SlideShare a Scribd company logo

Super secure clouds

University of Hertfordshire
University of Hertfordshire

Cloud Computing could be the biggest single opportunity for a significant improvement in our network and information security for decades. Multiple operators and suppliers offering multiple access points, services and applications that we can tap at the same time will give us a diversity of new protection mechanisms way beyond those we enjoy today. For sure we need to improve our log-on processes, firewalls and malware protection, but thin clients change the name of the game. A lack of memory and processing power leverage down any malware sophistication, whilst access and utilisation will be harder to compromise when we choose different devices and servers at random. If we also sign up for applications and services from multiple players, and disperse our information in parsed and scattered locations that are never connected in the same manner more than once, then infiltration will be orders of magnitude more difficult. All clouds are not the same, and their will be large numbers of them spanning corporates, governments, social and personal applications. Some will last, others will be sporadic and last for seconds. Connections too will be continually varying and sporadic. A moving target is harder to hit, and The Cloud might be the ultimate target!

Technology
1 of 51
Download to read offline
SUPER Peter Cochrane SECURE cochrane.org.uk Tuesday, 26 June 12
Security is always a cat and mouse game... Tuesday, 26 June 12
And we are always trying to tilt the odds in our favour... Tuesday, 26 June 12
But we cannot leave anything to chance, we cannot afford to gamble, the stakes are far too high.. Tuesday, 26 June 12
We have to think like the enemy, war game, test and probe, & constantly keep ahead technically and strategically... Tuesday, 26 June 12
Laws of security... 1) There is always a threat 2) It is always in a direction you’re not looking 3) Perceived risk/threat never equals reality 4) Nothing is 100% secure 5) People are always the primary risk 6) Resources are deployed inversely proportional to actual risk Tuesday, 26 June 12
Laws of security... 7) You need two security groups - defenders & attackers 8) Security & operational requirements are mutually exclusive 9) Legislation is always > X years behind 10) Security standards are an oxymoron 11) Security people are never their own customer 12) Cracking systems is far more fun than defending them Tuesday, 26 June 12
Laws of security... 13) Hackers are smarter than you - they are younger! 14) Hackers are not the biggest threat - governments are! 15) As life becomes faster it becomes less secure 16) Connectivity and data half lives are getting shorter too 17) We are most at risk during a time of transition 18) The weakest link generally defines the outcome Tuesday, 26 June 12
If we continue to do what we’ve always done our Cloud exposure will accelerate.. Tuesday, 26 June 12
In The Cloud - the attack surface is the entire planet... Tuesday, 26 June 12
We w i l l n e e d more and smarter firewalls... Tuesday, 26 June 12
All forms of malware protection will have to become evolutionary... Tuesday, 26 June 12
Has to become far more sophisticated... Tuesday, 26 June 12
Enhancing login vectors... Something you: - Do - Are - Know - Posses - Deduce - Relate to A concatenation - Recognise of weak vectors - Remember rapidly becomes - Understand very strong... Tuesday, 26 June 12
Concatenating numerous low cost biometrics is a good example... - Eye - Face - Hand - Voice - Typing - Habits - Devices - Locations - ++++ Tuesday, 26 June 12
Automated & stronger encryption... ...but only where needed ! Tuesday, 26 June 12
More anonymity applications... Tuesday, 26 June 12
More url hopping, identity, & location cloaking applications... Tuesday, 26 June 12
What does The Cloud offer beyond all this ? Tuesday, 26 June 12
It will destroy dominant mono-cultures of: - Devices So what are the extras The - Browsers Cloud brings to the party ? - eMail clients - Application sets - Operating modes - Operating systems Hackers love mono-cultures - it makes their lives so very much easier... Tuesday, 26 June 12
More variety, dynamism, and faster change... Tuesday, 26 June 12
Clouds of all sizes will form and dissipate by demand ...with the clustering of people and devices +++ Tuesday, 26 June 12
Connectivity will be less static, comms between Clouds sporadic and far more varied... Tuesday, 26 June 12
Moving targets are very hard to hit Tuesday, 26 June 12
Thin clients offer very limited processing and memory, making it far harder for malware to be effective... Tuesday, 26 June 12
- Infrastructure - Platform - Software Cloud services now available from multiple suppliers... Tuesday, 26 June 12
Use multiple suppliers for connectivity, apps, storage, security et al and employ in a randomised fashion... Tuesday, 26 June 12
...seamlessly flip between devices... Tuesday, 26 June 12
Why Tuesday, 26 June 12
To make it incredibly difficult for the dark side: - No single log-on device - No single log-on location - Variable log-on routine - Distributed applications - Distributed filing system - Parsed and distributed data - Multiple clouds and providers - Dynamic creation of clouds - Dynamic cloud interconnection - Inter-cloud encryption and coding - Corporate strength security for all Tuesday, 26 June 12
Storage App Corporate App Personal App Storage Personal App App Corporate One of many Storage Connection Clouds Corporate Surrounded By Clouds Tuesday, 26 June 12
Parsed data flows to/from multiple destinations... ...are incredibly difficult to intercept and decode... Tuesday, 26 June 12
Parsed, encrypted & distributed folders over multiple global s e r ve r s . . . i s ev e n harder! Tuesday, 26 June 12
The biggest threat is still people laxity and the insider... Parsed, encrypted and distributed data folders over multiple global servers...is even worse! Tuesday, 26 June 12
Behavioural monitoring and analysis will become an essential cloud service for SMEs, corporations & .gov... Tuesday, 26 June 12
Half lives of connections, data, info and knowledge...are going to get much shorter! Tuesday, 26 June 12
We have to reduce the opportunity and the time available for The Dark Side to infiltrate and take action... Tuesday, 26 June 12
And should they break in we confront them with partial access and a very confusing picture... Which door to choose, and to which cloud, for how long, with access to what ? Tuesday, 26 June 12
How many layers, combinations, connections, locks, types ? How long will they be open, and what is in each of the many clouds ? Tuesday, 26 June 12
The Dark Side will t h u s h ave The day of the lone far less time to infiltrate hacker is coming to and take an end... action... Tuesday, 26 June 12
The New Dark Side are gov agencies and criminal organisations with huge budgets, people & tech resources... Tuesday, 26 June 12
The sophistication of StuxNet and Flame surprised industry and governments ...and they mark the start of a new era... Tuesday, 26 June 12
We may be transiting to‘Cyber Warfare’... Tuesday, 26 June 12
Fen din go dem ff su and ch t tha sm hre n in ore ats mu divi ster dua capa l co bili rps ty can Tuesday, 26 June 12
Global cooperation will be required, to develop militar y grade solutions ... Tuesday, 26 June 12
To sur vive and prosper we have to think and act differently whilst leveraging new technology, and techniques... Tuesday, 26 June 12
The DIY companies will not survive... Tuesday, 26 June 12
Malware is now open code for free or a modest price from multiple sources... ...it is also breeding by the hand of man and by a digital life force we created... Tuesday, 26 June 12
“Speed is the essence of war. Take advantage of the enemy's u n p re p a re d n e s s ; t r ave l b y unexpected routes and strike him where he has taken no precautions” The Art of War by Sun Tzu, 600 BC Tuesday, 26 June 12
Be prepared ! Tuesday, 26 June 12
ca-global.org cochrane.org.uk Thank You COCHRANE a s s o c i a t e s Tuesday, 26 June 12

Recommended

Know your cirrus from your cumulus (with notes)
Know your cirrus from your cumulus (with notes)Know your cirrus from your cumulus (with notes)
Know your cirrus from your cumulus (with notes)Andrew Phillips
 
Blue light services - Emergency Services on a Smaller Budget
Blue light services - Emergency Services on a Smaller Budget Blue light services - Emergency Services on a Smaller Budget
Blue light services - Emergency Services on a Smaller BudgetUniversity of Hertfordshire
 
Managing Change - From Centralised to Socialised
Managing Change - From Centralised to SocialisedManaging Change - From Centralised to Socialised
Managing Change - From Centralised to SocialisedUniversity of Hertfordshire
 
Sun Tzu
Sun TzuSun Tzu
Sun Tzuasgharali651
 
Curriculum rosalba campo
Curriculum rosalba campoCurriculum rosalba campo
Curriculum rosalba campoMalvina Mejia
 
Financement privé START 18-05-15. A.Peyraud
Financement privé START 18-05-15. A.Peyraud Financement privé START 18-05-15. A.Peyraud
Financement privé START 18-05-15. A.PeyraudPrénom Nom de famille
 
La comunicacion
La comunicacionLa comunicacion
La comunicacionIngrid Reyes
 
Recursos financieros para empresas.
Recursos financieros para empresas.Recursos financieros para empresas.
Recursos financieros para empresas.Punto de Activación Empresarial Móvil
 

Recommended

Know your cirrus from your cumulus (with notes)
Know your cirrus from your cumulus (with notes)Know your cirrus from your cumulus (with notes)
Know your cirrus from your cumulus (with notes)Andrew Phillips
 
Blue light services - Emergency Services on a Smaller Budget
Blue light services - Emergency Services on a Smaller Budget Blue light services - Emergency Services on a Smaller Budget
Blue light services - Emergency Services on a Smaller BudgetUniversity of Hertfordshire
 
Managing Change - From Centralised to Socialised
Managing Change - From Centralised to SocialisedManaging Change - From Centralised to Socialised
Managing Change - From Centralised to SocialisedUniversity of Hertfordshire
 
Sun Tzu
Sun TzuSun Tzu
Sun Tzuasgharali651
 
Curriculum rosalba campo
Curriculum rosalba campoCurriculum rosalba campo
Curriculum rosalba campoMalvina Mejia
 
Financement privé START 18-05-15. A.Peyraud
Financement privé START 18-05-15. A.Peyraud Financement privé START 18-05-15. A.Peyraud
Financement privé START 18-05-15. A.PeyraudPrénom Nom de famille
 
La comunicacion
La comunicacionLa comunicacion
La comunicacionIngrid Reyes
 
Recursos financieros para empresas.
Recursos financieros para empresas.Recursos financieros para empresas.
Recursos financieros para empresas.Punto de Activación Empresarial Móvil
 
Identity theft in the Cloud and remedies
Identity theft in the Cloud and remediesIdentity theft in the Cloud and remedies
Identity theft in the Cloud and remediesGiuseppe Paterno'
 
Open Cloud System Networking Vision
Open Cloud System Networking VisionOpen Cloud System Networking Vision
Open Cloud System Networking VisionRandy Bias
 
Ciso executive summit 2012
Ciso executive summit 2012Ciso executive summit 2012
Ciso executive summit 2012Bill Burns
 
Continuous development - Growing Pains
Continuous development - Growing PainsContinuous development - Growing Pains
Continuous development - Growing PainsJohn Stevenson
 
SMART TOOLS: DISSECT, DIGEST AND DELIVER BIG DATA from Structure:Data 2012
SMART TOOLS: DISSECT, DIGEST AND DELIVER BIG DATA from Structure:Data 2012SMART TOOLS: DISSECT, DIGEST AND DELIVER BIG DATA from Structure:Data 2012
SMART TOOLS: DISSECT, DIGEST AND DELIVER BIG DATA from Structure:Data 2012Gigaom
 
Scaling the Cloud - Cloud Security
Scaling the Cloud - Cloud SecurityScaling the Cloud - Cloud Security
Scaling the Cloud - Cloud SecurityBill Burns
 
Beam PHP2012 Workshops: The Cloud
Beam PHP2012 Workshops: The CloudBeam PHP2012 Workshops: The Cloud
Beam PHP2012 Workshops: The CloudJames Dunmore
 
Understanding the Cloud
Understanding the CloudUnderstanding the Cloud
Understanding the Cloudwww.datatrak.com
 
NATO IST Symposium 2013
NATO IST Symposium 2013NATO IST Symposium 2013
NATO IST Symposium 2013Patrick Chanezon
 
Chris Boos, arago AG: Big Data means new programs
Chris Boos, arago AG: Big Data means new programsChris Boos, arago AG: Big Data means new programs
Chris Boos, arago AG: Big Data means new programsCloudcamp
 
Xtreme Deployment
Xtreme DeploymentXtreme Deployment
Xtreme DeploymentTheo Schlossnagle
 
A Call to Arms for Private Cloud Builders
A Call to Arms for Private Cloud BuildersA Call to Arms for Private Cloud Builders
A Call to Arms for Private Cloud BuildersAngie Hirata
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionMarketingArrowECS_CZ
 
Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?
Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?
Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?TEO LT, AB
 
Atldevops
AtldevopsAtldevops
AtldevopsTheo Schlossnagle
 
Ruxcon Finding Needles in Haystacks (the size of countries)
Ruxcon Finding Needles in Haystacks (the size of countries)Ruxcon Finding Needles in Haystacks (the size of countries)
Ruxcon Finding Needles in Haystacks (the size of countries)packetloop
 
Redefining Security in the Cloud
Redefining Security in the CloudRedefining Security in the Cloud
Redefining Security in the CloudMike Spaulding
 
Big data, security, and the cloud
Big data, security, and the cloudBig data, security, and the cloud
Big data, security, and the cloudPano Xinos
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingGowtham Reddy
 
Prince Building Tech Talk 12102012
Prince Building Tech Talk 12102012Prince Building Tech Talk 12102012
Prince Building Tech Talk 12102012Andy Parsons
 
Future Telecoms Challenges & Opportunities
Future Telecoms Challenges & OpportunitiesFuture Telecoms Challenges & Opportunities
Future Telecoms Challenges & OpportunitiesUniversity of Hertfordshire
 
Thermodynamics - Laws Embracing Our Universe
Thermodynamics - Laws Embracing Our UniverseThermodynamics - Laws Embracing Our Universe
Thermodynamics - Laws Embracing Our UniverseUniversity of Hertfordshire
 

More Related Content

Similar to Super secure clouds

Identity theft in the Cloud and remedies
Identity theft in the Cloud and remediesIdentity theft in the Cloud and remedies
Identity theft in the Cloud and remediesGiuseppe Paterno'
 
Open Cloud System Networking Vision
Open Cloud System Networking VisionOpen Cloud System Networking Vision
Open Cloud System Networking VisionRandy Bias
 
Ciso executive summit 2012
Ciso executive summit 2012Ciso executive summit 2012
Ciso executive summit 2012Bill Burns
 
Continuous development - Growing Pains
Continuous development - Growing PainsContinuous development - Growing Pains
Continuous development - Growing PainsJohn Stevenson
 
SMART TOOLS: DISSECT, DIGEST AND DELIVER BIG DATA from Structure:Data 2012
SMART TOOLS: DISSECT, DIGEST AND DELIVER BIG DATA from Structure:Data 2012SMART TOOLS: DISSECT, DIGEST AND DELIVER BIG DATA from Structure:Data 2012
SMART TOOLS: DISSECT, DIGEST AND DELIVER BIG DATA from Structure:Data 2012Gigaom
 
Scaling the Cloud - Cloud Security
Scaling the Cloud - Cloud SecurityScaling the Cloud - Cloud Security
Scaling the Cloud - Cloud SecurityBill Burns
 
Beam PHP2012 Workshops: The Cloud
Beam PHP2012 Workshops: The CloudBeam PHP2012 Workshops: The Cloud
Beam PHP2012 Workshops: The CloudJames Dunmore
 
Chris Boos, arago AG: Big Data means new programs
Chris Boos, arago AG: Big Data means new programsChris Boos, arago AG: Big Data means new programs
Chris Boos, arago AG: Big Data means new programsCloudcamp
 
A Call to Arms for Private Cloud Builders
A Call to Arms for Private Cloud BuildersA Call to Arms for Private Cloud Builders
A Call to Arms for Private Cloud BuildersAngie Hirata
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionMarketingArrowECS_CZ
 
Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?
Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?
Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?TEO LT, AB
 
Ruxcon Finding Needles in Haystacks (the size of countries)
Ruxcon Finding Needles in Haystacks (the size of countries)Ruxcon Finding Needles in Haystacks (the size of countries)
Ruxcon Finding Needles in Haystacks (the size of countries)packetloop
 
Redefining Security in the Cloud
Redefining Security in the CloudRedefining Security in the Cloud
Redefining Security in the CloudMike Spaulding
 
Big data, security, and the cloud
Big data, security, and the cloudBig data, security, and the cloud
Big data, security, and the cloudPano Xinos
 
Prince Building Tech Talk 12102012
Prince Building Tech Talk 12102012Prince Building Tech Talk 12102012
Prince Building Tech Talk 12102012Andy Parsons
 

Similar to Super secure clouds (20)

Identity theft in the Cloud and remedies
Identity theft in the Cloud and remediesIdentity theft in the Cloud and remedies
Identity theft in the Cloud and remedies
 
Open Cloud System Networking Vision
Open Cloud System Networking VisionOpen Cloud System Networking Vision
Open Cloud System Networking Vision
 
Ciso executive summit 2012
Ciso executive summit 2012Ciso executive summit 2012
Ciso executive summit 2012
 
Continuous development - Growing Pains
Continuous development - Growing PainsContinuous development - Growing Pains
Continuous development - Growing Pains
 
SMART TOOLS: DISSECT, DIGEST AND DELIVER BIG DATA from Structure:Data 2012
SMART TOOLS: DISSECT, DIGEST AND DELIVER BIG DATA from Structure:Data 2012SMART TOOLS: DISSECT, DIGEST AND DELIVER BIG DATA from Structure:Data 2012
SMART TOOLS: DISSECT, DIGEST AND DELIVER BIG DATA from Structure:Data 2012
 
Scaling the Cloud - Cloud Security
Scaling the Cloud - Cloud SecurityScaling the Cloud - Cloud Security
Scaling the Cloud - Cloud Security
 
Beam PHP2012 Workshops: The Cloud
Beam PHP2012 Workshops: The CloudBeam PHP2012 Workshops: The Cloud
Beam PHP2012 Workshops: The Cloud
 
Understanding the Cloud
Understanding the CloudUnderstanding the Cloud
Understanding the Cloud
 
NATO IST Symposium 2013
NATO IST Symposium 2013NATO IST Symposium 2013
NATO IST Symposium 2013
 
Chris Boos, arago AG: Big Data means new programs
Chris Boos, arago AG: Big Data means new programsChris Boos, arago AG: Big Data means new programs
Chris Boos, arago AG: Big Data means new programs
 
Xtreme Deployment
Xtreme DeploymentXtreme Deployment
Xtreme Deployment
 
A Call to Arms for Private Cloud Builders
A Call to Arms for Private Cloud BuildersA Call to Arms for Private Cloud Builders
A Call to Arms for Private Cloud Builders
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data Protection
 
Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?
Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?
Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?
 
Atldevops
AtldevopsAtldevops
Atldevops
 
Ruxcon Finding Needles in Haystacks (the size of countries)
Ruxcon Finding Needles in Haystacks (the size of countries)Ruxcon Finding Needles in Haystacks (the size of countries)
Ruxcon Finding Needles in Haystacks (the size of countries)
 
Redefining Security in the Cloud
Redefining Security in the CloudRedefining Security in the Cloud
Redefining Security in the Cloud
 
Big data, security, and the cloud
Big data, security, and the cloudBig data, security, and the cloud
Big data, security, and the cloud
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Prince Building Tech Talk 12102012
Prince Building Tech Talk 12102012Prince Building Tech Talk 12102012
Prince Building Tech Talk 12102012
 

More from University of Hertfordshire

More from University of Hertfordshire (20)

Future Telecoms Challenges & Opportunities
Future Telecoms Challenges & OpportunitiesFuture Telecoms Challenges & Opportunities
Future Telecoms Challenges & Opportunities
 
Thermodynamics - Laws Embracing Our Universe
Thermodynamics - Laws Embracing Our UniverseThermodynamics - Laws Embracing Our Universe
Thermodynamics - Laws Embracing Our Universe
 
Applied Science - Engineering Systems
Applied Science - Engineering SystemsApplied Science - Engineering Systems
Applied Science - Engineering Systems
 
IoT Yet to Come
IoT Yet to ComeIoT Yet to Come
IoT Yet to Come
 
The Scientific Meme
The Scientific Meme The Scientific Meme
The Scientific Meme
 
Uncanny Valley and Human Destiny
Uncanny Valley and Human DestinyUncanny Valley and Human Destiny
Uncanny Valley and Human Destiny
 
Resurgence of Technology Driven Change
Resurgence of Technology Driven ChangeResurgence of Technology Driven Change
Resurgence of Technology Driven Change
 
Society 5.0: A Vital Symbiosis
Society 5.0: A Vital SymbiosisSociety 5.0: A Vital Symbiosis
Society 5.0: A Vital Symbiosis
 
Cyber Portents and Precursors
Cyber Portents and PrecursorsCyber Portents and Precursors
Cyber Portents and Precursors
 
Technology Overlords Or A Symbiosis ?
Technology Overlords Or A Symbiosis ?Technology Overlords Or A Symbiosis ?
Technology Overlords Or A Symbiosis ?
 
THE FUTURE OF MOBILE NETWORKS
THE FUTURE OF MOBILE NETWORKS THE FUTURE OF MOBILE NETWORKS
THE FUTURE OF MOBILE NETWORKS
 
Quantifying Machine Intelligence Mathematically
Quantifying Machine Intelligence MathematicallyQuantifying Machine Intelligence Mathematically
Quantifying Machine Intelligence Mathematically
 
Technologies That Will Change Everything
Technologies That Will Change EverythingTechnologies That Will Change Everything
Technologies That Will Change Everything
 
Cyber Security - Thinking Like The Enemy
Cyber Security - Thinking Like The EnemyCyber Security - Thinking Like The Enemy
Cyber Security - Thinking Like The Enemy
 
Society 5.0 Redefined
Society 5.0 RedefinedSociety 5.0 Redefined
Society 5.0 Redefined
 
The Future WorkScape
The Future WorkScapeThe Future WorkScape
The Future WorkScape
 
Engineering Reliability and Resilience
Engineering Reliability and ResilienceEngineering Reliability and Resilience
Engineering Reliability and Resilience
 
Smart Materials and Structures
Smart Materials and StructuresSmart Materials and Structures
Smart Materials and Structures
 
TRUTH, SITUATION, & CONTEXT AWARENESS
TRUTH, SITUATION, & CONTEXT AWARENESSTRUTH, SITUATION, & CONTEXT AWARENESS
TRUTH, SITUATION, & CONTEXT AWARENESS
 
The Scientific Method
The Scientific MethodThe Scientific Method
The Scientific Method
 

Recently uploaded

Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 

Recently uploaded (20)

Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 

Super secure clouds

  • 1. SUPER Peter Cochrane SECURE cochrane.org.uk Tuesday, 26 June 12
  • 2. Security is always a cat and mouse game... Tuesday, 26 June 12
  • 3. And we are always trying to tilt the odds in our favour... Tuesday, 26 June 12
  • 4. But we cannot leave anything to chance, we cannot afford to gamble, the stakes are far too high.. Tuesday, 26 June 12
  • 5. We have to think like the enemy, war game, test and probe, & constantly keep ahead technically and strategically... Tuesday, 26 June 12
  • 6. Laws of security... 1) There is always a threat 2) It is always in a direction you’re not looking 3) Perceived risk/threat never equals reality 4) Nothing is 100% secure 5) People are always the primary risk 6) Resources are deployed inversely proportional to actual risk Tuesday, 26 June 12
  • 7. Laws of security... 7) You need two security groups - defenders & attackers 8) Security & operational requirements are mutually exclusive 9) Legislation is always > X years behind 10) Security standards are an oxymoron 11) Security people are never their own customer 12) Cracking systems is far more fun than defending them Tuesday, 26 June 12
  • 8. Laws of security... 13) Hackers are smarter than you - they are younger! 14) Hackers are not the biggest threat - governments are! 15) As life becomes faster it becomes less secure 16) Connectivity and data half lives are getting shorter too 17) We are most at risk during a time of transition 18) The weakest link generally defines the outcome Tuesday, 26 June 12
  • 9. If we continue to do what we’ve always done our Cloud exposure will accelerate.. Tuesday, 26 June 12
  • 10. In The Cloud - the attack surface is the entire planet... Tuesday, 26 June 12
  • 11. We w i l l n e e d more and smarter firewalls... Tuesday, 26 June 12
  • 12. All forms of malware protection will have to become evolutionary... Tuesday, 26 June 12
  • 13. Has to become far more sophisticated... Tuesday, 26 June 12
  • 14. Enhancing login vectors... Something you: - Do - Are - Know - Posses - Deduce - Relate to A concatenation - Recognise of weak vectors - Remember rapidly becomes - Understand very strong... Tuesday, 26 June 12
  • 15. Concatenating numerous low cost biometrics is a good example... - Eye - Face - Hand - Voice - Typing - Habits - Devices - Locations - ++++ Tuesday, 26 June 12
  • 16. Automated & stronger encryption... ...but only where needed ! Tuesday, 26 June 12
  • 17. More anonymity applications... Tuesday, 26 June 12
  • 18. More url hopping, identity, & location cloaking applications... Tuesday, 26 June 12
  • 19. What does The Cloud offer beyond all this ? Tuesday, 26 June 12
  • 20. It will destroy dominant mono-cultures of: - Devices So what are the extras The - Browsers Cloud brings to the party ? - eMail clients - Application sets - Operating modes - Operating systems Hackers love mono-cultures - it makes their lives so very much easier... Tuesday, 26 June 12
  • 21. More variety, dynamism, and faster change... Tuesday, 26 June 12
  • 22. Clouds of all sizes will form and dissipate by demand ...with the clustering of people and devices +++ Tuesday, 26 June 12
  • 23. Connectivity will be less static, comms between Clouds sporadic and far more varied... Tuesday, 26 June 12
  • 24. Moving targets are very hard to hit Tuesday, 26 June 12
  • 25. Thin clients offer very limited processing and memory, making it far harder for malware to be effective... Tuesday, 26 June 12
  • 26. - Infrastructure - Platform - Software Cloud services now available from multiple suppliers... Tuesday, 26 June 12
  • 27. Use multiple suppliers for connectivity, apps, storage, security et al and employ in a randomised fashion... Tuesday, 26 June 12
  • 28. ...seamlessly flip between devices... Tuesday, 26 June 12
  • 30. To make it incredibly difficult for the dark side: - No single log-on device - No single log-on location - Variable log-on routine - Distributed applications - Distributed filing system - Parsed and distributed data - Multiple clouds and providers - Dynamic creation of clouds - Dynamic cloud interconnection - Inter-cloud encryption and coding - Corporate strength security for all Tuesday, 26 June 12
  • 31. Storage App Corporate App Personal App Storage Personal App App Corporate One of many Storage Connection Clouds Corporate Surrounded By Clouds Tuesday, 26 June 12
  • 32. Parsed data flows to/from multiple destinations... ...are incredibly difficult to intercept and decode... Tuesday, 26 June 12
  • 33. Parsed, encrypted & distributed folders over multiple global s e r ve r s . . . i s ev e n harder! Tuesday, 26 June 12
  • 34. The biggest threat is still people laxity and the insider... Parsed, encrypted and distributed data folders over multiple global servers...is even worse! Tuesday, 26 June 12
  • 35. Behavioural monitoring and analysis will become an essential cloud service for SMEs, corporations & .gov... Tuesday, 26 June 12
  • 36. Half lives of connections, data, info and knowledge...are going to get much shorter! Tuesday, 26 June 12
  • 37. We have to reduce the opportunity and the time available for The Dark Side to infiltrate and take action... Tuesday, 26 June 12
  • 38. And should they break in we confront them with partial access and a very confusing picture... Which door to choose, and to which cloud, for how long, with access to what ? Tuesday, 26 June 12
  • 39. How many layers, combinations, connections, locks, types ? How long will they be open, and what is in each of the many clouds ? Tuesday, 26 June 12
  • 40. The Dark Side will t h u s h ave The day of the lone far less time to infiltrate hacker is coming to and take an end... action... Tuesday, 26 June 12
  • 41. The New Dark Side are gov agencies and criminal organisations with huge budgets, people & tech resources... Tuesday, 26 June 12
  • 42. The sophistication of StuxNet and Flame surprised industry and governments ...and they mark the start of a new era... Tuesday, 26 June 12
  • 43. We may be transiting to‘Cyber Warfare’... Tuesday, 26 June 12
  • 44. Fen din go dem ff su and ch t tha sm hre n in ore ats mu divi ster dua capa l co bili rps ty can Tuesday, 26 June 12
  • 45. Global cooperation will be required, to develop militar y grade solutions ... Tuesday, 26 June 12
  • 46. To sur vive and prosper we have to think and act differently whilst leveraging new technology, and techniques... Tuesday, 26 June 12
  • 47. The DIY companies will not survive... Tuesday, 26 June 12
  • 48. Malware is now open code for free or a modest price from multiple sources... ...it is also breeding by the hand of man and by a digital life force we created... Tuesday, 26 June 12
  • 49. “Speed is the essence of war. Take advantage of the enemy's u n p re p a re d n e s s ; t r ave l b y unexpected routes and strike him where he has taken no precautions” The Art of War by Sun Tzu, 600 BC Tuesday, 26 June 12
  • 51. ca-global.org cochrane.org.uk Thank You COCHRANE a s s o c i a t e s Tuesday, 26 June 12