Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How the financial cloud should be protected


Published on

Created for hedge funds and investment firms, this presentation looks at the for layers of security that should be implemented in a cloud computing infrastructure. These cloud security layers include deep and detailed practices around:
a. Principle of Defense in Depth
b. Principle of Least Privilege
c. Audit & Logging
d. Secure User Authentication Protocols & Encryption

Published in: Technology
  • Be the first to comment

  • Be the first to like this

How the financial cloud should be protected

  1. 1. A Look at Protections in the Cloud Steve Schoener, Senior Vice President, Client Technology
  2. 2. Layers of Cloud Security: What to Expect Principle of Defense in Depth Principle of Least Privilege Secure User Authentication Protocols Audit & Logging
  3. 3. Principle of Defense in Depth • Multiple layers of security employed simultaneously • Engage Real-time Intrusion Detection/Prevention Solution – Track and monitor network activity including intrusions, attacks, and the accessing of sensitive data Cloud Firewall Desktop Cloud Services Client-Side Firewall IDS/IPS Appliance InternetIDS/IPS Appliance
  4. 4. Principle of Least Privilege • Privileged access must be established to core data – Access on an as-needed basis – Don’t place highly confidential content on unprotected servers • Implement restriction policies – Access control lists on all applications and data » Who has access to what? Keep an authentication/access log – Inbound/Outbound Internet Access Control lists – Use of audited OTPs (one-time-passwords) & minimum-privilege shared accounts
  5. 5. Cloud Providers & Firms Must Establish Secure User Authentication Protocols • Assign unique domain user IDs to each employee • Enforce strong domain password policies • Control data security passwords – Ensure they are kept in a location and/or format that does not compromise the security of the data they protect • Restrict access to active users and active user accounts only
  6. 6. Monitor, Audit and Logging Network Activity • Expect to see a central logging system that records: – All login/logout events – Inbound/outbound connections through Internet-facing firewalls – Email and network traffic • Cloud Providers Must Perform Regular Vulnerability Assessments – Verify firewall configuration and anti-virus patching, network device security and evidence of malicious activity