lecture 13 - cloud issues and challenges (standard & law)
TRANSCRIPT
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
1/169
Cloud Computing
Cloud Issues and ChallengesStandard and Law
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
2/169
in ton m myCc vn v thch thc inton m myTiu chun v Lut
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
3/169
Agenda
Introduction Issues & challenges
Cloud Security Security & attack
Cloud Standard and Law
Guideline for secure cloud Law and privacy
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
4/169
Agenda
Giithiu Cc vn v thch thc
m my an ninh An ninh v tn cng
m my tiu chun v Lut Hng dn an ton in ton m my
Php lut v s ring t
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
5/169
Cloud Standard and Law
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
6/169
m my tiu chun v Lut
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
7/169
Outline
Introduction Why we need a security standard and obey the law
Business, risk and money
Cloud Security Alliance (CSA) Governance and operation
Law and Privacy
Which one is important Summary
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
8/169
phctho
Giithiu Ti sao chng ta cnmttiu chunbomtv tun
theo php lut
Kinh doanh, ri ro v tinbc Lin minh Bo mt in ton m my(CSA)
Qun tr v hot ng
Php lutv bomt l mtquan trng
Tm tt
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
9/169
Security
A lot of cloud service are provided by manycompanies Storage, web hosting, business model etc.
Dropbox, Amazon EC2 and Salesforce. Cloud computing is full range of services.
Also, these are many traditional and cloud securityissues How can we go smoothly?
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
10/169
Security
Rt nhiu dch v m my c cung cp binhiu cng ty Lu tr, my ch web, m hnh kinh doanh etc.
Dropbox, Amazon EC2 and Salesforce. in ton m my l y cc dch v.
Ngoi ra, cc rt nhiu cc vn an ninh truynthng v in ton m my Lm th no chng ta c thdin ra sun s?
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
11/169
Security Issue
Cloud computing is the subset of computerservices It also has the same problems of traditional security
issue. Hardware, software and management attacks.
Cloud computing has other particular problem Under the concept of on-demand service, users share all
of the resources. Incomplete isolation technique would increase the security risk.
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
12/169
Security Issue
in ton m my l tp hp cc dch v my tnh N cng c vn tng t ca vn an ninh truyn
thng. Phncng, phnmm v qun l cc cuctn cng.
in ton m my c vn c th khc Theo khi nim v dch v theo yu cu, ngi s dng
chia s tt c cc ngun ti nguyn.
K thut cch ly khng y s lm tng nguy c bo mt.
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
13/169
Risk
In addition to the security issue, users alsoconcern the security risk How about the security management?
How about the incident response and remediation?
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
14/169
Risk
Ngoi cc vn an ninh, ngi dng cng c linquan n cc nguy c bo mt Lm th no vvicqun l an ninh?
Lm th no vng ph sc v khcphc?
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
15/169
Why so Serious?
In companies, each time of security problemmeans an economic loss Stopping service one hour not only stops making money
but also loss the customers. Companys reputation is the most important part.
How can we find the best solution? Where is the security guideline?
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
16/169
Why so Serious?
Trong cng ty, mi ln v vn bo mt l mtthit hi kinh t Dngdchvmtgi khng chdnglivickimtin
m cn mtkhch hng. Danh tingca cng ty l phn quan trngnht.
Lm th no chng ta c th tm thygii php ttnht? M l hng dn bo mt?
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
17/169
Back to the Cloud
In recent years, cloud computing is popular andlots of companies want to join into this industry Every company want to be the leader. Every company want to design the standard.
View to the security , there are lots of the cybersecurity standard ISO 27002
NIST RFC 2196
There is the cloud security standards?
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
18/169
Back to the Cloud
Trong nhng nm gn y, in ton m my l phbin v rt nhiu cng ty mun tham gia vo ngnhcng nghip ny Mi cng ty mun tr thnh lnh o. Mi cng ty munthitk tiu chun.
Xem n an ninh, c rt nhiu tiu chun an ninhmng ISO 27002
NIST RFC 2196
C cc tiu chun bo mt m my?
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
19/169
Cloud Security Alliance
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
20/169
Lin minh Bo mt in ton
m my
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
21/169
Standard
Cloud security alliance (CSA) is a not-for-profitorganization Try to promote the use of best practices for providing
security assurance within Cloud Computing. Provide education on the uses of Cloud Computing.
CSA provides general views of cloud computing,security issue which may be encountered and
some security suggestion User can use the cloud control matrix to build a secure
cloud environment
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
22/169
Standard
m my lin minh an ninh (CSA) l mttchcphi linhun C gng thc y vic s dng cc thc hnh tt nht
cung cp m bo an ninh trong in ton m my. Cung cp gio dc v vic s dng in ton m my.
CSA cung cp quan im chung ca in ton mmy, vn an ninh m c th gp phi v mt sgi bo mt Ngi dng c th s dng ma trn kim sot in ton
m my xy dng mt mi trng in ton mmy an ton
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
23/169
Security Matrix
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
24/169
Security Matrix
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
25/169
Cloud Control Field
CSA separates cloud computing into two fieldswhich has total 12 subprojects: Governance Operation
Cloud governance introduce how to build a securecloud service Cloud company build a secure environment.
How does the cloud customer choose a secure platform. Cloud operation introduce how to solve securityproblem and maintain a secure cloud environment.
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
26/169
Cloud Control Field
CSA tch in ton m my vo hai lnh vc trong c tng s 12 tiu d n : quntr hot ng
m my qun l gii thiu cch xy dng mt dch vm my an ton Cng ty in ton m my xy dng mt mi trng an ton. Lm th no khch hng la chn mt nn tng in ton
m my an ton. m my hot ng gii thiu cch gii quyt vn an ninh v duy tr mt mi trng in ton m myan ton.
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
27/169
Cloud Control Field (contd)
CSA Guidelines
Governance
Operation
1. Disaster recovery
2. Data center operation
3. Incident response4. Application security
5. Encryption and key
management
6. Access management
7. Virtualization
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
28/169
Cloud Control Field (contd)
Hng dn CSA
quntr
hot ng
1. Qun l ri ro2. Pht hin php l vin t
3. Tun th v kim ton4. ILM
5. Kh nng di chuyn
v kh nng tngtc
1. khcphcthmha2. Trung tm hot ng
d liu
3. ng ph sc4. bomtngdng5. M ha v qun l ch
cht6. qun l truy cp7. o ha
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
29/169
Before Join in Cloud
CSA provides five steps How to choose a suitable cloud platform
Requirement AssetDeploy
Model
Service
Model
Data Flow
and Logic
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
30/169
Before Join in Cloud
CSA cung cp nm bc Lm th no chn mt nn tng in ton m my
ph hp
Yu cu ti sntrin khai m
hnh
M hnh dchv
Lu lngd liu v
Logic
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
31/169
Before Join in Cloud (contd)
Step 1: understand your requirement CSA classify the usage of cloud into two classes: data
and application.
Depended on your usage, understand which one isrunning on your cloud platform.
Step 2: assess your assets Depended on the important of data and application, you
should provide difference level of security protection.
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
32/169
Before Join in Cloud (contd)
Bc 1: hiu yu cu ca bn CSA phn loi vic s dng in ton m my c hai
loi: d liu v ng dng.
Ph thuc vo cch s dng ca bn, hiu c mt lchy trn nn tng m my ca bn.
Bc 2: nh gi ti sn ca bn Ph thuc vo tm quan trng ca d liu v ng dng,
bn nn cung cp khc nhau ca bo v an ninh.
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
33/169
Before Join in Cloud (contd)
Bc 3: la chn m hnh trin khai Ph thuc vo yu cu an ton ca bn, m hnh trin khai
khc nhau c tnh cht bo v mc nh s khc bit. m my ring trong mi trng ni b c bo v mc nh
cao nht.
Bc 4: chn m hnh dch v in ton m my vnh cung cp SaaS c trch nhim hn v IaaS cn phi xy dng li cc c
ch bo mt ca chnh mnh.
Bc 5: hiu c dng chy d liu v chng trnhlogic Thit k mt dch v in ton m my an ton hp l v
hiu qu yu cu cng ty hon ton hiu c quy trnh lmvic ca dch v v cc mi e da c th.
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
34/169
Prepared
After five steps, companies and customers canboth select the cloud platform which meets therequirement
But there are many security issue need to be concerned. Combined with the full understand of requirement
and classify the assert, cloud users could designthe suitable secure environment. Build the service environment or platform. Operate the service.
Keep the service quality.
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
35/169
Prepared
Sau nm bc, cc cng ty v khch hng c thchn c hai nn tng m my, p ng yu cu Nhng c nhiu vn an ninh cn phi c quan tm.
Kt hp vi y hiu cc yu cu v phn loicc khng nh, ngi s dng in ton m myc th thit k cc mi trng an ton ph hp. Xy dng mi trng dch v hay nn tng.
Hot ng dch v. Gi cht lng phc v.
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
36/169
CLOUD SECURITY ALLIANCE
Governance
Operation
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
37/169
CLOUD SECURITY ALLIANCE
Governance
Operation
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
38/169
LIN MINH BO MT INTON M MY
qun tr
hot ng
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
39/169
Governance
Governance and enterprise risk management
Legal and electronic discovery
Compliance and audit
Information Lifecycle Management Portability and interoperability
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
40/169
quntr
Qun tr v qun l ri ro doanh nghip
Pht hin php l v in t
Tun th v Thnghim
Thng tin Qun l Vng i Kh nng di chuyn v kh nng tng tc
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
41/169
Governance
In cloud computing, companies provide many servicesto users and customers use services what they need How to reduce the security risk when using cloud computing?
The security risk in cloud computing include Any kind of emergency. Audit and law problem.
Migration between two cloud vendor.
etc. Governance is a guideline when choosing a suitable
cloud vendor and service model.
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
42/169
quntr
Trong in ton m my, cc cng ty cung cp nhiudch v cho ngi s dng v khch hng s dng dchv g h cn Lm th no gim nguy c bo mt khi s dng in ton
m my?
Cc nguy c bo mt trong in ton m my baogm Bt k loi trng hp khn cp. Kim th v vn nguyn l.
Di c gia hai nh cung cp in ton m my. etc. Qun tr l mt hng dn khi la chn mt nh cung
cp in ton m my ph hp v m hnh dch v.
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
43/169
Governance (contd)
In governance field, CSA proposed five class whichneed to be concerned and CSA given somesuggestions
Governance and enterprise risk management Legal and electronic discovery
Compliance and audit
Information lifecycle management
Portability and interoperability
Governance
1. Risk Management
2. Legal and electronicdiscovery
3. Compliance and audit
4. ILM
5. Portability and
interoperability
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
44/169
Quntr(tip theo)
Trong lnh vc qun tr, CSA xut nm lp mcn phi c quan tm v CSA a ra mt s gi
Qun tr v qun l ri ro doanh nghip Pht hin php l v in t
Tun th v thnghim
Qun l vng i thng tin
Kh nng di chuyn v kh nng tng tc
Governance
1. Qun l ri ro
2. Pht hin php l vin t3. Tun th v kim ton4. ILM
5. Kh nng di chuynv kh nng tng
tc
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
45/169
Risk Management
In cloud computing, a effective risk managementfollows a well-defined information securitymanagement processes
Extendibility Reproducibility
The management processes are elasticity whenbusiness growth and can be used in difference
enterprises.
Risk Management
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
46/169
Qun lriro
Trong in ton m my, qun l ri ro hiu qusau mt quy trnh qun l an ninh thng tin cxc nh r
mrng lpli
Cc quy trnh qun l l tnh n hi khi tngtrng kinh doanh v c th c s dng trong
cc doanh nghip khc bit.
Risk Management
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
47/169
Management
Enterprises should design the security metric andstandard before design the security management Everyone needs to understand and record the security
metric. Enterprises use parts of profits used in security controls.
Enterprises assess of audit to keep the securityrequirement.
Risk Management
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
48/169
qun l
Doanh nghip nn thit k bo mt s liu v tiuchun trc khi thit k qun l an ninh Tt c mi ngi cn phi hiu v ghi li s an ton s
liu.
Doanh nghip s dng phn li nhun c s dngtrong kim sot an ninh.
Cc doanh nghip nh gi ca kim ton gi cho cc
yu cu an ninh.
Risk Management
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
49/169
Enterprise Risk
Companies in cloud computing lose the control ofsystem and security management Service level agreement (SLA) is only one to ensure the
risk management.
Enterprise should choose the cloud vendor which canprovide the suitable SLA.
Depended on SLA, companies usually cannot test
the security management Avoid to affect the other user.
Avoid to affect the QoS of cloud environment.
Risk Management
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
50/169
riro doanh nghip
Cc cng ty trong in ton m my mt s kimsot ca h thng v qun l an ninh Tha thun cp dch v (SLA) ch l mt m bo
qun l ri ro. Doanh nghip nn la chn cc nh cung cp in ton
m my c th cung cp cc SLA thch hp.
Ph thuc vo SLA, cc cng ty thng khng thkim tra vic qun l an ninh Trnh nh hng n ngi s dng khc. Trnh nh hng n QoS ca mi trng in ton
m my.
Risk Management
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
51/169
Information Risk
Information risk management is used forinformation C.I.A. properties Cloud users need to build the SLA requirement and
collect necessary information to design themanagement policy.
In SaaS, the major security information are provided bycloud vendor.
In IaaS, users need to collect and control almost all ofinformation.
Risk Management
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
52/169
riro thng tin
Qun l ri ro thng tin c s dng cho thngtin ca CIA bt ng sn Ngi s dng in ton m my cn phi xy dng
cc yu cu SLA v thu thp thng tin cn thit thitk cc chnh sch qun l.
Trong SaaS, cc thng tin bo mt ln c cung cp binh cung cp in ton m my.
In IaaS, users need to collect and control almost all ofinformation.
Risk Management
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
53/169
Third-party Apps
Cloud users need to review the informationtransfer chain between cloud service and third-party service
Service relation and dependence. Cloud vendors third-party application management
Response mechanism for service interruption
Third-party applications extendibility.
Risk Management
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
54/169
ngdngca bn thba
Ngi s dng in ton m my cn phi xemxt cc chui chuyn giao thng tin gia cc dchv m my v dch v ca bn th ba
Mi quan h dch v v ph thuc. Ca bn th ba qun l ng dng m my ca nh cung
cp
C ch phn ng cho gin on dch v
Extendibility ng dng ca bn th ba.
Risk Management
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
55/169
Legal
In cloud computing, data is not controlled bycustomers Instead, cloud vendor hosts all data in cloud environment. How to identify the liability is the important things.
A complete cloud law management has three parts Functionality
Definition the cloud service and functionality.
Judicature Legal norms of cloud service and data management.
Contract The structure of contract, terms, conditions and the law enforcement
agencies.
Legal and Electronic
Discovery
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
56/169
php l
Trong in ton m my, d liu khng c kim sotbi khch hng Thay vo , nh cung cp in ton m my lu tr tt c d liu
trong mi trng in ton m my. Lm th no xc nh trch nhim l nhng iu quan trng.
Mt qun l hon chnh lut php in ton m my c baphn chc nng
nh ngha cc dch v m my v chc nng.
bo may t phap Quy phm php lut ca dch v in ton m my v qun l d liu. hp ng
Cu trc ca hp ng, cc iu khon, iu kin v cc c quan thcthi php lut.
Pht hin php lv in t
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
57/169
Electronic Discovery
Compared with traditional service Cloud computing provides services anywhere and
anytime.
Cloud computing uses virtualization that usersunknown the location of the service and data.
The legal liability may be different in different countries.
Difference countries has difference law norms
Electronic evidence. Record system.
Management policy.
Legal and Electronic
Discovery
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
58/169
Electronic Discovery
So vidchvtruynthng in ton m my cung cp dch v bt c ni no v bt c
lc no.
in ton m my s dng o ha m ngi dng khng
bit v tr ca dch v v d liu. Trch nhim php l c th khc nhau cc nc khc nhau.
Cc nc khc nhau c tiu chun php lut khc bit Chng c in t.
Ghi li h thng. Chnh sch qun l.
Legal and Electronic
Discovery
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
59/169
Suggestions
Both vendor and customer full understand theroles of law Electronic evidence, legal recourse and the
expert testimony.
Cloud vendor needs to keep the system secure Provides reliability evidences when customers required. Recover the data assets when customers terminate the
contract.
Cloud security agreement should be review andaudit by third-party Test QoS and detect the system vulnerabilities.
Legal and Electronic
Discovery
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
60/169
xut
C hai nh cung cp v khch hng hiu y v vaitr ca php lut Chng c in t, truy i hp php v cc chuyn gia chng..
Nh cung cp m my cn phi gi cho h thng anton Cung cp bng chng ng tin cy khi khch hng yu cu.
Thu hi ti sn d liu khi khch hng chm dt hp ng.
Tha thun an ninh in ton m my nn c xemxt v kim ton ca bn th ba Kim tra QoS v phthin cc lhnghthng.
Legal and Electronic
Discovery
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
61/169
Compliance & Audit
In cloud computing, the system separated intoseveral parts It is easy to extend, manage and operate.
It is hard to supervise and audit. Cloud auditors need to gain rich experience such
that Supervise the vendor easily and effectively.
Distinction between liability.
Compliance and
audit
l
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
62/169
Tun th v kim ton
Trong in ton m my, h thng tch thnhnhiu phn N rt d dng m rng, qun l v vn hnh.
Tht kh c th gim st v kim ton. m my kim ton vin cn phi t c kinh
nghim phong ph nh vy m. Gim st cc nh cung cpd dng v hiuqu.
Phn bitgia trch nhim.
Compliance and
audit
dli d
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
63/169
Readiness
In cloud computing, companies should preparewell for audit Legal department
Help to review the cloud service contract, supervise the cloudvendor and resolver the legal disputes.
Right of audit Cloud service contract should be changed to satisfy the customers
requirement.
Compliance and
audit
C li d
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
64/169
sn sng
Trong in ton m my, cc cng ty nn chun btt cho kim ton bphn php l
Gip xem xt cc hp ng dch v in ton m my,gim st cc nh cung cp in ton m my v phn giicc tranh chp php l.
Bn phicakim ton Hp ng dch v in ton m my nn c thay i
p ng yu cu ca khch hng.
Compliance and
audit
Information
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
65/169
ILM
The goal of information lifecycle management (ILM) Improve the system performance. Increate the service functionality.
In cloud computing, data security lifecycle is
challenged More elasticity Multi-tenant The new design concept of logic
Public environment Cloud users should care about the six phrase of data
life
lifecycle
management
ILMInformation
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
66/169
ILM
Mc tiu ca thng tin qun l vng i(ILM) Cithinhiusuththng. Tng cng cc chc nng dch v.
Trong in ton m my, d liu vng i an ninh l
thch thc hn n hi Nhiu ngi thu nh Khi nim thit k mi ca logic
mi trng cng cng Ngi s dng in ton m my nn quan tm ncm t su ca cuc sng d liu
lifecycle
management
ILM ( d)Information
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
67/169
ILM (contd)lifecyclemanagement
ILM ( d)Information
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
68/169
ILM (contd)lifecyclemanagement
S tiInformation
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
69/169
Suggestion
Cloud customers should understand the full secureprocess of data include storage location, encryption method and
management policy.
should be written in the SLA.
Understand the data could be confiscated Cloud vendor need to notify the users.
Cloud vendor need to protect the data which cannot bemodified or damaged.
lifecycle
management
hInformation
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
70/169
ngh
m my khch hng nn hiu qu trnh an tony cc d liu bao gm v tr lu tr, phng php m ha v chnh
sch qun l.
nn c vit trong cc SLA.
Hiu cc dliu c thbtch thu Nh cung cp m my cn phi thng bo cho ngi s
dng. Nh cung cp m my cn phi bo v d liu m
khng th c sa i hoc b h hng.
lifecycle
management
S tiInformation
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
71/169
Suggestion
Only the data owner has the right of access control Cloud vendor need to disable all access at the beginning.
Even cloud vendors staff cannot access the datawithout the permission.
Understand the security boundary The encryption system, key management and how to
choose the security key.
The data isolation technique, backup and recoversystem.
lifecycle
management
hInformation
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
72/169
ngh
Ch c chshudliu c quynkim sot truycp Nh cung cp m my cn phi v hiu ha tt c cc
truy cp ngay t u.
Ngay c cc nh cung cp m my nhn vin khng thtruy cp d liu m khng cn s cho php.
Hiu c ranh gii bo mt
H thng m ha, qun l ch cht v lm th no lachn cc kha bo mt.
K thut cch ly d liu, sao lu v phc hi h thng.
lifecycle
management
P t bilitPortability and
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
73/169
Portability
Cloud computing is the new service model forcompanies Company choose the cloud vendor by cost, service
quality, properties and other factors.
Company may migrate from one cloud vendor intoanother cause by New service contract would increate the operating costs.
Cloud vendor ceases operation or stop providing someservices.
Portability and
interoperability
t h di Kh nng di
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
74/169
tnh di ng
in ton m my l m hnh dch v mi cho cccng ty Cng ty la chn cc nh cung cp in ton m my
ca chi ph, cht lng dch v, ti sn v cc yu tkhc.
Cng ty c th di chuyn t mt nh cung cp inton m my vo nguyn nhn khc bng cch
Hp ng dch v mi s lm tng chi ph vn hnh. Nh cung cp in ton m my khng cn hot ng
hoc ngng cung cp mt s dch v.
chuyn v khnng tng tc
I t bilitPortability and
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
75/169
Interoperability
Companies need to design the system and secureguideline for particular cloud vendor Migrate to another vendor would need to modify the
system or re-build the new system.
The difficulty of porting service platform dependson the cloud model SaaS usually concerns the data and service platform.
IaaS needs to consider the underlying system whichmay be incompatible.
Portability and
interoperability
kh t tPortability and
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
76/169
kh nng tng tc
Cc cng ty cn phi thit k h thng v hngdn an ton cho cc nh cung cp in ton mmy ring
Chuyn sang nh cung cp khc s cn phi sa i hthng hoc ti xy dng h thng mi.
Nhng kh khn ca nn tng dch v porting phthuc vo m hnh in ton m my
SaaS thng lin quan n d liu v nn tng dch v. IaaS cn xem xt cc h thng c bn c th khng
tng thch.
Portability and
interoperability
SuggestionPortability and
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
77/169
Suggestion
Understand the storage space and the bandwidthof network before migration Depending on the other users experience, migrate the
physical machine usually more effective and less cost.
Record all the detail when migration.
For IaaS Understand the image compatibility before migration.
Understand the subsequent disposal when hardwareare eliminated
Portability and
interoperability
nghPortability and
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
78/169
ngh
Hiu c khng gian lu tr v bng thng camng trc khi di c Ty thuc vo kinh nghim ca ngi s dng khc, di
chuyn cc my vt l thng c hiu qu hn v chi pht hn.
Ghi li tt c cc chi tit khi di chuyn.
cho IaaS
Hiu c kh nng tng thch hnh nh trc khi dic.
Hiu vic x l tip theo khi phn cng c loi b
Portability and
interoperability
Suggestion (contd)Portability and
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
79/169
Suggestion (contd)
For PaaS Understand the migration tools what vendor provided.
Understand the migration affect include performanceand QoS.
Understand how to test and examine the newenvironment.
For SaaS
Data duplicate and backup periodically. The customized plug-ins should able to be re-build.
Understand any migration laws and regulations.
Portability and
interoperability
ngh (tip theo)Kh nng dih kh
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
80/169
ngh(tip theo)
For PaaS Hiu bit v cc cng c chuyn i nhng g nh cung
cp cung cp.
Hiu s di c nh hng bao gm hiu sut v QoS.
Hiu lm th no kim tra v kim tra mi trngmi.
For SaaS
D liu trng lp v sao lu nh k. Cc ty chnh plug-in nn c th c ti xy dng.
Hiu bt k lut l v quy nh nhp c.
chuyn v khnng tng tc
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
81/169
CLOUD SECURITY ALLIANCE
Governance
Operation
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
82/169
CLOUD SECURITY ALLIANCE
Governance
Operation
Operation
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
83/169
Operation
Users or customers could be encountered thesecurity problem on cloud Difference between traditional data center and cloud.
Security problem on large scale data center. Backup and recover policy.
CSA provides many suggestion Any kind of secure events occurred when company run
the service on the cloud computing environment. The secure factors need to be concerned.
hot ng
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
84/169
hot ng
Ngi s dng hoc khch hng c th gp phicc vn an ninh trn m my S khc bit gia cc trung tm d liu truyn thng v
in ton m my.
Vn an ninh trn trung tm d liu quy m ln.
Sao lu v phc hi chnh sch.
CSA cung cpnhiugi
Bt k loi s kin an ton xy ra khi cng ty chy ccdch v trn mi trng in ton m my.
Cc yu t an ton cn phi c quan tm.
Operation (contd)
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
85/169
Operation (cont d)
Similar with governance, CSA proposed five classwhich need to be concerned and CSA given somesuggestions Traditional security, business continuity and disaster
recovery. Data center operations Incident response, notification and remediation Application security
Encryption and key management Identity and access management Virtualization
Hot ng (tip theo)
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
86/169
Hot ng (tip theo)
Tng t vi qun tr, CSA xut nm lp m cnphi c quan tm v CSA a ra mt s gi An ninh truyn thng, lin tc kinh doanh v khc phc
thm ha.
Hot ng trung tm d liu
ng ph s c, thng bo v khc phc
bo mt ng dng
M ha v qun l ch cht Nhn dng v qun l truy cp
o ha
Disaster RecoverDisaster recovery &
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
87/169
Disaster Recover
Similar with traditional data center, cloudcomputing needs to design the policy of businesscontinuity planning (BCP) and disaster recover(DR) Every components in system could be failure.
The large system is hard to keep the system stability.
The disaster, like file disaster or earthquake, coulddamage the cloud infrastructure.
Data Center
Khi phc thm haKhcphcthm
ha &
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
88/169
Khiphcthmha
Tng t vi trung tm d liu truyn thng, inton m my cn phi thit k cc chnh sch lpk hoch kinh doanh lin tc (BCP) v phc hithm ha (DR) Tt c cc thnh phn trong h thng c th tht bi.
Cc h thng ln l kh khn gi s n nh h thng.
Thin tai, thm ha nh tp tin hay trn ng t, c th
lm hng c s h tng in ton m my.
ha &Trung tm dliu
Data CenterDisaster recovery &
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
89/169
Data Center
Service-level agreement (SLA) is part of servicecontract Classify the service and define the delivery time or
performance.
Traditional data center usually allocates the fixnumber of server or resource to customers It is easy to overestimate or underestimate.
How to dynamic allocate all resource? Reach the SLA requirement.
Reduce the probability of overestimate
Data Center
Trung tm d liuKhcphcthm
ha &
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
90/169
Trung tm dliu
Tha thun cp dch v (SLA) l mt phn ca hpng dch v Phn loi cc dch v v xc nh thi gian giao hng, thc
hin.
Trung tm d liu truyn thng thng c phn bs lng sa cha ca my ch hoc ngun lc chokhch hng N rt d dng nh gi qu cao hoc nh gi thp.
Lm th no nng ng phn b tt c cc ngun tinguyn? t yu cu SLA. Gim kh nng c lng qu cao
ha &Trung tm dliu
SuggestionDisaster recovery &
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
91/169
Suggestion
Keep in mind: centralized management meansconcentration risk.
Cloud vendor needs to have a strict managementmechanism Access control and manage policy. Background checks of employees. Internal/external security control file.
Cloud customers should be possible to On-site investigate the cloud infrastructure. View and understand the BCP and DR.
Data Center
SuggestionDisaster recovery &
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
92/169
Suggestion
Hy nh: qun l tp trung c ngha l nguy c tptrung.
Nh cung cp m my cn phi c mt c chqun l cht ch Truy cpkim sot v qun l cc chnh sch. Kim tra l lchca nhn vin. Nib / bn ngoi tp tin kim sot an ninh..
m my khch hng c th Trn trang web iu tra c s h tng in ton m
my. Xem v hiu cc BCP v DR.
Data Center
Suggestion (contd)Disaster recovery &
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
93/169
Suggestion (cont d)
Companies need to understand the contract of Recovery time
Recovery object
Recovery policy
Customers need to gain the right or permission Audit the SLA by third-party.
Understand the process, policy and affect of system
patch.
Data Center
Suggestion (contd)Disaster recovery &
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
94/169
Suggestion (cont d)
Cc cng ty cn phi hiu hp ng thi gian phc hi
phc hi i tng
chnh sch phc hi
Khch hng cn phi t c quyn hoc chophp Kim ton SLA bi bn th ba.
Hiu bit v cc quy trnh, chnh sch v nh hng cav li h thng.
Data Center
Incident ResponseIncident Response
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
95/169
Incident Response
The properties of cloud computing could be hard tomanage and response the incident events Large scale, shared resource and automated management.
Cloud vendor needs a standard operation process (SOP) for
incident response. The cloud vendor provides the complexity and large-
scale service It is hard to monitor the traces and response the incident
immediately. Each services could cross-impact the management policy.
Incident Response
Incident ResponseIncident Response
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
96/169
Incident Response
Cc thuc tnh ca in ton m my c th ckh khn qun l v p ng cc s kin s c Quy m ln, chia s ti nguyn v qun l t ng. Nh cung cp m my cn c mt qu trnh hot ng
tiu chun (SOP) cho ng ph s c. Cc nh cung cp m my cung cp cc dch v
phc tp v quy m ln Tht kh theo di cc du vt v ng ph s c ngay
lp tc. Mi dch v c th cho nh hng n chnh sch qun
l.
p
ViewsIncident Response
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
97/169
Views
View for monitor We need the security operation center (SOC). Each new services and resources should be monitor by
SOC.
SOC provides the notification and guideline foremergency or security events.
View for customer Customers need to evaluate the SLA which meets the
requirement or not. Customers should understand the SOP for incident
response.
p
NhnIncident Response
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
98/169
Nhn
Xem cho mn hnh Chng ta cn cc trung tm hot ng an ninh (SOC).
Mi dch v v ngun lc mi nn c gim st biSOC.
SOC cung cp cc thng bo v hng dn cho cc skin khn cp, an ninh.
Xem cho khch hng
Khch hng cn phi nh gi cc SLA p ng cc yucu hay khng.
Khch hng nn hiu SOP cho ng ph s c.
p
SuggestionIncident Response
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
99/169
Suggestion
Before using cloud computing Define the normal events and unusual events. Test your system which is compatible with cloud
environment or not.
SOC is usually used in single or pure environment In multi-tenant environment, SOC needs to be modified
to monitor data from any source. Application layer firewall and log file are helpful on
multi-tenant for SOC. Each sensitive data should be encrypted to reduce
the losses.
p
nghIncident Response
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
100/169
ngh
Trc khi s dng in ton m my Xc nh cc s kin bnh thng v cc s kin bt thng. Kim tra h thng ca bn tng thch vi mi trng in
ton m my hay khng.
SOC thng c s dng trong mi trng n lhoc tinh khit Trong mi trng a ngi dng, SOC cn phi c sa i
theo di d liu t bt c ngun no. Lp ng dng tng la v tp tin ng nhp l hu ch trn
nhiu ngi thu nh cho SOC. Mi d liu nhy cm nn c m ha gim thit
hi..
p
Application SecurityApplication Security
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
101/169
Application Security
In cloud computing Cloud vendor provides the environment to users.
Users run the applications which may be designed byusers or third-party.
Similar with normal applications, services in cloudalso need to well-design and keep it secure Preliminary analysis and confidentiality
Integrate and availability tests Demilitarized Zone
an ninh ng dngan ninh ngdng
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
102/169
an ninh ngdng
Trong in ton m my Nh cung cp in ton m my cung cp mi trng
cho ngi s dng. Ngi s dng chy cc ng dng c th c thit k
bi ngi s dng hoc bn th ba. Tng t vi ng dng thng thng, dch v in
ton m my cng cn phi cng thit k v gicho n an ton
Phn tch s b v bo mt Tch hp v kim tra tnh sn sng Khu phi qun s
InteroperationApplication Security
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
103/169
Interoperation
Services and applications in cloud interactivefrequently The dependencies between applications affect the
system security.
Third-party applications also can damage and changethe system stability.
The test tools cloud vendor provided can help system toenhance system security.
Application Security
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
104/169
Dch v v cc ng dng trong in ton m mytng tc thng xuyn S ph thuc gia cc ng dng nh hng n an ninh
h thng.
Cc ng dng ca bn th ba cng c th lm hng vthay i s n nh h thng.
Cc cng c kim tra nh cung cp in ton m myc th gip cung cp h thng tng cng an ninh h
thng.
SuggestionApplication Security
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
105/169
Suggestion
In the application development lifecycle, we needto concern the three parts Security threats and trust model.
Cloud platform program assessment tool.
Applications quality check point.
Keep in mind Cannot suppose all communications are in security
channel. The storage and management for application
certificate are important.
nghApplication Security
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
106/169
ngh
Trong vng i pht trin ng dng, chng ta cnquan tm ba phn Cc mi e da an ninh v m hnh tin cy. Nn tng cng c nh gi chng trnh in ton m
my. im kim tra cht lng ca ng dng.
Ghi nh Khng th cho rngttc cc thng tin lin lc trong
knh bomt.. Vic lu tr v qun l cp giy chng nhn ng
dng l quan trng.
EncryptionEncryption &Key Management
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
107/169
yp
How to avoid the data be theft is the importantsecurity issue Cloud vendor cannot guarantee that sensitive data be in
the secure protection.
The encryption is the efficient way to protect theimportant data.
In some country, data which is hosted or must beencryption
Personal information. State secure file. etc.
Key Management
m ham ha &qun l ch cht
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
108/169
Lm th no trnh c nhng d liu cnh cp l vn bo mt quan trng m my nh cung cp khng th m bo rng d liu
nhy cm c bo v an ton.
M ha l cch hiu qu bo v d liu quan trng.
Trong mt s quc gia, d liu c lu tr trnmy hoc phi c m ha
Thng tin c nhn. Nh nc tp tin an ton.
vv ....
qun l chcht
Key managementEncryption &Key Management
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
109/169
y g
The encryption system can provide theinformation security for data Dependent by the encryption algorithm, e.g. Caesar shift
or AES.
Dependent by the key selection.
Dependent by the key management.
Key Management
qun lchchtEncryption &Key Management
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
110/169
q
Hthng m ha c th cung cp cc thng tin bomtcho dliu Ph thuc bi cc thut ton m ha, v d Caesar thay
i hoc AES.
Ph thuc bng cch la chn quan trng. Ph thuc bi cc qun l ch cht.
Key Management
ManagementEncryption &Key Management
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
111/169
g
Encrypting and decrypting data costs manyresource and time Classify the data by sensitive and importance.
Choose the suitable the encryption algorithm.
In cloud, encryption system is frequency used Simple or common password is useless.
A non-secure key management would damage the
encryption system.
Key Management
ManagementEncryption &Key Management
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
112/169
g
M ha v gii m dliu chi ph nhiu ti nguynv thi gian Phn loi cc dliunhycm v quan trng.
Chnthutton m ha ph hp.
Trong m my, h thng m ha l tn s s dng n gin hoc chung mt khu l v ch.
Mt qun l ch cht khng an ton s lm hng h
thng m ha.
y g
SuggestionEncryption &Key Management
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
113/169
gg
Cloud customers need to understand theencryption system using in cloud Encryption algorithm and costs.
Key management and Key generation policy.
Customers need to specify the encryption servicein SLA The encryption system should be audited by third-party.
Limitation for length and strength of key is required.
y g
SuggestionEncryption &Key Management
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
114/169
gg
m my khch hng cn phi hiu h thng mha s dng trong in ton m my Thutton m ha v chi ph.
Qun l chchtv chnh sch h chnh.
Khch hng cn phi xc nh cc dch v m hatrong SLA H thng m ha phi c kim ton bi bn th ba.
Gii hn cho chiu di v sc mnh ca trng l cnthit.
y g
Access ControlAccessManagement
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
115/169
After keeping data in security environment andencryption, we need to understand the accesscontrol policy Guest can accessed the sensitive data is dangerous.
In cloud computing, number of users is largerbeyond our imagination Complex of access control policy
Add / delete users access right immediately. Identify and authorize the user.
g
iu khin truy cptruy cpqun l
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
116/169
y p
Sau khi gi d liu trong mi trng bo mt vm ha, chng ta cn phi hiu c chnh schkim sot truy cp Khch c th truy cp cc dliunhycm l nguy him.
Trong in ton m my, s lng ngi dngln hn ngoi sc tng tng ca chng ti Phc tp ca cc chnh sch kim sot truy cp
Thm / xa ngi dng quyn truy cp ngay lp tc. Xc nh v y quyn cho ngi s dng.
q
IAMAccessManagement
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
117/169
The identify and access management (IAM) system incloud should be fair and rigorous assessed Identity provision
Authentication
Union management Authorization and user configuration
Customers can use the third-party authorization OpenID, Google or Facebook
Cloud vendor need to provide the (single sign-on) SSO Avoid the repeated login
IAMAccessManagement
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
118/169
Cc xc nh v h thng qun l truy cp (IAM) trongm my phi cng bng v nghim ngt nh gi cung cp danh tnh xc thc
qun l cng on U quyn v cu hnh ngi dng.
Khch hng c thsdnguquynca bn th ba OpenID, Google or Facebook
Nh cung cp m my cn phi cung cp (ng nhpmt ln) SSO Trnh ng nhp lp i lp li
VirtualizationVirtualization
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
119/169
In cloud, virtualization technique is widely used Abstract and integrate the resource. Easily to provide the on-demand resource to users.
Virtualized resource means mix all resource Concentration of risk. Each user must meet the secure requirement.
Hypervisor monitor and communicate withvirtualization machine (VM) Break the hypervisor could break all system. Attacking to hypervisor is the new malicious methods.
o hao ha
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
120/169
Trong m my, k thut o ha c s dng rng ri Tru tng v tch hp cc ti nguyn. D dng cung cp cc ngun ti nguyn theo yu cu cho
ngi s dng.
Ngun ti nguyn o ha c ngha l kthpttc ccngun ti nguyn Tp trung ri ro. Mi ngi s dng phi p ng cc yu cu an ton.
Hypervisor gim st v giao tipvi my o (VM) Ph v cc hypervisor c th ph v tt c cc h thng. Tn cng hypervisor l phng php c hi mi.
SuggestionVirtualization
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
121/169
Understand the virtualization technique used incloud environment The security and isolation of hypervisor.
The default configure and setting must be secure.
The resource image of VM must be tested and verified.
The hypervisor owns the high secure permission Only few staff and users has the right to access the
hypervisor. Each access to hypervisor must be recorded.
SuggestionVirtualization
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
122/169
Hiu bit v cc k thut o ha c s dngtrong mi trng in ton m my An ninh v s c lp ca hypervisor.
Cc cu hnh mc nh v thit lp phi c an ton.
Hnh nh ti nguyn ca my o phi c kim tra vxc minh.
Hypervisor shu cho php an ton cao
Ch c vi nhn vin v ngi dng c quyn truy cpvo my tnh o.
Mi truy cp hypervisor phi c ghi.
Summary
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
123/169
Cloud security alliance (CSA) provides the securityguidance and separate cloud security Two field: governance and operation.
Twelve sub-categories.
Each sub-categories introduce the problem couldoccurred and given some suggestions.
In three service model, CSA provides the general
views and give difference suggestions fordifference model.
Tm tt
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
124/169
m my lin minh an ninh (CSA) hng dn bomt v an ninh in ton m my ring Hai lnh vc: qun tr v hot ng.
Mi hai tiu mc.
Mi tiu mc gii thiu cc vn c th xy ra va ra mt s gi .
Trong ba m hnh dch v, CSA cung cp cc quan
im chung v gi s khc bit cho m hnh khcbit.
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
125/169
Law and Privacy
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
126/169
Php lutv bomt
The Real World
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
127/169
Like the real world, criminals are around of us andwe can be the victim anytime and anywhere In the computer would, crackers hide in the network
and try to attack anything interesting.
Lawless employees also try to sale the sensitive andimportant data.
Law is the last line of defense.
Thgiithc
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
128/169
Nh th gii thc, bn ti phm l xung quanhchng ta v chng ta c th l nn nhn bt c lcno v bt c ni no Trong my tnh s, bnh quy gin n trong mng li v
c gng tn cng bt c iu g th v. Nhn vin v lut l cng c gng bn cc d liu nhy
cm v quan trng.
Php lutl dng cui cng caquc phng.
Enforcement
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
129/169
Users try to believe the performance andprotection what company claim But lots of security incidents are frequency appeared in
the news. In 2011, Dropbox claims all data in server are encrypted, but
User are beginning to doubt the companys guarantee.
Law can provide the basic protection Company needs to provide the basic security protection
and basic quality of service. Also, law resolves the dispute between user and
company.
thcthi
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
130/169
Ngi dng c gng tin rng vic thc hin v bo vnhng g cng ty yu cu bi thng Nhng rt nhiu s c an ninh l tn s xut hin trong cc
tin tc. Trong nm 2011, Dropbox tuyn b tt c cc d liu trong my
ch c m ha, nhng Ngi dng ang bt u nghi ng c bo lnh ca cng ty.
Php lut c th cung cp cc bo v c bn Cng ty cn cung cp cc bo v an ninh c bn v cht lng
c bn ca dch v. Ngoi ra, php lut gii quyt tranh chp gia ngi s dngv cng ty.
Online Shopping
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
131/169
It is popular and convenient to purchase on theinternet People can buy books, foods, and the car on the web.
People could not see the product until receive the
product.
There are many problems on online shopping There are some difference between image and product.
It may be some mistake on the price. The personal information could be hijacked or therft.
mua smtrctuyn
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
132/169
N l ph bin v thun tin mua trn internet Mi ngi c th mua sch, thc phm, v chic xe trn
web.
Ngi khng th nhn thy cc sn phm cho n khi
nhn c sn phm. C nhiu vn v mua sm trc tuyn
C mtss khc bitgia hnh nh v snphm.
N c th l mts sai lmv gi.
Thng tin c nhn c thbtn cng hoc therft.
Security Protection
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
133/169
On the customers view All personal data must be under the full protection.
Everything must be meet the description of the product.
On the companies view Security protection is not just the responsibility of the
company.
But world is not all liking wishful!
bov an ninh
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
134/169
Trn quan im khch hng Tt c cc d liu c nhn phi c t di s bo v
y .
Tt c mi th phi c p ng cc m t v sn
phm. Trn quan im cng ty
Bov an ninh khng ch l trch nhimca cng ty.
Nhng th gii khng phi l tt c thch m!
Privacy
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
135/169
On the other hand, the privacy is the basicpersonal right No one shall be subjected to arbitrary interference.
Everyone has the right to the protection of the law
against such interference or attacks.
The privacy includes Personal information.
Religion and sexual orientation.
ring t
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
136/169
Mt khc, s ring t l quyn c nhn c bn Khng ai c th b mt cch c on.
Mi ngi u c quyn c lut php bo v chng linhng xm nh vy.
S ring t bao gm Thng tin c nhn.
Tn gio v khuynh hng tnh dc.
Net Generation
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
137/169
Now is the net generation Every teenager is living in internet.
Everyone can find lots of interesting information ininternet.
Phone number, intimate photos or contents of email.
Users need someone to protect the privacy The law and government can provides the basic and
strong protection.
But in sometime, the law is also broken the right ofprivacy.
ThHMng
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
138/169
By gi l thhmng Mi thiu nin ang sng trong internet.
Tt c mi ngi c th tm thy rt nhiu thng tin thv trn internet.
S in thoi, hnh nh thn mt hoc ni dung ca email.
Ngi s dng cn mt ai bo v s ring t nh ca php lut v chnh ph c th cung cp s bo
v c bn v mnh m.
Nhng trong i khi, lut php cng b ph v quynring t.
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
139/169
LAW AND PRIVACY
Information Protection
USA PATRIOT Act
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
140/169
LAW AND PRIVACY
Information Protection
USA PATRIOT Act
Personal Information
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
141/169
Everyone in the internet would leave some traces User leaves the personal information to apply for Google
and Facebook account.
User leaves the name, phone number and address to
buy something. This information can be used on some malicious
behavior Fake identity.
Internet fraud
Thng tin c nhn
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
142/169
Tt c mi ngi trn Internet s li mt s duvt Ngi dng ri khi thng tin c nhn p dng cho
Google v ti khon Facebook.
Ngi dng ri khi tn, s in thoi v a ch muamt ci g .
Thng tin ny c th c s dng trn mt shnh vi nguy him Danh tnh gi.
gian ln internet
Law of Personal Information
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
143/169
In 2010, Taiwan government enact laws to protectthe personal information It specifies the limitation of personal information
collection, process and usage.
Companies need to provide the evidence actively toexclude the liability.
Php lutca thng tin c nhn
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
144/169
Trong nm 2010, chnh ph i Loan ban hnhlut bo v thng tin c nhn N xc nh cc gii hn ca b su tp thng tin c
nhn, qu trnh v cch s dng.
Cc cng ty cn phi cung cp bng chng tch cc loi tr trch nhim.
Clause
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
145/169
There are many clauses to specify the usage ofpersonal information and the penalty of breakingthe law Everyone can apply for compensation top to twenty
thousand when personal information has been violated. When a crime occurs, companies need to provide the
evidence that they has been meet the requirement ofthe law.
iu khon
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
146/169
C rt nhiu iu khon xc nh vic s dngthng tin c nhn v cc hnh pht vi phm phplut Tt c mi ngi c th p dng cho u bi thng cho
hai mi ngn khi thng tin c nhn b vi phm. Khi mt ti c xy ra, cc cng ty cn phi cung cp bng
chng cho thy h c p ng yu cu ca phplut.
Company Risk
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
147/169
From the probability point of view Each company may lose the sensitive information.
Cloud company has lots personal information.
If company lost 1/20 data (e.g. Five thousand data) Fines would be up to one million NT dollars.
Also, company lose his corporate image.
riro cng ty
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
148/169
T quan im xc sut xem Mi cng ty c th mt thng tin nhy cm.
Cng ty in ton m my c rt nhiu thng tin cnhn.
Nu cng ty b mt 1/20 d liu (v d: Nm ngn dliu).
Tin pht s ln n mt triu la NT.
Ngoi ra, cng ty bmthnh nh cng ty ca mnh.
Traces
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
149/169
Companies are invested in the preservation ofevidence to avoid penalties of laws Companies try to keep traces and logs which records all
operations.
The record system must be stable and reliable But there are few guideline used for record system.
Company also need to modify all system to interact withrecord system.
It would be complex, massive and expansive.
duvt
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
150/169
Cc cng ty c u t trong vic bo qunchng c trnh hnh pht ca php lut Cc cng ty c gng gi du vt v cc bn ghi m ghi li
tt c cc hot ng..
Cc h thng h s phi c n nh v ng tincy Nhng c rt t hng dn s dng cho h thng h s.
Cng ty cng cn phi sa i tt c cc h thng tngtc vi h thng h s. N s l phctp, ln v mrng.
When Crime Occurred
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
151/169
The traces is the first solution used to identify theattribution of responsibility Traces must be clean and cannot be modified.
The method of keeping trace also need to be trusted.
But unlike the fingerprint or DNA, electronicevidences are easier to modify or fake Keeping the isolation between traces and system is
important.
Khitiphmxyra
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
152/169
Cc du vt l gii php u tin c s dng xc nh cc quyn hn ca trch nhim Du vt phi sch v khng th c sa i.
Cc phng php gi du vt cng cn phi c tin cy.
Nhng khng ging nh du vn tay hay DNA,chng c in t l d dng hn sa i hocgi mo
Gi cch ly gia cc duvtv hthng l rtquantrng.
In Cloud
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
153/169
In cloud computing Traces would growth into a massive and large size such
that finding the crime evidence is difficult.
The large size of traces means the difficult of keep
record stable and reliable. How to duplicate, isolate and manage the traces?
Replica and off-site backup.
Automation and systematization.
Reduce human intervention.
trong My
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
154/169
Trong in ton m my Du vt s pht trin thnh mt kch thc ln v ln
nh vy m vic tm kim cc bng chng ti phm lkh khn.
Kch thc ln ca cc du vt c ngha l kh khn gili n nh v ng tin cy.
Lm th no nhn bn, c lp v qun l cc duvt? Bn sao v sao lu off-site. T ng ha v h thng ha. Gim s can thip ca con ngi.
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
155/169
LAW AND PRIVACY
Information Protection
USA PATRIOT Act
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
156/169
LAW AND PRIVACY
Information Protection
USA PATRIOT Act
Outside the Law
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
157/169
In a special case, law may be outside the country One user in A country would be under the law of B
country.
Cloud provides service to anywhere on the world Server and user are usually located at the difference
country.
Have Foreign country the right to access the user data?
Bn ngoiLut
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
158/169
Trong trng hp c bit, php lut c th c bn ngoi t nc Mt ngi s dng trong mt quc gia s theo php lut
ca quc gia B.
in ton m my cung cp dch v cho bt cni no trn th gii My ch v ngi s dng thng c t ti cc quc
gia khc nhau.
C quc gia nc ngoi c quyn truy cp vo d liungi dng?
USA Patriot Act
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
159/169
One of the most important news in cloudcomputing is USA patriot act U.S. government has the right to access all of data in the
U.S. country.
Also, U.S. government has the right to access the datawhich is hosted by U.S. companies no matter what thedata at USA or at foreign country.
Microsoft and Google recognized to provide the
data to the U.S. intelligence The data are located on the server in Europe.
LutiqucHoa Kz
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
160/169
Mt trong nhng tin tc quan trng nht trongin ton m my l Hoa K hnh ng yu nc Chnh ph M c quyn truy cp vo tt c cc d liu
trong nc M.
Ngoi ra, chnh ph M c quyn truy cp d liu ct chc bi cc cng ty M khng c vn g cc dliu M hoc nc ngoi.
Microsoft v Google cng nhn cung cp cc d
liu cho tnh bo M Cc dliunm trn my ch chu u.
USA Patriot Act (contd)
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
161/169
U.S. Server Europe Server
User
U.S. Company
Data
Replicate or Remote backup
U.S. intelligence
Law enforcement
USA Patriot Act (contd)
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
162/169
U.S. Server Europe Server
User
U.S. Company
Data
Nhn rng hoc sao lu t xa
tnh bo M
thc thi php lut
Affect
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
163/169
Users mistrust the cloud service User data could be access without any permission.
User cannot keep secret in the internet.
Lots of important institution are limited to use thecloud service The sensitive data, important service and technique
cannot be hosted on the cloud companies.
If necessary, all data must be encrypted andindependent stores the key.
nhHng
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
164/169
Ngi dng khng tin tng cc dch v in tonm my D liu ngi dng c th truy cp m khng c s cho php.
Ngi s dng khng th gi b mt trong mng Internet.
Rt nhiu t chc quan trng c gii hn s dngdch v in ton m my Cc d liu nhy cm, dch v quan trng v k thut khng
th c lu tr trn cc cng ty in ton m my.
Nu cn thit, tt c cc d liu phi c lu tr c mha v c lp phm.
Summary
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
165/169
Cloud computing is the new industry The laws grow up slower than cloud computing service.
The old provision cannot meet the companies orcustomers requirement.
The new provision still not well-develop. Depending the properties of cloud
Cloud computing service cannot avoid the need toprovide cross-country service.
There may have some conflict between local laws andforeign laws.
Tm tt
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
166/169
in ton m my l ngnh cng nghip mi Php lut ln ln chm hn so vi dch v in ton
m my. Vic cung cp c khng th p ng cc cng ty hoc
khch hng yu cu. Quy nh mi vn khng pht trin tt.
Ty theo tnh cht ca in ton m my Dch v in ton m my khng c th trnh c s
cn thit phi cung cp dch v xuyn quc gia. C th c mt s mu thun gia lut php a phng
v php lut nc ngoi.
Summary (contd)
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
167/169
The privacy is the popular issue for cloud securityissue Cloud services is growing rapidly and around of our life.
Cloud vendors and companies own lots of customers
private information and data. The law is used to protect our right
When government needs to protect the most people, theprivacy of small number of people will be violated.
Who wants to be a small part of the victims?
Tm tt(tip theo)
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
168/169
S ring t l vn ph bin cho cc vn anninh in ton m my Dch v in ton m my ang pht trin nhanh
chng v xung quanh cuc sng ca chng ti. Cc nh cung cp in ton m my v cc cng ty s
hu rt nhiu khch hng thng tin c nhn v d liu.
Php lut c s dng bo v quyn cachng ti Khi chnh ph cn phi bo v hu ht mi ngi, s
ring t ca s t ngi s b vi phm. Ai mun tr thnh mt phn nh ca cc nn nhn?
Reference
-
8/22/2019 Lecture 13 - Cloud Issues and Challenges (Standard & Law)
169/169
Cloud Security Alliance (CSA)https://cloudsecurityalliance.org/
News http://www.zdnet.com.tw/news/software/0,20000856
78,20126532,00.htm http://www.informationsecurity.com.tw/article/article
_detail.aspx?tv=11&aid=6286
http://law.moj.gov.tw/LawClass/LawAll.aspx?PCode=I0
050021
https://cloudsecurityalliance.org/https://cloudsecurityalliance.org/http://www.zdnet.com.tw/news/software/0,2000085678,20126532,00.htmhttp://www.zdnet.com.tw/news/software/0,2000085678,20126532,00.htmhttp://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=6286http://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=6286http://law.moj.gov.tw/LawClass/LawAll.aspx?PCode=I0050021http://law.moj.gov.tw/LawClass/LawAll.aspx?PCode=I0050021http://law.moj.gov.tw/LawClass/LawAll.aspx?PCode=I0050021http://law.moj.gov.tw/LawClass/LawAll.aspx?PCode=I0050021http://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=6286http://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=6286http://www.zdnet.com.tw/news/software/0,2000085678,20126532,00.htmhttp://www.zdnet.com.tw/news/software/0,2000085678,20126532,00.htmhttps://cloudsecurityalliance.org/https://cloudsecurityalliance.org/