Post on 14-Feb-2017
1
INFORMATION SECURITY WELCOME TO THE GROUP
PRESENTATION
2
Topic Name and details
Mitigations to ensure the confidentiality, integrity and availability of the data stored on these providers? Discuss mitigations for both the cloud providers and also the end users.
Vaishal Shah(30129756)Kawalpreet Kaur(30116373)Vidit Darji(30309034)Gagandeep Kaur(30129485)
3
Introduction of Cloud ProvidersIt is a firm which delivers cloud computing that relies
on services and solution to individuals and business. It is also known as utility computing provider.
Based on the business model. There are many solutions Infrastructure as a Service(IAAS)Software as service(SAAS)Platform as service(PAAS)
4
What is Confidentiality, integrity, availability is also known as CIA triad
structure made to guide policies for information security within an organization.
Are considered to be crucial elements components of society.
5
Confidentiality, integrity, availabilityConfidentiality is a set of rules or procedures
that restricts the boundary to use or access to information.
Integrity is the assurance that the information gathered is trustworthy and reliable.
Availability is a guarantee of accurate access to the information by authorized people.
6
Dropbox, Google docsDropbox is a cloud storage service, sometimes referred to
as an online backup service, that is frequently used for file
sharing and collaboration. It is increasingly being used in
enterprises.
This service is as a warehouse used by government
organizations, banks, post offices, video stores and
libraries to allow people to drop items.
7
Diagrammatical representation of Dropbox, Google Drive
8
Figures about Dropbox, Google Drive
9
Problems or Issues related to ensure Confidentiality, Availability, Integrity by cloud providersMalicious behaviour of insiders.
Incomplete or insecure data completion.
Management interface vulnerability.
10
Issues contd.Loss of Governance.
Isolation of failure.
Compliance and legal risks.
11
Mitigations to ensure confidentiality, integrity and availability of cloud providersThe cloud is still new so the
push for effective controls over the protection of information in the cloud is also nascent. But every problem comes with a solution so there are fewer security solutions for the cloud providers than there are for securing physical devices in a traditional infrastructure.
CIA Triad
12
Confidentiality Data encryption User IDs and passwordsBiometric verification and security tokens, key fobs
and soft tokens.Data confidentiality may involve special training for
those privy to such documentsStoring Information only on air gapped computers,
disconnected storage devices or, for highly sensitive information, in hard copy form only
13
IntegrityMaintaining consistency, accuracy and
trustworthinessEnsuring data from unauthorized access EMP(electromagnetic pulse) or server crash.Some data might include checksums,
even cryptographic checksums for verification of integrity.
Back ups or redundancies must be available to restore the affected data to its correct state.
14
Availability Maintaining all hardware, performing hardware
repairs Providing adequate communication bandwidthPreventing occurrence of bottlenecksBack up copy must be stored in a geographically
isolated locationUse of firewalls and proxy servers Fast and adaptive disaster recovery
15
Mitigations Cont..Cloud Access Security Brokers(CASBs) : Niche market has been trying to reduce the severity of information shared on cloud providers so this market came up with Cloud Access Security Brokers(CASBs) defined as a strategy to mitigate this problem.
Context Awareness also allows the CASB providers to employ heuristic analysis on Cloud bound traffic, to do some form of anomaly detection to identify malicious or erroneous traffic. This is an area that they are all investing heavily in today.
16
Problems for cloud providers
Data integrityData theftPrivacy issueData loss Data location
17
Data integrityUser can access the data from any whereLack of data integrity in cloud
Data TheftCost affective and flexible for operationHigh possibility of data stolen from other user
18
Privacy issueMake sure that customer’s private information secureKeep watching who is access the data
Data LossDue to financial problem when vendor closes, customer will loss dataCustomer can not be able to access the data because vendor shut down
19
Data location Anyone don’t know the location of dataVendor not reveal the location of data
20
Mitigation of cloud providersIdentify the assetsAnalyze the riskApple security countermeasure Conduct post-run
21
Problems faced by users of cloud services
PrivacySecurityData breachesData protection
22
Mitigations for users of cloud services
• Privileged user Access• Regulatory Compliance• Data Location• Demonstrable customer care
23
Mitigations Cont..
• Data Segregation• Recovery• Investigative support/Search ability• Long-term viability
24
Referenceshttps://www.techopedia.com/definition/133/cloud-providerhttp://www.cloud-council.org/Security_for_Cloud_Computing-Final_080912.pdf
https://www.google.com.au/search?q=image+of+dropbox,+google+docs
http://www.slideshare.net/pcalcada/apresentao-cm-1524115
http://www.cloudcouncil.org/Security_for_Cloud_Computing-Final_080912.pdf
http://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA
25
ANY QUESTIONS
??????
26
THANK YOU