Super secure clouds
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Super secure clouds

on

  • 3,527 views

Cloud Computing could be the biggest single opportunity for a significant improvement in our network and information security for decades. Multiple operators and suppliers offering multiple access ...

Cloud Computing could be the biggest single opportunity for a significant improvement in our network and information security for decades. Multiple operators and suppliers offering multiple access points, services and applications that we can tap at the same time will give us a diversity of new protection mechanisms way beyond those we enjoy today.

For sure we need to improve our log-on processes, firewalls and malware protection, but thin clients change the name of the game. A lack of memory and processing power leverage down any malware sophistication, whilst access and utilisation will be harder to compromise when we choose different devices and servers at random. If we also sign up for applications and services from multiple players, and disperse our information in parsed and scattered locations that are never connected in the same manner more than once, then infiltration will be orders of magnitude more difficult.

All clouds are not the same, and their will be large numbers of them spanning corporates, governments, social and personal applications. Some will last, others will be sporadic and last for seconds. Connections too will be continually varying and sporadic. A moving target is harder to hit, and The Cloud might be the ultimate target!

Statistics

Views

Total Views
3,527
Views on SlideShare
3,464
Embed Views
63

Actions

Likes
4
Downloads
99
Comments
5

2 Embeds 63

http://www.linkedin.com 60
http://us-w1.rockmelt.com 3

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • As Michael said over a year ago, cloud based virtualization is 'the biggest opportunity for a security cock-up in decades', unless the foundation is rock solid. A hyvervisor is great, if it is secure and formally proven.
    Are you sure you want to
    Your message goes here
    Processing…
  • ah yes, but when I use a cloud-based service provider, how do I know that they have set it up properly or if they are as leaky as a sieve? Recent attacks on iPhones, Android phones, gonvernment servers, bank servers and WiFi hotspots show that providers of services and infrastructure are not worthy of trust. Perhaps some kind of internationally recognised accreditation for cloud-storage systems is required.
    Are you sure you want to
    Your message goes here
    Processing…
  • People are always the problem and not the machines! If they choose to dumb things then nothing and non one can help them. It is a matter of choice. BUT we do know how to make very reliable, and very secure systems, using unreliable and insecure components.

    Thus we have an engineering problem - how to engineer people out and security in!

    In this presentation I have given some pretty strong hints and suggestions just how that is to be done :-)
    Are you sure you want to
    Your message goes here
    Processing…
  • Just another quick comment, regarding the cyber-terrorism and cyber-crime mentioned in the slide presentation. This will become much more of a threat when we adopt wide-scale machine-to-machine technology for essential services such as smart power grids. O brave new world.
    Are you sure you want to
    Your message goes here
    Processing…
  • hmm....I tend to see it as the biggest opportunity for a security cock-up in decades. My bank offered to provide a cloud-based service to back up all my business data but refused to provide any indemnity against my clients' data being stolen by hackers. Can we really rely on some Tom, Dick or Harry entity in a cloud to adequately configure their security? Even the Pentagon didn't adequately protect themselves against bedroom-hobbyist hackers. And do we know that everyone is using thin-client devices to access it? We have to assume that hackers will be using state-of-the-art equipment. On the bright side, IETF has a working group (DECADE) specifying how cloud security should work and they have a very active security WG. But in the end, it comes down to trusting some cloud service provider (who may subcontract the job) to have adequate security controls and to configure them correctly. I am not a trusting person at heart, which is perhaps why I work in the field of information security and why I am an atheist :-)
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Super secure clouds Presentation Transcript

  • 1. SUPER Peter Cochrane SECURE cochrane.org.ukTuesday, 26 June 12
  • 2. Security is always a cat and mouse game...Tuesday, 26 June 12
  • 3. And we are always trying to tilt the odds in our favour...Tuesday, 26 June 12
  • 4. But we cannot leave anything to chance, we cannot afford to gamble, the stakes are far too high..Tuesday, 26 June 12
  • 5. We have to think like the enemy, war game, test and probe, & constantly keep ahead technically and strategically...Tuesday, 26 June 12
  • 6. Laws of security... 1) There is always a threat 2) It is always in a direction you’re not looking 3) Perceived risk/threat never equals reality 4) Nothing is 100% secure 5) People are always the primary risk 6) Resources are deployed inversely proportional to actual riskTuesday, 26 June 12
  • 7. Laws of security... 7) You need two security groups - defenders & attackers 8) Security & operational requirements are mutually exclusive 9) Legislation is always > X years behind 10) Security standards are an oxymoron 11) Security people are never their own customer 12) Cracking systems is far more fun than defending themTuesday, 26 June 12
  • 8. Laws of security... 13) Hackers are smarter than you - they are younger! 14) Hackers are not the biggest threat - governments are! 15) As life becomes faster it becomes less secure 16) Connectivity and data half lives are getting shorter too 17) We are most at risk during a time of transition 18) The weakest link generally defines the outcomeTuesday, 26 June 12
  • 9. If we continue to do what we’ve always done our Cloud exposure will accelerate..Tuesday, 26 June 12
  • 10. In The Cloud - the attack surface is the entire planet...Tuesday, 26 June 12
  • 11. We w i l l n e e d more and smarter firewalls...Tuesday, 26 June 12
  • 12. All forms of malware protection will have to become evolutionary...Tuesday, 26 June 12
  • 13. Has to become far more sophisticated...Tuesday, 26 June 12
  • 14. Enhancing login vectors... Something you: - Do - Are - Know - Posses - Deduce - Relate to A concatenation - Recognise of weak vectors - Remember rapidly becomes - Understand very strong...Tuesday, 26 June 12
  • 15. Concatenating numerous low cost biometrics is a good example... - Eye - Face - Hand - Voice - Typing - Habits - Devices - Locations - ++++Tuesday, 26 June 12
  • 16. Automated & stronger encryption... ...but only where needed !Tuesday, 26 June 12
  • 17. More anonymity applications...Tuesday, 26 June 12
  • 18. More url hopping, identity, & location cloaking applications...Tuesday, 26 June 12
  • 19. What does The Cloud offer beyond all this ?Tuesday, 26 June 12
  • 20. It will destroy dominant mono-cultures of: - Devices So what are the extras The - Browsers Cloud brings to the party ? - eMail clients - Application sets - Operating modes - Operating systems Hackers love mono-cultures - it makes their lives so very much easier...Tuesday, 26 June 12
  • 21. More variety, dynamism, and faster change...Tuesday, 26 June 12
  • 22. Clouds of all sizes will form and dissipate by demand ...with the clustering of people and devices +++Tuesday, 26 June 12
  • 23. Connectivity will be less static, comms between Clouds sporadic and far more varied...Tuesday, 26 June 12
  • 24. Moving targets are very hard to hitTuesday, 26 June 12
  • 25. Thin clients offer very limited processing and memory, making it far harder for malware to be effective...Tuesday, 26 June 12
  • 26. - Infrastructure - Platform - Software Cloud services now available from multiple suppliers...Tuesday, 26 June 12
  • 27. Use multiple suppliers for connectivity, apps, storage, security et al and employ in a randomised fashion...Tuesday, 26 June 12
  • 28. ...seamlessly flip between devices...Tuesday, 26 June 12
  • 29. WhyTuesday, 26 June 12
  • 30. To make it incredibly difficult for the dark side: - No single log-on device - No single log-on location - Variable log-on routine - Distributed applications - Distributed filing system - Parsed and distributed data - Multiple clouds and providers - Dynamic creation of clouds - Dynamic cloud interconnection - Inter-cloud encryption and coding - Corporate strength security for allTuesday, 26 June 12
  • 31. Storage App Corporate App Personal App Storage Personal App App Corporate One of many Storage Connection Clouds Corporate Surrounded By CloudsTuesday, 26 June 12
  • 32. Parsed data flows to/from multiple destinations... ...are incredibly difficult to intercept and decode...Tuesday, 26 June 12
  • 33. Parsed, encrypted & distributed folders over multiple global s e r ve r s . . . i s ev e n harder!Tuesday, 26 June 12
  • 34. The biggest threat is still people laxity and the insider... Parsed, encrypted and distributed data folders over multiple global servers...is even worse!Tuesday, 26 June 12
  • 35. Behavioural monitoring and analysis will become an essential cloud service for SMEs, corporations & .gov...Tuesday, 26 June 12
  • 36. Half lives of connections, data, info and knowledge...are going to get much shorter!Tuesday, 26 June 12
  • 37. We have to reduce the opportunity and the time available for The Dark Side to infiltrate and take action...Tuesday, 26 June 12
  • 38. And should they break in we confront them with partial access and a very confusing picture... Which door to choose, and to which cloud, for how long, with access to what ?Tuesday, 26 June 12
  • 39. How many layers, combinations, connections, locks, types ? How long will they be open, and what is in each of the many clouds ?Tuesday, 26 June 12
  • 40. The Dark Side will t h u s h ave The day of the lone far less time to infiltrate hacker is coming to and take an end... action...Tuesday, 26 June 12
  • 41. The New Dark Side are gov agencies and criminal organisations with huge budgets, people & tech resources...Tuesday, 26 June 12
  • 42. The sophistication of StuxNet and Flame surprised industry and governments ...and they mark the start of a new era...Tuesday, 26 June 12
  • 43. We may be transiting to‘Cyber Warfare’...Tuesday, 26 June 12
  • 44. Fen din go dem ff su and ch t tha sm hre n in ore ats mu divi ster dua capa l co bili rps ty canTuesday, 26 June 12
  • 45. Global cooperation will be required, to develop militar y grade solutions ...Tuesday, 26 June 12
  • 46. To sur vive and prosper we have to think and act differently whilst leveraging new technology, and techniques...Tuesday, 26 June 12
  • 47. The DIY companies will not survive...Tuesday, 26 June 12
  • 48. Malware is now open code for free or a modest price from multiple sources... ...it is also breeding by the hand of man and by a digital life force we created...Tuesday, 26 June 12
  • 49. “Speed is the essence of war. Take advantage of the enemys u n p re p a re d n e s s ; t r ave l b y unexpected routes and strike him where he has taken no precautions” The Art of War by Sun Tzu, 600 BCTuesday, 26 June 12
  • 50. Be prepared !Tuesday, 26 June 12
  • 51. ca-global.org cochrane.org.uk Thank You COCHRANE a s s o c i a t e sTuesday, 26 June 12