Your SlideShare is downloading. ×
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control

1,736
views

Published on

Far too many organizations are slow to change how they assess and manage security in the cloud. They instead try to apply legacy controls that worked for traditional IT environments to the cloud, thus …

Far too many organizations are slow to change how they assess and manage security in the cloud. They instead try to apply legacy controls that worked for traditional IT environments to the cloud, thus creating new opportunities for security failures.

In this slide deck -- originally presented at RSA Conference 2014 -- David Etue, VP of Corporate Development Strategy at SafeNet, Inc., covers the cultural changes that organizations should adopt in order to address the complex issues surrounding data access in the cloud.

More information about our approach to cloud security can be found at http://www.safenet-inc.com/cloud/.

Published in: Technology

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,736
On Slideshare
0
From Embeds
0
Number of Embeds
21
Actions
Shares
0
Downloads
49
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control David Etue Name Insert Your VP, Corporate Development Strategy Insert Your Title February 26, 2014 Insert Date @djetue
  • 2. Who We Are SafeNet is trusted to protect, control access to, and manage the worlds most sensitive data and high value applications FOUNDED REVENUE GLOBAL EMPLOYEES ACCREDITED 1983 ~330m +25,000 +1,500 Customers in 100 countries In 25 countries Products certified to the highest security standard We protect the most money that moves–over 80% of the world’s intra-bank fund transfers and nearly $1 trillion per day. We are the de facto root of trust– deploying more than 86,000 key managers and protecting up to 750,000,000 encryption keys. We monetize the most high-value software–more than 100 million license keys protect and manage on-premise, embedded, and cloud applications globally. We control access to the most sensitive corporate information– more than 35 million identities protected via tokens, smartcards, and mobile devices managed onpremise and in the cloud.
  • 3. Cloud and Virtualization Are Changing the Way IT is Managed and Consumed Agile. Now. On demand. Simple. Secure? 3
  • 4. Cloud Benefits Are Being Realized…  80% of mature cloud adopters are seeing:1 • Faster access to infrastructure • Greater Scalability • Faster Time to Market for Applications  50% of cloud users report benefits including:1 • Better application performance • Expanded geographic reach • Increased IT staff efficiency © SafeNet Confidential and Proprietary 1RightScale State of the Cloud Report 2013 4
  • 5. …But Cloud Benefits Are Driven by Sharing © SafeNet Confidential and Proprietary 5
  • 6. And Security and Compliance Are Not the Biggest Fans of Sharing… © SafeNet Confidential and Proprietary 6
  • 7. Leading Inhibitors to Cloud Adoption 451 TheInfoPro 2013 Cloud Computing Outlook – Cloud Computing Wave 5
  • 8. Security and Compliance Concerns With Shared Clouds Data Governance Lack of Visibility Data Compliance Lack of Data Control Data Protection Risk of Breach and Data Loss • Can you track all of my data instances? Backups? Snapshots? • Am I aware of government requests/discovery? • Do you new when data is copied? • Who is accessing my data? • Can I illustrate compliance with internal and external mandates? • Is there an audit trail of access to my data? • Are all my data instances secure? • Can I assure only authorized access to my data? • Can I “pull the plug” on data that’s at risk of exposure or who’s lifecycle has expired? How Do You Maintain Ownership and Control Of Your Information In A Multi-Tenant Environment? © SafeNet Confidential and Proprietary 8
  • 9. New Risks Driving Cloud Security Challenges Increased Attack Surface Privileged Users Ability to Apply Security Controls Control (or there lack of)
  • 10. New Risk: Increased Attack Surface
  • 11. New Risk: New Definition of Privilege
  • 12. New Risk: Ability to Apply Security Controls Security Controls Mapping and Sized by Budget Security Management & GRC Identity/Entity Security Data Security App Sec Host Network Infrastructure Security CSA Cloud Model
  • 13. New Risk: Ability to Apply Security Controls Most organizations are trying to deploy “traditional” security controls in cloud and virtual environments…but were the controls even effective then?
  • 14. New Risk: Control (or there lack of) Salesforce - SaaS The lower down the stack the Cloud provider stops, the more security you are tactically responsible for implementing & managing yourself. Google AppEngine - PaaS Amazon EC2 - IaaS
  • 15. And Not Just The Traditional “Bad Guys" Government Discovery Adversaries Cloud Administrators Sensitive Data in the Cloud Auditors / Regulators
  • 16. So, Whose Cloud Is It Anyway? Model Private Cloud IaaS PaaS/SaaS in Hybrid / Community / Public Cloud Whose Privilege Users? Customer Provider Provider Whose Infrastructure? Customer Provider Provider Whose VM / Instance? Customer Customer Provider Whose Application? Customer Customer Provider Law Enforcement Contact? Customer Provider Provider
  • 17. Making it Your Cloud: Key Enablers to Cloud Security Encryption (and Key Management) Identity and Access Management with Strong Authentication Segmentation Privilege User Management Detection and Response Capabilities System Hardening Asset, Configuration, and Change Management
  • 18. Encryption: Un-Sharing in a Shared Environment Un-Sharing FTW!!!
  • 19. Clouds Love Crypto!!!* *with good key management…
  • 20. Typical Sources of Trust Source Traditional Data Center Internal Cloud (Private) External Cloud (Public, Community, Hybrid) “Own the Stack” Yes N/A No System Fingerprinting Yes No No Trusted Platform Module (TPM) Yes Maybe? No Hardware Security Module (HSM) – Server Card Yes Maybe? No Hardware Security Module (HSM) Network Yes Yes Yes Smartcard Yes Maybe Maybe
  • 21. Leveraging Crypto In The Cloud Hardware Security Module = Trust Anchor Sources of Trust Customer Premise Cloud Provider Customer Controlled at Service Provider + Most Control + Architecture + Architecture + Multi Cloud - Architecture - Security / Separation - Multi Cloud - Integration © SafeNet Confidential and Proprietary Trusted 3rd Party 21
  • 22. Leveraging Crypto In The Cloud Applications and Workloads Key Management Hardware Security Module = Trust Anchor Sources of Trust Customer Premise Cloud Provider Customer Controlled at Service Provider + Most Control + Architecture + Architecture + Multi Cloud - Architecture - Security / Separation - Multi Cloud - Integration © SafeNet Confidential and Proprietary Trusted 3rd Party 22
  • 23. Leveraging Crypto In The Cloud Most Flexible Applications and Workloads Highest Assurance Key Management Hardware Security Module = Trust Anchor Sources of Trust Customer Premise Cloud Provider Customer Controlled at Service Provider + Most Control + Architecture + Architecture + Multi Cloud - Architecture - Security / Separation - Multi Cloud - Integration © SafeNet Confidential and Proprietary Trusted 3rd Party 23
  • 24. How Do You Apply Security Controls? Security Controls Mapping and Sized by Budget Security Management & GRC Identity/Entity Security Data Security App Sec Host Network Infrastructure Security CSA Cloud Model
  • 25. Need to Focus “Up The Stack” CSA Cloud Model Security Management & GRC Identity/Entity Security Data Security App Sec Host Virtualization, Software Defined Networks, Network and Public/Hybrid/Community Cloud Forces Infrastructure Security a Change in How Security Controls Are Evaluated and Deployed
  • 26. Data Centric Security = Agility! CSA Cloud Model Security Management & GRC Identity/Entity Security Data Security App Sec Host Network Infrastructure Security
  • 27. Thank You!!! @djetue safenet-inc.com @SafeNetInc facebook.com/SafeNetInc Insert Your Name Insert Your Title Insert Date