SlideShare a Scribd company logo

Secure Cloud Hosting: Real Requirements to Protect your Data

Great Wide Open
Great Wide Open

Great Wide Open - Day 2 Chris Hinkley - Firehost 2:45 PM - Operations 1 (Cloud)

Technology
1 of 22
Download to read offline
Secure Cloud Hosting: Real Requirements to Protect your Data Chris Hinkley Senior Security Architect Great Wide Open – Atlanta, GA April 2 – 3, 2014
Locking Down the Cloud – A Holistic View Agenda •  The Specialization of IT •  Challenges Facing Cloud Consumers and Providers •  A To-Do List for Cloud Consumers and Providers •  The Secure Cloud is Not a Myth •  Physical Security •  Perimeter Security •  Virtual Server Security •  Supporting Security Services •  Secure Administrative Access •  Business Continuity and DR •  Compliance for Cloud
The Specialization of IT •  Complexities of IT has meant more specialists than generalists, each responsible for a small piece of the puzzle •  New tools and technologies has led to increased staffing levels, with specific experience on implementation and management •  Rapid change in technology means nearly continuous training for specialists •  High cost to implement and maintain IT infrastructure have many companies looking for ways to offload as much as possible Locking Down the Cloud – A Holistic View
Challenges Facing Cloud Consumers and Providers •  Consumers want to outsource both technology and compliance responsibilities •  Consumers cannot abdicate their compliance responsibility  •  Providers do not adequately define the division of responsibilities between themselves and customers •  Providers often do not clearly articulate how they can help customers meet compliance requirements •  All can lead to confusion in the purchasing decision and create conflicts during an audit Locking Down the Cloud – A Holistic View
A To-Do List For Cloud Consumers and Providers •  Consumers need to fully understand all of their security and compliance responsibilities •  Consumers need to effectively evaluate and understand the various cloud provider models •  Consumers need to ask for clear definition of all services, the division of their responsibilities and those of their providers •  Consumers must put programs in place to ensure that their providers are meeting their responsibilities. •  Providers must become transparent about their security programs and deliver adequate details about offered services •  Providers must clearly articulate the delineation of responsibilities between themselves and customers •  Providers must be clear about how their offered services can assist consumers in meeting compliance requirements Locking Down the Cloud – A Holistic View
The Secure Cloud is Not a Myth •  Build for security not compliance •  Follow security best practices vs. chasing compliance guidelines •  Use a common controls approach •  Deploy multiple security countermeasures using a layered approach Locking Down the Cloud – A Holistic View
Physical Security •  Locate data center in area at low risk to natural disasters •  No identifying signage •  24X7 manned security, roving patrols •  Multi-factor authentication for entry •  Comprehensive CCTV coverage •  Log all entries, monitor systems, securely store logs and video Locking Down the Cloud – A Holistic View
Attackers need Targets Verizon DBR Data •  92% of breaches were perpetrated by outsiders •  78% of initial intrusions rated as low difficulty •  Attack Targeting •  Opportunistic – 75% •  Targeted – 25% FireHost Superfecta •  47,917,145 of IPRM blocks in 2013 •  14,057,093 of blocked attacks via WAF Locking Down the Cloud – A Holistic View •  Cross-Site Request Forgery – 3,347,515 •  Cross-Site Scripting – 4,904,651 Broken  down  into  the  4  categories     •  Directory Traversal – 3,269,680 •  SQL Injection – 2,535,247
Vulnerability Trends Locking Down the Cloud – A Holistic View Source:  Secunia  Vulnerability  Review  2014  
Vulnerability Trends Locking Down the Cloud – A Holistic View Source:  Secunia  Vulnerability  Review  2014  
Locking Down the Cloud – A Holistic View Routers w/IP Reputation Filtering Redundant DoS/DDoS Mitigation Redundant Web Application Firewalls Redundant Public Traffic Intrusion Detection Perimeter Security
Locking Down the Cloud – A Holistic View SECURITY ZONE Application Servers Database Servers Load Balancers VMware Hypervisor (Hardened) Blade/SAN Architecture High Availability Architecture 20 Gbps Network (Public & Private) Per VM Firewall Policies Unlimited Security Zones Web Servers SECURITY ZONE Secure SAN Storage Physically Isolated Secure Storage Area Network Secure Data Deletion and Destruction Complete Data Obfuscation VM VM VM VM VM LB LB VM VM VM VM VM SAN Virtual Server Security
Locking Down the Cloud – A Holistic View Data Leakage Protection Antimalware/ Antivirus File Integrity Monitoring Vulnerability Management Log Management Patch Management Configuration Management Supporting Security Services
Locking Down the Cloud – A Holistic View Protecting from the Outside In
Locking Down the Cloud – A Holistic View Secure Administrative Access Physically Isolated Network Secure Jump Hosts Privileged Access Management Full Session Recording Multi-Factor Authentication SSLVPN/L2LVPN Secure Access MPLS Termination Secure Customer Access Secure Administrative Access
Locking Down the Cloud – A Holistic View Putting It All Together
Locking Down the Cloud – A Holistic View IsolatedCustomerEnvironment IsolatedCustomerEnvironment Data Leakage Protection Antimalware/ Antivirus File Integrity Monitoring Vulnerability Management Log Management Patch Management Configuration Management Secure Administrative Access Physically Isolated Network Secure Jump Hosts Privileged Access Management Full Session Recording SECURITY ZONE Application Servers Database Servers Load Balancers VMware Hypervisor (Hardened) Blade/SAN Architecture High Availability Architecture 20 Gbps Network (Public & Private) Per VM Firewall Policies Unlimited Security Zones Web Servers SECURITY ZONE Secure SAN Storage Physically Isolated Secure Storage Area Network Secure Data Deletion and Destruction Complete Data Obfuscation VM VM VM VM VM LB LB VM VM VM VM VM SAN Multi-Factor Authentication SSLVPN/L2LVPN Secure Access MPLS Termination Secure Customer Access Routers w/IP Reputation Filtering Redundant DoS/DDoS Mitigation Redundant Web Application Firewalls Redundant Public Traffic Intrusion Detection
Business Continuity & DR •  Lessons (supposedly) learned from Katrina and other recent disasters •  Did we really learn? What about Sandy and Nemo? •  Location of data centers, loss of transportation, large scale power and other critical service outage, employees worrying more about personal and family safety •  Didn’t fully learn from the past •  BCDR Solutions •  Focus on business continuity part of BCDR •  Build for high availability •  Implement redundant sites with geographic load balancing •  At minimum replicate data to another location Full Infrastructure Geographic Location 1 Full Infrastructure Geographic Location 2 Primary Infrastructure File/Database Backups Regular Backups Real-Time Replication Locking Down the Cloud – A Holistic View
Managing Compliance for Cloud •  Treat all data as sensitive (after all, it’s just 1’s and 0’s to the systems) •  Develop a common controls framework (CCF) of controls based on industry standard frameworks; enabling efficient compliance adoption and validation reporting •  Use existing industry standards like ISO 27001 and NIST 800-53 as a baseline and add specific requirements based on your needs (PCI, HIPAA, GLBA, etc.) •  Future proof compliance iterations by keeping your CCF updated •  Implement a continuous monitoring and audit program Locking Down the Cloud – A Holistic View
Continuous Monitoring for Compliance •  Confusing term and application depending on who you talk to •  What is the definition of “real-time?” •  Define the appropriate monitoring interval for each control •  Patching – 30 days upon release •  Log reviews - daily •  Malware scans – real-time alerting and reporting •  Access reviews – privileged accounts monthly, others quarterly •  Implement tools to monitor the controls at the defined interval •  Centralize all monitoring results in a secure system •  Build dashboard to track compliance based on results Locking Down the Cloud – A Holistic View
What about data sovereignty and regional regulation? •  Ensure you understand what regulations apply to your business •  Engage with your customers to understand their requirements •  Take these regulations and customer requirements into account within your CCF •  Architect your cloud to enable data sovereignty and allow customers to select the location(s) for their servers and data •  Provide monitoring/reporting that allows customers to validate where their data is at any time •  Keep up with changes to the regulations Locking Down the Cloud – A Holistic View
Thank You Email Phone Chris Hinkley Senior Security Architect chris.hinkley@firehost.com 1-877-262-3473 x8032 Questions? Locking Down the Cloud – A Holistic View

Recommended

Algosec security policy management for financial institutions
Algosec security policy management for financial institutionsAlgosec security policy management for financial institutions
Algosec security policy management for financial institutionsMaytal Levi
 
Assessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsAssessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsDigital Bond
 
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveTop PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveAlgoSec
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextAlgoSec
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceAlgoSec
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsColorTokens Inc
 
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersEnsuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersAlgoSec
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Maytal Levi
 

Recommended

Algosec security policy management for financial institutions
Algosec security policy management for financial institutionsAlgosec security policy management for financial institutions
Algosec security policy management for financial institutionsMaytal Levi
 
Assessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsAssessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsDigital Bond
 
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveTop PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveAlgoSec
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextAlgoSec
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceAlgoSec
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsColorTokens Inc
 
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersEnsuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersAlgoSec
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Maytal Levi
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudCloudPassage
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomwareAlgoSec
 
Network Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceNetwork Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceSkybox Security
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...AlgoSec
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of VulnerabilitySkybox Security
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectCloudPassage
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...AlgoSec
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Skybox Security
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarAlgoSec
 
Migrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best PracticesMigrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best Practicesshira koper
 
Best Practices for Network Security Management
Best Practices for Network Security Management Best Practices for Network Security Management
Best Practices for Network Security Management Skybox Security
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network finalAlgoSec
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItSkybox Security
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloudAlgoSec
 
Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Securityshira koper
 
Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...AlgoSec
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...AlgoSec
 
Ransomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondRansomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondAlgoSec
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesAlgoSec
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfCiente
 

More Related Content

What's hot

Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudCloudPassage
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomwareAlgoSec
 
Network Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceNetwork Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceSkybox Security
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...AlgoSec
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of VulnerabilitySkybox Security
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectCloudPassage
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...AlgoSec
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Skybox Security
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarAlgoSec
 
Migrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best PracticesMigrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best Practicesshira koper
 
Best Practices for Network Security Management
Best Practices for Network Security Management Best Practices for Network Security Management
Best Practices for Network Security Management Skybox Security
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network finalAlgoSec
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItSkybox Security
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloudAlgoSec
 
Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Securityshira koper
 
Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...AlgoSec
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...AlgoSec
 
Ransomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondRansomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondAlgoSec
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesAlgoSec
 

What's hot (20)

Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware
 
Network Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceNetwork Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack Surface
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the Curve
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
 
Migrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best PracticesMigrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best Practices
 
Best Practices for Network Security Management
Best Practices for Network Security Management Best Practices for Network Security Management
Best Practices for Network Security Management
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network final
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix It
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud
 
Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Security
 
Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
 
Ransomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondRansomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respond
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best Practices
 

Similar to Secure Cloud Hosting: Real Requirements to Protect your Data

Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfCiente
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...Amazon Web Services
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 
Cloud Security Guidance from CESG and AWS
Cloud Security Guidance from CESG and AWSCloud Security Guidance from CESG and AWS
Cloud Security Guidance from CESG and AWSAmazon Web Services
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpointCloudPassage
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the CloudCloudPassage
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwaribhanu krishna
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxLokNathRegmi1
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesNJVC, LLC
 
gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2Anne Starr
 
Zero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxZero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxkkhhusshi
 
Anya-Kim-Bhargava-MCCWorkshop.ppt
Anya-Kim-Bhargava-MCCWorkshop.pptAnya-Kim-Bhargava-MCCWorkshop.ppt
Anya-Kim-Bhargava-MCCWorkshop.pptTaskinKhaleque
 

Similar to Secure Cloud Hosting: Real Requirements to Protect your Data (20)

Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdf
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
Cloud Security Guidance from CESG and AWS
Cloud Security Guidance from CESG and AWSCloud Security Guidance from CESG and AWS
Cloud Security Guidance from CESG and AWS
 
Secure Cloud Issues
Secure Cloud IssuesSecure Cloud Issues
Secure Cloud Issues
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Is it an internal affair
Is it an internal affairIs it an internal affair
Is it an internal affair
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwari
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
 
gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2
 
Zero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxZero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptx
 
Anya-Kim-Bhargava-MCCWorkshop.ppt
Anya-Kim-Bhargava-MCCWorkshop.pptAnya-Kim-Bhargava-MCCWorkshop.ppt
Anya-Kim-Bhargava-MCCWorkshop.ppt
 

More from Great Wide Open

The Little Meetup That Could
The Little Meetup That CouldThe Little Meetup That Could
The Little Meetup That CouldGreat Wide Open
 
Lightning Talk - 5 Hacks to Getting the Job of Your Dreams
Lightning Talk - 5 Hacks to Getting the Job of Your DreamsLightning Talk - 5 Hacks to Getting the Job of Your Dreams
Lightning Talk - 5 Hacks to Getting the Job of Your DreamsGreat Wide Open
 
Breaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational PullBreaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational PullGreat Wide Open
 
Dealing with Unstructured Data: Scaling to Infinity
Dealing with Unstructured Data: Scaling to InfinityDealing with Unstructured Data: Scaling to Infinity
Dealing with Unstructured Data: Scaling to InfinityGreat Wide Open
 
You Don't Know Node: Quick Intro to 6 Core Features
You Don't Know Node: Quick Intro to 6 Core FeaturesYou Don't Know Node: Quick Intro to 6 Core Features
You Don't Know Node: Quick Intro to 6 Core FeaturesGreat Wide Open
 
Using Cryptography Properly in Applications
Using Cryptography Properly in ApplicationsUsing Cryptography Properly in Applications
Using Cryptography Properly in ApplicationsGreat Wide Open
 
Lightning Talk - Getting Students Involved In Open Source
Lightning Talk - Getting Students Involved In Open SourceLightning Talk - Getting Students Involved In Open Source
Lightning Talk - Getting Students Involved In Open SourceGreat Wide Open
 
You have Selenium... Now what?
You have Selenium... Now what?You have Selenium... Now what?
You have Selenium... Now what?Great Wide Open
 
How Constraints Cultivate Growth
How Constraints Cultivate GrowthHow Constraints Cultivate Growth
How Constraints Cultivate GrowthGreat Wide Open
 
Troubleshooting Hadoop: Distributed Debugging
Troubleshooting Hadoop: Distributed DebuggingTroubleshooting Hadoop: Distributed Debugging
Troubleshooting Hadoop: Distributed DebuggingGreat Wide Open
 
The Current Messaging Landscape
The Current Messaging LandscapeThe Current Messaging Landscape
The Current Messaging LandscapeGreat Wide Open
 
Understanding Open Source Class 101
Understanding Open Source Class 101Understanding Open Source Class 101
Understanding Open Source Class 101Great Wide Open
 
Elasticsearch for SQL Users
Elasticsearch for SQL UsersElasticsearch for SQL Users
Elasticsearch for SQL UsersGreat Wide Open
 

More from Great Wide Open (20)

The Little Meetup That Could
The Little Meetup That CouldThe Little Meetup That Could
The Little Meetup That Could
 
Lightning Talk - 5 Hacks to Getting the Job of Your Dreams
Lightning Talk - 5 Hacks to Getting the Job of Your DreamsLightning Talk - 5 Hacks to Getting the Job of Your Dreams
Lightning Talk - 5 Hacks to Getting the Job of Your Dreams
 
Breaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational PullBreaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational Pull
 
Dealing with Unstructured Data: Scaling to Infinity
Dealing with Unstructured Data: Scaling to InfinityDealing with Unstructured Data: Scaling to Infinity
Dealing with Unstructured Data: Scaling to Infinity
 
You Don't Know Node: Quick Intro to 6 Core Features
You Don't Know Node: Quick Intro to 6 Core FeaturesYou Don't Know Node: Quick Intro to 6 Core Features
You Don't Know Node: Quick Intro to 6 Core Features
 
Hidden Features in HTTP
Hidden Features in HTTPHidden Features in HTTP
Hidden Features in HTTP
 
Using Cryptography Properly in Applications
Using Cryptography Properly in ApplicationsUsing Cryptography Properly in Applications
Using Cryptography Properly in Applications
 
Lightning Talk - Getting Students Involved In Open Source
Lightning Talk - Getting Students Involved In Open SourceLightning Talk - Getting Students Involved In Open Source
Lightning Talk - Getting Students Involved In Open Source
 
You have Selenium... Now what?
You have Selenium... Now what?You have Selenium... Now what?
You have Selenium... Now what?
 
How Constraints Cultivate Growth
How Constraints Cultivate GrowthHow Constraints Cultivate Growth
How Constraints Cultivate Growth
 
Inner Source 101
Inner Source 101Inner Source 101
Inner Source 101
 
Running MySQL on Linux
Running MySQL on LinuxRunning MySQL on Linux
Running MySQL on Linux
 
Search is the new UI
Search is the new UISearch is the new UI
Search is the new UI
 
Troubleshooting Hadoop: Distributed Debugging
Troubleshooting Hadoop: Distributed DebuggingTroubleshooting Hadoop: Distributed Debugging
Troubleshooting Hadoop: Distributed Debugging
 
The Current Messaging Landscape
The Current Messaging LandscapeThe Current Messaging Landscape
The Current Messaging Landscape
 
Apache httpd v2.4
Apache httpd v2.4Apache httpd v2.4
Apache httpd v2.4
 
Understanding Open Source Class 101
Understanding Open Source Class 101Understanding Open Source Class 101
Understanding Open Source Class 101
 
Thinking in Git
Thinking in GitThinking in Git
Thinking in Git
 
Antifragile Design
Antifragile DesignAntifragile Design
Antifragile Design
 
Elasticsearch for SQL Users
Elasticsearch for SQL UsersElasticsearch for SQL Users
Elasticsearch for SQL Users
 

Recently uploaded

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Recently uploaded (20)

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

Secure Cloud Hosting: Real Requirements to Protect your Data

  • 1. Secure Cloud Hosting: Real Requirements to Protect your Data Chris Hinkley Senior Security Architect Great Wide Open – Atlanta, GA April 2 – 3, 2014
  • 2. Locking Down the Cloud – A Holistic View Agenda •  The Specialization of IT •  Challenges Facing Cloud Consumers and Providers •  A To-Do List for Cloud Consumers and Providers •  The Secure Cloud is Not a Myth •  Physical Security •  Perimeter Security •  Virtual Server Security •  Supporting Security Services •  Secure Administrative Access •  Business Continuity and DR •  Compliance for Cloud
  • 3. The Specialization of IT •  Complexities of IT has meant more specialists than generalists, each responsible for a small piece of the puzzle •  New tools and technologies has led to increased staffing levels, with specific experience on implementation and management •  Rapid change in technology means nearly continuous training for specialists •  High cost to implement and maintain IT infrastructure have many companies looking for ways to offload as much as possible Locking Down the Cloud – A Holistic View
  • 4. Challenges Facing Cloud Consumers and Providers •  Consumers want to outsource both technology and compliance responsibilities •  Consumers cannot abdicate their compliance responsibility  •  Providers do not adequately define the division of responsibilities between themselves and customers •  Providers often do not clearly articulate how they can help customers meet compliance requirements •  All can lead to confusion in the purchasing decision and create conflicts during an audit Locking Down the Cloud – A Holistic View
  • 5. A To-Do List For Cloud Consumers and Providers •  Consumers need to fully understand all of their security and compliance responsibilities •  Consumers need to effectively evaluate and understand the various cloud provider models •  Consumers need to ask for clear definition of all services, the division of their responsibilities and those of their providers •  Consumers must put programs in place to ensure that their providers are meeting their responsibilities. •  Providers must become transparent about their security programs and deliver adequate details about offered services •  Providers must clearly articulate the delineation of responsibilities between themselves and customers •  Providers must be clear about how their offered services can assist consumers in meeting compliance requirements Locking Down the Cloud – A Holistic View
  • 6. The Secure Cloud is Not a Myth •  Build for security not compliance •  Follow security best practices vs. chasing compliance guidelines •  Use a common controls approach •  Deploy multiple security countermeasures using a layered approach Locking Down the Cloud – A Holistic View
  • 7. Physical Security •  Locate data center in area at low risk to natural disasters •  No identifying signage •  24X7 manned security, roving patrols •  Multi-factor authentication for entry •  Comprehensive CCTV coverage •  Log all entries, monitor systems, securely store logs and video Locking Down the Cloud – A Holistic View
  • 8. Attackers need Targets Verizon DBR Data •  92% of breaches were perpetrated by outsiders •  78% of initial intrusions rated as low difficulty •  Attack Targeting •  Opportunistic – 75% •  Targeted – 25% FireHost Superfecta •  47,917,145 of IPRM blocks in 2013 •  14,057,093 of blocked attacks via WAF Locking Down the Cloud – A Holistic View •  Cross-Site Request Forgery – 3,347,515 •  Cross-Site Scripting – 4,904,651 Broken  down  into  the  4  categories     •  Directory Traversal – 3,269,680 •  SQL Injection – 2,535,247
  • 9. Vulnerability Trends Locking Down the Cloud – A Holistic View Source:  Secunia  Vulnerability  Review  2014  
  • 10. Vulnerability Trends Locking Down the Cloud – A Holistic View Source:  Secunia  Vulnerability  Review  2014  
  • 11. Locking Down the Cloud – A Holistic View Routers w/IP Reputation Filtering Redundant DoS/DDoS Mitigation Redundant Web Application Firewalls Redundant Public Traffic Intrusion Detection Perimeter Security
  • 12. Locking Down the Cloud – A Holistic View SECURITY ZONE Application Servers Database Servers Load Balancers VMware Hypervisor (Hardened) Blade/SAN Architecture High Availability Architecture 20 Gbps Network (Public & Private) Per VM Firewall Policies Unlimited Security Zones Web Servers SECURITY ZONE Secure SAN Storage Physically Isolated Secure Storage Area Network Secure Data Deletion and Destruction Complete Data Obfuscation VM VM VM VM VM LB LB VM VM VM VM VM SAN Virtual Server Security
  • 13. Locking Down the Cloud – A Holistic View Data Leakage Protection Antimalware/ Antivirus File Integrity Monitoring Vulnerability Management Log Management Patch Management Configuration Management Supporting Security Services
  • 14. Locking Down the Cloud – A Holistic View Protecting from the Outside In
  • 15. Locking Down the Cloud – A Holistic View Secure Administrative Access Physically Isolated Network Secure Jump Hosts Privileged Access Management Full Session Recording Multi-Factor Authentication SSLVPN/L2LVPN Secure Access MPLS Termination Secure Customer Access Secure Administrative Access
  • 16. Locking Down the Cloud – A Holistic View Putting It All Together
  • 17. Locking Down the Cloud – A Holistic View IsolatedCustomerEnvironment IsolatedCustomerEnvironment Data Leakage Protection Antimalware/ Antivirus File Integrity Monitoring Vulnerability Management Log Management Patch Management Configuration Management Secure Administrative Access Physically Isolated Network Secure Jump Hosts Privileged Access Management Full Session Recording SECURITY ZONE Application Servers Database Servers Load Balancers VMware Hypervisor (Hardened) Blade/SAN Architecture High Availability Architecture 20 Gbps Network (Public & Private) Per VM Firewall Policies Unlimited Security Zones Web Servers SECURITY ZONE Secure SAN Storage Physically Isolated Secure Storage Area Network Secure Data Deletion and Destruction Complete Data Obfuscation VM VM VM VM VM LB LB VM VM VM VM VM SAN Multi-Factor Authentication SSLVPN/L2LVPN Secure Access MPLS Termination Secure Customer Access Routers w/IP Reputation Filtering Redundant DoS/DDoS Mitigation Redundant Web Application Firewalls Redundant Public Traffic Intrusion Detection
  • 18. Business Continuity & DR •  Lessons (supposedly) learned from Katrina and other recent disasters •  Did we really learn? What about Sandy and Nemo? •  Location of data centers, loss of transportation, large scale power and other critical service outage, employees worrying more about personal and family safety •  Didn’t fully learn from the past •  BCDR Solutions •  Focus on business continuity part of BCDR •  Build for high availability •  Implement redundant sites with geographic load balancing •  At minimum replicate data to another location Full Infrastructure Geographic Location 1 Full Infrastructure Geographic Location 2 Primary Infrastructure File/Database Backups Regular Backups Real-Time Replication Locking Down the Cloud – A Holistic View
  • 19. Managing Compliance for Cloud •  Treat all data as sensitive (after all, it’s just 1’s and 0’s to the systems) •  Develop a common controls framework (CCF) of controls based on industry standard frameworks; enabling efficient compliance adoption and validation reporting •  Use existing industry standards like ISO 27001 and NIST 800-53 as a baseline and add specific requirements based on your needs (PCI, HIPAA, GLBA, etc.) •  Future proof compliance iterations by keeping your CCF updated •  Implement a continuous monitoring and audit program Locking Down the Cloud – A Holistic View
  • 20. Continuous Monitoring for Compliance •  Confusing term and application depending on who you talk to •  What is the definition of “real-time?” •  Define the appropriate monitoring interval for each control •  Patching – 30 days upon release •  Log reviews - daily •  Malware scans – real-time alerting and reporting •  Access reviews – privileged accounts monthly, others quarterly •  Implement tools to monitor the controls at the defined interval •  Centralize all monitoring results in a secure system •  Build dashboard to track compliance based on results Locking Down the Cloud – A Holistic View
  • 21. What about data sovereignty and regional regulation? •  Ensure you understand what regulations apply to your business •  Engage with your customers to understand their requirements •  Take these regulations and customer requirements into account within your CCF •  Architect your cloud to enable data sovereignty and allow customers to select the location(s) for their servers and data •  Provide monitoring/reporting that allows customers to validate where their data is at any time •  Keep up with changes to the regulations Locking Down the Cloud – A Holistic View
  • 22. Thank You Email Phone Chris Hinkley Senior Security Architect chris.hinkley@firehost.com 1-877-262-3473 x8032 Questions? Locking Down the Cloud – A Holistic View