Ponemon survey cloud security webcast


Published on

Cloud computing is one of the fastest growing technologies, but making it secure can be extremely challenging.

These slides are from a webcast with security and privacy expert, Dr. Larry Ponemon and Dome9 VP of Marketing & Business Development, Dave Meizlik who walked through the key findings of the new report on Managing Firewall Risks in the Cloud (Nov. 2011), available at www.dome9.com.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Ponemon survey cloud security webcast

  1. 1. Ponemon Institute Cloud Security:Managing Firewall Risks November 2011 Sponsored by Dome9 Security Ponemon Institute, LLC
  2. 2. Security is the #1 concern of the cloud.Ponemon Institute, LLC 2
  3. 3. About the study682 respondents across 17 verticals. All were IT or IT securitypractitioners.The study was commission by Dome9 Security, a cloudsecurity management service provider. Dome9 provides acloud firewall management service for automated andelastic security.The study was performed by the Ponemon Institute. ThePonemon Institute is dedicated to independent researchand education that advances responsible information andprivacy management practices within business andgovernment. It conducts high quality, empirical studies oncritical issues affecting the management and security ofsensitive information about people and organizations. Ponemon Institute, LLC 3
  4. 4. Key study findings Most organizations’ cloud servers are vulnerable Most IT personnel don’t understand the risk Securing access to and generating reports for cloud servers is a big problem Ponemon Institute, LLC
  5. 5. How do you rate your cloud security management today?No Comment 21% Poor 25% Fair 27% Good 18% Excellent 9% 0% 5% 10% 15% 20% 25% 30% Excellent Good Fair Poor No Comment Ponemon Institute, LLC
  6. 6. 73% believe the cloud serverfirewall is the first place to stop attacks and prevent exploits. Ponemon Institute, LLC 6
  7. 7. When asked: How vulnerable are you from unsecured ports/firewalls? 24% 32% Very Vulnerable9% Vulnerable Not Vulnerable 35% Unsure Only 9% said they were not vulnerable Ponemon Institute, LLC
  8. 8. How likely is this to happen?60% 42% 43%40% 19% 9% 14% 12% 22%20% 16% 18% 0% 5% Already Very likely happened Likely to to happen Not likely happen Will never to happen happen Locked out of cloud server Ports left open & exposed to hackers Ponemon Institute, LLC
  9. 9. Key study findings Most organizations’ cloud servers are vulnerable Most IT personnel don’t understand the risk Securing access to and generating reports for cloud servers is a big problem Ponemon Institute, LLC
  10. 10. Cloud server firewall management54% said IT personnel within their organization have no knowledge (or are not knowledgeable) about the potential risk of open firewall ports in their cloud environment61% said they do not have a solution deployed… whenasked, ‘why?’ o 62% said solutions are not scalable o 59% said solutions cost too much o 57% said solutions are not available o 49% said solutions are too complex o 43% said solutions are not dependable Ponemon Institute, LLC
  11. 11. Responsibility for Cloud SecurityPartner Most Responsible Responsible Within Your OrgCustomer Provider Both 41% 20% 17% 15% 33% 31% 5% 2% 36% Ponemon Institute, LLC
  12. 12. Cloud infrastructure is automated… its security must be too.Ponemon Institute, LLC 12
  13. 13. Importance of Automation in Cloud Firewall Management More important in the cloud 40% environment because it is elasticEqually important in both on-premises 32% and cloud environments Less important in the cloud 8% environment 20% Unsure 0% 5% 10% 15% 20% 25% 30% 35% 40% Ponemon Institute, LLC
  14. 14. Key study findings Most organizations’ cloud servers are vulnerable Most IT personnel don’t understand the risk Securing access to and generating reports for cloud servers is a big problem Ponemon Institute, LLC
  15. 15. Managing access and generating reports on cloud server access Cannot manage access or generate reports36% efficiently29% Manage access through the cloud provider’s tools, but cannot generate reports Manage access and generate reports directly14% from each cloud server, manually Ponemon Institute, LLC
  16. 16. How would you know If your cloudwas hacked because of an open port Our system would provide a warning 19% We wouldnt know 42% The cloud provider would inform us 39% Ponemon Institute, LLC
  17. 17. Summary of findings• Only 9% rate their cloud security as Excellent• 42% said they would not know if their cloud was hacked due to an open firewall port. o 39% said they thought their cloud provider would tell them.• 54% said IT has no knowledge of the risk posed by open ports on cloud servers. o 67% said they are vulnerable, today; o 24% said they don’t know if they were vulnerable.• 79% have difficulty or cannot manage access to their cloud servers and generating reports. Ponemon Institute, LLC
  18. 18. About the Sponsor D o m e 9 S e c u r i t y L t d. – http://www.dome9.com
  19. 19. Overview of Dome9 Dome9 is a cloud firewall security management service Available for the enterprise and hosting providers, Dome9 provides dynamic security policy control for Clouds, Virtual Private Servers (VPS), dedicated servers, and Amazon’s EC2 Security Groups, across all major operating systems and service providers.Dome9 lets you… Close all administrative ports on your servers without losing access and control. Open any port on-demand, any time, for anyone, and from anywhere. Send secure access invitations to third parties. Centralize firewall management for all your servers and clouds
  20. 20. Dome9 Central Dome9 offers full control over the host OS firewall from a secured web service – accessible from anywhere.
  21. 21. Secure Your CloudTM Visit Dome9.com to get a copy of the Ponemon Study onManaging Firewalls in the Cloud, andget a free, 14-day trial of Dome9 Security.
  22. 22. Thanks for your time. D o m e 9 S e c u r i t y L t d. – http://www.dome9.com
  23. 23. Demographic information• 863 total respondents with 682 in final • Respondents spanned 17 industries: sample – 18% Financial Services – 12% Public Sector – 11% Health & Pharma• All respondents were bona fide – 8% Services credentials in IT or IT security – 8% Industrial o Median 10 years in IT and 4.5 years in current position – 7% Retail – 6% Hospitality• All respondents are based in the U.S., but have employees based in: • Organizational size: o 75% Canada – 5% had more than 100,000 employees o 68% Europe – 35% had more than 5,001 employees o 41% Middle East – 25% had 1,001-5,000 employees o 58% Asia-Pacific – 35% had fewer than 1,000 employees o 43% Latin America Role in Organization Reports to CIO 4% 2% 4% 3% 3% Vice President 15% 4% CISO 8% Director 38% CSO 22% Manager 20% 58% Supervisor CRO 19% Technician CFO Staff Ponemon Institute, LLC
  24. 24. Cloud types and providers Types of cloud environments Major cloud service providers thethe organization presently uses organization presently uses 68% 47%45%49%70% 50%60% 50% 38% 40%50% 30%28%40% 31% 30% 24%30% 20%20%10% 2% 10% 0% 0% Google Azure Other Rackspace Terremark AWS EC2 GoGrid Ponemon Institute, LLC