SlideShare a Scribd company logo

Removing the Cloud of Insecurity

Rackspace
Rackspace
TechnologyBusiness
1 of 14
Download to read offline
State of Cloud Security Report | Spring 2012 www.alertlogic.com Removing The cloud of insecurity State of Cloud Securit y Report Spring 2012 State of Cloud Securit y Report Executive Summary 2 Methodology Analyzing Real-World Data 4 PERCEPTION VS. DATA Is the Cloud Really Insecure? 5 Incident Identification 6 SUMMARY OF RESULTS Just the Facts 7 STATISTICS Incident Occurrence and Frequency Rates 8 conclusions The Alert Logic Perspective 9 WRAPPING UP The Data Tells the Story 10 APPENDIX Data Tables 11 1
State of Cloud Security Report | Spring 2012 www.alertlogic.com State of Cloud Securit y Report Executive Summary Gartner surveyed While there is clearly a heightened perception of risk in the cloud, are these fears supported by empirical data? The customers and partners m o re t h an 300 of Alert Logic demand an answer to this question. This report is the first in a series of twice-yearly, data-driven analyses in which Alert Logic examines security trends across traditional on-premise and service-provider-managed environments. Alert Logic utilizes real-world security findings to understand the foundational differences between the classes of threats encountered in cloud computing traditional on-premise deployments versus those found in service provider users, asking them environments where cloud and hosted infrastructures are managed. to rank their top three concerns. In analyzing the state of security, Alert Logic draws on security data from real end-user environments, both on-premise and managed by service providers, NEARLY from its base of over 1,500 customers. In this report, the Alert Logic Security 50 % Research Team utilized twelve months of security event data captured from July 2010 through June 2011. Security incidents were identified through a combination of automated correlation and validation by certified security analysts. It should be noted that the sample is composed of data from of respondents customers who are making an active investment in security. As a result, the identified service findings of this report may represent security-aware organizations and any conclusions drawn based on the data should be understood in that context. provider security as their primary issue.1 Tier1 Research’s 2011 report on the hosting market RISK INCREASES WITH SIZE AND DIVERSITY indicates that the majority of enterprises consider securing infrastructure as the most problematic aspect of the cloud.2 risk ON-PREMISE SERVICE PROVIDER FIG. A 1 Gartner Global IT Council for Cloud Services report (2010) 2 Tier1 Research Global Managed Hosting Market size and diversity Overview (2011) 2
State of Cloud Security Report | Spring 2012 www.alertlogic.com Key Findings: What does this mean for security Findings from this study show that while there are differences between the management decisions, especially classes and pervasiveness of incidents experienced in the on-premise and in the context of migrating service provider environments, those differences may not necessarily line up infrastructure to hosted and with general perceptions about security: cloud deployments? S ecurity fears should not • When compared to traditional in-house managed IT environments, service prevent organizations from provider environments show lower occurrence rates for every class of taking advantage of hosting and incident examined. cloud services. While security management is a critical • Service provider customers experienced lower threat diversity (i.e., the issue when choosing a service number of unique incident classes experienced by a customer) than provider, the decision should be based on a review of actual risks, on-premise customers. not perceptions that are not supported by data. • On-premise environments were twelve times more likely than service provider environments to have common configuration issues, opening Service providers, who tend the door to compromise. to have detailed, repeatable management processes and infrastructure configurations, • While conventional wisdom suggests a higher rate of Web application provide a good model for attacks in the service provider environment, Alert Logic found a higher enterprises committed to frequency of these incidents in on-premise environments. maintaining on-premise infrastructure. Part of the difference in risk level observed in these two environments can be Service providers should focus explained by relevant IT surface area. While service providers often manage tens their security management efforts of thousands of servers and applications across multiple data centers, they are on the threats most prevalent composed of vast numbers of individual customer or tenant environments. Each in their environment, while individual customer environment tends to have fewer application types residing continuing to manage to best practices to create secure, highly on server-based operating systems (OSs) with tightly controlled network access, available environments. resulting in a relatively small relevant surface area for attack. In contrast, on-premise enterprise IT deployments tend to have a larger surface area due to their more IT decision-makers should diverse environments characterized by a broad array of OSs and applications, consider the benefits and risks of each model when deciding along with desktops, mobile devices and more network entry points. which workloads and applications to deploy in service provider environments and which to keep on-premise. In turn, internal resources can focus on the security posture of the area for which they maintain management responsibility. 3
State of Cloud Security Report | Spring 2012 www.alertlogic.com Methodology: Analyzing Real-World Data This report provides a comparative quantitative analysis of the classes and frequencies of incidents encountered in on-premise environments vs. service provider environments. The analysis for both the service Alert Logic utilizes a patented The service provider cohort is provider and on-premise cohorts expert system that evaluates seven composed of hosted and cloud is based on incident data detected factors in determining if one or environments managed by one of in actual customer environments more network-based events elevate the Alert Logic service provider secured by Alert Logic, not to the level of an authentic security partners. from surveys, lab environments, incident (See Fig. D). Further, a or honeypots. Alert Logic team of GIAC-certified security These providers include captures security events in these analysts reviews each incident to more than half of the top 30 environments through network- ensure validity and to confirm the service providers headquarted based, signature-driven intrusion threat or compromise, providing in North America and are listed detection systems (IDS). To correct an additional layer of scrutiny to in the appendix. for noise and false positives, minimize false positives. The on-premise cohort represents environments deployed on the customer’s premises. Alert Logic visibility across on-premise customers come from a multiple environments FIG. B broad range of organizations, cutting across all verticals, with a concentration of enterprises in highly regulated industries such as health care, finance, energy and retail/e-commerce. As expected, on-premise deployments were typically larger than service provider deployments, featuring a broader set of applications and operating systems. The majority of both cohorts are located in North America and Western Europe. Service Provider On-Premise 4
State of Cloud Security Report | Spring 2012 www.alertlogic.com PERCEPTION VS. DATA: Is the Alert Logic customer DATA set Cloud Really FIG. C Insecure? Improved agility and financial benefits have driven the growth of the Infrastructure-as-a-Service (IaaS) model. However, a perception remains that IaaS offerings from service providers pose greater security risks than traditional on-premise deployments. While there is clearly a heightened perception of risk, do managed and cloud environments hosted by service providers actually experience different classes of threats, or different frequencies of incidents? ON-PREMISE? HOSTED? SERVICE PROVIDER? CLOUD? As providers of Security-as-a-Service How Alert Logic to over 1,500 organizations with categorized its customer data IT infrastructure housed either in on-premise environments or with For its analysis, Alert Logic has managed service providers, categorized security data into Alert Logic draws on an extensive two environments: on-premise warehouse of security event data and service provider. On-premise to examine this assumption and customers own and manage is uniquely poised to assess the their own IT infrastructure. validity of popular beliefs regarding Service provider customers are the relative security of service an aggregation of all customers provider environments. utilizing Infrastructure-as-a- Service solutions from a service provider, spanning from the elastic cloud to managed or dedicated hosted environments. 5
State of Cloud Security Report | Spring 2012 www.alertlogic.com Incident Identification 2.2 B i ll i o n security events observed ALERT L OG IC SE CURIT Y I NCID E N T CATE G ORI E S INCIDENT CLASS D E F I N ITIO N EXAMPLES during the study period were Application Attack Exploit attempts against applications Buffer overflow automatically evaluated and or services that are not running over correlated through Alert Logic’s HTTP protocol. expert system and reviewed by Brute Force Exploit attempts enumerating a large Password cracking number of combinations, typically attempts Alert Logic’s security analysts. involving numerous credential failures. m o re t h an 62,000 Malware/ Malicious software installed on a host Conficker, Zeus Botnet Activity engaging in unscrupulous activity, data botnet, command destruction, information gathering and control botnet or creation of backdoors. Included communication in this category is botnet activity: activity i n c i d en t s post-compromise activity displaying were verified and classified into characteristics of command and control communication. seven incident categories. Misconfiguration Network/host/application configuration Missing patches and issues that introduce possible security writable anonymous EVENT VS. INCIDENT vulnerabilities, typically a result of FTP directories inadequate hardening. Event : Evidence of suspicious behavior detected via an IDS signature. Reconnaissance Activity focused on mapping the Port scans and networks, applications and/or fingerprinting Inc ident: Validated threat services. deemed to require a response, identified by correlating one or more events. Vulnerability Scan Automated vulnerability discovery Unauthorized in applications, services or protocol Nessus scan Example: A single port scan is an event. implementations. A series of port scans over time from a host recognized as an attack source is Web Application Attacks targeting the presentation, SQL injection Attack logic or database layer of Web an incident. applications. FIG. D Incid ent I d en ti fi cati on Approach THREAT IDENTIFICATION AUTOMATED EXPERT SYSTEM ANALYSIS CERTIFIED SECURITY ANALYST EVENTS REVIEW INCIDENTS More Than 2.2 Billion 62,000 6
State of Cloud Security Report | Spring 2012 www.alertlogic.com SUMMARY OF RESULTS: Just the Facts To assess whether on-premise and service provider environments experience different levels of risk, Alert Logic evaluated three factors: Occurrence: The percentage of customers in each cohort These measures, in combination, help define the critical experiencing each class of incident defined in the Security elements of a security program. The class and frequency Incident Categories chart. Customers are included if they of events help determine the core elements of a program; experienced a specific class of incident at least once higher threat diversity requires a more complex and during the study period. involved security program to adequately protect assets. Frequency: The average frequency of incidents, by class, Analysis of these three factors shows that even in security- for impacted customers, indicating how often customers conscious environments, virtually every environment will experience an incident of a particular category. encounter meaningful threats. Further, service-provider managed-environments encountered more favorable Threat Diversity: The threat diversity in each group, results in all three of the criteria analyzed in this report. i.e., the number of unique incident classes (of the seven It should be noted that some of this could be explained by categories reviewed) encountered by the customers the differences in size and platform diversity of cloud vs. in each cohort. on-premise environments. The rate of occurrence in an The frequency of experienced The threat diversity for on-premise environment is more incidents is higher for on-premise on-premise environments is greater likely to be greater than the environments across most of the than the threat diversity for service occurrence rate for service provider threat categories. provider environments. customers. This observation is true for all threat categories. Top Three FIG. E OCCURRENCE: FIG. F Incident Classes PERCENT OF ALERT LOGIC customers experiencing security incidents By Class of Incident Web Application Brute Force Reconnaissance Attack Brute Force Web Application Vulnerability Attack Scan 7
State of Cloud Security Report | Spring 2012 www.alertlogic.com STATISTICS: Incident Occurrence and Frequency Rates While service-provider-managed The most significant spread was environments encountered lower found in malware/botnet incidents. Threat diversity: rates and frequency of security On-premise environments were incidents across all categories, overwhelmingly more likely to there are notable differences in encounter such incidents in their Threat diversity is the third the data. Alert Logic observed environments when compared element that Alert Logic analyzed. a far greater percentage of to service-provider-managed While a lower threat diversity by misconfiguration-based incidents environments, with 43% of on-premise itself does not mean an inherently in the on-premise environment. environments versus 2% of service- less risky environment, a higher provider-managed environments. threat diversity indicates that a The average number of broader set of attack vectors are misconfiguration-related Both on-premise (71%) and service at play. incidents per impacted provider (65 %) customers are highly likely to have experienced Web customers are roughly application attacks, and impacted DISTRIBUTION OF FIG. H equivalent: 3.0 instances UNIQUE THREATS customers in both environments were in hosted/cloud, 4.0 likely to have experienced a high 30% on-premise. However, number of such attacks over the Mean: 2.1 Percentage of Environments Impacted 12% of on-premise period of study (on-premise 46.6, 25% Mean: 3.0 customers experienced service provider 32.4). a misconfiguration incident 20% while only 1% of service Brute force incidents are even provider customers did. more commonly experienced in an 15% FREQUENCY: FIG. G on-premise environment than Web 10% NUMBER OF INCIDENTS application attacks, with 83% of cus- PER IMPACTED CUSTOMER tomers receiving an average of 47.3 5% By Class of Incident such attacks. While brute force inci- dents in the service provider realm are 0% significant (44% of customers experi- 0 1 2 3 4 5 6 7 July 2010 - June 2011 enced them), the difference between Unique Threat Classes Encountered 0 10 20 30 40 50 Web the two environments is surprising. Application Attack Service Provider On-Premise With more public-facing targets Brute Force (websites) in the service provider Alert Logic found lower threat environment, the reverse might have diversity in service provider Vulnerability Scan been expected. environments than in on-premise Malware/Botnet environments. During the period Vulnerability scans are observed Application Attack of this study, service provider among 37% of service provider customers averaged threats in Misconfiguration customers and 54% of on-premise 2.1 categories (out of the seven customers. Reconnaissance categories analyzed), while on-premise customers Service Provider On-Premise experienced 3.0. 8
State of Cloud Security Report | Spring 2012 www.alertlogic.com conclusions: The Alert Logic Perspective A belief persists that service provider OPPORTUNITY TO improve FIG. I environments are less secure than security posture on-premise environments, but this is simply not supported by Alert Logic data. Alert Logic analysis indicates that service provider environments tend to be less prone to a broad range of security incidents than on-premise environments. risk Further, service provider environments tend to experience ON-PREMISE a narrower range of attack vectors. Possible explanations include the presence of more standardized system configurations in the service provider world, a narrower SERVICE range of use cases among service provider customers, PROVIDER and the relative maturity of the IaaS industry. size and diversity It’s not that the cloud is inherently Fig. I represents a conceptual framework for thinking secure or insecure. It’s really about about these differences. While service providers manage the quality of management applied vast networks with tens of thousands of servers and applications, the relevant surface area a prospective buyer to any IT environment. of IaaS solutions should consider is that of the individual customer environment. In Alert Logic’s experience, those individual customer environments skew to a smaller and While this data certainly casts doubt on conventional simpler footprint as measured by a number of nodes and wisdom and concerns about security in the service applications, and breadth of operating systems. In contrast, provider environment, Alert Logic does not believe that on-premise environments managed by the typical enterprise it leads to a simple “service provider vs. on-premise” span a much broader array of endpoints, applications and conclusion. While we observed differences between the operating systems. two environments, we believe that there are several factors that help explain these variances: Service provider environments, with smaller deployments, inherently avoid some of that risk and therefore are a • The typical size of a customer/user in each environment good choice for appropriate workloads. • The types of workloads found in each environment Organizations making decisions about cloud and hosted • The diversity of each environment infrastructure can exploit these differences to improve their security posture and make the most effective use of • The presence of user endpoints in the on-premise IT resources. environments All of these differences speak to the relationship between risk level and IT surface area in any environment. 9
State of Cloud Security Report | Spring 2012 www.alertlogic.com Smart enterprises should they wish to let someone else handle Security management is not a take advantage them. Selection of a service provider discrete goal to be achieved and of the service provider model should include careful evaluation considered complete; it is an for certain workloads. of the security policies and solutions ongoing process that is fundamental that are available from the providers to providing IT infrastructure Those workloads can take advantage under consideration. management as a service. of the service provider’s highly repeat- able configurations and processes and Service providers must be demonstrated ability to manage to aware that while they benefit WRAPPING UP: best practices (evident in the far lower misconfiguration rates observed). structurally from more limited The Data Tells and well-defined workloads, These characteristics allow service providers to very effectively manage enterprise security concerns the Story security for a focused set of threats. will not disappear. For example, a Web-based server With security visibility into both Lower threat diversity today doesn’t application and related databases mean that service providers will not on-premise and service provider containing sensitive customer data face increasing threat diversity in the environments, Alert Logic findings may be a good fit for migrating future. To protect against leading offer a unique perspective on to a hosted or cloud environment. threat vectors, service providers are managing IT security. Whether in the The segregation of server-based best served by focusing time and cloud or an on-premise environment, applications and assets from energy on the most pervasive risks effectively securing IT infrastructure a diverse and porous on-premise in their customer environments: Web is largely about the quality of network with numerous mobile application attacks, brute force and management: clients and desktops, which are often reconnaissance. In addition, service targets of highly prevalent malware providers should continue to build • Focusing on basic hygiene, and botnet infection, can create an on their demonstrated competence Web application security and inherently more secure environment in managing to best practices around configuration issues for that application. At the same time, fundamental security hygiene, such in-house IT resources can focus on the as configuration management and • Strategically isolating unique challenges in their environment. operating system hardening. workloads in the most Service-provider-managed appropriate environment environments are not magic By utilizing strong product bullets and not all are management disciplines to determine • Building and maintaining which IaaS solutions are offered security expertise for workloads created equal. and supported, service providers can retained on-premise Alert Logic data and experience play a role in minimizing the threat suggest that much of the improvement diversity in cloud environments Despite the widespread in risk profile in the service provider by limiting the IT surface area for perception that the cloud customer data comes from a lower potential attacks. Managing security presents an increased complexity and diversity and better programs requires service providers security risk, fears that management of the basics, most to maintain continued visibility the cloud is inherently notably configuration management. into the threats encountered by insecure are not supported The primary decision an enterprise customers and continuous by the data.n must make is whether they wish to improvement in identifying and replicate those best practices or if defending against those threats. 10
State of Cloud Security Report | Spring 2012 www.alertlogic.com APPENDIX: Data Tables OCCURrENCE: Percent of Customers THreat diversity: DISTRIBUTION Experiencing Security Incidents OF UNIQUE THREATS By Class of Incident SERVICE THREAT SERVICE Jul 2010 – Jun 2011 ON-PREMISE ON-PREMISE PROVIDER DIVERSITY PROVIDER Web Application 0 9% 0% 65% 71% Attack 1 27% 20% Brute Force 44% 83% 2 27% 23% Reconnaissance 42% 51% 3 21% 22% Vulnerability Scan 4 14% 18% 37% 54% 5 2% 11% Application Attack 3% 9% 6 0% 5% Malware/ 2% 43% 7 0% 2% Botnet Activity Misconfiguration 1% 12% Mean No. of Threat 2.1 3.0 Classes Encountered FREQUENCY: Number of Incidents per Service provider partners Impacted Customer INCLUDED IN STUDY By Class of Incident SERVICE Jul 2010 – Jun 2011 ON-PREMISE SERVICE PROVIDER PARTNER WEBSITE PROVIDER Web Application ATOS Origin atos.net 32.4 46.6 Attack CyrusOne cyrusone.com Brute Force 22.4 47.3 Datapipe datapipe.com Vulnerability Scan 21.8 22.9 DediPower dedipower.com Malware/ Hosting.com hosting.com 8.4 28.1 Botnet Activity Hostway hostway.com Application Attack 6.2 6.2 Internap internap.com Misconfiguration 3.0 4.0 Latisys latisys.com Reconnaissance 2.4 10.1 LayeredTech layeredtech.com LogicWorks logicworks.net Megapath megapath.com Top three incident cLASSES NaviSite navisite.com SERVICE PROVIDER ON-PREMISE OpSource opsource.net Peer1 peer1.com 1. eb App. Attack (65%) W 1. Brute Force (83%) Rackspace rackspace.com Sungard Availability Services sungardas.com 2. Brute Force (44%) 2. eb App. Attack (71%) W Visi visi.com 3. Reconnaissance (42%) 3. Reconnaissance (54%) Windstream windstreambusiness.com 11
State of Cloud Security Report | Spring 2012 www.alertlogic.com Contributors Lead Analysts Tyler Borland Mukul Gupta, PhD Jacob Martinson Johnathan Norman Author Maureen Rogers Editors Celeste Monroe John Whiteside © Copyright 2012 Alert Logic, Inc. All rights reserved.
Security. Compliance. Cloud. Alert Logic, Inc. 1776 Yorktown, 7th Floor Houston, TX 77056 www.alertlogic.com © Copyright 2012 Alert Logic, Inc. All rights reserved.

Recommended

Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsZsolt Nemeth
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsASBIS SK
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceUNIT4 IT Solutions
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 

Recommended

Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsZsolt Nemeth
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsASBIS SK
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceUNIT4 IT Solutions
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Security of,for & by cloud
Security of,for & by cloudSecurity of,for & by cloud
Security of,for & by cloudLakshmi Subramanian
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defenseZsolt Nemeth
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS RealityKVH Co. Ltd.
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012Agora Group
 
Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics EMC
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReportfinance40
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
An Architecture for Providing Security to Cloud Resources
An Architecture for Providing Security to Cloud ResourcesAn Architecture for Providing Security to Cloud Resources
An Architecture for Providing Security to Cloud ResourcesNiranjana Padmanabhan
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2JD Sherry
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...Dana Gardner
 
Solutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceSolutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceTrend Micro
 
Cyber security assocham
Cyber security assochamCyber security assocham
Cyber security assochamnmrdkoz
 
Ponemon cloud security study
Ponemon cloud security studyPonemon cloud security study
Ponemon cloud security studyDome9 Security
 
Cloud Computing White Paper
Cloud Computing White PaperCloud Computing White Paper
Cloud Computing White PaperChris O'Neal
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Anindya Ghosh,
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutionsZsolt Nemeth
 
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...Khazret Sapenov
 
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...cVidya Networks
 

More Related Content

What's hot

Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defenseZsolt Nemeth
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS RealityKVH Co. Ltd.
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012Agora Group
 
Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics EMC
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReportfinance40
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
An Architecture for Providing Security to Cloud Resources
An Architecture for Providing Security to Cloud ResourcesAn Architecture for Providing Security to Cloud Resources
An Architecture for Providing Security to Cloud ResourcesNiranjana Padmanabhan
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2JD Sherry
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...Dana Gardner
 
Solutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceSolutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceTrend Micro
 
Cyber security assocham
Cyber security assochamCyber security assocham
Cyber security assochamnmrdkoz
 
Ponemon cloud security study
Ponemon cloud security studyPonemon cloud security study
Ponemon cloud security studyDome9 Security
 
Cloud Computing White Paper
Cloud Computing White PaperCloud Computing White Paper
Cloud Computing White PaperChris O'Neal
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Anindya Ghosh,
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutionsZsolt Nemeth
 

What's hot (20)

Security of,for & by cloud
Security of,for & by cloudSecurity of,for & by cloud
Security of,for & by cloud
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defense
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS Reality
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012
 
Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReport
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep security
 
An Architecture for Providing Security to Cloud Resources
An Architecture for Providing Security to Cloud ResourcesAn Architecture for Providing Security to Cloud Resources
An Architecture for Providing Security to Cloud Resources
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...
 
Solutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceSolutions for PCI DSS Compliance
Solutions for PCI DSS Compliance
 
Cyber security assocham
Cyber security assochamCyber security assocham
Cyber security assocham
 
Ponemon cloud security study
Ponemon cloud security studyPonemon cloud security study
Ponemon cloud security study
 
Cloud Computing White Paper
Cloud Computing White PaperCloud Computing White Paper
Cloud Computing White Paper
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutions
 

Similar to Removing the Cloud of Insecurity

What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...Khazret Sapenov
 
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...cVidya Networks
 
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Erik Ginalick
 
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-Lillian Ekwosi-Egbulem
 
INFORMATION SECURITY IN CLOUD COMPUTING
INFORMATION SECURITY IN CLOUD COMPUTINGINFORMATION SECURITY IN CLOUD COMPUTING
INFORMATION SECURITY IN CLOUD COMPUTINGijitcs
 
Smart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraSmart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraTrend Micro (EMEA) Limited
 
Review on Security Aspects for Cloud Architecture
Review on Security Aspects for Cloud Architecture Review on Security Aspects for Cloud Architecture
Review on Security Aspects for Cloud Architecture IJECEIAES
 
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryIntel IT Center
 
Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotCloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotTech Mahindra
 
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...IJNSA Journal
 
What is the future of cloud security linked in
What is the future of cloud security linked inWhat is the future of cloud security linked in
What is the future of cloud security linked inJonathan Spindel
 
Cloud security ely kahn
Cloud security ely kahnCloud security ely kahn
Cloud security ely kahnEly Kahn
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
 
Outlook emerging security_technology_trends
Outlook emerging security_technology_trendsOutlook emerging security_technology_trends
Outlook emerging security_technology_trendswardell henley
 
Core security utcpresentation962012
Core security utcpresentation962012Core security utcpresentation962012
Core security utcpresentation962012Seema Sheth-Voss
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec
 
International approaches to critical information infrastructure protection ...
International approaches to critical information infrastructure protection ...International approaches to critical information infrastructure protection ...
International approaches to critical information infrastructure protection ...owaspindia
 

Similar to Removing the Cloud of Insecurity (20)

What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
 
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
 
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366
 
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
 
INFORMATION SECURITY IN CLOUD COMPUTING
INFORMATION SECURITY IN CLOUD COMPUTINGINFORMATION SECURITY IN CLOUD COMPUTING
INFORMATION SECURITY IN CLOUD COMPUTING
 
Day 3 p2 - security
Day 3 p2 - securityDay 3 p2 - security
Day 3 p2 - security
 
Day 3 p2 - security
Day 3 p2 - securityDay 3 p2 - security
Day 3 p2 - security
 
Smart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraSmart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC Era
 
Review on Security Aspects for Cloud Architecture
Review on Security Aspects for Cloud Architecture Review on Security Aspects for Cloud Architecture
Review on Security Aspects for Cloud Architecture
 
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research Summary
 
Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotCloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot Spot
 
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
 
What is the future of cloud security linked in
What is the future of cloud security linked inWhat is the future of cloud security linked in
What is the future of cloud security linked in
 
Cloud security ely kahn
Cloud security ely kahnCloud security ely kahn
Cloud security ely kahn
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
 
Outlook emerging security_technology_trends
Outlook emerging security_technology_trendsOutlook emerging security_technology_trends
Outlook emerging security_technology_trends
 
Core security utcpresentation962012
Core security utcpresentation962012Core security utcpresentation962012
Core security utcpresentation962012
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
International approaches to critical information infrastructure protection ...
International approaches to critical information infrastructure protection ...International approaches to critical information infrastructure protection ...
International approaches to critical information infrastructure protection ...
 

More from Rackspace

What Would You Do With More Time?
What Would You Do With More Time?What Would You Do With More Time?
What Would You Do With More Time?Rackspace
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security BreakfastRackspace
 
6 Commonly Asked Questions from Customers Building on AWS
6 Commonly Asked Questions from Customers Building on AWS6 Commonly Asked Questions from Customers Building on AWS
6 Commonly Asked Questions from Customers Building on AWSRackspace
 
The Evolution of OpenStack – From Infancy to Enterprise
The Evolution of OpenStack – From Infancy to EnterpriseThe Evolution of OpenStack – From Infancy to Enterprise
The Evolution of OpenStack – From Infancy to EnterpriseRackspace
 
How Startups can leverage big data?
How Startups can leverage big data?How Startups can leverage big data?
How Startups can leverage big data?Rackspace
 
Become an IT Service Broker
Become an IT Service BrokerBecome an IT Service Broker
Become an IT Service BrokerRackspace
 
Deploy Apache Spark™ on Rackspace OnMetal™ for Cloud Big Data Platform
Deploy Apache Spark™ on Rackspace OnMetal™ for Cloud Big Data PlatformDeploy Apache Spark™ on Rackspace OnMetal™ for Cloud Big Data Platform
Deploy Apache Spark™ on Rackspace OnMetal™ for Cloud Big Data PlatformRackspace
 
Rethinking People Costs in Enterprise IT
Rethinking People Costs in Enterprise ITRethinking People Costs in Enterprise IT
Rethinking People Costs in Enterprise ITRackspace
 
Starting the Journey to Managed Infrastructure Services
Starting the Journey to Managed Infrastructure ServicesStarting the Journey to Managed Infrastructure Services
Starting the Journey to Managed Infrastructure ServicesRackspace
 
Rackspace::Solve NYC - Welcome Keynote featuring Rackspace CTO John Engates
Rackspace::Solve NYC - Welcome Keynote featuring Rackspace CTO John EngatesRackspace::Solve NYC - Welcome Keynote featuring Rackspace CTO John Engates
Rackspace::Solve NYC - Welcome Keynote featuring Rackspace CTO John EngatesRackspace
 
Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...
Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...
Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...Rackspace
 
Rackspace::Solve NYC - Second Stage Cloud
Rackspace::Solve NYC - Second Stage CloudRackspace::Solve NYC - Second Stage Cloud
Rackspace::Solve NYC - Second Stage CloudRackspace
 
Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...
Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...
Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...Rackspace
 
Rackspace::Solve NYC - The Future of Applications with Ken Cochrane, Engineer...
Rackspace::Solve NYC - The Future of Applications with Ken Cochrane, Engineer...Rackspace::Solve NYC - The Future of Applications with Ken Cochrane, Engineer...
Rackspace::Solve NYC - The Future of Applications with Ken Cochrane, Engineer...Rackspace
 
vCenter Site Recovery Manager: Architecting a DR Solution
vCenter Site Recovery Manager: Architecting a DR SolutionvCenter Site Recovery Manager: Architecting a DR Solution
vCenter Site Recovery Manager: Architecting a DR SolutionRackspace
 
Outsourcing IT Projects to Managed Hosting of the Cloud
Outsourcing IT Projects to Managed Hosting of the CloudOutsourcing IT Projects to Managed Hosting of the Cloud
Outsourcing IT Projects to Managed Hosting of the CloudRackspace
 
How to Bring Shadow IT to the Light
How to Bring Shadow IT to the LightHow to Bring Shadow IT to the Light
How to Bring Shadow IT to the LightRackspace
 
DR-to-the-Cloud Best Practices
DR-to-the-Cloud Best PracticesDR-to-the-Cloud Best Practices
DR-to-the-Cloud Best PracticesRackspace
 
Migrating Traditional Apps from On-Premises to the Hybrid Cloud
Migrating Traditional Apps from On-Premises to the Hybrid CloudMigrating Traditional Apps from On-Premises to the Hybrid Cloud
Migrating Traditional Apps from On-Premises to the Hybrid CloudRackspace
 
Rackspace::Solve SFO - CoreOS CEO Alex Polvi on Solving for What's Next
Rackspace::Solve SFO - CoreOS CEO Alex Polvi on Solving for What's NextRackspace::Solve SFO - CoreOS CEO Alex Polvi on Solving for What's Next
Rackspace::Solve SFO - CoreOS CEO Alex Polvi on Solving for What's NextRackspace
 

More from Rackspace (20)

What Would You Do With More Time?
What Would You Do With More Time?What Would You Do With More Time?
What Would You Do With More Time?
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security Breakfast
 
6 Commonly Asked Questions from Customers Building on AWS
6 Commonly Asked Questions from Customers Building on AWS6 Commonly Asked Questions from Customers Building on AWS
6 Commonly Asked Questions from Customers Building on AWS
 
The Evolution of OpenStack – From Infancy to Enterprise
The Evolution of OpenStack – From Infancy to EnterpriseThe Evolution of OpenStack – From Infancy to Enterprise
The Evolution of OpenStack – From Infancy to Enterprise
 
How Startups can leverage big data?
How Startups can leverage big data?How Startups can leverage big data?
How Startups can leverage big data?
 
Become an IT Service Broker
Become an IT Service BrokerBecome an IT Service Broker
Become an IT Service Broker
 
Deploy Apache Spark™ on Rackspace OnMetal™ for Cloud Big Data Platform
Deploy Apache Spark™ on Rackspace OnMetal™ for Cloud Big Data PlatformDeploy Apache Spark™ on Rackspace OnMetal™ for Cloud Big Data Platform
Deploy Apache Spark™ on Rackspace OnMetal™ for Cloud Big Data Platform
 
Rethinking People Costs in Enterprise IT
Rethinking People Costs in Enterprise ITRethinking People Costs in Enterprise IT
Rethinking People Costs in Enterprise IT
 
Starting the Journey to Managed Infrastructure Services
Starting the Journey to Managed Infrastructure ServicesStarting the Journey to Managed Infrastructure Services
Starting the Journey to Managed Infrastructure Services
 
Rackspace::Solve NYC - Welcome Keynote featuring Rackspace CTO John Engates
Rackspace::Solve NYC - Welcome Keynote featuring Rackspace CTO John EngatesRackspace::Solve NYC - Welcome Keynote featuring Rackspace CTO John Engates
Rackspace::Solve NYC - Welcome Keynote featuring Rackspace CTO John Engates
 
Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...
Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...
Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...
 
Rackspace::Solve NYC - Second Stage Cloud
Rackspace::Solve NYC - Second Stage CloudRackspace::Solve NYC - Second Stage Cloud
Rackspace::Solve NYC - Second Stage Cloud
 
Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...
Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...
Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...
 
Rackspace::Solve NYC - The Future of Applications with Ken Cochrane, Engineer...
Rackspace::Solve NYC - The Future of Applications with Ken Cochrane, Engineer...Rackspace::Solve NYC - The Future of Applications with Ken Cochrane, Engineer...
Rackspace::Solve NYC - The Future of Applications with Ken Cochrane, Engineer...
 
vCenter Site Recovery Manager: Architecting a DR Solution
vCenter Site Recovery Manager: Architecting a DR SolutionvCenter Site Recovery Manager: Architecting a DR Solution
vCenter Site Recovery Manager: Architecting a DR Solution
 
Outsourcing IT Projects to Managed Hosting of the Cloud
Outsourcing IT Projects to Managed Hosting of the CloudOutsourcing IT Projects to Managed Hosting of the Cloud
Outsourcing IT Projects to Managed Hosting of the Cloud
 
How to Bring Shadow IT to the Light
How to Bring Shadow IT to the LightHow to Bring Shadow IT to the Light
How to Bring Shadow IT to the Light
 
DR-to-the-Cloud Best Practices
DR-to-the-Cloud Best PracticesDR-to-the-Cloud Best Practices
DR-to-the-Cloud Best Practices
 
Migrating Traditional Apps from On-Premises to the Hybrid Cloud
Migrating Traditional Apps from On-Premises to the Hybrid CloudMigrating Traditional Apps from On-Premises to the Hybrid Cloud
Migrating Traditional Apps from On-Premises to the Hybrid Cloud
 
Rackspace::Solve SFO - CoreOS CEO Alex Polvi on Solving for What's Next
Rackspace::Solve SFO - CoreOS CEO Alex Polvi on Solving for What's NextRackspace::Solve SFO - CoreOS CEO Alex Polvi on Solving for What's Next
Rackspace::Solve SFO - CoreOS CEO Alex Polvi on Solving for What's Next
 

Recently uploaded

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Recently uploaded (20)

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

Removing the Cloud of Insecurity

  • 1.
  • 2. State of Cloud Security Report | Spring 2012 www.alertlogic.com Removing The cloud of insecurity State of Cloud Securit y Report Spring 2012 State of Cloud Securit y Report Executive Summary 2 Methodology Analyzing Real-World Data 4 PERCEPTION VS. DATA Is the Cloud Really Insecure? 5 Incident Identification 6 SUMMARY OF RESULTS Just the Facts 7 STATISTICS Incident Occurrence and Frequency Rates 8 conclusions The Alert Logic Perspective 9 WRAPPING UP The Data Tells the Story 10 APPENDIX Data Tables 11 1
  • 3. State of Cloud Security Report | Spring 2012 www.alertlogic.com State of Cloud Securit y Report Executive Summary Gartner surveyed While there is clearly a heightened perception of risk in the cloud, are these fears supported by empirical data? The customers and partners m o re t h an 300 of Alert Logic demand an answer to this question. This report is the first in a series of twice-yearly, data-driven analyses in which Alert Logic examines security trends across traditional on-premise and service-provider-managed environments. Alert Logic utilizes real-world security findings to understand the foundational differences between the classes of threats encountered in cloud computing traditional on-premise deployments versus those found in service provider users, asking them environments where cloud and hosted infrastructures are managed. to rank their top three concerns. In analyzing the state of security, Alert Logic draws on security data from real end-user environments, both on-premise and managed by service providers, NEARLY from its base of over 1,500 customers. In this report, the Alert Logic Security 50 % Research Team utilized twelve months of security event data captured from July 2010 through June 2011. Security incidents were identified through a combination of automated correlation and validation by certified security analysts. It should be noted that the sample is composed of data from of respondents customers who are making an active investment in security. As a result, the identified service findings of this report may represent security-aware organizations and any conclusions drawn based on the data should be understood in that context. provider security as their primary issue.1 Tier1 Research’s 2011 report on the hosting market RISK INCREASES WITH SIZE AND DIVERSITY indicates that the majority of enterprises consider securing infrastructure as the most problematic aspect of the cloud.2 risk ON-PREMISE SERVICE PROVIDER FIG. A 1 Gartner Global IT Council for Cloud Services report (2010) 2 Tier1 Research Global Managed Hosting Market size and diversity Overview (2011) 2
  • 4. State of Cloud Security Report | Spring 2012 www.alertlogic.com Key Findings: What does this mean for security Findings from this study show that while there are differences between the management decisions, especially classes and pervasiveness of incidents experienced in the on-premise and in the context of migrating service provider environments, those differences may not necessarily line up infrastructure to hosted and with general perceptions about security: cloud deployments? S ecurity fears should not • When compared to traditional in-house managed IT environments, service prevent organizations from provider environments show lower occurrence rates for every class of taking advantage of hosting and incident examined. cloud services. While security management is a critical • Service provider customers experienced lower threat diversity (i.e., the issue when choosing a service number of unique incident classes experienced by a customer) than provider, the decision should be based on a review of actual risks, on-premise customers. not perceptions that are not supported by data. • On-premise environments were twelve times more likely than service provider environments to have common configuration issues, opening Service providers, who tend the door to compromise. to have detailed, repeatable management processes and infrastructure configurations, • While conventional wisdom suggests a higher rate of Web application provide a good model for attacks in the service provider environment, Alert Logic found a higher enterprises committed to frequency of these incidents in on-premise environments. maintaining on-premise infrastructure. Part of the difference in risk level observed in these two environments can be Service providers should focus explained by relevant IT surface area. While service providers often manage tens their security management efforts of thousands of servers and applications across multiple data centers, they are on the threats most prevalent composed of vast numbers of individual customer or tenant environments. Each in their environment, while individual customer environment tends to have fewer application types residing continuing to manage to best practices to create secure, highly on server-based operating systems (OSs) with tightly controlled network access, available environments. resulting in a relatively small relevant surface area for attack. In contrast, on-premise enterprise IT deployments tend to have a larger surface area due to their more IT decision-makers should diverse environments characterized by a broad array of OSs and applications, consider the benefits and risks of each model when deciding along with desktops, mobile devices and more network entry points. which workloads and applications to deploy in service provider environments and which to keep on-premise. In turn, internal resources can focus on the security posture of the area for which they maintain management responsibility. 3
  • 5. State of Cloud Security Report | Spring 2012 www.alertlogic.com Methodology: Analyzing Real-World Data This report provides a comparative quantitative analysis of the classes and frequencies of incidents encountered in on-premise environments vs. service provider environments. The analysis for both the service Alert Logic utilizes a patented The service provider cohort is provider and on-premise cohorts expert system that evaluates seven composed of hosted and cloud is based on incident data detected factors in determining if one or environments managed by one of in actual customer environments more network-based events elevate the Alert Logic service provider secured by Alert Logic, not to the level of an authentic security partners. from surveys, lab environments, incident (See Fig. D). Further, a or honeypots. Alert Logic team of GIAC-certified security These providers include captures security events in these analysts reviews each incident to more than half of the top 30 environments through network- ensure validity and to confirm the service providers headquarted based, signature-driven intrusion threat or compromise, providing in North America and are listed detection systems (IDS). To correct an additional layer of scrutiny to in the appendix. for noise and false positives, minimize false positives. The on-premise cohort represents environments deployed on the customer’s premises. Alert Logic visibility across on-premise customers come from a multiple environments FIG. B broad range of organizations, cutting across all verticals, with a concentration of enterprises in highly regulated industries such as health care, finance, energy and retail/e-commerce. As expected, on-premise deployments were typically larger than service provider deployments, featuring a broader set of applications and operating systems. The majority of both cohorts are located in North America and Western Europe. Service Provider On-Premise 4
  • 6. State of Cloud Security Report | Spring 2012 www.alertlogic.com PERCEPTION VS. DATA: Is the Alert Logic customer DATA set Cloud Really FIG. C Insecure? Improved agility and financial benefits have driven the growth of the Infrastructure-as-a-Service (IaaS) model. However, a perception remains that IaaS offerings from service providers pose greater security risks than traditional on-premise deployments. While there is clearly a heightened perception of risk, do managed and cloud environments hosted by service providers actually experience different classes of threats, or different frequencies of incidents? ON-PREMISE? HOSTED? SERVICE PROVIDER? CLOUD? As providers of Security-as-a-Service How Alert Logic to over 1,500 organizations with categorized its customer data IT infrastructure housed either in on-premise environments or with For its analysis, Alert Logic has managed service providers, categorized security data into Alert Logic draws on an extensive two environments: on-premise warehouse of security event data and service provider. On-premise to examine this assumption and customers own and manage is uniquely poised to assess the their own IT infrastructure. validity of popular beliefs regarding Service provider customers are the relative security of service an aggregation of all customers provider environments. utilizing Infrastructure-as-a- Service solutions from a service provider, spanning from the elastic cloud to managed or dedicated hosted environments. 5
  • 7. State of Cloud Security Report | Spring 2012 www.alertlogic.com Incident Identification 2.2 B i ll i o n security events observed ALERT L OG IC SE CURIT Y I NCID E N T CATE G ORI E S INCIDENT CLASS D E F I N ITIO N EXAMPLES during the study period were Application Attack Exploit attempts against applications Buffer overflow automatically evaluated and or services that are not running over correlated through Alert Logic’s HTTP protocol. expert system and reviewed by Brute Force Exploit attempts enumerating a large Password cracking number of combinations, typically attempts Alert Logic’s security analysts. involving numerous credential failures. m o re t h an 62,000 Malware/ Malicious software installed on a host Conficker, Zeus Botnet Activity engaging in unscrupulous activity, data botnet, command destruction, information gathering and control botnet or creation of backdoors. Included communication in this category is botnet activity: activity i n c i d en t s post-compromise activity displaying were verified and classified into characteristics of command and control communication. seven incident categories. Misconfiguration Network/host/application configuration Missing patches and issues that introduce possible security writable anonymous EVENT VS. INCIDENT vulnerabilities, typically a result of FTP directories inadequate hardening. Event : Evidence of suspicious behavior detected via an IDS signature. Reconnaissance Activity focused on mapping the Port scans and networks, applications and/or fingerprinting Inc ident: Validated threat services. deemed to require a response, identified by correlating one or more events. Vulnerability Scan Automated vulnerability discovery Unauthorized in applications, services or protocol Nessus scan Example: A single port scan is an event. implementations. A series of port scans over time from a host recognized as an attack source is Web Application Attacks targeting the presentation, SQL injection Attack logic or database layer of Web an incident. applications. FIG. D Incid ent I d en ti fi cati on Approach THREAT IDENTIFICATION AUTOMATED EXPERT SYSTEM ANALYSIS CERTIFIED SECURITY ANALYST EVENTS REVIEW INCIDENTS More Than 2.2 Billion 62,000 6
  • 8. State of Cloud Security Report | Spring 2012 www.alertlogic.com SUMMARY OF RESULTS: Just the Facts To assess whether on-premise and service provider environments experience different levels of risk, Alert Logic evaluated three factors: Occurrence: The percentage of customers in each cohort These measures, in combination, help define the critical experiencing each class of incident defined in the Security elements of a security program. The class and frequency Incident Categories chart. Customers are included if they of events help determine the core elements of a program; experienced a specific class of incident at least once higher threat diversity requires a more complex and during the study period. involved security program to adequately protect assets. Frequency: The average frequency of incidents, by class, Analysis of these three factors shows that even in security- for impacted customers, indicating how often customers conscious environments, virtually every environment will experience an incident of a particular category. encounter meaningful threats. Further, service-provider managed-environments encountered more favorable Threat Diversity: The threat diversity in each group, results in all three of the criteria analyzed in this report. i.e., the number of unique incident classes (of the seven It should be noted that some of this could be explained by categories reviewed) encountered by the customers the differences in size and platform diversity of cloud vs. in each cohort. on-premise environments. The rate of occurrence in an The frequency of experienced The threat diversity for on-premise environment is more incidents is higher for on-premise on-premise environments is greater likely to be greater than the environments across most of the than the threat diversity for service occurrence rate for service provider threat categories. provider environments. customers. This observation is true for all threat categories. Top Three FIG. E OCCURRENCE: FIG. F Incident Classes PERCENT OF ALERT LOGIC customers experiencing security incidents By Class of Incident Web Application Brute Force Reconnaissance Attack Brute Force Web Application Vulnerability Attack Scan 7
  • 9. State of Cloud Security Report | Spring 2012 www.alertlogic.com STATISTICS: Incident Occurrence and Frequency Rates While service-provider-managed The most significant spread was environments encountered lower found in malware/botnet incidents. Threat diversity: rates and frequency of security On-premise environments were incidents across all categories, overwhelmingly more likely to there are notable differences in encounter such incidents in their Threat diversity is the third the data. Alert Logic observed environments when compared element that Alert Logic analyzed. a far greater percentage of to service-provider-managed While a lower threat diversity by misconfiguration-based incidents environments, with 43% of on-premise itself does not mean an inherently in the on-premise environment. environments versus 2% of service- less risky environment, a higher provider-managed environments. threat diversity indicates that a The average number of broader set of attack vectors are misconfiguration-related Both on-premise (71%) and service at play. incidents per impacted provider (65 %) customers are highly likely to have experienced Web customers are roughly application attacks, and impacted DISTRIBUTION OF FIG. H equivalent: 3.0 instances UNIQUE THREATS customers in both environments were in hosted/cloud, 4.0 likely to have experienced a high 30% on-premise. However, number of such attacks over the Mean: 2.1 Percentage of Environments Impacted 12% of on-premise period of study (on-premise 46.6, 25% Mean: 3.0 customers experienced service provider 32.4). a misconfiguration incident 20% while only 1% of service Brute force incidents are even provider customers did. more commonly experienced in an 15% FREQUENCY: FIG. G on-premise environment than Web 10% NUMBER OF INCIDENTS application attacks, with 83% of cus- PER IMPACTED CUSTOMER tomers receiving an average of 47.3 5% By Class of Incident such attacks. While brute force inci- dents in the service provider realm are 0% significant (44% of customers experi- 0 1 2 3 4 5 6 7 July 2010 - June 2011 enced them), the difference between Unique Threat Classes Encountered 0 10 20 30 40 50 Web the two environments is surprising. Application Attack Service Provider On-Premise With more public-facing targets Brute Force (websites) in the service provider Alert Logic found lower threat environment, the reverse might have diversity in service provider Vulnerability Scan been expected. environments than in on-premise Malware/Botnet environments. During the period Vulnerability scans are observed Application Attack of this study, service provider among 37% of service provider customers averaged threats in Misconfiguration customers and 54% of on-premise 2.1 categories (out of the seven customers. Reconnaissance categories analyzed), while on-premise customers Service Provider On-Premise experienced 3.0. 8
  • 10. State of Cloud Security Report | Spring 2012 www.alertlogic.com conclusions: The Alert Logic Perspective A belief persists that service provider OPPORTUNITY TO improve FIG. I environments are less secure than security posture on-premise environments, but this is simply not supported by Alert Logic data. Alert Logic analysis indicates that service provider environments tend to be less prone to a broad range of security incidents than on-premise environments. risk Further, service provider environments tend to experience ON-PREMISE a narrower range of attack vectors. Possible explanations include the presence of more standardized system configurations in the service provider world, a narrower SERVICE range of use cases among service provider customers, PROVIDER and the relative maturity of the IaaS industry. size and diversity It’s not that the cloud is inherently Fig. I represents a conceptual framework for thinking secure or insecure. It’s really about about these differences. While service providers manage the quality of management applied vast networks with tens of thousands of servers and applications, the relevant surface area a prospective buyer to any IT environment. of IaaS solutions should consider is that of the individual customer environment. In Alert Logic’s experience, those individual customer environments skew to a smaller and While this data certainly casts doubt on conventional simpler footprint as measured by a number of nodes and wisdom and concerns about security in the service applications, and breadth of operating systems. In contrast, provider environment, Alert Logic does not believe that on-premise environments managed by the typical enterprise it leads to a simple “service provider vs. on-premise” span a much broader array of endpoints, applications and conclusion. While we observed differences between the operating systems. two environments, we believe that there are several factors that help explain these variances: Service provider environments, with smaller deployments, inherently avoid some of that risk and therefore are a • The typical size of a customer/user in each environment good choice for appropriate workloads. • The types of workloads found in each environment Organizations making decisions about cloud and hosted • The diversity of each environment infrastructure can exploit these differences to improve their security posture and make the most effective use of • The presence of user endpoints in the on-premise IT resources. environments All of these differences speak to the relationship between risk level and IT surface area in any environment. 9
  • 11. State of Cloud Security Report | Spring 2012 www.alertlogic.com Smart enterprises should they wish to let someone else handle Security management is not a take advantage them. Selection of a service provider discrete goal to be achieved and of the service provider model should include careful evaluation considered complete; it is an for certain workloads. of the security policies and solutions ongoing process that is fundamental that are available from the providers to providing IT infrastructure Those workloads can take advantage under consideration. management as a service. of the service provider’s highly repeat- able configurations and processes and Service providers must be demonstrated ability to manage to aware that while they benefit WRAPPING UP: best practices (evident in the far lower misconfiguration rates observed). structurally from more limited The Data Tells and well-defined workloads, These characteristics allow service providers to very effectively manage enterprise security concerns the Story security for a focused set of threats. will not disappear. For example, a Web-based server With security visibility into both Lower threat diversity today doesn’t application and related databases mean that service providers will not on-premise and service provider containing sensitive customer data face increasing threat diversity in the environments, Alert Logic findings may be a good fit for migrating future. To protect against leading offer a unique perspective on to a hosted or cloud environment. threat vectors, service providers are managing IT security. Whether in the The segregation of server-based best served by focusing time and cloud or an on-premise environment, applications and assets from energy on the most pervasive risks effectively securing IT infrastructure a diverse and porous on-premise in their customer environments: Web is largely about the quality of network with numerous mobile application attacks, brute force and management: clients and desktops, which are often reconnaissance. In addition, service targets of highly prevalent malware providers should continue to build • Focusing on basic hygiene, and botnet infection, can create an on their demonstrated competence Web application security and inherently more secure environment in managing to best practices around configuration issues for that application. At the same time, fundamental security hygiene, such in-house IT resources can focus on the as configuration management and • Strategically isolating unique challenges in their environment. operating system hardening. workloads in the most Service-provider-managed appropriate environment environments are not magic By utilizing strong product bullets and not all are management disciplines to determine • Building and maintaining which IaaS solutions are offered security expertise for workloads created equal. and supported, service providers can retained on-premise Alert Logic data and experience play a role in minimizing the threat suggest that much of the improvement diversity in cloud environments Despite the widespread in risk profile in the service provider by limiting the IT surface area for perception that the cloud customer data comes from a lower potential attacks. Managing security presents an increased complexity and diversity and better programs requires service providers security risk, fears that management of the basics, most to maintain continued visibility the cloud is inherently notably configuration management. into the threats encountered by insecure are not supported The primary decision an enterprise customers and continuous by the data.n must make is whether they wish to improvement in identifying and replicate those best practices or if defending against those threats. 10
  • 12. State of Cloud Security Report | Spring 2012 www.alertlogic.com APPENDIX: Data Tables OCCURrENCE: Percent of Customers THreat diversity: DISTRIBUTION Experiencing Security Incidents OF UNIQUE THREATS By Class of Incident SERVICE THREAT SERVICE Jul 2010 – Jun 2011 ON-PREMISE ON-PREMISE PROVIDER DIVERSITY PROVIDER Web Application 0 9% 0% 65% 71% Attack 1 27% 20% Brute Force 44% 83% 2 27% 23% Reconnaissance 42% 51% 3 21% 22% Vulnerability Scan 4 14% 18% 37% 54% 5 2% 11% Application Attack 3% 9% 6 0% 5% Malware/ 2% 43% 7 0% 2% Botnet Activity Misconfiguration 1% 12% Mean No. of Threat 2.1 3.0 Classes Encountered FREQUENCY: Number of Incidents per Service provider partners Impacted Customer INCLUDED IN STUDY By Class of Incident SERVICE Jul 2010 – Jun 2011 ON-PREMISE SERVICE PROVIDER PARTNER WEBSITE PROVIDER Web Application ATOS Origin atos.net 32.4 46.6 Attack CyrusOne cyrusone.com Brute Force 22.4 47.3 Datapipe datapipe.com Vulnerability Scan 21.8 22.9 DediPower dedipower.com Malware/ Hosting.com hosting.com 8.4 28.1 Botnet Activity Hostway hostway.com Application Attack 6.2 6.2 Internap internap.com Misconfiguration 3.0 4.0 Latisys latisys.com Reconnaissance 2.4 10.1 LayeredTech layeredtech.com LogicWorks logicworks.net Megapath megapath.com Top three incident cLASSES NaviSite navisite.com SERVICE PROVIDER ON-PREMISE OpSource opsource.net Peer1 peer1.com 1. eb App. Attack (65%) W 1. Brute Force (83%) Rackspace rackspace.com Sungard Availability Services sungardas.com 2. Brute Force (44%) 2. eb App. Attack (71%) W Visi visi.com 3. Reconnaissance (42%) 3. Reconnaissance (54%) Windstream windstreambusiness.com 11
  • 13. State of Cloud Security Report | Spring 2012 www.alertlogic.com Contributors Lead Analysts Tyler Borland Mukul Gupta, PhD Jacob Martinson Johnathan Norman Author Maureen Rogers Editors Celeste Monroe John Whiteside © Copyright 2012 Alert Logic, Inc. All rights reserved.
  • 14. Security. Compliance. Cloud. Alert Logic, Inc. 1776 Yorktown, 7th Floor Houston, TX 77056 www.alertlogic.com © Copyright 2012 Alert Logic, Inc. All rights reserved.