Opportuniteiten van Cloud Computing Databeveiliging PDF
Preview Opportuniteiten van Cloud Computing Databeveiliging
UNIVERSITEIT GENT FACULTEIT ECONOMIE EN BEDRIJFSKUNDE ACADEMIEJAAR 2015 – 2016 Opportuniteiten van Cloud Computing Databeveiliging Masterproef voorgedragen tot het bekomen van de graad van Master of Science in de Handelswetenschappen Verleye Giel onder leiding van Prof. Lemeire Len UNIVERSITEIT GENT FACULTEIT ECONOMIE EN BEDRIJFSKUNDE ACADEMIEJAAR 2015 – 2016 Opportuniteiten van Cloud Computing Databeveiliging Masterproef voorgedragen tot het bekomen van de graad van Master of Science in de Handelswetenschappen Verleye Giel onder leiding van Prof. Lemeire Len PERMISSION Ondergetekende verklaart dat de inhoud van deze masterproef mag geraadpleegd en/of gereproduceerd worden, mits bronvermelding. Naam student: Giel Verleye Woord vooraf Dit eindwerk is het resultaat van een leerrijk jaar vol uitdagingen. Hierbij heb ik veel kennis opgedaan over cloud computing en databeveiliging. Dankzij de hulp van velen rondom mij is dit het resultaat. Bedankt hiervoor. Vooreerst mijn oprechte dank aan de heren Senne Vaeyens, Rudy Van Hoe, Francis Werquin en Raya Verschelden voor de nodige hulp die ik gekregen heb bij het onderzoek. Daarnaast wil ik ook mijn promotor, professor Len Lemeire, vriendelijk bedanken voor het interessante onderwerp en zijn goede raad. Tenslotte wil ik mijn familie hartelijk bedanken voor de mogelijkheden en de steun. Niet alleen gedurende dit project maar mijn gehele opleiding. Giel Verleye Augustus 2016 I Inhoudsopgave Lijst van gebruikte afkortingen .............................................................................................. V Tabellen en figuren ............................................................................................................. VII Inleiding ................................................................................................................................ 1 1 Wat is Cloud Computing? ............................................................................................... 3 1.1 Technologieën ..................................................................................................................... 3 1.2 Definiëring Cloud Computing .............................................................................................. 3 1.2.1 Essentiële karakteristieken ......................................................................................... 4 1.2.2 Service models ............................................................................................................ 5 1.2.3 Deployment models .................................................................................................... 6 1.3 Utility computing ................................................................................................................. 6 2 Databeveiliging .............................................................................................................. 7 2.1 Informatiebeveiliging .......................................................................................................... 7 2.2 CIA triangle .......................................................................................................................... 7 2.3 Risicoanalyse ....................................................................................................................... 7 2.4 ISO ....................................................................................................................................... 8 2.4.1 ISO 27000 series .......................................................................................................... 8 2.5 European Model Clauses ..................................................................................................... 9 3 Onderzoek ................................................................................................................... 10 3.1 Onderzoeksopzet .............................................................................................................. 10 3.2 Relevantie .......................................................................................................................... 10 3.3 Het opstellen van de vragenlijst ........................................................................................ 11 4 Databeveiliging en Cloud Computing. ........................................................................... 13 4.1 Information security policies ............................................................................................. 13 4.2 Organization of information security ................................................................................ 14 4.3 Human resource security .................................................................................................. 16 4.4 Asset management ............................................................................................................ 17 4.4.1 Hergebruik van resources ......................................................................................... 18 4.5 Access control ................................................................................................................... 18 4.5.1 Authorisation ............................................................................................................. 19 4.5.2 Authentication ........................................................................................................... 19 4.5.3 Aan de kant van de provider ..................................................................................... 21 4.6 Cryptography ..................................................................................................................... 21 4.6.1 Technologie ............................................................................................................... 22 II 4.6.2 Key management ...................................................................................................... 23 4.7 Physical and environmental security ................................................................................ 24 4.8 Operations security ........................................................................................................... 26 4.8.1 Logging and monitoring ............................................................................................ 26 4.8.2 Change management ................................................................................................ 27 4.8.3 Capacity management............................................................................................... 28 4.8.4 Back-up ...................................................................................................................... 28 4.8.5 Portability .................................................................................................................. 29 4.8.6 Virtualisatie ............................................................................................................... 30 4.9 Communications security .................................................................................................. 31 4.9.1 Network security management ................................................................................. 31 4.9.2 Information transfer .................................................................................................. 32 4.10 System acquisition, development and maintenance ........................................................ 33 4.10.1 Testing ....................................................................................................................... 34 4.11 Supplier relationships ........................................................................................................ 34 4.12 Information security incident management ..................................................................... 35 4.12.1 Gerechtelijk onderzoek ............................................................................................. 37 4.13 Information security aspects of business continuity management .................................. 37 4.13.1 Redundancies ............................................................................................................ 38 4.13.2 Beschikbaarheid ........................................................................................................ 38 4.14 Compliance ........................................................................................................................ 39 4.14.1 Privacy ....................................................................................................................... 41 5 De providers ................................................................................................................. 43 5.1 De Big Four ........................................................................................................................ 43 5.2 Amazon .............................................................................................................................. 44 5.3 Google ............................................................................................................................... 44 5.4 IBM .................................................................................................................................... 45 5.5 Microsoft ........................................................................................................................... 45 5.6 Het invullen van de vragenlijsten ...................................................................................... 46 6 Resultaten en conclusie per domein van de ISO 27001 standaard.................................. 47 6.1 Information security policies ............................................................................................. 47 6.2 Organization of information security ................................................................................ 47 6.3 Human resource security .................................................................................................. 48 6.4 Asset management ............................................................................................................ 48 6.4.1 Hergebruik van resources ......................................................................................... 49 6.5 Access control ................................................................................................................... 49 6.5.1 Aan de kant van de klant ........................................................................................... 49 6.5.2 Aan de kant van de provider ..................................................................................... 50 6.6 Cryptography ..................................................................................................................... 51 6.6.1 Technologie ............................................................................................................... 51 6.6.2 Key management ...................................................................................................... 52 6.7 Physical and environmental security ................................................................................ 52 6.7.1 Physical security ........................................................................................................ 52 III 6.7.2 Environmental security ............................................................................................. 53 6.8 Operations security ........................................................................................................... 54 6.8.1 Logging and monitoring ............................................................................................ 54 6.8.2 Change management ................................................................................................ 55 6.8.3 Capacity management............................................................................................... 55 6.8.4 Back-up ...................................................................................................................... 56 6.8.5 Portability .................................................................................................................. 56 6.8.6 Virtualisatie ............................................................................................................... 57 6.9 Communications security .................................................................................................. 57 6.9.1 Network security management ................................................................................. 57 6.9.2 Information transfer .................................................................................................. 58 6.10 System acquisition, development and maintenance ........................................................ 58 6.10.1 Testing ....................................................................................................................... 59 6.11 Supplier relationships ........................................................................................................ 59 6.12 Information security incident management ..................................................................... 60 6.12.1 Gerechtelijk onderzoek ............................................................................................. 60 6.13 Information security aspects of business continuity management .................................. 61 6.13.1 Redundancies ............................................................................................................ 62 6.13.2 Beschikbaarheid ........................................................................................................ 62 6.14 Compliance ........................................................................................................................ 62 6.14.1 Privacy ....................................................................................................................... 64 Eindconclusie ....................................................................................................................... 66 Beperkingen en verder onderzoek........................................................................................ 68 Bijlage 1: Voor- en nadelen van cloud computing Bijlage 2: Vragenlijst AWS Bijlage 3: Vragenlijst Google Cloud Platform Bijlage 4: Vragenlijst IBM Bluemix Bijlage 5: Vragenlijst Microsoft Azure IV Lijst van gebruikte afkortingen AD Active Directory AES Advanced Encryption Standard AWS Amazon Web Services BC Business Continuity BCM Business Continuity Management BCP Business Continuity Plan BS British Standards CBAC Claim-based Access Control CIA Confidentiality, Integrity and Availability CRM Customer Relationship Management CSV Comma-separated Values CTO Chief Technology Officer DAC Discretionary Access Control DDoS Distributed Denial-of-Service DR Disaster Recovery DRP Business continuity management EBS Elastic Block Store EC Europese Commissie EC2 Elastic Compute Cloud ENISA European Union Agency for Network and Information Security enz. enzovoort EU Europese Unie HR Human Resources HSM Hardware Security Module HTTP HyperText Transfer Protocol HTTPS HyperText Transfer Protocol Secure IBM International Business Machines IdM Identity Management IDS Intrusion Detection System IPS Intrusion Prevention System IPsec Internet Protocol Security ISMS Information Security Management System ISO International Organization for Standardization IT Informatietechnologie JPL Jet Propulsion Laboratory LDAP Lightweight Directory Access Protocol MAC Mandatory Access Control NASA National Aeronautics and Space Administration NIST National Institute of Standards and Technology OASIS Advancing Open Standards for Information Security OData Open Data Protocol OS Operation System OWASP Open Web Application Security Project V PKI Public Key Infrastructure RBAC Role-based Access Control RFID Radio Frequency Identification RPO Recovery Point Objective RTO Recovery Time Objective S3 Simple Storage Services SaaS Software as a Service SAML Security Assertion Markup Language SANS System Administration, Networking, and Security SLA Service Level Agreement SLO Service Level Objective SSL Secure Sockets Layer SSO Single Sign On STU Specialist Team Unit TLS Transport Layer Security VHD Virtual Hard Disk VM Virtuele Machine VMM Virtual Machine Monitor VPN Virtueel Particulier Netwerk W3C World Wide Web Consortium VI
Description:The list of books you might like
