SlideShare a Scribd company logo

Protecting What Matters...An Enterprise Approach to Cloud Security

ā€¢
ā€¢
InnoTech
InnoTech

Presented at InnoTech Dallas 2014. All rights reserved.

BusinessTechnology
1 of 32
Download to read offline
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Protecting what matters... ... An enterprise approach to cloud security Ed Reynolds HP Fellow, CISSP, CCSK HP Enterprise Security Services
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2 Todayā€™s agenda TRENDS PERSPECTIVES GUIDANCE
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3 Worldwide Security Trends & Implications Cyber threat 56%of organizations have been the target of a cyber attack Extended supply chain 44% of all data breach involved third-party mistakes Financial loss $8.6M average cost associated with data breach Cost of protection 8% of total IT budget spent on security Reputation damage 30% market cap reduction due to recent events Source: HP internal data, Forrester Research, Ponemon Institute, Coleman Parkes Research Key Points ā€¢ Security is a board of directors concern ā€¢ Security leadership is under immense pressure ā€¢ Need for greater visibility of business risks and to make sound security investment choicesReactive vs. proactive 60% of enterprises spend more time and money on reactive measures vs. proactive risk mgmt
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4 Managing security challenges Today, security is a board-level agenda item #1 Board Identified Risk: Reputational Damage Source: EisnerAmper LLP, February 2011 - Second Annual Board of Directors Survey - 2011: Concerns About Risks Confronting Boards
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5 Managing Risk: Current Challenges Primary Challenges Nature & Motivation of Attacks (Fame to national enemies)1 Transformation of Enterprise IT (Delivery and consumption changes)2 Traditional DC Private Cloud Managed Cloud Public Cloud Network Storage Servers Delivery Regulatory Pressures (Increasing cost and complexity)3 A New Type of Adversary Basel III Enhanced Regulatory Environment
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6 HP research: Top concerns for IT executives 67% 66% 63% 54% Extremely concerned Somewhat concerned Not very concerned Data privacy and information breaches Lack of skilled resources to effectively manage security Risk associated with more consumption of apps/IT services across public, private & hybrid cloud Risk associated with more consumption of apps/IT services Source: HP 20:20 CIO Report, 2012
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7 Cloud services: adoption is tempered by uncertainty Security or related component is #1 concern/issue for most enterprises LOB/IT CIO Security Performance Reliability Scalability Service levels Data security & protection Compliance Auditing Cost Governance Control Availability
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8 CSA: Cloud Computing Top Threats for 2013 Top Threats for 2013 1.Data Breaches 2.Data Loss 3.Account or Service Hijacking 4.Insecure Interfaces and APIs 5.Denial of Service 6.Malicious Insiders 7.Abuse of Cloud Services 8.Insufficient Due Diligence 9.Shared Technology Vulnerabilities Security for the cloud http://cloudsecurityalliance.org/ 1. HPā€™s Rafal Los co-chaired the CSA Top Threats working group 2. HP selected by CSA as Master Training Partner in APJ (initial region)
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9 What do we mean by ā€œcloud securityā€? ā€¢ Security for the cloud? Securely use cloud (consumers) ā€¢ Security from the cloud? Security-as-a-Service ā€¢ Security in the cloud? Embedded security (providers) ā€¢ Security across clouds? Hybrid models, interoperability 1 2 3 4
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10 Cloud models require different security solutionsā€¦ Attack surface increases composition of two or more clouds Hybrid cloud Sold to the public, mega-scale infrastructure Public cloud Shared infrastructure for specific community Community cloud Enterprise-owned or leased Private cloud
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11 ... and different roles & responsibilities regarding security Cloud SaaS PaaS IaaS SaaS: Software as a Service, generally provides application, data and infrastructure security, with varying degrees of compliance PaaS: Platform as a Service, may provide some additional security functions for IDM and secure application development ā€“ security falls to app developer and customer IT operations IaaS: Infrastructure as a Service ā€“ providers generally offer basic network & infrastructure security, firewalls, some tools ā€“ but customer is generally responsible for implementation,operations, monitoring
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12 But what is really new about ā€œcloud securityā€? Many traditional security concerns are recast as a ā€œcloud problemā€. . . ā€¢ Many ā€œcloud security incidentsā€œ are issues with web apps and data-hosting, but at greater scaleā€¦ - e.g. Phishing, downtime, data loss, weak passwords, compromised hosts running botnets, etc ā€¦ ā€¢ Unexpected side channels and covert channels arising from shared-resource environments in public services - Activity patterns need to be protected in addition to apps and data ā€¢ Reputation fate sharing: possible blacklisting or service disruption due to ā€œbad neighborsā€ - Need ā€œmutual auditabilityā€ (providers need to audit/monitor users) ā€¢ Longer trust chains: {SaaS to PaaS to IaaS} ā€“ Y.Chen, et.al, ā€œWhatā€™s New About Cloud Computing Security?ā€ UC Berkeley, Jan.20, 2010
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. ā€œItā€™snotaboutcloudsecurityā€“ itā€™saboutsecuringyour enterpriseā€™suseofcloud-based servicesā€ ā€œCloudsecuritybeginswith, andaddsto,well-defined enterprisesecurityā€ Perspectives
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14 Enterprise approach to cloud security HP Enterprise Security Services Whitepaper 1. Establish a risk-based approach 2. Design applications to run in the cloud 3. Ongoing auditing and management
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15 HP approach to complete information security Establish a risk-based approach Actionable Security Intelligence Moving from Reactive to Proactive Information Security & Risk Management Assess security investments and posture Transform from silos to a comprehensive view Optimize to proactively improve security posture Manage security effectively Establish a risk based approach
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16 HP Cloud Security Risk and Control Assessment Stage 1: Assessment Workshop Business Issues Discovery Strategic Control Plan Risk Assessment Scope Engagement with senior management Stage 2: Risk Assessment Engagement with business-level security Business Risk Assessment Asset Risk Assessment Assets Prioritized by Risk Stage 3: Controls Assessment Cloud Control Measures Consensus Assessment Prioritized Security Control Plan Engagement with operational level security Establish a risk based approach
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17 Are your applications & dataā€¦ The path of least resistance? Design apps to run in cloud
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18 Secure SDLC: protect data & IP Design apps to run in cloud Attacker Software & data Hardware Network Intellectual property Customer data Business processes Trade secrets
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19 The National Vulnerability Database (DHS/US-CERT) ā€¢ Lists >47,000 documented vulnerabilities Undiscovered/unreported (0-day) vulnerabilities are huge ā€¢ 20X1 multiplier ā€¢ 47,000 x 20 = estimated 940,000 vulnerabilities replicated in many products The risks Vulnerabilities (security defects) Quality issue: many more ā€œunderwaterā€ than those reported ā€œabove the waterā€ Greater than 80% of attacks happen at the application layer Notes: HP research and 1ā€œPublic Vulnerabilities Are Tip of the Iceberg,ā€ CNET News, June 1, 2007 Design apps to run in cloud
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20 The National Vulnerability Database (DHS/US-CERT) ā€¢ Lists >47,000 documented vulnerabilities Undiscovered/unreported (0-day) vulnerabilities are huge ā€¢ 20X1 multiplier ā€¢ 47,000 x 20 = estimated 940,000 vulnerabilities replicated in many products The risks Vulnerabilities (security defects) Quality issue: many more ā€œunderwaterā€ than those reported ā€œabove the waterā€ But <1% of security spend is allocated to application security !!! Notes: HP research and 1ā€œPublic Vulnerabilities Are Tip of the Iceberg,ā€ CNET News, June 1, 2007 Design apps to run in cloud
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21 Designing applications to run in the cloud ā€¢ Embed security in application architecture ā€¢ Address new attack surfaces early in design ā€¢ Encrypt ā€œeverythingā€ by default ā€“ end-to-end ā€¢ Adopt new mindset to privacy ā€¢ Bounding processes around PII (e.g. PCI tokenization example) ā€¢ Build in audit trails for forensics ā€¢ Conduct 3rd party reviews (CATA, Pen.Test) Design apps to run in cloud
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22 Securing ā€œdata-in-process,ā€ in addition to ā€œat restā€ and ā€œin motionā€ Encryption advances & alternativesāˆ— Advances Broadcast encryption: encryption for groups and memberships Searchable symmetric encryption: securely search encrypted data Identity-based encryption: ad-hoc PKI, user chooses his own public key Predicate encryption: fine-grained PKI Homomorphic encryption: emerging techniques to compute on ciphertext * Source: CSA Guidance v3.0Chapter 11 Alternatives* Tokenization. Data sent to the public cloud is altered (tokenized) and contains a reference to the data residing in the private cloud. Data anonymization. Personally identifiable information (PII) is stripped before processing. (Watch assumptions) Utilizing cloud database controls. Using (fine-grained) access controls at database layer to provide segregation. Design apps to run in cloud
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.23 Architecting Security into Applications Security assurance thought leadership Requirements/ architecture & design ā€¢ Security requirements gap analysis ā€¢ Security designed in ā€¢ Dramatically reduces risk of vulnerabilities ā€¢ More complete and less expensive assurance ā€¢ Guides late lifecycle assurance ā€¢ The best response to a greater threat Reactive Traditional Proactive Extending security assurance Higher ROI The traditional approach is backwards. It can never solve the problem by itself but works great after proactively prioritizing late life cycle assurance focus Post-release First, people found vulnerabilities, patched, and issued bulletins Integration/ penetration test ā€¢ In-house, more proactive ā€¢ More expensive in isolation Coding ā€¢ Security code scanners ā€¢ Code review ā€¢ Better when design supports security Design apps to run in cloud
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.24 Applications rationalisation Cloud-specific workload analysis Risk analysis & TCO BPA HP cloud applications transformation Level 2 transformation strategy determination (x to x) Level 1 transformation strategy determination (REā€™s) App migration Cloud service types Cloud deployment models IaaS PaaS SaaS Public Private Virtual private Dedicated/hosted (retain, retire) Suitable for SaaS Suitable for preferred target/ public cloud Need modernisation analysis Not suitable for cloud Cloud suitability mapping ā€¢ Replace ā€¢ Re-architect ā€¢ Re-factor ā€¢ Re-host App migration Apps Design apps to run in cloud
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.25 Applications modernization strategy Re-factor Re-architect Re-host Replace Application cloud strategy Codingeffort New value generation potential IaaS SaaS PaaS PaaS SOA Design apps to run in cloud
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.26 Auditing cloud services Continuous compliance monitoring is essential to securely delivering cloud services and ensuring compliance ā€¢ Cloud Services are inherently dynamic. The dynamic provisioning and de-provisioning of resources is a key part of the Cloud value proposition and business model ā€¢ Automation for operations and asset management are essential in this dynamic environment ā€¢ Verification of compliance with policy and legislation ā€“ such as the EU Data Protection Directive, GLBA, HIPAA, and Export compliance controls like ITAR ā€“ requires continuously running automation Yearly or monthly audits are irrelevant in an environment that changes completely on a daily or hourly basis Ongoing auditing & management
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.27 Are we secure? Continuous security monitoring Ongoing auditing & management
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.28 What about infrastructure and network security? ā€¢ Infrastructure and network security are critical areas for cloud-based solutions ā€¢ Enterprises have little or no influence on a providerā€™s implementation and controls in these areas ā€¢ A thorough review of the service providerā€™s policies should be completed as part of the due diligence process during contract negotiation and service sourcing
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.29 5 key ways to reduce risk 1. Understand your risk profile 2. Architect for the cloud 3. Robust identity, access management 4. Confirm legal, compliance obligations, due diligence 5. ā€œClear Responsibilityā€ ā€“ CSP, Customer, Both
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.30 Cloud security: guidance for critical areas Architecture 1. Cloud computing architectural framework Governance 2. Governance and enterprise risk management 3. Legal issues: contracts and electronic discovery 4. Compliance and audit management 5. Information management and data security 6. Interoperability and portability Operations 7. Traditional security, business continuity, and disaster recovery 8. Data center operations 9. Incident response 10. Application security 11. Encryption and key management 12. Identity, entitlement, and access management 13. Virtualization Security for the cloud http://cloudsecurityalliance.org/ https://ccsk.cloudsecurityalliance.org/
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.31 Final thoughts ļƒ¼ Recognize the threats have changed and become ā€˜industrializedā€™ ļƒ¼ Employ comprehensive and integrated approach to enterprise security & risk management ļƒ¼ Conduct security threat analyses for all critical applications ļƒ¼ Design in security from the beginning: essential for public cloud usage ļƒ¼ Be vigilant: continual compliance monitoring and audits, intrusion testing, verifiable backupsā€¦
Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thankyou Whitepaper: bit.ly/hpcloudsecurity Email: ed.reynolds@hp.com URL: hp.com/enterprise/security

Recommended

MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT Initiatives
Dell EMC World
Ā 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb final
Christophe Monnier
Ā 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in Cybersecurity
Dell EMC World
Ā 
4.5.cloud security
4.5.cloud security4.5.cloud security
4.5.cloud security
DrRajapraveenkN
Ā 
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK CertificationGetting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
ITpreneurs
Ā 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Troy Marshall
Ā 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
Information Security Awareness Group
Ā 
Ariel Litvin - CCSK
Ariel Litvin - CCSKAriel Litvin - CCSK
Ariel Litvin - CCSK
CSAIsrael
Ā 

Recommended

MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT Initiatives
Dell EMC World
Ā 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb final
Christophe Monnier
Ā 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in Cybersecurity
Dell EMC World
Ā 
4.5.cloud security
4.5.cloud security4.5.cloud security
4.5.cloud security
DrRajapraveenkN
Ā 
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK CertificationGetting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
ITpreneurs
Ā 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Troy Marshall
Ā 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
Information Security Awareness Group
Ā 
Ariel Litvin - CCSK
Ariel Litvin - CCSKAriel Litvin - CCSK
Ariel Litvin - CCSK
CSAIsrael
Ā 
Ohm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slideshareOhm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slideshare
Peter HJ van Eijk
Ā 
Key Security Insights: Examining 2014 to predict emerging threats
Key Security Insights: Examining 2014 to predict emerging threats Key Security Insights: Examining 2014 to predict emerging threats
Key Security Insights: Examining 2014 to predict emerging threats
Dell World
Ā 
Humans Are The Weakest Link ā€“ How DLP Can Help
Humans Are The Weakest Link ā€“ How DLP Can HelpHumans Are The Weakest Link ā€“ How DLP Can Help
Humans Are The Weakest Link ā€“ How DLP Can Help
Valery Boronin
Ā 
Adapting for the Internet of Things
Adapting for the Internet of ThingsAdapting for the Internet of Things
Adapting for the Internet of Things
Tripwire
Ā 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
Christophe Foulon, CISSP
Ā 
J3602068071
J3602068071J3602068071
J3602068071
ijceronline
Ā 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the Cloud
CompTIA UK
Ā 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
TheAnfieldGroup
Ā 
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechMT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
Dell EMC World
Ā 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things
NetIQ
Ā 
Reddix Group - Quantum AI - Presentation
Reddix Group - Quantum AI - PresentationReddix Group - Quantum AI - Presentation
Reddix Group - Quantum AI - Presentation
Joe Reddix
Ā 
Cloud Data Protection for the Masses
Cloud Data Protection for the MassesCloud Data Protection for the Masses
Cloud Data Protection for the Masses
IRJET Journal
Ā 
Security Strategies for Success
Security Strategies for SuccessSecurity Strategies for Success
Security Strategies for Success
Citrix
Ā 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)
Brian K. Dickard
Ā 
Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?
Jody Keyser
Ā 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
UnifyCloud
Ā 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Norm Barber
Ā 
Cloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing CapabilitiesCloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing Capabilities
SusanneT
Ā 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Symantec APJ
Ā 
Get your house on order
Get your house on orderGet your house on order
Get your house on order
Dekkinga, Ewout
Ā 
OpenStack User Group Italia
OpenStack User Group ItaliaOpenStack User Group Italia
OpenStack User Group Italia
Davide Guerri
Ā 
VMware - Openstack e VMware: la strana coppia
VMware - Openstack e VMware: la strana coppia VMware - Openstack e VMware: la strana coppia
VMware - Openstack e VMware: la strana coppia
VMUG IT
Ā 

More Related Content

What's hot

Humans Are The Weakest Link ā€“ How DLP Can Help
Humans Are The Weakest Link ā€“ How DLP Can HelpHumans Are The Weakest Link ā€“ How DLP Can Help
Humans Are The Weakest Link ā€“ How DLP Can Help
Valery Boronin
Ā 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the Cloud
CompTIA UK
Ā 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
TheAnfieldGroup
Ā 
Reddix Group - Quantum AI - Presentation
Reddix Group - Quantum AI - PresentationReddix Group - Quantum AI - Presentation
Reddix Group - Quantum AI - Presentation
Joe Reddix
Ā 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)
Brian K. Dickard
Ā 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Norm Barber
Ā 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Symantec APJ
Ā 

What's hot (20)

Ohm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slideshareOhm2013 cloud security 101 slideshare
Ohm2013 cloud security 101 slideshare
Ā 
Key Security Insights: Examining 2014 to predict emerging threats
Key Security Insights: Examining 2014 to predict emerging threats Key Security Insights: Examining 2014 to predict emerging threats
Key Security Insights: Examining 2014 to predict emerging threats
Ā 
Humans Are The Weakest Link ā€“ How DLP Can Help
Humans Are The Weakest Link ā€“ How DLP Can HelpHumans Are The Weakest Link ā€“ How DLP Can Help
Humans Are The Weakest Link ā€“ How DLP Can Help
Ā 
Adapting for the Internet of Things
Adapting for the Internet of ThingsAdapting for the Internet of Things
Adapting for the Internet of Things
Ā 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
Ā 
J3602068071
J3602068071J3602068071
J3602068071
Ā 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the Cloud
Ā 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Ā 
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechMT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
Ā 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things
Ā 
Reddix Group - Quantum AI - Presentation
Reddix Group - Quantum AI - PresentationReddix Group - Quantum AI - Presentation
Reddix Group - Quantum AI - Presentation
Ā 
Cloud Data Protection for the Masses
Cloud Data Protection for the MassesCloud Data Protection for the Masses
Cloud Data Protection for the Masses
Ā 
Security Strategies for Success
Security Strategies for SuccessSecurity Strategies for Success
Security Strategies for Success
Ā 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)
Ā 
Cloud is not an option, but is security?
Cloud is not an option, but is security?Cloud is not an option, but is security?
Cloud is not an option, but is security?
Ā 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Ā 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Ā 
Cloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing CapabilitiesCloud Governance Framework - Required Cloud Sourcing Capabilities
Cloud Governance Framework - Required Cloud Sourcing Capabilities
Ā 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Ā 
Get your house on order
Get your house on orderGet your house on order
Get your house on order
Ā 

Viewers also liked

Focus Group Open Source 22.11.2011 Boris Sofronic
Focus Group Open Source 22.11.2011 Boris SofronicFocus Group Open Source 22.11.2011 Boris Sofronic
Focus Group Open Source 22.11.2011 Boris Sofronic
Roberto Galoppini
Ā 
Utilizzo del Software OpenStack per la realizzazione di piattaforme "Cloud" -...
Utilizzo del Software OpenStack per la realizzazione di piattaforme "Cloud" -...Utilizzo del Software OpenStack per la realizzazione di piattaforme "Cloud" -...
Utilizzo del Software OpenStack per la realizzazione di piattaforme "Cloud" -...
Enrico Franceschini
Ā 
20140415 ć‚¢ćƒ‰ć‚æ悤惇悤ć‚ŗ 安č„æćƒ‘ćƒ¼ćƒˆ
20140415 ć‚¢ćƒ‰ć‚æ悤惇悤ć‚ŗ 安č„æćƒ‘ćƒ¼ćƒˆ20140415 ć‚¢ćƒ‰ć‚æ悤惇悤ć‚ŗ 安č„æćƒ‘ćƒ¼ćƒˆ
20140415 ć‚¢ćƒ‰ć‚æ悤惇悤ć‚ŗ 安č„æćƒ‘ćƒ¼ćƒˆ
Keisuke Anzai
Ā 
JD Edwards & Peoplesoft 1 _ Doug Hughes _ Oracle applications strategy and ro...
JD Edwards & Peoplesoft 1 _ Doug Hughes _ Oracle applications strategy and ro...JD Edwards & Peoplesoft 1 _ Doug Hughes _ Oracle applications strategy and ro...
JD Edwards & Peoplesoft 1 _ Doug Hughes _ Oracle applications strategy and ro...
InSync2011
Ā 
JDE & Peoplesoft 1 | John Schiff | JD Edwards Go9.pdf
JDE & Peoplesoft 1 | John Schiff | JD Edwards Go9.pdfJDE & Peoplesoft 1 | John Schiff | JD Edwards Go9.pdf
JDE & Peoplesoft 1 | John Schiff | JD Edwards Go9.pdf
InSync2011
Ā 

Viewers also liked (20)

OpenStack User Group Italia
OpenStack User Group ItaliaOpenStack User Group Italia
OpenStack User Group Italia
Ā 
VMware - Openstack e VMware: la strana coppia
VMware - Openstack e VMware: la strana coppia VMware - Openstack e VMware: la strana coppia
VMware - Openstack e VMware: la strana coppia
Ā 
Stack Overflow - It's All About Performance - Marco Cecconi - Codemotion Roma...
Stack Overflow - It's All About Performance - Marco Cecconi - Codemotion Roma...Stack Overflow - It's All About Performance - Marco Cecconi - Codemotion Roma...
Stack Overflow - It's All About Performance - Marco Cecconi - Codemotion Roma...
Ā 
Ocp overview del progetto
Ocp overview del progettoOcp overview del progetto
Ocp overview del progetto
Ā 
Un'Infrastruttura di Sviluppo Web Enterprise Distribuita Basata su Modelli Pa...
Un'Infrastruttura di Sviluppo Web Enterprise Distribuita Basata su Modelli Pa...Un'Infrastruttura di Sviluppo Web Enterprise Distribuita Basata su Modelli Pa...
Un'Infrastruttura di Sviluppo Web Enterprise Distribuita Basata su Modelli Pa...
Ā 
MySQL Tech Tour 2016 - Panoramica sul progetto Openstack
MySQL Tech Tour 2016 - Panoramica sul progetto OpenstackMySQL Tech Tour 2016 - Panoramica sul progetto Openstack
MySQL Tech Tour 2016 - Panoramica sul progetto Openstack
Ā 
Focus Group Open Source 22.11.2011 Boris Sofronic
Focus Group Open Source 22.11.2011 Boris SofronicFocus Group Open Source 22.11.2011 Boris Sofronic
Focus Group Open Source 22.11.2011 Boris Sofronic
Ā 
Cloud Computing reale: le basi, il presente ed il futuro del Cloud Computing
Cloud Computing reale: le basi, il presente ed il futuro del Cloud ComputingCloud Computing reale: le basi, il presente ed il futuro del Cloud Computing
Cloud Computing reale: le basi, il presente ed il futuro del Cloud Computing
Ā 
Mitsumoto Akiyo - 2014 Symposium on Financial Education in Korea
Mitsumoto Akiyo - 2014 Symposium on Financial Education in KoreaMitsumoto Akiyo - 2014 Symposium on Financial Education in Korea
Mitsumoto Akiyo - 2014 Symposium on Financial Education in Korea
Ā 
Utilizzo del Software OpenStack per la realizzazione di piattaforme "Cloud" -...
Utilizzo del Software OpenStack per la realizzazione di piattaforme "Cloud" -...Utilizzo del Software OpenStack per la realizzazione di piattaforme "Cloud" -...
Utilizzo del Software OpenStack per la realizzazione di piattaforme "Cloud" -...
Ā 
Alla scoperta di Ubuntu Phone, lo smartphone open-source - Codemotion techmee...
Alla scoperta di Ubuntu Phone, lo smartphone open-source - Codemotion techmee...Alla scoperta di Ubuntu Phone, lo smartphone open-source - Codemotion techmee...
Alla scoperta di Ubuntu Phone, lo smartphone open-source - Codemotion techmee...
Ā 
20140415 ć‚¢ćƒ‰ć‚æ悤惇悤ć‚ŗ 安č„æćƒ‘ćƒ¼ćƒˆ
20140415 ć‚¢ćƒ‰ć‚æ悤惇悤ć‚ŗ 安č„æćƒ‘ćƒ¼ćƒˆ20140415 ć‚¢ćƒ‰ć‚æ悤惇悤ć‚ŗ 安č„æćƒ‘ćƒ¼ćƒˆ
20140415 ć‚¢ćƒ‰ć‚æ悤惇悤ć‚ŗ 安č„æćƒ‘ćƒ¼ćƒˆ
Ā 
2013幓11꜈15ę—„é–‹å‚¬OAUG怀JDE SIGć‚»ćƒŸćƒŠćƒ¼ć€€ć‚ø悧ć‚Æć‚·ćƒ¼ćƒ‰ę¶ˆč²»ēØŽę”¹ę­£åƾåæœć‚µćƒ¼ćƒ“ć‚¹
2013幓11꜈15ę—„é–‹å‚¬OAUG怀JDE SIGć‚»ćƒŸćƒŠćƒ¼ć€€ć‚ø悧ć‚Æć‚·ćƒ¼ćƒ‰ę¶ˆč²»ēØŽę”¹ę­£åƾåæœć‚µćƒ¼ćƒ“ć‚¹2013幓11꜈15ę—„é–‹å‚¬OAUG怀JDE SIGć‚»ćƒŸćƒŠćƒ¼ć€€ć‚ø悧ć‚Æć‚·ćƒ¼ćƒ‰ę¶ˆč²»ēØŽę”¹ę­£åƾåæœć‚µćƒ¼ćƒ“ć‚¹
2013幓11꜈15ę—„é–‹å‚¬OAUG怀JDE SIGć‚»ćƒŸćƒŠćƒ¼ć€€ć‚ø悧ć‚Æć‚·ćƒ¼ćƒ‰ę¶ˆč²»ēØŽę”¹ę­£åƾåæœć‚µćƒ¼ćƒ“ć‚¹
Ā 
JD Edwards & Peoplesoft 1 _ Doug Hughes _ Oracle applications strategy and ro...
JD Edwards & Peoplesoft 1 _ Doug Hughes _ Oracle applications strategy and ro...JD Edwards & Peoplesoft 1 _ Doug Hughes _ Oracle applications strategy and ro...
JD Edwards & Peoplesoft 1 _ Doug Hughes _ Oracle applications strategy and ro...
Ā 
Panoramica sul progetto OpenStack
Panoramica sul progetto OpenStackPanoramica sul progetto OpenStack
Panoramica sul progetto OpenStack
Ā 
Erp
ErpErp
Erp
Ā 
Jdedwards EnterpriseOne Implementing Workflow
Jdedwards EnterpriseOne Implementing WorkflowJdedwards EnterpriseOne Implementing Workflow
Jdedwards EnterpriseOne Implementing Workflow
Ā 
MySQL Tech Tour 2016 - Database-as-a-Service con MySQL e Oracle Openstack
MySQL Tech Tour 2016 - Database-as-a-Service con MySQL e Oracle OpenstackMySQL Tech Tour 2016 - Database-as-a-Service con MySQL e Oracle Openstack
MySQL Tech Tour 2016 - Database-as-a-Service con MySQL e Oracle Openstack
Ā 
Jd edward ppt by me
Jd edward ppt by meJd edward ppt by me
Jd edward ppt by me
Ā 
JDE & Peoplesoft 1 | John Schiff | JD Edwards Go9.pdf
JDE & Peoplesoft 1 | John Schiff | JD Edwards Go9.pdfJDE & Peoplesoft 1 | John Schiff | JD Edwards Go9.pdf
JDE & Peoplesoft 1 | John Schiff | JD Edwards Go9.pdf
Ā 

Similar to Protecting What Matters...An Enterprise Approach to Cloud Security

Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?
Sridhar Karnam
Ā 
Innovation Without Compromise: The Challenges of Securing Big Data
Innovation Without Compromise: The Challenges of Securing Big DataInnovation Without Compromise: The Challenges of Securing Big Data
Innovation Without Compromise: The Challenges of Securing Big Data
Cloudera, Inc.
Ā 
To Serve and Protect: Making Sense of Hadoop Security
To Serve and Protect: Making Sense of Hadoop Security To Serve and Protect: Making Sense of Hadoop Security
To Serve and Protect: Making Sense of Hadoop Security
Inside Analysis
Ā 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125
Gabor Bokor
Ā 
Digital Transformation in the Cloud: What They Donā€™t Always Tell You [2020]
Digital Transformation in the Cloud: What They Donā€™t Always Tell You [2020]Digital Transformation in the Cloud: What They Donā€™t Always Tell You [2020]
Digital Transformation in the Cloud: What They Donā€™t Always Tell You [2020]
Tudor Damian
Ā 

Similar to Protecting What Matters...An Enterprise Approach to Cloud Security (20)

Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercato
Ā 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integration
Ā 
HP Enterprise Software: Making your applications and information work for you
HP Enterprise Software: Making your applications and information work for youHP Enterprise Software: Making your applications and information work for you
HP Enterprise Software: Making your applications and information work for you
Ā 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentation
Ā 
Primendi Visiooniseminar 2014 - Kuidas lahendada vƵrgu turvalisus mobiilses k...
Primendi Visiooniseminar 2014 - Kuidas lahendada vƵrgu turvalisus mobiilses k...Primendi Visiooniseminar 2014 - Kuidas lahendada vƵrgu turvalisus mobiilses k...
Primendi Visiooniseminar 2014 - Kuidas lahendada vƵrgu turvalisus mobiilses k...
Ā 
Making Network Security Relevant
Making Network Security RelevantMaking Network Security Relevant
Making Network Security Relevant
Ā 
Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?
Ā 
Innovation Without Compromise: The Challenges of Securing Big Data
Innovation Without Compromise: The Challenges of Securing Big DataInnovation Without Compromise: The Challenges of Securing Big Data
Innovation Without Compromise: The Challenges of Securing Big Data
Ā 
HP Discover - Developing new applications for the cloud
HP Discover - Developing new applications for the cloudHP Discover - Developing new applications for the cloud
HP Discover - Developing new applications for the cloud
Ā 
Cloud computing Introductory Session
Cloud computing Introductory SessionCloud computing Introductory Session
Cloud computing Introductory Session
Ā 
Transform IT Service Delivery Helion
Transform IT Service Delivery Helion Transform IT Service Delivery Helion
Transform IT Service Delivery Helion
Ā 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big risk
Ā 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy Franklin
Ā 
To Serve and Protect: Making Sense of Hadoop Security
To Serve and Protect: Making Sense of Hadoop Security To Serve and Protect: Making Sense of Hadoop Security
To Serve and Protect: Making Sense of Hadoop Security
Ā 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud Security
Ā 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125
Ā 
Forcepoint Corporate Presentation_Short.pptx
Forcepoint Corporate Presentation_Short.pptxForcepoint Corporate Presentation_Short.pptx
Forcepoint Corporate Presentation_Short.pptx
Ā 
Big Data Security with HP ArcSight
Big Data Security with HP ArcSightBig Data Security with HP ArcSight
Big Data Security with HP ArcSight
Ā 
Big data security
Big data securityBig data security
Big data security
Ā 
Digital Transformation in the Cloud: What They Donā€™t Always Tell You [2020]
Digital Transformation in the Cloud: What They Donā€™t Always Tell You [2020]Digital Transformation in the Cloud: What They Donā€™t Always Tell You [2020]
Digital Transformation in the Cloud: What They Donā€™t Always Tell You [2020]
Ā 

More from InnoTech

More from InnoTech (20)

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"
Ā 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is Maturing
Ā 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?
Ā 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters Most
Ā 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering Storm
Ā 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the field
Ā 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implications
Ā 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged Infrastructure
Ā 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365
Ā 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studies
Ā 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential
Ā 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
Ā 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
Ā 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to Life
Ā 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacy
Ā 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio
Ā 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - Quorum
Ā 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2
Ā 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner session
Ā 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentation
Ā 

Recently uploaded

GUWAHATI šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
Ā 
KOLKATA šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
KOLKATA šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book nowKOLKATA šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
KOLKATA šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
Ā 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
daisycvs
Ā 
BADDI šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
BADDI šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book nowBADDI šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
BADDI šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
Ā 
PITHAMPUR šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
PITHAMPUR šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book nowPITHAMPUR šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
PITHAMPUR šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
Ā 
Paradip CALL GIRLā¤7091819311ā¤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRLā¤7091819311ā¤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRLā¤7091819311ā¤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRLā¤7091819311ā¤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
pr788182
Ā 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
DitasDelaCruz
Ā 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
Roofing Contractor
Ā 
KOTA šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
KOTA šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book nowKOTA šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
KOTA šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
Ā 
SRI GANGANAGAR šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
SRI GANGANAGAR šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book nowSRI GANGANAGAR šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
SRI GANGANAGAR šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
Ā 

Recently uploaded (20)

GUWAHATI šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
Ā 
KOLKATA šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
KOLKATA šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book nowKOLKATA šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
KOLKATA šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
Ā 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
Ā 
BADDI šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
BADDI šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book nowBADDI šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
BADDI šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
Ā 
JHARSUGUDA CALL GIRL ā¤ 82729*64427ā¤ CALL GIRLS IN JHARSUGUDA ESCORTS
JHARSUGUDA CALL GIRL ā¤ 82729*64427ā¤ CALL GIRLS IN JHARSUGUDA ESCORTSJHARSUGUDA CALL GIRL ā¤ 82729*64427ā¤ CALL GIRLS IN JHARSUGUDA ESCORTS
JHARSUGUDA CALL GIRL ā¤ 82729*64427ā¤ CALL GIRLS IN JHARSUGUDA ESCORTS
Ā 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
Ā 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
Ā 
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ā 
PITHAMPUR šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
PITHAMPUR šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book nowPITHAMPUR šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
PITHAMPUR šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
Ā 
Paradip CALL GIRLā¤7091819311ā¤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRLā¤7091819311ā¤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRLā¤7091819311ā¤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRLā¤7091819311ā¤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Ā 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Ā 
Berhampur CALL GIRLā¤7091819311ā¤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRLā¤7091819311ā¤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur CALL GIRLā¤7091819311ā¤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRLā¤7091819311ā¤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Ā 
HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024
Ā 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
Ā 
Bankura Call Girl Just Callā™„ļø 8084732287 ā™„ļøTop Class Call Girl Service Available
Bankura Call Girl Just Callā™„ļø 8084732287 ā™„ļøTop Class Call Girl Service AvailableBankura Call Girl Just Callā™„ļø 8084732287 ā™„ļøTop Class Call Girl Service Available
Bankura Call Girl Just Callā™„ļø 8084732287 ā™„ļøTop Class Call Girl Service Available
Ā 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
Ā 
KOTA šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
KOTA šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book nowKOTA šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
KOTA šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
Ā 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Ā 
SRI GANGANAGAR šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
SRI GANGANAGAR šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book nowSRI GANGANAGAR šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
SRI GANGANAGAR šŸ’‹ Call Girl 9827461493 Call Girls in Escort service book now
Ā 
JAJPUR CALL GIRL ā¤ 82729*64427ā¤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ā¤ 82729*64427ā¤ CALL GIRLS IN JAJPUR ESCORTSJAJPUR CALL GIRL ā¤ 82729*64427ā¤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ā¤ 82729*64427ā¤ CALL GIRLS IN JAJPUR ESCORTS
Ā 

Protecting What Matters...An Enterprise Approach to Cloud Security

  • 1. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Protecting what matters... ... An enterprise approach to cloud security Ed Reynolds HP Fellow, CISSP, CCSK HP Enterprise Security Services
  • 2. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2 Todayā€™s agenda TRENDS PERSPECTIVES GUIDANCE
  • 3. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3 Worldwide Security Trends & Implications Cyber threat 56%of organizations have been the target of a cyber attack Extended supply chain 44% of all data breach involved third-party mistakes Financial loss $8.6M average cost associated with data breach Cost of protection 8% of total IT budget spent on security Reputation damage 30% market cap reduction due to recent events Source: HP internal data, Forrester Research, Ponemon Institute, Coleman Parkes Research Key Points ā€¢ Security is a board of directors concern ā€¢ Security leadership is under immense pressure ā€¢ Need for greater visibility of business risks and to make sound security investment choicesReactive vs. proactive 60% of enterprises spend more time and money on reactive measures vs. proactive risk mgmt
  • 4. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4 Managing security challenges Today, security is a board-level agenda item #1 Board Identified Risk: Reputational Damage Source: EisnerAmper LLP, February 2011 - Second Annual Board of Directors Survey - 2011: Concerns About Risks Confronting Boards
  • 5. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5 Managing Risk: Current Challenges Primary Challenges Nature & Motivation of Attacks (Fame to national enemies)1 Transformation of Enterprise IT (Delivery and consumption changes)2 Traditional DC Private Cloud Managed Cloud Public Cloud Network Storage Servers Delivery Regulatory Pressures (Increasing cost and complexity)3 A New Type of Adversary Basel III Enhanced Regulatory Environment
  • 6. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6 HP research: Top concerns for IT executives 67% 66% 63% 54% Extremely concerned Somewhat concerned Not very concerned Data privacy and information breaches Lack of skilled resources to effectively manage security Risk associated with more consumption of apps/IT services across public, private & hybrid cloud Risk associated with more consumption of apps/IT services Source: HP 20:20 CIO Report, 2012
  • 7. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7 Cloud services: adoption is tempered by uncertainty Security or related component is #1 concern/issue for most enterprises LOB/IT CIO Security Performance Reliability Scalability Service levels Data security & protection Compliance Auditing Cost Governance Control Availability
  • 8. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8 CSA: Cloud Computing Top Threats for 2013 Top Threats for 2013 1.Data Breaches 2.Data Loss 3.Account or Service Hijacking 4.Insecure Interfaces and APIs 5.Denial of Service 6.Malicious Insiders 7.Abuse of Cloud Services 8.Insufficient Due Diligence 9.Shared Technology Vulnerabilities Security for the cloud http://cloudsecurityalliance.org/ 1. HPā€™s Rafal Los co-chaired the CSA Top Threats working group 2. HP selected by CSA as Master Training Partner in APJ (initial region)
  • 9. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9 What do we mean by ā€œcloud securityā€? ā€¢ Security for the cloud? Securely use cloud (consumers) ā€¢ Security from the cloud? Security-as-a-Service ā€¢ Security in the cloud? Embedded security (providers) ā€¢ Security across clouds? Hybrid models, interoperability 1 2 3 4
  • 10. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10 Cloud models require different security solutionsā€¦ Attack surface increases composition of two or more clouds Hybrid cloud Sold to the public, mega-scale infrastructure Public cloud Shared infrastructure for specific community Community cloud Enterprise-owned or leased Private cloud
  • 11. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11 ... and different roles & responsibilities regarding security Cloud SaaS PaaS IaaS SaaS: Software as a Service, generally provides application, data and infrastructure security, with varying degrees of compliance PaaS: Platform as a Service, may provide some additional security functions for IDM and secure application development ā€“ security falls to app developer and customer IT operations IaaS: Infrastructure as a Service ā€“ providers generally offer basic network & infrastructure security, firewalls, some tools ā€“ but customer is generally responsible for implementation,operations, monitoring
  • 12. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12 But what is really new about ā€œcloud securityā€? Many traditional security concerns are recast as a ā€œcloud problemā€. . . ā€¢ Many ā€œcloud security incidentsā€œ are issues with web apps and data-hosting, but at greater scaleā€¦ - e.g. Phishing, downtime, data loss, weak passwords, compromised hosts running botnets, etc ā€¦ ā€¢ Unexpected side channels and covert channels arising from shared-resource environments in public services - Activity patterns need to be protected in addition to apps and data ā€¢ Reputation fate sharing: possible blacklisting or service disruption due to ā€œbad neighborsā€ - Need ā€œmutual auditabilityā€ (providers need to audit/monitor users) ā€¢ Longer trust chains: {SaaS to PaaS to IaaS} ā€“ Y.Chen, et.al, ā€œWhatā€™s New About Cloud Computing Security?ā€ UC Berkeley, Jan.20, 2010
  • 13. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. ā€œItā€™snotaboutcloudsecurityā€“ itā€™saboutsecuringyour enterpriseā€™suseofcloud-based servicesā€ ā€œCloudsecuritybeginswith, andaddsto,well-defined enterprisesecurityā€ Perspectives
  • 14. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14 Enterprise approach to cloud security HP Enterprise Security Services Whitepaper 1. Establish a risk-based approach 2. Design applications to run in the cloud 3. Ongoing auditing and management
  • 15. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15 HP approach to complete information security Establish a risk-based approach Actionable Security Intelligence Moving from Reactive to Proactive Information Security & Risk Management Assess security investments and posture Transform from silos to a comprehensive view Optimize to proactively improve security posture Manage security effectively Establish a risk based approach
  • 16. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16 HP Cloud Security Risk and Control Assessment Stage 1: Assessment Workshop Business Issues Discovery Strategic Control Plan Risk Assessment Scope Engagement with senior management Stage 2: Risk Assessment Engagement with business-level security Business Risk Assessment Asset Risk Assessment Assets Prioritized by Risk Stage 3: Controls Assessment Cloud Control Measures Consensus Assessment Prioritized Security Control Plan Engagement with operational level security Establish a risk based approach
  • 17. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17 Are your applications & dataā€¦ The path of least resistance? Design apps to run in cloud
  • 18. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18 Secure SDLC: protect data & IP Design apps to run in cloud Attacker Software & data Hardware Network Intellectual property Customer data Business processes Trade secrets
  • 19. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19 The National Vulnerability Database (DHS/US-CERT) ā€¢ Lists >47,000 documented vulnerabilities Undiscovered/unreported (0-day) vulnerabilities are huge ā€¢ 20X1 multiplier ā€¢ 47,000 x 20 = estimated 940,000 vulnerabilities replicated in many products The risks Vulnerabilities (security defects) Quality issue: many more ā€œunderwaterā€ than those reported ā€œabove the waterā€ Greater than 80% of attacks happen at the application layer Notes: HP research and 1ā€œPublic Vulnerabilities Are Tip of the Iceberg,ā€ CNET News, June 1, 2007 Design apps to run in cloud
  • 20. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20 The National Vulnerability Database (DHS/US-CERT) ā€¢ Lists >47,000 documented vulnerabilities Undiscovered/unreported (0-day) vulnerabilities are huge ā€¢ 20X1 multiplier ā€¢ 47,000 x 20 = estimated 940,000 vulnerabilities replicated in many products The risks Vulnerabilities (security defects) Quality issue: many more ā€œunderwaterā€ than those reported ā€œabove the waterā€ But <1% of security spend is allocated to application security !!! Notes: HP research and 1ā€œPublic Vulnerabilities Are Tip of the Iceberg,ā€ CNET News, June 1, 2007 Design apps to run in cloud
  • 21. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21 Designing applications to run in the cloud ā€¢ Embed security in application architecture ā€¢ Address new attack surfaces early in design ā€¢ Encrypt ā€œeverythingā€ by default ā€“ end-to-end ā€¢ Adopt new mindset to privacy ā€¢ Bounding processes around PII (e.g. PCI tokenization example) ā€¢ Build in audit trails for forensics ā€¢ Conduct 3rd party reviews (CATA, Pen.Test) Design apps to run in cloud
  • 22. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22 Securing ā€œdata-in-process,ā€ in addition to ā€œat restā€ and ā€œin motionā€ Encryption advances & alternativesāˆ— Advances Broadcast encryption: encryption for groups and memberships Searchable symmetric encryption: securely search encrypted data Identity-based encryption: ad-hoc PKI, user chooses his own public key Predicate encryption: fine-grained PKI Homomorphic encryption: emerging techniques to compute on ciphertext * Source: CSA Guidance v3.0Chapter 11 Alternatives* Tokenization. Data sent to the public cloud is altered (tokenized) and contains a reference to the data residing in the private cloud. Data anonymization. Personally identifiable information (PII) is stripped before processing. (Watch assumptions) Utilizing cloud database controls. Using (fine-grained) access controls at database layer to provide segregation. Design apps to run in cloud
  • 23. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.23 Architecting Security into Applications Security assurance thought leadership Requirements/ architecture & design ā€¢ Security requirements gap analysis ā€¢ Security designed in ā€¢ Dramatically reduces risk of vulnerabilities ā€¢ More complete and less expensive assurance ā€¢ Guides late lifecycle assurance ā€¢ The best response to a greater threat Reactive Traditional Proactive Extending security assurance Higher ROI The traditional approach is backwards. It can never solve the problem by itself but works great after proactively prioritizing late life cycle assurance focus Post-release First, people found vulnerabilities, patched, and issued bulletins Integration/ penetration test ā€¢ In-house, more proactive ā€¢ More expensive in isolation Coding ā€¢ Security code scanners ā€¢ Code review ā€¢ Better when design supports security Design apps to run in cloud
  • 24. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.24 Applications rationalisation Cloud-specific workload analysis Risk analysis & TCO BPA HP cloud applications transformation Level 2 transformation strategy determination (x to x) Level 1 transformation strategy determination (REā€™s) App migration Cloud service types Cloud deployment models IaaS PaaS SaaS Public Private Virtual private Dedicated/hosted (retain, retire) Suitable for SaaS Suitable for preferred target/ public cloud Need modernisation analysis Not suitable for cloud Cloud suitability mapping ā€¢ Replace ā€¢ Re-architect ā€¢ Re-factor ā€¢ Re-host App migration Apps Design apps to run in cloud
  • 25. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.25 Applications modernization strategy Re-factor Re-architect Re-host Replace Application cloud strategy Codingeffort New value generation potential IaaS SaaS PaaS PaaS SOA Design apps to run in cloud
  • 26. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.26 Auditing cloud services Continuous compliance monitoring is essential to securely delivering cloud services and ensuring compliance ā€¢ Cloud Services are inherently dynamic. The dynamic provisioning and de-provisioning of resources is a key part of the Cloud value proposition and business model ā€¢ Automation for operations and asset management are essential in this dynamic environment ā€¢ Verification of compliance with policy and legislation ā€“ such as the EU Data Protection Directive, GLBA, HIPAA, and Export compliance controls like ITAR ā€“ requires continuously running automation Yearly or monthly audits are irrelevant in an environment that changes completely on a daily or hourly basis Ongoing auditing & management
  • 27. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.27 Are we secure? Continuous security monitoring Ongoing auditing & management
  • 28. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.28 What about infrastructure and network security? ā€¢ Infrastructure and network security are critical areas for cloud-based solutions ā€¢ Enterprises have little or no influence on a providerā€™s implementation and controls in these areas ā€¢ A thorough review of the service providerā€™s policies should be completed as part of the due diligence process during contract negotiation and service sourcing
  • 29. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.29 5 key ways to reduce risk 1. Understand your risk profile 2. Architect for the cloud 3. Robust identity, access management 4. Confirm legal, compliance obligations, due diligence 5. ā€œClear Responsibilityā€ ā€“ CSP, Customer, Both
  • 30. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.30 Cloud security: guidance for critical areas Architecture 1. Cloud computing architectural framework Governance 2. Governance and enterprise risk management 3. Legal issues: contracts and electronic discovery 4. Compliance and audit management 5. Information management and data security 6. Interoperability and portability Operations 7. Traditional security, business continuity, and disaster recovery 8. Data center operations 9. Incident response 10. Application security 11. Encryption and key management 12. Identity, entitlement, and access management 13. Virtualization Security for the cloud http://cloudsecurityalliance.org/ https://ccsk.cloudsecurityalliance.org/
  • 31. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.31 Final thoughts ļƒ¼ Recognize the threats have changed and become ā€˜industrializedā€™ ļƒ¼ Employ comprehensive and integrated approach to enterprise security & risk management ļƒ¼ Conduct security threat analyses for all critical applications ļƒ¼ Design in security from the beginning: essential for public cloud usage ļƒ¼ Be vigilant: continual compliance monitoring and audits, intrusion testing, verifiable backupsā€¦
  • 32. Ā© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thankyou Whitepaper: bit.ly/hpcloudsecurity Email: ed.reynolds@hp.com URL: hp.com/enterprise/security