Hybrid clouds
11
![Page 12: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/12.jpg)
Security Service Boundary
12By Cloud Security Alliance (CSA)
![Page 13: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/13.jpg)
Approaches
Techniques for securing applications, data, management, network, and physical hardware Data-Centric Security and Privacy Identity Management
Comply to compliance standards
13
![Page 14: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/14.jpg)
Techniques for securing resources
Picture from Alexandra Institute 14
![Page 15: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/15.jpg)
Securing Data
Access control Authentication Authorization Encryption
15
![Page 16: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/16.jpg)
Brokered Cloud Storage Access
16
![Page 17: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/17.jpg)
Establishing Identities
What is the identity? Things you are Things you know Things you have Things you relate to
They can be used to authenticate client requests for services Control access to data in the cloud Preventing unauthorized used Maintain user roles
17
![Page 18: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/18.jpg)
Steps for establishing identities for cloud computing Establish an identity Identity be authenticated Authentication can be portable Authentication provide access to
resources
18
![Page 19: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/19.jpg)
Defining Identity as a Service (IDaaS)
Store the information that associates with a digital entity used in electronic transactions
Core functions Data store Query engine Policy engine
19
![Page 20: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/20.jpg)
Core IDaaS applications
20
![Page 21: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/21.jpg)
Authentication Protocol Standards
OpenID 2.0 http://openid.net OAuth http://oauth.net
21
![Page 22: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/22.jpg)
Policy Engine (XACML)
22
![Page 23: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/23.jpg)
SAML Single Sign On Request/ Response Mechanism
23
![Page 24: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/24.jpg)
24
Auditing
Auditing is the ability to monitor the events to understand performance
Proprietary log formats Might not be co-located
![Page 25: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/25.jpg)
Auditing (2)
25Picture from Alexandra Institute
![Page 26: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/26.jpg)
26
Regulatory Compliance
All regulations were written without keeping Cloud Computing in mind.
Clients are held responsible for compliance under the laws that apply to the location where the processing or storage takes place.
Security laws that requires companies providing sensitive personal information have to encrypt data transmitted and stored on their systems (Massachusetts March, 2012).
![Page 27: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/27.jpg)
Regulatory Compliance (2) You have to ensure the followings:
Contracts reviewed by your legal staff The right to audit in your SLA Review cloud service providers their security
and regulatory compliance Understand the scope of the regulations that
apply to your cloud-based applications Consider what steps to take to comply with the
demand of regulations that apply and/ or adjusting your procedures to this matter
Collect and maintain the evidence of your compliance with regulations
27
![Page 28: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/28.jpg)
Defining Compliance as a Service (CaaS) CaaS needs to
Serve as a trusted party Be able to manage cloud relationships Be able to understand security policies
and procedures Be able to know how to handle information
and administer policy Be aware of geographic location Provide an incidence response, archive,
and allow for the system to be queried, all to a level that can be captured in a SLA
28
![Page 29: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/29.jpg)
Defining Compliance as a Service (CaaS) (2) Examples of clouds that advertise
CaaS capabilities include the following: Athenahealth for the medical industry Bankserv for the banking industry ClearPoint PCI for mechant
transactions FedCloud for goverment
29
![Page 30: NETE4631 Cloud Privacy and Security](https://reader035.fdocuments.net/reader035/viewer/2022062409/568151cd550346895dc008e9/html5/thumbnails/30.jpg)
References
Chapter 4, 12 of Course Book: Cloud Computing Bible, 2011, Wiley Publishing Inc.
Research paper - Security and Privacy Challenges in Cloud Computing Environments, Hassan Takabi and James B.D. Joshi, University of Pittsburgh
30