Layer 7: Cloud Security For The Public Sector
 

Layer 7: Cloud Security For The Public Sector

on

  • 3,719 views

Presentation by Layer 7 Public Sector CTO Adam Vincent on Cloud risks, threats and security for the public sector.

Presentation by Layer 7 Public Sector CTO Adam Vincent on Cloud risks, threats and security for the public sector.

Statistics

Views

Total Views
3,719
Views on SlideShare
2,398
Embed Views
1,321

Actions

Likes
0
Downloads
22
Comments
0

6 Embeds 1,321

http://www.layer7tech.com 1170
http://www.layer7.com 126
http://layer7.com 17
http://cc.bingj.com 5
http://translate.googleusercontent.com 2
http://gov.layer7tech.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Layer 7: Cloud Security For The Public Sector Layer 7: Cloud Security For The Public Sector Presentation Transcript

  • Cloud Security for Public Sector Tower Club Presented by: Adam Vincent, CTO Public Sector, Layer 7 Technologies avincent@gov.layer7tech.com
  • In the Cloud Risks to Cloud Consumers: • Security and Privacy – how can I be sure that my data and applications will be secure? • Business Continuity – what happens if my Internet provider or cloud provider goes down? • Business Value – how can I be sure my cloud service provider is meeting my SLA? • Compliance – how can I ensure regulatory/legal compliance? “Sharing the Cloud” 2 Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
  • Traditional Information Assurance - Multi-Tenant Multi-Tenant Cloud Environments = Problem Cloud Consumers 3 Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
  • Introducing New Risk: Cloud Attack Surface Enterprise Enterprise Enterprise Perimeter Zone Internet Zone Perimeter Zone Internet Zone Perimeter Zone Internet Zone Traditional Software/OS & Perimeter Defense ApplicationZone Perimeter Zone ApplicationZone Perimeter Zone ApplicationZone Perimeter Zone Virtual Server Zone Application Zone Virtual Server Zone Application Zone Virtual Server Zone Application Zone Cloud API’s & Governance Shared API’s & Cloud Governance vulnerabilities Hypervisor Exploitation Shared Hypervisor Hardware Exploitation Shared Hardware & Supply Chain Insider Threat Shared People 4 Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
  • Introducing New Risk: When the Cloud Attacks Leveraging the Cloud Nefariously: • Denial of Service – how can I be sure that my cloud is not being used to launch a DoS? • Cryptographic Analysis– how can I be sure that my cloud isn’t working towards breaking someone's encryption? • Command & Control – how can I ensure that my cloud is not providing an adversary a platform to monitor and control a cyber attack? “Responsibility for Good not Evil” 5 Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
  • Example: Thunderclap Proof of Concept Thunderclap – “Cloud Computing – A Weapon of Mass Destruction? (DEFCON 2010)” • Proof of Concept showing how DDoS attack could be run from the cloud Value Proposition (my interpretation) • Performance: Massive Bandwidth & Power = Plentiful • Up Front Cost: Stolen Credit Card Number = Free • Time: Little to none once initial R&D is completed = Time for hobbies • Value: Charge $$$ to highest bidder = Make massive profit Conclusion: Not a bad business model! 6 Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
  • Conclusions  Cloud provides a powerful & agile capability for small, medium, and large businesses.  Cloud Consumers - Connect: “your cloud capabilities” to current information assurance/cyber defense solutions & requirements - Protect: “your cloud capabilities” from the threat of shared governance, API’s, networks, virtualization platforms, and hardware  Cloud Providers - Control: “your cloud infrastructure” with detection and discovery to ensure that it isn't being abused, directed against others, compromised or used for free Layer 7 Technologies: CloudSpan products: CloudConnect, CloudProtect and CloudControl help organizations at each stage of their cloud adoption curve, from consuming SaaS services, to running applications securely in the cloud, to becoming a provider of cloud and SaaS services. 7 Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com