Cloud Security by CK

  • Published on
    28-Nov-2014

  • View
    604

  • Download
    1

Embed Size (px)

DESCRIPTION

 

Transcript

<ul><li> 1. Cloud Security Concerns By Chaiyakorn Apiwathanokul C3O, S-Generation Co., Ltd. </li> <li> 2. Name: Chaiyakorn Apiwathanokul Title: Chief Executive Officer Company: S-GENERATION Company Limited S-FORENSICS Company Limited Certificates: CISSP, CSSLP, IRCA:ISMS (ISO27001), SANS:GCFA CSO ASEAN Award 2010 by International Data Group (IDG) 2010 Asia-Pacific Information Security Leadership Achievements (ISLA) by (ISC)2 Security Sub-commission under Thailand Electronic Transaction Commission (ET Act B.E. 2544) Contribute to Thailand Cyber Crime Act B.E.2550 Workgroup for CA service standard development Committee of national standard adoption of ISO27001/ISO27002 Committee of Thailand Information Security Association (TISA) Committee of Cybersecurity workforce development, Division of Skill Development, Ministry of Labour chaiyakorna@hotmail.com Advisor to Department of Special Investigation (DSI) Advisor to Cybersecurity Monitoring Center, Ministry of Defense (MOD) 1997 1999 2000 2004 2006 2011 </li> <li> 3. CLOUD!How is it like? </li> <li> 4. What do you think of when it comes to CLOUD? </li> <li> 5. Now! </li> <li> 6. Cheaper Cost EfficiencyResiliency High Availability Elasticity On-Demand Quick Deployment Out-sourcing </li> <li> 7. Then what stop you? </li> <li> 8. GO!!! or NO GO? </li> <li> 9. What to worry about? </li> <li> 10. Surveys ShowSECURITY &amp; PRIVACY #1 Concern </li> <li> 11. Top Threats to Cloud Computing Survey Results Update 2012 </li> <li> 12. Top Threats to Cloud Computing 1. Abuse &amp; Nefarious Use of Cloud Computing 2. Insecure Interfaces &amp; APIs 3. Malicious Insiders 4. Shared Technology Issues 5. Data Loss or Leakage 6. Account or Service Hijacking 7. Unknown Risk Profile 2012 S-Generation Co., Ltd. </li> <li> 13. 15 ENISA Cloud Risks 1. Loss of governance 2. Lock-in 3. Isolation failure 4. Compliance risks 5. Management interface compromise 6. Data protection 7. Insecure or incomplete data deletion 8. Malicious insider 2012 S-Generation Co., Ltd. </li> <li> 14. 2012 S-Generation Co., Ltd. </li> <li> 15. NIST SP800-144 Key Security and Privacy Issues 1 Governance 2 Compliance 3 Trust 4 Architecture 5 Identity and Access Management 6 Software Isolation 7 Data Protection 8 Availability 9 Incident Response 2012 S-Generation Co., Ltd. </li> <li> 16. Certificate of Cloud Security Knowledge First certication on cloud computing security Most prestigious cloud computing certication Measures mastery of CSA guidance and ENISA cloud risks whitepaper Understand cloud issues Look for the CCSKs at cloud providers, consulting partners Online web-based examination www.cloudsecurityalliance.org/certifyme 2012 S-Generation Co., Ltd. </li> <li> 17. 13 Domains of CCSK 2012 S-Generation Co., Ltd. </li> <li> 18. 0.5 Lifecycle considerations Information Create Destroy Store Transmit Process Use 20 2012 S-Generation Co., Ltd. </li> <li> 19. 0.5 Lifecycle considerations Information System Conceive Implement Use Specify Test Maintain Design Develop Dispose 21 2012 S-Generation Co., Ltd. </li> <li> 20. Domain 5: Information Management &amp; Data Security 5.6 Data Security 5.6.1 Detecting and Preventing Data Migrations to The Cloud 5.6.2 Protecting Data Moving to (And Within) The Cloud 5.6.3 Protecting Data in The Cloud 5.6.4 Data Lost Prevention 5.6.5 Database and File Activity Monitoring 5.6.6 Application Security 5.6.7 Privacy Preserving Storage 5.6.8 Digital Rights Management (DRM) 2012 S-Generation Co., Ltd. </li> <li> 21. Back to The Basic Classify everything Data Network Platform App Provider Personnel involved Owner, who, R&amp;R Custodian, who, R&amp;R 2012 S-Generation Co., Ltd. </li> <li> 22. Conclusion Cloud is here to stay Cloud help reduce capital and operational cost Cost of data breach is in question Its not about go or no-go, its about how to go effectively We are not living in a business (only) world There are underground economy, cyber criminal, terrorism, and state intelligence Secure development and secure operation Does cloud computing helps your operation more secure? Operation - may be Data security framework - ? 2012 S-Generation Co., Ltd. </li> <li> 23. http://www. thailand.org 2012 S-Generation Co., Ltd. </li> <li> 24. Happy New Year to ICTSEC Free web security health check 1 scan 1 report Promotion code: ICTSEC@EGAT Contact: Tel. 02-613-0500 Start at 5,000 THB/month Mail. sales@s-generation.com http://www.EZWebSec.com 2012 S-Generation Co., Ltd. </li> <li> 25. Please visit h t t p : / / w w w. S - G E N E R AT I O N . c o m for more information Thank Y ou Please visith t t p : / / w w w. S - F O R E N S I C S . c o mfor more information 27 </li> </ul>