SlideShare a Scribd company logo

Identity theft in the Cloud and remedies

Giuseppe Paterno'
Giuseppe Paterno'

Cloud can provide great flexibility to IT, ensuring business continuity and optimizing costs. But what are the implications for IT security? Even big names such as IEEE, Apple and Samsung are among the victims of identity theft in the Cloud. If you choose to adopt virtual data center (IaaS) or on-line applications (SaaS), you shift the paradigm of security as it was conceived up to now. The presentation will examine the security implications of a Cloud infrastructure and possible remedies with practical examples.

Technology
1 of 24
Download to read offline
Identity theft in the Cloud and remedies Giuseppe “Gippa” Paterno’ Friday 26 October 12
My identity: Giuseppe “Gippa” Paternò • Director Digital of GARL, the Swiss bank behind the SecurePass service • EMEA Sales Engineer of Canonical, the company behind Ubuntu • Security researcher, open source enthusiast, and friend of the “Penguin” since 1995 • Leisure pilot ... a good excuse to be back in an airport during the weekends :) • Non-professional Chef (Ramsay, I challenge you :) • Radio-amateur with passion for “strange” WiFi: my association has the world record of 304km link in WiFi!! Friday 26 October 12
Cloud, a buzzword with different means IaaS SaaS PaaS ... what a MesS! Friday 26 October 12
What is meant by “Cloud” A set of services, usually “rented” from a service provider or internal IT department (for large corporations), that enables: • Flexibility: the ability of expanding or reducing our IT infrastructure based on the business needs • Resiliency: high availability of IT services, ensuring business continuity in any event • Accessibility: access to services anytime and anywhere on earth with a simple Internet connection • Cost optimization: you truly have a pay-as-you use IT infrastructure without money wasting Friday 26 October 12
The Cloud: IaaS • Renting a virtual infrastructure from a service provider composed by virtual servers and virtual networks IaaS • Example: Amazon Web Services, = Moresi.Com, ecc.... Infrastructure as • Security risk: total control of the IT a Service infrastructure by an attacker with service disruption or silent data leaking (control panel is accessible from Internet) Friday 26 October 12
The Cloud: SaaS •Renting a given application, usually web-based, from a service provider with high availability and SaaS accessible from anywhere = •Example: SalesForce.com, Office Software as 360, etc... a Service •Security risk: compromising a single identity will lead to corporate data leaking by an attacker or competitor Friday 26 October 12
The Cloud: PaaS • Renting an “application environment” that hosts YOUR application. If compared to IaaS, PaaS does not focus on operating system, but on “operating” the application environment PaaS (app server, languages, frameworks, databases, etc..) = Platform as • Example: Microsoft Azure, Google App Engine, CloudFoundry, etc.... a Service • Security risk: total control of the application(s) by an attacker with service disruption (control panel accessible from Internet), corporate data leaking (users’ identity theft) Friday 26 October 12
Let’s make things complicated: BYOD • Yet another marketing buzzword :) • BYOD = Bring Your Own Device • Basically the use of a “consumer” device within a corporate environment: iPad/ iPhone/Android/.... • Security risk: device lost or stolen means access to confidential data. Many apps for iOS/Android have a “static key” that get rid of the identification process. Friday 26 October 12
Famous victims of identity theft ... and many others! Friday 26 October 12
Identity theft in numbers millions of victims of identity theft in USA in 2008 (Javelin 10 Strategy and Research, 2009) billions dollars lost every year due to identity theft (Aberdeen 221 Group) hours to correct damages due to identity theft, i.e. 2 years 5840 of a working resource (ITRC Aftermath Study, 2004). billion corporate and government records compromised in 35 2010 (ITRC) is the factor of multiplication of the number of breaches 2 from 2009 to 2010. The trend of data breaches due identity theft is doubling each year. Friday 26 October 12
Human factor, an example in aviation An organization can minimize its vulnerability to human error and reduce its risks by implementing human factors best practices [...] It contains guidance material which [...] should help reduce the risks associated with human error and human factors, and improve safety. It [...] concentrates upon risk and error management rather than risk and error elimination. (EASA, JAR 145, Aviation Human Factors) Friday 26 October 12
Human factor in IT (in)security •Human factor is the primary cause of intrusions by hackers, foreign government agencies or competition. Two major issues: •Password easy to guess or crack •Social Engineering •Hope is not a strategy! Friday 26 October 12
Best practices, why they don’t work • Maybe the most adopted is BS/ISO 17799, that eventually became ISO 27001 • Most best practices cover physical access, server hardening, network access and segregation, etc... • they just don’t make sense anymore in a Cloud environment • ... but they could be helpful to select our supplier • What still makes sense is the access control: • secure identification of a given user (identity management) • check and log who’s doing what (auditing) • permissions/rights to access a given piece of data or document (policy management) Friday 26 October 12
Identity theft remedies This is not a remedy! :-) Friday 26 October 12
Identity theft remedies ... and this neither! ;-) Friday 26 October 12
Identity theft remedies Security must be simple and transparent to the end user, otherwise it will be circumvented! • Strong authentication of the users • Identify from which country the user is connecting from (GeoIP) • Patches, patches and ... patches! • Secure application programming Friday 26 October 12
Intranet vs the Cloud and Trusted third party • In a “traditional” world, Microsoft Active Directory covers usually the identity management, auditing and policy role • AD was not conceived to fit a Cloud environment and accessed from “outside” company boundaries (or firewalls) • A distributed identity management system is needed, that implements something like Microsoft Active Directory for Cloud environments, is able to reduce “human errors” through strong authentication and is operated by a trusted third party. Friday 26 October 12
A possible solution: • SecurePass is a Unified Secure Access platform for Cloud, web applications and security devices (VPN, firewalls, ...) • Strong authentication, with hardware tokens or software tokens on smartphones (iOS/Android/BlackBerry) • Identity Management, with personnel’s information • Web seamless Single Sign-On, to simplify user access (and avoid circumventions) • Based on open protocols: LDAP, RADIUS and CAS • Easy to integrate, protect your infrastructure and applications in few minutes. • Guaranteed by a Swiss bank Friday 26 October 12
Case Study: Moresi.Com • Housing / Swiss hosting provider with two data centers, constantly expanding • Highly selected customers, including banks and national and international companies • Moving the focus from traditional housing / hosting to a cloud provider (VMware vCloud based) • Each customer has access to a "virtual datacenter" that can orchestrate at his will • Objective: establish a secure access to the virtual datacenters Friday 26 October 12
Friday 26 October 12
Case Study: Insurance company • World’s second largest multinational insurance company, 48 subsidiaries world- wide, each one with its board of directors, CEO, CFO • All CxO level members are accessing documents and confidential on-the-move through any devices (laptop, tablet, smartphone) with high risk of data leaking • Objective: provide secure access to their board of director classified documents and avoid information leaking through an ad-hoc secure java-based web application Friday 26 October 12
Case Study: Automotive company • One of the top 5 automotive suppliers in the world with over 120.000 employees • Need to solve security issues connected to the BYOD (Bring Your Own Devices) from employees and top manager, in particular tablets and smartphones • Objective: provide secure access to corporate resources from BYOD through SSL VPNs and ad-hoc portals Friday 26 October 12
SecurePass Contest 2012 • Integrate SecurePass and publish a story in a blog or on-line magazine. Good excuse for: • testing SecurePass for free • learn something new • letting your boss or your customers know that you care about security • ... and win something ;-) • http://www.secure-pass.net/contest2012 Friday 26 October 12
Q&A Giuseppe Paternò gpaterno@gpaterno.com gpaterno@garl.ch Web sites: www.gpaterno.com www.secure-pass.net Twitter: @gpaterno Friday 26 October 12

Recommended

Winkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and MobilityWinkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and Mobility
Vic Winkler
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
Data Loss Prevention: Brainstorming
Data Loss Prevention: BrainstormingData Loss Prevention: Brainstorming
Data Loss Prevention: Brainstorming
Dr. Lydia Kostopoulos
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance
1CloudRoad.com
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)ClubHack
 
Get your house on order
Get your house on orderGet your house on order
Get your house on order
Dekkinga, Ewout
 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Symantec APJ
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 

Recommended

Winkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and MobilityWinkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and Mobility
Vic Winkler
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
Data Loss Prevention: Brainstorming
Data Loss Prevention: BrainstormingData Loss Prevention: Brainstorming
Data Loss Prevention: Brainstorming
Dr. Lydia Kostopoulos
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance
1CloudRoad.com
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)ClubHack
 
Get your house on order
Get your house on orderGet your house on order
Get your house on order
Dekkinga, Ewout
 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Symantec APJ
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
Efficiency, effectiveness, productivity: Dell Connected Security in action
Efficiency, effectiveness, productivity: Dell Connected Security in actionEfficiency, effectiveness, productivity: Dell Connected Security in action
Efficiency, effectiveness, productivity: Dell Connected Security in action
Kenneth de Brucq
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11
Symantec
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive Overview
Kim Jensen
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelIntel - API Security & Tokenization
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protectionAndrew Wong
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
Peter Wood
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Minh Le
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection Network
Andrew Wong
 
Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are you
Global Business Events
 
The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing
Moshe Ferber
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
Moshe Ferber
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
Raffa Learning Community
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?
Global Business Events
 
Cloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSCloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTS
Anchises Moraes
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
Information Security Awareness Group
 
Business Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach FinalBusiness Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach FinalHossam Hassanien
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceJosh Tullo
 
Risks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingRisks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingDLA Piper (Canada) LLP
 
Understanding the Cloud
Understanding the CloudUnderstanding the Cloud
Understanding the Cloud
www.datatrak.com
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...
Ulf Mattsson
 

More Related Content

What's hot

Efficiency, effectiveness, productivity: Dell Connected Security in action
Efficiency, effectiveness, productivity: Dell Connected Security in actionEfficiency, effectiveness, productivity: Dell Connected Security in action
Efficiency, effectiveness, productivity: Dell Connected Security in action
Kenneth de Brucq
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11
Symantec
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive Overview
Kim Jensen
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protectionAndrew Wong
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
Peter Wood
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Minh Le
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection Network
Andrew Wong
 
Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are you
Global Business Events
 
The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing
Moshe Ferber
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
Moshe Ferber
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
Raffa Learning Community
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?
Global Business Events
 
Cloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSCloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTS
Anchises Moraes
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
Information Security Awareness Group
 
Business Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach FinalBusiness Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach FinalHossam Hassanien
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceJosh Tullo
 

What's hot (20)

Efficiency, effectiveness, productivity: Dell Connected Security in action
Efficiency, effectiveness, productivity: Dell Connected Security in actionEfficiency, effectiveness, productivity: Dell Connected Security in action
Efficiency, effectiveness, productivity: Dell Connected Security in action
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUG
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive Overview
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protection
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection Network
 
Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are you
 
The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?
 
Cloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSCloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTS
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 
Business Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach FinalBusiness Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach Final
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and Compliance
 
Risks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingRisks and Benefits of Cloud Computing
Risks and Benefits of Cloud Computing
 

Similar to Identity theft in the Cloud and remedies

Understanding the Cloud
Understanding the CloudUnderstanding the Cloud
Understanding the Cloud
www.datatrak.com
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...
Ulf Mattsson
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Ulf Mattsson
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Ulf Mattsson
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
United States Cybersecurity Institute (USCSI®)
 
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdfUNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
United States Cybersecurity Institute (USCSI®)
 
Turning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceTurning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conference
Dean Iacovelli
 
ICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference PublicationICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference Publication
Tejaswi Agarwal
 
Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011
Ramy Houssaini
 
Turtles, Trust and The Future of Cybersecurity
Turtles, Trust and The Future of Cybersecurity Turtles, Trust and The Future of Cybersecurity
Turtles, Trust and The Future of Cybersecurity
Digital Transformation EXPO Event Series
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surface
Jason Bloomberg
 
Cloud Security for Life Science R&D
Cloud Security for Life Science R&DCloud Security for Life Science R&D
Cloud Security for Life Science R&D
Chris Dagdigian
 
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and Frontiers
Gokul Alex
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data security
Ulf Mattsson
 
Tech equity - Cloud presentation
Tech equity - Cloud presentationTech equity - Cloud presentation
Tech equity - Cloud presentation
Adrian Hall
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
Amazon Web Services
 
The Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCThe Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYC
Patrick Sklodowski
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
Michael Noel
 

Similar to Identity theft in the Cloud and remedies (20)

Understanding the Cloud
Understanding the CloudUnderstanding the Cloud
Understanding the Cloud
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
 
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdfUNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
 
Turning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceTurning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conference
 
ICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference PublicationICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference Publication
 
Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011
 
Turtles, Trust and The Future of Cybersecurity
Turtles, Trust and The Future of Cybersecurity Turtles, Trust and The Future of Cybersecurity
Turtles, Trust and The Future of Cybersecurity
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surface
 
Cloud Security for Life Science R&D
Cloud Security for Life Science R&DCloud Security for Life Science R&D
Cloud Security for Life Science R&D
 
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and Frontiers
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data security
 
Tech equity - Cloud presentation
Tech equity - Cloud presentationTech equity - Cloud presentation
Tech equity - Cloud presentation
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
 
The Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCThe Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYC
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
 

More from Giuseppe Paterno'

OpenStack e le nuove Infrastrutture IT
OpenStack e le nuove Infrastrutture ITOpenStack e le nuove Infrastrutture IT
OpenStack e le nuove Infrastrutture IT
Giuseppe Paterno'
 
OpenStack Explained: Learn OpenStack architecture and the secret of a success...
OpenStack Explained: Learn OpenStack architecture and the secret of a success...OpenStack Explained: Learn OpenStack architecture and the secret of a success...
OpenStack Explained: Learn OpenStack architecture and the secret of a success...
Giuseppe Paterno'
 
Let's sleep better: programming techniques to face new security attacks in cloud
Let's sleep better: programming techniques to face new security attacks in cloudLet's sleep better: programming techniques to face new security attacks in cloud
Let's sleep better: programming techniques to face new security attacks in cloudGiuseppe Paterno'
 
OpenStack: Security Beyond Firewalls
OpenStack: Security Beyond FirewallsOpenStack: Security Beyond Firewalls
OpenStack: Security Beyond Firewalls
Giuseppe Paterno'
 
Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxGiuseppe Paterno'
 
Il problema dei furti di identità nelle infrastrutture Cloud e possibili rimedi
Il problema dei furti di identità nelle infrastrutture Cloud e possibili rimediIl problema dei furti di identità nelle infrastrutture Cloud e possibili rimedi
Il problema dei furti di identità nelle infrastrutture Cloud e possibili rimediGiuseppe Paterno'
 
How the Post-PC era changed IT Ubuntu for next gen datacenters
How the Post-PC era changed IT Ubuntu for next gen datacentersHow the Post-PC era changed IT Ubuntu for next gen datacenters
How the Post-PC era changed IT Ubuntu for next gen datacentersGiuseppe Paterno'
 
Filesystem Comparison: NFS vs GFS2 vs OCFS2
Filesystem Comparison: NFS vs GFS2 vs OCFS2Filesystem Comparison: NFS vs GFS2 vs OCFS2
Filesystem Comparison: NFS vs GFS2 vs OCFS2Giuseppe Paterno'
 
Creating OTP with free software
Creating OTP with free softwareCreating OTP with free software
Creating OTP with free softwareGiuseppe Paterno'
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxGiuseppe Paterno'
 
Comparing IaaS: VMware vs OpenStack vs Google’s Ganeti
Comparing IaaS: VMware vs OpenStack vs Google’s GanetiComparing IaaS: VMware vs OpenStack vs Google’s Ganeti
Comparing IaaS: VMware vs OpenStack vs Google’s Ganeti
Giuseppe Paterno'
 
La gestione delle identità per il controllo delle frodi bancarie
La gestione delle identità per il controllo delle frodi bancarieLa gestione delle identità per il controllo delle frodi bancarie
La gestione delle identità per il controllo delle frodi bancarie
Giuseppe Paterno'
 
Secure real-time collaboration with SecurePass and Etherpad
Secure real-time collaboration with SecurePass and EtherpadSecure real-time collaboration with SecurePass and Etherpad
Secure real-time collaboration with SecurePass and EtherpadGiuseppe Paterno'
 
Il problema dei furti di identita' nelle infrastrutture Cloud e possibili rimedi
Il problema dei furti di identita' nelle infrastrutture Cloud e possibili rimediIl problema dei furti di identita' nelle infrastrutture Cloud e possibili rimedi
Il problema dei furti di identita' nelle infrastrutture Cloud e possibili rimedi
Giuseppe Paterno'
 

More from Giuseppe Paterno' (15)

OpenStack e le nuove Infrastrutture IT
OpenStack e le nuove Infrastrutture ITOpenStack e le nuove Infrastrutture IT
OpenStack e le nuove Infrastrutture IT
 
OpenStack Explained: Learn OpenStack architecture and the secret of a success...
OpenStack Explained: Learn OpenStack architecture and the secret of a success...OpenStack Explained: Learn OpenStack architecture and the secret of a success...
OpenStack Explained: Learn OpenStack architecture and the secret of a success...
 
Let's sleep better: programming techniques to face new security attacks in cloud
Let's sleep better: programming techniques to face new security attacks in cloudLet's sleep better: programming techniques to face new security attacks in cloud
Let's sleep better: programming techniques to face new security attacks in cloud
 
SecurePass at OpenBrighton
SecurePass at OpenBrightonSecurePass at OpenBrighton
SecurePass at OpenBrighton
 
OpenStack: Security Beyond Firewalls
OpenStack: Security Beyond FirewallsOpenStack: Security Beyond Firewalls
OpenStack: Security Beyond Firewalls
 
Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise Linux
 
Il problema dei furti di identità nelle infrastrutture Cloud e possibili rimedi
Il problema dei furti di identità nelle infrastrutture Cloud e possibili rimediIl problema dei furti di identità nelle infrastrutture Cloud e possibili rimedi
Il problema dei furti di identità nelle infrastrutture Cloud e possibili rimedi
 
How the Post-PC era changed IT Ubuntu for next gen datacenters
How the Post-PC era changed IT Ubuntu for next gen datacentersHow the Post-PC era changed IT Ubuntu for next gen datacenters
How the Post-PC era changed IT Ubuntu for next gen datacenters
 
Filesystem Comparison: NFS vs GFS2 vs OCFS2
Filesystem Comparison: NFS vs GFS2 vs OCFS2Filesystem Comparison: NFS vs GFS2 vs OCFS2
Filesystem Comparison: NFS vs GFS2 vs OCFS2
 
Creating OTP with free software
Creating OTP with free softwareCreating OTP with free software
Creating OTP with free software
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-Linux
 
Comparing IaaS: VMware vs OpenStack vs Google’s Ganeti
Comparing IaaS: VMware vs OpenStack vs Google’s GanetiComparing IaaS: VMware vs OpenStack vs Google’s Ganeti
Comparing IaaS: VMware vs OpenStack vs Google’s Ganeti
 
La gestione delle identità per il controllo delle frodi bancarie
La gestione delle identità per il controllo delle frodi bancarieLa gestione delle identità per il controllo delle frodi bancarie
La gestione delle identità per il controllo delle frodi bancarie
 
Secure real-time collaboration with SecurePass and Etherpad
Secure real-time collaboration with SecurePass and EtherpadSecure real-time collaboration with SecurePass and Etherpad
Secure real-time collaboration with SecurePass and Etherpad
 
Il problema dei furti di identita' nelle infrastrutture Cloud e possibili rimedi
Il problema dei furti di identita' nelle infrastrutture Cloud e possibili rimediIl problema dei furti di identita' nelle infrastrutture Cloud e possibili rimedi
Il problema dei furti di identita' nelle infrastrutture Cloud e possibili rimedi
 

Recently uploaded

Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 

Recently uploaded (20)

Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 

Identity theft in the Cloud and remedies

  • 1. Identity theft in the Cloud and remedies Giuseppe “Gippa” Paterno’ Friday 26 October 12
  • 2. My identity: Giuseppe “Gippa” Paternò • Director Digital of GARL, the Swiss bank behind the SecurePass service • EMEA Sales Engineer of Canonical, the company behind Ubuntu • Security researcher, open source enthusiast, and friend of the “Penguin” since 1995 • Leisure pilot ... a good excuse to be back in an airport during the weekends :) • Non-professional Chef (Ramsay, I challenge you :) • Radio-amateur with passion for “strange” WiFi: my association has the world record of 304km link in WiFi!! Friday 26 October 12
  • 3. Cloud, a buzzword with different means IaaS SaaS PaaS ... what a MesS! Friday 26 October 12
  • 4. What is meant by “Cloud” A set of services, usually “rented” from a service provider or internal IT department (for large corporations), that enables: • Flexibility: the ability of expanding or reducing our IT infrastructure based on the business needs • Resiliency: high availability of IT services, ensuring business continuity in any event • Accessibility: access to services anytime and anywhere on earth with a simple Internet connection • Cost optimization: you truly have a pay-as-you use IT infrastructure without money wasting Friday 26 October 12
  • 5. The Cloud: IaaS • Renting a virtual infrastructure from a service provider composed by virtual servers and virtual networks IaaS • Example: Amazon Web Services, = Moresi.Com, ecc.... Infrastructure as • Security risk: total control of the IT a Service infrastructure by an attacker with service disruption or silent data leaking (control panel is accessible from Internet) Friday 26 October 12
  • 6. The Cloud: SaaS •Renting a given application, usually web-based, from a service provider with high availability and SaaS accessible from anywhere = •Example: SalesForce.com, Office Software as 360, etc... a Service •Security risk: compromising a single identity will lead to corporate data leaking by an attacker or competitor Friday 26 October 12
  • 7. The Cloud: PaaS • Renting an “application environment” that hosts YOUR application. If compared to IaaS, PaaS does not focus on operating system, but on “operating” the application environment PaaS (app server, languages, frameworks, databases, etc..) = Platform as • Example: Microsoft Azure, Google App Engine, CloudFoundry, etc.... a Service • Security risk: total control of the application(s) by an attacker with service disruption (control panel accessible from Internet), corporate data leaking (users’ identity theft) Friday 26 October 12
  • 8. Let’s make things complicated: BYOD • Yet another marketing buzzword :) • BYOD = Bring Your Own Device • Basically the use of a “consumer” device within a corporate environment: iPad/ iPhone/Android/.... • Security risk: device lost or stolen means access to confidential data. Many apps for iOS/Android have a “static key” that get rid of the identification process. Friday 26 October 12
  • 9. Famous victims of identity theft ... and many others! Friday 26 October 12
  • 10. Identity theft in numbers millions of victims of identity theft in USA in 2008 (Javelin 10 Strategy and Research, 2009) billions dollars lost every year due to identity theft (Aberdeen 221 Group) hours to correct damages due to identity theft, i.e. 2 years 5840 of a working resource (ITRC Aftermath Study, 2004). billion corporate and government records compromised in 35 2010 (ITRC) is the factor of multiplication of the number of breaches 2 from 2009 to 2010. The trend of data breaches due identity theft is doubling each year. Friday 26 October 12
  • 11. Human factor, an example in aviation An organization can minimize its vulnerability to human error and reduce its risks by implementing human factors best practices [...] It contains guidance material which [...] should help reduce the risks associated with human error and human factors, and improve safety. It [...] concentrates upon risk and error management rather than risk and error elimination. (EASA, JAR 145, Aviation Human Factors) Friday 26 October 12
  • 12. Human factor in IT (in)security •Human factor is the primary cause of intrusions by hackers, foreign government agencies or competition. Two major issues: •Password easy to guess or crack •Social Engineering •Hope is not a strategy! Friday 26 October 12
  • 13. Best practices, why they don’t work • Maybe the most adopted is BS/ISO 17799, that eventually became ISO 27001 • Most best practices cover physical access, server hardening, network access and segregation, etc... • they just don’t make sense anymore in a Cloud environment • ... but they could be helpful to select our supplier • What still makes sense is the access control: • secure identification of a given user (identity management) • check and log who’s doing what (auditing) • permissions/rights to access a given piece of data or document (policy management) Friday 26 October 12
  • 14. Identity theft remedies This is not a remedy! :-) Friday 26 October 12
  • 15. Identity theft remedies ... and this neither! ;-) Friday 26 October 12
  • 16. Identity theft remedies Security must be simple and transparent to the end user, otherwise it will be circumvented! • Strong authentication of the users • Identify from which country the user is connecting from (GeoIP) • Patches, patches and ... patches! • Secure application programming Friday 26 October 12
  • 17. Intranet vs the Cloud and Trusted third party • In a “traditional” world, Microsoft Active Directory covers usually the identity management, auditing and policy role • AD was not conceived to fit a Cloud environment and accessed from “outside” company boundaries (or firewalls) • A distributed identity management system is needed, that implements something like Microsoft Active Directory for Cloud environments, is able to reduce “human errors” through strong authentication and is operated by a trusted third party. Friday 26 October 12
  • 18. A possible solution: • SecurePass is a Unified Secure Access platform for Cloud, web applications and security devices (VPN, firewalls, ...) • Strong authentication, with hardware tokens or software tokens on smartphones (iOS/Android/BlackBerry) • Identity Management, with personnel’s information • Web seamless Single Sign-On, to simplify user access (and avoid circumventions) • Based on open protocols: LDAP, RADIUS and CAS • Easy to integrate, protect your infrastructure and applications in few minutes. • Guaranteed by a Swiss bank Friday 26 October 12
  • 19. Case Study: Moresi.Com • Housing / Swiss hosting provider with two data centers, constantly expanding • Highly selected customers, including banks and national and international companies • Moving the focus from traditional housing / hosting to a cloud provider (VMware vCloud based) • Each customer has access to a "virtual datacenter" that can orchestrate at his will • Objective: establish a secure access to the virtual datacenters Friday 26 October 12
  • 21. Case Study: Insurance company • World’s second largest multinational insurance company, 48 subsidiaries world- wide, each one with its board of directors, CEO, CFO • All CxO level members are accessing documents and confidential on-the-move through any devices (laptop, tablet, smartphone) with high risk of data leaking • Objective: provide secure access to their board of director classified documents and avoid information leaking through an ad-hoc secure java-based web application Friday 26 October 12
  • 22. Case Study: Automotive company • One of the top 5 automotive suppliers in the world with over 120.000 employees • Need to solve security issues connected to the BYOD (Bring Your Own Devices) from employees and top manager, in particular tablets and smartphones • Objective: provide secure access to corporate resources from BYOD through SSL VPNs and ad-hoc portals Friday 26 October 12
  • 23. SecurePass Contest 2012 • Integrate SecurePass and publish a story in a blog or on-line magazine. Good excuse for: • testing SecurePass for free • learn something new • letting your boss or your customers know that you care about security • ... and win something ;-) • http://www.secure-pass.net/contest2012 Friday 26 October 12
  • 24. Q&A Giuseppe Paternò gpaterno@gpaterno.com gpaterno@garl.ch Web sites: www.gpaterno.com www.secure-pass.net Twitter: @gpaterno Friday 26 October 12