Your SlideShare is downloading. ×
  • Like
Myths and Realities of Cloud Data Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Myths and Realities of Cloud Data Security

  • 203 views
Published

Debunking some of the "sound bite" myths around Cloud Data Security. Presentation done for the MinneAnalytics "Life Science Lean-In: Analytics & Big Data in Healthcare & Life Science"

Debunking some of the "sound bite" myths around Cloud Data Security. Presentation done for the MinneAnalytics "Life Science Lean-In: Analytics & Big Data in Healthcare & Life Science"

Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
203
On SlideShare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
17
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Myths & Realities of Cloud Data Security Michael J. Krouze Chief Technology Officer Charter Solutions, Inc. © 2012
  • 2. “All our knowledge has its origins in our perceptions.” - Leonardo da Vinci “The first step toward change is awareness. The second step is acceptance.” - Nathaniel Branden “The thing about quotes on the internet is you can not confirm their validity.” - Abraham Lincoln Copyright © 2013, Charter Solutions, Inc. 2.
  • 3. We don’t use the cloud. Copyright © 2013, Charter Solutions, Inc. 3.
  • 4. Copyright © 2013, Charter Solutions, Inc. 4.
  • 5. • Files are encrypted at rest • Files are encrypted during transit • Provide “business” version that allows multiple user access control • Strict policy and technical access controls that prohibit employee access • Users can have weak passwords • Files are ‘synced’ to multiple devices • API allows programs to access your files (with permission) • Always use strong passwords • Encrypt files before you put them there and only share key with the other people who should see that file • Never give permission for API access Copyright © 2013, Charter Solutions, Inc. 5.
  • 6. Yes, your organization uses the cloud… you just may not know it. Copyright © 2013, Charter Solutions, Inc. 6.
  • 7. The cloud simply cannot be secure. The cloud isn't safe. If it's on the Internet, it's more vulnerable to hackers. Data stored in the cloud is more vulnerable. My provider has my security covered. Copyright © 2013, Charter Solutions, Inc. Private cloud computing is secure by default. 7.
  • 8. Security is a Shared Responsibility On-Premise On-Premise (hosted) IaaS PaaS SaaS Application Application Application Application Application Services Services Services Services Services OS OS OS OS OS VM VM VM VM VM Server Server Server Server Server Storage Storage Storage Storage Storage Network Network Network Network Network Organization has Control Copyright © 2013, Charter Solutions, Inc. Organization Shares Control with Vendor Vendor has Control 8.
  • 9. Industry Groups Targeted Accommodation and Food Services Retail Trade Finance and Insurance Health Care and Social Assistance Information Other 0 10 20 30 40 % of Breaches 50 60 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 9.
  • 10. Who’s Behind Data Breaches? External Agents Internal Employees Business Partners 0 20 40 60 % of Breaches 80 100 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 10.
  • 11. Threat Agent Change Over Time 100 90 % of Breaches 80 70 60 50 40 30 20 10 0 '04-'07 2008 External 2009 Internal 2010 2011 Partner Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 11.
  • 12. How Do Breaches Occur? Hacking Malware Physical Attacks Social Tactics Priviledge Misuse 0 20 40 60 % of Breaches 80 100 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 12.
  • 13. Attack Commonalities 97% 96% 94% 92% 85% 79% Avoidable through simple or intermediate controls Were not highly difficult Of all data compromised involved servers Were discovered by a third party Took weeks or more to discover Were targets of opportunity Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 13.
  • 14. Hacking Methods Default/guessable credentials Stolen login credentials Brute force/dictionary attacks Exploit backdoor Exploit insufficient authentication SQL Injection Remote file inclusion Abuse of functionality Unknown 0 10 20 30 40 % of Breaches 50 60 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 14.
  • 15. Not Just About Data Encryption Public Network SSL Encrypted Application Private Network Clear Text Data Database Storage System OS File System Encrypted at Rest Copyright © 2013, Charter Solutions, Inc. 15.
  • 16. It’s not that the cloud isn’t secure… It’s that you need to think differently about how to secure it Copyright © 2013, Charter Solutions, Inc. 16.
  • 17. My datacenter is more secure than the cloud. Copyright © 2013, Charter Solutions, Inc. 17.
  • 18. A little obvious after the last myth Security is often taken for granted behind the firewall Copyright © 2013, Charter Solutions, Inc. 18.
  • 19. Data Breaches by Hosting Location Internal External Co-located Mobile 0 10 20 30 40 50 % of Breaches 60 70 80 90 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 19.
  • 20. Your datacenter (on-premise or cloud) is only as secure as you make it! Both can be equally secure or insecure. Copyright © 2013, Charter Solutions, Inc. 20.
  • 21. Concluding thoughts… Copyright © 2013, Charter Solutions, Inc. 21.
  • 22. Understand your data risks & security needs Establish a set of cloud-specific security processes / policies Copyright © 2013, Charter Solutions, Inc. 22.
  • 23. Review cloud vendors closely to ensure their sphere of control aligns with your cloud-specific processes / policies Implement, monitor, react, review, improve Copyright © 2013, Charter Solutions, Inc. 23.
  • 24. Thank You! michael.krouze@chartersolutions.com http://www.linkedin.com/in/mjkrouze @mjkrouze Copyright © 2013, Charter Solutions, Inc. 24.