This document discusses opportunities and challenges for cloud security and managed security services. It begins by outlining the growth of cloud computing and connected devices. This brings both convenience and complexity from a security perspective as the cloud is a shared environment prone to high profile failures. The top 10 security issues for the cloud are identified, including governance, compliance, identity and access control, and data protection. Common threats are also outlined. The document then discusses the benefits of managed security services for enterprises using cloud computing, including security monitoring, incident response, and perimeter protection. It emphasizes that security requires transformation and a proactive approach involving collaboration to keep pace with evolving threats.

1. Cloud Security
&
Managed Security
Services: Challenges & Opportunities
Jorge Sebastiao
COO

2. Outline
• Opportunities & challenges
• Approach and opportunities in cloud security
• Managed Security Services
• Enterprise
• Cloud Computing
• Conclusions & discussion
2

3. Cloud, Processes & Transformation

4. User remains biggest challenge

5. Growth of cloud end points
Mainframe
Minicomputer
PC
Desktop/
Internet
Mobile
Internet
1
10
100
1000
10000
100000
1000000
10000000
1950 1960 1970 1980 1990 2000 2010 2020 2030
Devices/Users(millions)
Year
Ref: ITU, Morgan Stanley Research, 2009
- Smartphone
- Tablets
- Car Electronics
-- Mobile Medicine
-- Payment Systems
-- Mobile Banking
- GPS/Navigation
- Mobile Video
- Home Entertainment
- Games
- Home Appliances

6. Cloud and Balance
Security &
Compliance
Convenience
& Cost saving

7. Cloud and complexity

8. Cloud is a shared environment

9. Cloud high profile failures

10. Cloud and Control

11. Top 10 Security Issues
1. Governance
2. Compliance
3. Trust
4. Architecture
5. Identity & Access control
6. Isolation in multi-tenancy
7. Data protection
8. Availability
9. Timely Incidence Response
10. Malware propagation

12. Identified top threats
1. Abuse & Evil Use of Cloud ({I,P}aaS)
2. Insecure Interfaces and APIs ({I,P,S}aaS)
3. Malicious Insiders ({I,P,S}aaS)
4. Shared Technology Issues (IaaS)
5. Data Loss or leakage ({I,P,S}aaS)
6. Account or Service Hijacking ({I,P,S}aaS)
7. Unknown Risk Profile ({I,P,S}aaS)
https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf

13. Hybrid Cloud & Security

14. Cloud Security

15. Key MSS Adoption Drivers

16. Deploying MSS
Security &
Compliance
Monitor & IR
• Monitoring and threat
management
• Aggregation of logs
• Anomaly detection
• alerts
Perimeter
Protection
• Managed
Firewall, UTM, IPS, Anti-
Malware, etc.
In cloud MSS
• Clean pipes
• Anti-malware, etc
• Antifraud
DOS/DDOS
mitigation
End-user/device
management

17. Typical Enterprise MSS setup

18. Importance Security Metrics
Security Metrics
Key Performance Indicators
CoBiT, Compliance, SOC
ITIL
ISO20000
ISMS
ISO27001
BCMS
ISO22301
Time Based Security

19. Typical Cloud MSS setup

20. Security - think outside the box
20

21. Importance of Big Data

22. Transform
Assess Architect
Security requires transformation

23. Final Thoughts
Cloud represents important opportunities & challenges
Hybrid models most practical
Security is a challenge
Consider:
– Governance
– Proactive Security
– Collaborate & consolidate expertise
– Security is a continuous skilled process
– TBS – Protection > Detection + Reaction
– Infinite time between failures vs 0 time to recovery
“Don’t bring a knife to a gun fight”

24. http://linkedin.com/in/sebastiao