Your SlideShare is downloading. ×
0

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Layer 7: Cloud Security For The Public Sector

3,299

Published on

Presentation by Layer 7 Public Sector CTO Adam Vincent on Cloud risks, threats and security for the public sector.

Presentation by Layer 7 Public Sector CTO Adam Vincent on Cloud risks, threats and security for the public sector.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,299
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Cloud Security for Public Sector Tower Club Presented by: Adam Vincent, CTO Public Sector, Layer 7 Technologies avincent@gov.layer7tech.com
  • 2. In the Cloud Risks to Cloud Consumers: • Security and Privacy – how can I be sure that my data and applications will be secure? • Business Continuity – what happens if my Internet provider or cloud provider goes down? • Business Value – how can I be sure my cloud service provider is meeting my SLA? • Compliance – how can I ensure regulatory/legal compliance? “Sharing the Cloud” 2 Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
  • 3. Traditional Information Assurance - Multi-Tenant Multi-Tenant Cloud Environments = Problem Cloud Consumers 3 Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
  • 4. Introducing New Risk: Cloud Attack Surface Enterprise Enterprise Enterprise Perimeter Zone Internet Zone Perimeter Zone Internet Zone Perimeter Zone Internet Zone Traditional Software/OS & Perimeter Defense ApplicationZone Perimeter Zone ApplicationZone Perimeter Zone ApplicationZone Perimeter Zone Virtual Server Zone Application Zone Virtual Server Zone Application Zone Virtual Server Zone Application Zone Cloud API’s & Governance Shared API’s & Cloud Governance vulnerabilities Hypervisor Exploitation Shared Hypervisor Hardware Exploitation Shared Hardware & Supply Chain Insider Threat Shared People 4 Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
  • 5. Introducing New Risk: When the Cloud Attacks Leveraging the Cloud Nefariously: • Denial of Service – how can I be sure that my cloud is not being used to launch a DoS? • Cryptographic Analysis– how can I be sure that my cloud isn’t working towards breaking someone's encryption? • Command & Control – how can I ensure that my cloud is not providing an adversary a platform to monitor and control a cyber attack? “Responsibility for Good not Evil” 5 Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
  • 6. Example: Thunderclap Proof of Concept Thunderclap – “Cloud Computing – A Weapon of Mass Destruction? (DEFCON 2010)” • Proof of Concept showing how DDoS attack could be run from the cloud Value Proposition (my interpretation) • Performance: Massive Bandwidth & Power = Plentiful • Up Front Cost: Stolen Credit Card Number = Free • Time: Little to none once initial R&D is completed = Time for hobbies • Value: Charge $$$ to highest bidder = Make massive profit Conclusion: Not a bad business model! 6 Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com
  • 7. Conclusions  Cloud provides a powerful & agile capability for small, medium, and large businesses.  Cloud Consumers - Connect: “your cloud capabilities” to current information assurance/cyber defense solutions & requirements - Protect: “your cloud capabilities” from the threat of shared governance, API’s, networks, virtualization platforms, and hardware  Cloud Providers - Control: “your cloud infrastructure” with detection and discovery to ensure that it isn't being abused, directed against others, compromised or used for free Layer 7 Technologies: CloudSpan products: CloudConnect, CloudProtect and CloudControl help organizations at each stage of their cloud adoption curve, from consuming SaaS services, to running applications securely in the cloud, to becoming a provider of cloud and SaaS services. 7 Adam Vincent, CTO Public Sector | avincent@gov.layer7tech.com | www.layer7tech.com

×