Cloud Security for Public Sector
Tower Club
Presented by: Adam Vincent, CTO Public Sector, Layer 7 Technologies
avincent@g...
In the Cloud

Risks to Cloud Consumers:

   • Security and Privacy – how can I be
   sure that my data and applications wi...
Traditional Information Assurance - Multi-Tenant




     Multi-Tenant Cloud Environments




                            ...
Introducing New Risk: Cloud Attack Surface

                                          Enterprise                      Ente...
Introducing New Risk: When the Cloud Attacks

Leveraging the Cloud Nefariously:

   • Denial of Service – how can I be
   ...
Example: Thunderclap Proof of Concept
Thunderclap – “Cloud Computing – A Weapon of Mass Destruction? (DEFCON
2010)”
  • Pr...
Conclusions
 Cloud provides a powerful & agile capability for small, medium, and large businesses.
 Cloud Consumers
  - ...
Upcoming SlideShare
Loading in...5
×

Layer 7: Cloud Security For The Public Sector

3,330

Published on

Presentation by Layer 7 Public Sector CTO Adam Vincent on Cloud risks, threats and security for the public sector.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,330
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Layer 7: Cloud Security For The Public Sector

  1. 1. Cloud Security for Public Sector Tower Club Presented by: Adam Vincent, CTO Public Sector, Layer 7 Technologies avincent@gov.layer7tech.com
  2. 2. In the Cloud Risks to Cloud Consumers: • Security and Privacy – how can I be sure that my data and applications will be secure? • Business Continuity – what happens if my Internet provider or cloud provider goes down? • Business Value – how can I be sure my cloud service provider is meeting my SLA? • Compliance – how can I ensure regulatory/legal compliance? “Sharing the Cloud” 2 Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
  3. 3. Traditional Information Assurance - Multi-Tenant Multi-Tenant Cloud Environments = Problem Cloud Consumers 3 Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
  4. 4. Introducing New Risk: Cloud Attack Surface Enterprise Enterprise Enterprise Perimeter Zone Internet Zone Perimeter Zone Internet Zone Perimeter Zone Internet Zone Traditional Software/OS & Perimeter Defense ApplicationZone Perimeter Zone ApplicationZone Perimeter Zone ApplicationZone Perimeter Zone Virtual Server Zone Application Zone Virtual Server Zone Application Zone Virtual Server Zone Application Zone Cloud API’s & Governance Shared API’s & Cloud Governance vulnerabilities Hypervisor Exploitation Shared Hypervisor Hardware Exploitation Shared Hardware & Supply Chain Insider Threat Shared People 4 Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
  5. 5. Introducing New Risk: When the Cloud Attacks Leveraging the Cloud Nefariously: • Denial of Service – how can I be sure that my cloud is not being used to launch a DoS? • Cryptographic Analysis– how can I be sure that my cloud isn’t working towards breaking someone's encryption? • Command & Control – how can I ensure that my cloud is not providing an adversary a platform to monitor and control a cyber attack? “Responsibility for Good not Evil” 5 Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
  6. 6. Example: Thunderclap Proof of Concept Thunderclap – “Cloud Computing – A Weapon of Mass Destruction? (DEFCON 2010)” • Proof of Concept showing how DDoS attack could be run from the cloud Value Proposition (my interpretation) • Performance: Massive Bandwidth & Power = Plentiful • Up Front Cost: Stolen Credit Card Number = Free • Time: Little to none once initial R&D is completed = Time for hobbies • Value: Charge $$$ to highest bidder = Make massive profit Conclusion: Not a bad business model! 6 Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
  7. 7. Conclusions  Cloud provides a powerful & agile capability for small, medium, and large businesses.  Cloud Consumers - Connect: “your cloud capabilities” to current information assurance/cyber defense solutions & requirements - Protect: “your cloud capabilities” from the threat of shared governance, API’s, networks, virtualization platforms, and hardware  Cloud Providers - Control: “your cloud infrastructure” with detection and discovery to ensure that it isn't being abused, directed against others, compromised or used for free Layer 7 Technologies: CloudSpan products: CloudConnect, CloudProtect and CloudControl help organizations at each stage of their cloud adoption curve, from consuming SaaS services, to running applications securely in the cloud, to becoming a provider of cloud and SaaS services. 7 Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×