Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cloud security innovation - Cloud Security Alliance East Europe Congress 2013

1,271 views

Published on

We live in interesting times, at least from computer technology point of view. In the last couple years we change the way our backend systems function (Cloud Computing) and the way consume our front end interfaces (Mobility, the Internet of thing). It is safe to say that the technology changes we are now experiencing – will revolutionize the way we consume technology.
But the described changes are being held back, and mostly because of information security. The root cause of the slow adoption of cloud among enterprises is Trust. Challenges around transparency, compliance, standardization and immature technologies are causing lack of trust between cloud stakeholders. And this lack of trust is the number one obstacle facing cloud computing.
So it is time for innovation. There is great demand for new, innovative solutions that will fuel the engines of the industry. Cloud Computing technologies can be innovative and ground breaking, this has been proved before. Today there are many areas where innovative solution can change the way we think and provide security.
In the presentation we will discuss the future of technologies like Identity Management, Encryption, API security and Big Data platforms and evaluate where we should improve the current technologies.
Regarding encryption - we know that current technologies are limited in our options to safe guard keys in virtual environments and that we don’t have solutions for using encryption as a method to increase real multi tenancy, audit and access controls, for all data types. Encryption technology must improve at all levels, starting from key management, file level encryption (IRM solutions) and other new technologies such as Homomorfic encryptions should be developed further to be effective.



Published in: Technology

Cloud security innovation - Cloud Security Alliance East Europe Congress 2013

  1. 1. Moshe Ferber, Entrepreneur and Investor Onlinecloudsec.com Innovation in Cloud Security
  2. 2. • Moshe Ferber, 37, lives in Israel (+2). • Information security professional for over 15 years. • Managed the security department for Ness Technologies. • Founded Cloud7, Israel based MSSP (currently owned by Matrix). • Shareholder at Clarisite – Your customer’s eye view • Shareholder at FortyCloud – Make your public cloud private • Member of the board at Macshava Tova - Narrowing societal gaps through technology • Certified instructor for the Cloud Security Alliance • Instructor for the See-Security Cyber Warfare college. 2
  3. 3. Louis CK on cloud Disclaimer
  4. 4. •A CSA research analyzing Cloud breakdowns in the last 5 years: o Number of Online Cloud articles reviewed: 11,491 o Total Number of Cloud Vulnerability Incidents: 172 29 25 10 8.5 0 5 10 15 20 25 30 35 Insecure Interfaces & APIs Data Loss & Leakage Hardware Failure Others Full report: https://cloudsecurityalliance.org/csa-news/white-paper-cloud-vulnerability-released/
  5. 5. • Transparency and visibility of Cloud Providers. • Different laws and different jurisdictions. • Incomplete standards. • Data Governance. • Lack of true multi tenant technologies • Lack of mature Identity Management tools and methodologies. Source: Jim Reavis, CSA CEO
  6. 6. • Transparency is a major step toward trust. • Legislation and standards are placing more and more responsibilities on the provider and consumer. • Cloud Providers now understand that transparency is business advantage.
  7. 7. • EU new data protection draft contain new directives: Cloud Provider and consumer will have to perform risk analysis together and take appropriate measures according to the risk. Cloud consumer must actively monitor provider. • Federal regulations and standard also call for actively assessing and monitor the cloud provider services.
  8. 8. • We lack tools that enable interaction between cloud provider and consumer regarding assessment and audit of services. • We need a framework that will enable consumers and cloud providers to efficiently perform risk assessment, take appropriate controls and continuously monitor them.
  9. 9. • In a world of Cloud Computing, mobile and the “Internet of Things” – Everything is API • Cloud automation, Cloud chaining, mobile application, 3rd party developments are all dependent on API. • Enterprise inspire to be open and connected. • Open API are considered great farming ground for innovation. • According to CSA research: 29% of cloud breakdowns occur due to insecure interfaces and API. Source: open API state of market, John Musser
  10. 10. • The API are the new frontend for many applications. • The market is shifting from “secured & Complicated” SOAP to “unsecured but simple” REST API. • We don’t have the right technology yet for securing hundreds and • Innovation is required on encryption, authentication, authorization, data leakage and intrusion prevention. API are the new frontend
  11. 11. • The network is the last layer that is not virtualized yet. • In the next two years we will the beginning of software based data center – virtualization from the network to the applications. • Currently standards are being developed in order to allow SDN and NFV to mature. Better SLA IPv6 Better visibility and management Flexibility No more “sitting ducks” Faster development Insights on performance
  12. 12. July 2012 SEP 2012 NOV 2012 DEC 2012 Feb 2013
  13. 13. • SDN can change the way we think of network security. • SDN currently lacks any eco-system that enable security, monitoring, governance or automation. • Innovation is require to develop technologies that will utilize SDN features for security.
  14. 14. • Encryption is key factor for cloud computing. • Encryption enable us to create trust and comply to regulations. • New innovations allow us to keep keys on software, and to encrypt data in/out of the cloud. • But we are still lacking… Crypto Shredding Enabling trust in non trusted situation Regulations Logical separation Security Audit
  15. 15. • Better key management • Elevating encryption as classifications, access control & audit mechanism. • Homomorphic encryption, Nearest Neighbor Data Substitution, bit splitting and data obfuscation will enable us to process encrypted data and safely guard keys. • There is also great potential for tokenization, masking and ammonization services.
  16. 16. • Big Data technologies got a potential to change the world we live in. • Big Data got great potential to change also security landscape (e-mail / web / file reputation i.e). • But Big Data currently lacks security methodology, standards and tools.
  17. 17. Source: CLOUD SECURITY ALLIANCE Expanded Top Ten Big Data Security and Privacy Challenges, April 2013 • Big Data require security innovation across the board. • Threats are coming from unsecured sources, lack of collection, transportation and storage standard. • NO-SQL databases got immature security controls.
  18. 18. Identity is the new perimeter • In the cloud based world, the traditional perimeter is dead. The only thing that matter is who you are. • We are facing identity challenges on every aspect – privacy, accountability and repudiation, authentication, authorization and more. • The market has not find the appropriate balance between privacy, anonymity and efficiency. • There are many new standards but we still lack mature identity solutions.
  19. 19. • Identity market lacks trust between all players. • Integrating identities –Governments, Enterprises & Identity Provider should find their role in the eco-system. • Identities providers should develop and integrate also devices, applications and services. • authentication – when will we see the end of password?
  20. 20. Across different cloud providers Rely more on hosts level security Replicates current enterprise tools Ability to adjust when instance moves Identity based tools rather them network Improves cloud functionality Data is in the center
  21. 21. Procurement process becomes central Cloud brokerages are growing In IaaS you integrate security In SaaS you Outsource it Community and social tools will be a factor for decision Transparency will be critical IT will allow services but not manage them Expect questions about SDLC and Operations
  22. 22. • Cloud Security Alliance research. • Jim Reavis, Cloud Security Alliance CEO. • open API state of market, John Musser • The NIST Definition of Cloud Computing • NIST Cloud Security Architecture (Draft) • Securosis Blog and Research database
  23. 23. • Moshe Ferber • moshe@onlinecloudsec.com • www.onlinecloudsec.com • http://il.linkedin.com/in/MosheFerber Cloud Security classes schedule can be find at: http://www.onlinecloudsec.com/course-schedule

×