The Practitioners Guide to Cloud Security - Cloud Expo Europe 2013


Published on

In this presentation, Co-founder and CEO of Dome9 Zohar Alon will explain the need to:
• Take responsibility for server security
• Harden authentication
• Use a Web Application Firewall (WAF) to protect web services, sites, and applications and monitor requests
• Log and analyze insights
• Lockdown and Automate Server Firewalls with Dome9

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

The Practitioners Guide to Cloud Security - Cloud Expo Europe 2013

  1. 1. CloudExpo Europe – London, January 2013The Practitioners Guide toCloud SecurityLondon, January 2013Zohar Alon@zoharalonCo-Founder & CEO Dome9 – Secure Your Cloud™
  2. 2. Me, and my company Zohar Alon – Co-Founder & CEO Creator of Check Point’s Provider-1 & SP product lines Over 20 years of security & IT experience. Cloud Server Security Management Automate and centralize security across an unlimited number of cloud, dedicated, and virtual private servers Dome9 – Secure Your Cloud™
  3. 3. What’s this?Dome9 – Secure Your Cloud™
  4. 4. 1 day and 86,000 attempts later…Dome9 – Secure Your Cloud™
  5. 5. There are more than 30 millionCloud, VPS & Dedicated ServersMost of these servers are vulnerable to attack – Admins leave ports open to connect to their servers – Hackers use these same open ports to gain accessMost of these servers’ security is unmanageable – Sprawled across multiple private & public clouds – Operating systems are a virtual buffetMost of the ‘available’ security doesn’t work – Service providers lack expertise & focus to build it – Security vendors have business models that don’t fit and/or technology that doesn’t migrate and scale Dome9 – Secure Your Cloud™
  6. 6. Who’s responsible for security? Dome9 – Secure Your Cloud™
  7. 7. The Practitioners Guide Part 1 – Responsibility• Most don’t know who’s Who’s Responsible? responsible for cloud security – 42% say they wouldn’t know if their cloud was hacked 33% 31% – 39% think their provider would tell them• Security is everybody’s 36% responsibility – accept and share it!• Security is your responsibility – Deal with it! Customer Provider Both Ponemon Cloud Security Research Study Dome9 – Secure Your Cloud™
  8. 8. The Practitioners Guide Part 2 – Authentication• If Anyone can login consider Multi-Factor authentication to harden access• Simple mobile app integration, w/ QR code support & SMS backup Dome9 – Secure Your Cloud™
  9. 9. Dome9 – Secure Your Cloud™
  10. 10. Dome9 – Secure Your Cloud™
  11. 11. The Practitioners Guide Part 3 - WAF• WAF: Web Application Firewall – Protects Web services, sites and applications – Monitor the requests to the web layer – Brute-force Login, Span Bots, SQL injections, etc.• Easy to enable – No Install! – Provides added security layer w/o overhead• Every Web App Will Use one – CloudFlare, Incapsula or Akamai – Bonus I – site is faster – Bonus II – DDOS mitigation capabilities Dome9 – Secure Your Cloud™
  12. 12. The Practitioners Guide Part 4 – Log• You saw how many insights we get from the logs. You need to store and analyze them.• We use several vendors for this – each for a different use-case: – Splunk & SplunkStorm – SumoLogic – Loggly – LogEntries Dome9 – Secure Your Cloud™
  13. 13. The Practitioners Guide Part 5 – Firewall• Take Control on your security policies – You do much more when it comes to the office firewall• Close All (admin) Ports – Open Dynamically – Open them only for whom, and for as long as is needed.• Don’t rely on static scopes – Too much management overhead and risk.• Aggregate & Centralize firewall management – Across regions, providers and applications• At Dome9, we eat our own dog food – On Amazon, Verison’s Terrermark and Rackspace Dome9 – Secure Your Cloud™
  14. 14. What happened here? Dome9 – Secure Your Cloud™
  15. 15. Dome9: How it WorksAutomated Cloud Server Security  Manage OS firewall (via Agent) and virtual firewall (via API) across all cloud servers  Enable on-demand, time- based secure access leases per server, source & time  Automatically close server access when lease expires  Stop attackers from targeting open admin ports via brute force attacks and exploits Dome9 – Secure Your Cloud™
  16. 16. Dome9 CentralSimplified Security Management Time-Based Controls 1-Click Secure Access Multi-Cloud Management Dome9 – Secure Your Cloud™
  17. 17. Wrap Up① Take Responsibility② Harden Authentication③ Use a Web Application Firewall④ Log, Log, Log, Log, Log… and Analyze⑤ Lockdown and Automate the Server Firewalls… with Dome9!  Dome9 – Secure Your Cloud™
  18. 18. Q&ADome9 – Secure Your Cloud™
  19. 19. Thank You!Zohar Alon, Dome9 – Secure Your Cloud™
  20. 20. References and Links• Firewall Management Service: – –• MyDigipass 2 Factor Authentication Service: –• Log Management Services: – Splunk Storm Service - – Loggly - – LogEntries -• WAF Services: – CloudFlare - – Incapsula -• Cloud Security Study: Dome9 – Secure Your Cloud™