IDC Cloud Security and Managed Services Conference Riyadh KSA

1,061 views

Published on

IDC Cloud Security and Managed Services Conference in Riyadh Kingdom of Saudi Arabia

Published in: Business, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,061
On SlideShare
0
From Embeds
0
Number of Embeds
42
Actions
Shares
0
Downloads
1
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

IDC Cloud Security and Managed Services Conference Riyadh KSA

  1. 1. Cloud Security&Managed SecurityServices: Challenges & OpportunitiesJorge SebastiaoCOO
  2. 2. Outline• Opportunities & challenges• Approach and opportunities in cloud security• Managed Security Services• Enterprise• Cloud Computing• Conclusions & discussion2
  3. 3. Cloud, Processes & Transformation
  4. 4. User remains biggest challenge
  5. 5. Growth of cloud end pointsMainframeMinicomputerPCDesktop/InternetMobileInternet1101001000100001000001000000100000001950 1960 1970 1980 1990 2000 2010 2020 2030Devices/Users(millions)YearRef: ITU, Morgan Stanley Research, 2009- Smartphone- Tablets- Car Electronics-- Mobile Medicine-- Payment Systems-- Mobile Banking- GPS/Navigation- Mobile Video- Home Entertainment- Games- Home Appliances
  6. 6. Cloud and BalanceSecurity &ComplianceConvenience& Cost saving
  7. 7. Cloud and complexity
  8. 8. Cloud is a shared environment
  9. 9. Cloud high profile failures
  10. 10. Cloud and Control
  11. 11. Top 10 Security Issues1. Governance2. Compliance3. Trust4. Architecture5. Identity & Access control6. Isolation in multi-tenancy7. Data protection8. Availability9. Timely Incidence Response10. Malware propagation
  12. 12. Identified top threats1. Abuse & Evil Use of Cloud ({I,P}aaS)2. Insecure Interfaces and APIs ({I,P,S}aaS)3. Malicious Insiders ({I,P,S}aaS)4. Shared Technology Issues (IaaS)5. Data Loss or leakage ({I,P,S}aaS)6. Account or Service Hijacking ({I,P,S}aaS)7. Unknown Risk Profile ({I,P,S}aaS)https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
  13. 13. Hybrid Cloud & Security
  14. 14. Cloud Security
  15. 15. Key MSS Adoption Drivers
  16. 16. Deploying MSSSecurity &ComplianceMonitor & IR• Monitoring and threatmanagement• Aggregation of logs• Anomaly detection• alertsPerimeterProtection• ManagedFirewall, UTM, IPS, Anti-Malware, etc.In cloud MSS• Clean pipes• Anti-malware, etc• AntifraudDOS/DDOSmitigationEnd-user/devicemanagement
  17. 17. Typical Enterprise MSS setup
  18. 18. Importance Security MetricsSecurity MetricsKey Performance IndicatorsCoBiT, Compliance, SOCITILISO20000ISMSISO27001BCMSISO22301Time Based Security
  19. 19. Typical Cloud MSS setup
  20. 20. Security - think outside the box20
  21. 21. Importance of Big Data
  22. 22. TransformAssess ArchitectSecurity requires transformation
  23. 23. Final ThoughtsCloud represents important opportunities & challengesHybrid models most practicalSecurity is a challengeConsider:– Governance– Proactive Security– Collaborate & consolidate expertise– Security is a continuous skilled process– TBS – Protection > Detection + Reaction– Infinite time between failures vs 0 time to recovery“Don’t bring a knife to a gun fight”
  24. 24. http://linkedin.com/in/sebastiao

×