1. Cloud Security
For Retail01
How Not To Make
The Headlines:
Kevin Linsell
Director, Strategy & Architecture
Adapt
Richard Cassidy
Technical Director
Alert Logic
5 Ways To Kill The
Cyber Security Threat
4. 04 Cloud: The Retail Enabler04
Source: IDC FutureScape, 2015
as many retailers as now
will explicitly underpin
their customer and
operations strategies on
3rd platform technologies
by 2017
3x
5. Cloud Adoption Trends05
Sources:
1. Cloud Industry Forum, 2015 (n=250)
2. Adapt Cloud Adoption Survey, 2015 (n=200)
2
years on:
84%
of UK businesses use cloud
services today1
48 53 61 69 78 84
52 47 39 31 22 16
0%
20%
40%
60%
80%
100%
2010 2011 2012 2013 2014 2015
And 78%
use more
than one
cloud-based
service1
32%
22%
35%
43%
16% 29%
7% 7%
9% 8%
2014 2015
One Two Three Four Five+
38%will increase their
cloud adoption
25%will refine their cloud
environment
18%will transform their
cloud environment2
6. An Evolving Landscape06
Early 2000s Mid 2000s 2015 & Beyond
Always
Online
Smartphone
Revolution
End Of The
Dot.com
In Pursuit Of
Omni-Channel
Shopping Trolley
Goes Mobile
Brick & Mortar +
1-Way Online
HybridVirtualPhysical
Advanced, Multi
Vector Attacks
Proliferation &
Organisation
Basic Malware,
Solo Mischief
Consumer
Technology
Data Centre
Retail
Threats &
Attacks
7. 07 Stats That Keep You Up At Night…07
Sources: 1. The UK Cyber Security Strategy: Landscape Review – NAO 2013
2. ACI Worldwide, 2014
Almost 33% of online consumers don’t
trust retail security2
£35,000 to £65,000 is the average cost of
SME cyber/data loss1
The cost of cyber crime in the UK in 2013 was estimated to be between
£18 billion & £27 billion1
7,000 Distributed Denial of Service (DDoS)
attacks daily1
For larger businesses, the average cost is
£450,000 to £850,0001
9. 09 The Retail Cyber Kill Chain
1 – IDC Worldwide Security and Vulnerability Management 2014–2018 Forecast
2 – M-Trends 2015: A View from the Front Lines
Attacks are multi-stage using multiple threat
vectors
On average, it takes organizations 205 days to
identify they have been compromised1
Over two-thirds of organizations find out from
a 3rd partythey have been compromised2
IDENTIFY
& RECON
INITIAL
ATTACK
COMMAND
& CONTROL
DISCOVER/
SPREAD
EXTRACT/
EXFILTRATE
11. 011 Cybercrime: The Main Enablers
Anonymity
Crypto Currencies
Underground Market
12. 012 Have You Been Affected?
Source: Alert Logic CSR 2015. n=3026
39%
24%
22%
9%
6%
App Attack Brute Force Suspicious Activity Recon Trojan
13. 013 Why Are You Of Interest?
Large volumes of
personal/ financial data
eCommerce
Application
Diverse, physically
insecure infrastructure
14. Richard Cassidy
Technical Director, Alert Logic
Kevin Linsell
Director, Strategy & Architecture, Adapt
How To Kill The Cyber
Security Threat
15. 015 Continuous, End-to-End Protection
Continuous
protection
from threat &
exposure
Threat
Intelligence
& Security
Content
24 x 7
Monitoring
&
Escalation
Your IT
Environment
Cloud, Hybrid
On-Premises
Network Events &
Vulnerability
Scanning
Log Data
Web Application
Events
Data
Collection
Big Data
Analytics
Platform
16. 016 5 Ways To Kill The Cyber Security Threat
Stay Informed &…
Best Practice
Secure your
applications first
Create robust
access management
policies
Adopt a patch
management
approach
Review logs
regularly
Build a security
toolkit
1 Assume the worst can (and will!) happen
2 Fully assess what is at risk
3 Give responsibility to the right people
4 Plan for rapid recovery
5 View strong risk mgmt & security as an enabler
17. 017 Security: A Shared Responsibility
ServiceProviderResponsibility
Foundation Services
(ISO 27001 compliant)
Hypervisor & OS
• Firewall & perimeter security services
• Segregation of Adapt & Customer Networks
• Regular Pen-tested network
• Accredited platform design & build
• Controlled access for customers
• Guest OS hardening
• Patch management
• Infrastructure updates
• Client access management
• Permission policies
• Security monitoring
• Log analysis
Apps
• Secure coding and best practices
• Software and virtual patching
• Configuration management
• Access management
• Application level attack monitoring
• Network threat
detection
• Security monitoring
• DDoS ProtectionNetworks
Compute Storage DB Network
CustomerResponsibility