SlideShare a Scribd company logo

Nephos Technologies - Extending Security to the Cloud - Cloud Expo 2013

Lee Biggenden
Lee Biggenden

This presentation was given by Lee Biggenden at CloudExpo 2013 in London, discussing what you should look for in a Cloud Services Provider and what you need to consider as part your security model when you do migrate to the Cloud. You can get more information from us be Emailing sales@nephostechnologies.com and don't forget to follow us on Twitter @NephosTech

Technology
1 of 12
Download to read offline
NEPHOS TECHNOLOGIES Cloud Services Broker! Extending Security To The Cloud ! 30th January 2013 – Cloud Expo Europe! ! Lee Biggenden!
EXTENDING SECURITY TO THE CLOUD! 1.  Realistic Expectations! 2.  Identifying Risks! 3.  Considerations & Steps To Take! 4.  Where Can We Get Some Help?! 5.  Q&A! ! ! 02/01/2013! Nephos Technologies Ltd.! 2!
WHAT SHOULD YOU EXPECT FROM YOUR CSP?! DON’T   EXPECT   YOUR  CSP   EXPECT   To  Be  Given  Informa=on   Image  Valida=on   Your  CSP  should  share  informa3on  on  their   Typically  CSP’s  will  not  validate  server  images,  the   accredita3ons,  geographies'  and  security  measures   responsibility  will  be  on  you   Blurred  Boundaries   Perimeter  Security  or  Tiered  Security   The  “network  perimeter”  is  blurred  in  the   CSP’s  don’t  normally  provide  a  perimeter   Cloud  so  be  prepared  for  it   Firewall,  or  services  like  IPS  as  standard   +   A  Different  Approach  to  Security   Dedicated  Infrastructure     -­‐   For  example,  typically  CSPs  won’t  provide   Typically  dedicated  Cloud  services  are  not  the   security  measures  like  Firewalls  as  standard   standard  but  they  are  available  at  extra  cost   To  Have  To  Do  Your  Homework!   The  CSP  To  Take  Ownership   You  need  to  research  your  providers,  and  to   Public  CSPs  typically  don’t  offer  complex  solu3ons  –   understand  the  impact  of  one  over  another   YOUR  DATA  IS  YOUR  RESPONSIBILITY!   JUST BECAUSE THEY DON’T PROVIDE IT DIRECTLY DOESN’T MEAN ITS NOT POSSIBLE! 02/01/2013! Nephos Technologies Ltd.! 3!
CLOUD: WHERE ARE THE POTENTIAL RISKS?! •  Unknown risk! –  What standards do your providers follow (if any) ! ! •  Abuse & nefarious use of Cloud services! Pre-Deployment! –  Consumable in nature ! –  Weak validation of user credentials ! •  Insecure interfaces, API’s & open perimeters! –  Important application layer control point between systems ! –  Lack of perimeter security = open target for professional hackers! •  Multitenancy and shared technology! –  Understand shared infrastructure and the potential risk! –  Limited isolation methods as standard! Post-Deployment! •  Data loss and leakage ! –  Who has access to what data and where is it?! –  Malicious corruption of data ! •  Account or service hijacking ! –  Data access to account information ! –  Weak portal authentication ! 02/01/2013! Nephos Technologies Ltd.! 4!
WHAT QUESTIONS SHOULD YOU ASK OF CSP’S AND YOURSELF?! Ask Ask Your Yourself! CSP! 1.  Why are we moving?! 1.  Accreditations?! 2.  Who does have access?! 2.  Customer segregation?! 3.  Who should have access?! 3.  Perimeter security?! 4.  Data sovereignty?! 4.  Known partners?! 5.  Regulatory compliance?! 5.  Monitoring/audit capabilities?! 6.  What’s the application flow?! 6.  Failover scenarios?! 02/01/2013! Nephos Technologies Ltd.! 5!
INCLUDE SECURITY AS PART OF YOUR PLANNING PROCESS (EARLY)! PLANNING   1.  Identify! •  Business Priorities! Identify! •  Workloads! •  Regulatory Requirements! 2.  Evaluate! •  Sensitivity of assets ! Investigate! Evaluate! •  Provider services! 3.  Map! •  Security workload to Cloud delivery model! •  Data flow between tiers! 4.  Analyse! •  Dataflows, security and delivery models against requirements! •  Gap analysis ! Analyse! Map! 5.  Investigate ! •  User behaviours and access requirements! •  Data classification requirements! Example  text   ! 02/01/2013! Nephos Technologies Ltd.! 6!
WHAT SECURITY STEPS SHOULD YOU CONSIDER?! •  Physical & Operating System! –  Build trusted compute pools & create secure connections! –  Enable service and security monitoring / auditing ! –  Patch management process needs to be applied ! •  Data! –  Classify your data (and what risks you can afford to take with it)! –  Move your security closer to your data ! –  Encrypt your data – in motion and at rest ! –  Compliance and regulatory requirements! •  Users! –  Create strong access policy – you still need to control data access ! –  Understand the access risks and the devices that you’re exposing to your data! 02/01/2013! Nephos Technologies Ltd.! 7!
WHO CAN OFFER INDEPENDENT ADVICE?! Independent  Advice  and  Service  Is  a  Must  When  You  Choose  to  Deploy…   Cloud Security Alliance! ODCA! Independent consortium that Independent consortium of Global identifies and promotes the IT leaders from over 300 use of cloud security companies working on a unified assurance best practices.! customer vision for deployments.! DMTF! TCG! Working on cloud Independent consortium developing, infrastructure management defining, and promoting open, interface specifications to vendor-neutral industry standards improve management for interoperable trusted computing interoperability. ! platforms! Cloud Industry Forum! Cloud Brokers / Aggregators! Established to provide transparency Independent advisors for Cloud, through certification to a Code of providing advice and value added Practice and to assist end users in services! gaining access to core information .! 02/01/2013! Nephos Technologies Ltd.! 8!
THE CLOUD SERVICES BROKER MODEL! 02/01/2013! Nephos Technologies Ltd.! 9!
HOW DO NEPHOS TECHNOLOGIES DELIVER SERVICE ! Cloud  Migra=on   •  P-­‐to-­‐V,  V-­‐to-­‐C   •  Applica3on/Data  Migra3on   4   Support  &  Management     •  Tes3ng     •  SLA  management     •  Project  Management   •  Service  restora3on   •  Service  Transi3on  Management   •  Managed  service     •  Infrastructure  monitoring   •  Capacity  planning     3   •  Cost  certainty         Architectural  Design   CLOUD     •  Public,  Private  or  Hybrid     FUNDAMENTALS   •  Security  considera3ons     •  Performance  certainty   •  Architect  for  the  Cloud,  not  the  DC     2   Strategy  &  Planning     •  The  right  provider     •  The  right  services     •  The  business  opportunity     •  How  do  you  measure  success     1   •  The  business  case         02/01/2013! Nephos Technologies Ltd.! 10!
CUSTOMER USE CASE: UK BASED B2B RETAILER! •  1,500 Users across 8 European datacenter locations ! •  Circa $1bn turnover 2012 (Europe)! •  Under UK, European and US regulations (SOX, PCIDSS)! SCENARIO   PROBLEM     SOLUTION   •  Initial feaisbility work! •  Weak and antiquated security Phase 1:! mechanisms ! •  Benefits of Cloud identified! •  Engaged QSA! •  No consistant security models •  Inconsistant European •  Gap Analysis of existing across Europe! delivery of service! infrastructure Vs. requirements! •  Not currently meeting PCIDSS •  Develop a strategy/solution •  Identified Cloud provider! requirements ! to enable a PCIDSS •  Identfied Gaps and overlay compliant migration to a •  No Cloud experience in-house! technologies ! Hybrid Cloud environment! •  Limited security expertise in- Phase 2:! house! •  Solution deployment! ! •  Tight timescales (< 6 months)! •  SA and OHO! ! Encrypted network extension to public Cloud, data encryption, NGFW, key management, AAA, a compliant provider! 02/01/2013! Nephos Technologies Ltd.! 11!
THANK  YOU!   LinkedIn: http://linkd.in/TKYmyR! Twitter: @NephosTech / @LeeBiggenden! Online: www.nephostechnologies.com ! Email: lee@nephostechnologies.com ! ! WE’RE ALSO AVAILABLE AT STAND 719!

Recommended

Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsets
responsedatacomms
 
It's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar SantosIt's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar Santos
santosomar
 
Programmable WAN Networking is SFW
Programmable WAN Networking is SFWProgrammable WAN Networking is SFW
Programmable WAN Networking is SFW
Juniper Developer Resources Cooney
 
Ccna PrepCenter - IP Subnetting from Networkers
Ccna PrepCenter - IP Subnetting from NetworkersCcna PrepCenter - IP Subnetting from Networkers
Ccna PrepCenter - IP Subnetting from Networkers
🎯Renatho Sinuma MBA™®🎓
 
JavaOne Keynote: Programmable Networking is SFW
JavaOne Keynote: Programmable Networking is SFWJavaOne Keynote: Programmable Networking is SFW
JavaOne Keynote: Programmable Networking is SFW
Juniper Developer Resources Cooney
 
Peter wood – the ethical hacker
Peter wood – the ethical hackerPeter wood – the ethical hacker
Peter wood – the ethical hacker
responsedatacomms
 
Howe Brand, smart security grid risks
Howe Brand, smart security grid risksHowe Brand, smart security grid risks
Howe Brand, smart security grid risks
Gavan Howe
 
Data Access Network for Monitoring and Troubleshooting
Data Access Network for Monitoring and TroubleshootingData Access Network for Monitoring and Troubleshooting
Data Access Network for Monitoring and Troubleshooting
Grant Swanson
 

Recommended

Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsets
responsedatacomms
 
It's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar SantosIt's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar Santos
santosomar
 
Programmable WAN Networking is SFW
Programmable WAN Networking is SFWProgrammable WAN Networking is SFW
Programmable WAN Networking is SFW
Juniper Developer Resources Cooney
 
Ccna PrepCenter - IP Subnetting from Networkers
Ccna PrepCenter - IP Subnetting from NetworkersCcna PrepCenter - IP Subnetting from Networkers
Ccna PrepCenter - IP Subnetting from Networkers
🎯Renatho Sinuma MBA™®🎓
 
JavaOne Keynote: Programmable Networking is SFW
JavaOne Keynote: Programmable Networking is SFWJavaOne Keynote: Programmable Networking is SFW
JavaOne Keynote: Programmable Networking is SFW
Juniper Developer Resources Cooney
 
Peter wood – the ethical hacker
Peter wood – the ethical hackerPeter wood – the ethical hacker
Peter wood – the ethical hacker
responsedatacomms
 
Howe Brand, smart security grid risks
Howe Brand, smart security grid risksHowe Brand, smart security grid risks
Howe Brand, smart security grid risks
Gavan Howe
 
Data Access Network for Monitoring and Troubleshooting
Data Access Network for Monitoring and TroubleshootingData Access Network for Monitoring and Troubleshooting
Data Access Network for Monitoring and Troubleshooting
Grant Swanson
 
Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify Pillar
Ed Wong
 
ccmigration_09186a008033a3b4
ccmigration_09186a008033a3b4ccmigration_09186a008033a3b4
ccmigration_09186a008033a3b4
guest66dc5f
 
The Beginner's Guide for Algorithm Architects
The Beginner's Guide for Algorithm ArchitectsThe Beginner's Guide for Algorithm Architects
The Beginner's Guide for Algorithm Architects
CloudNSci
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security Monitoring
Anton Goncharov
 
CCNA Security - Chapter 7
CCNA Security - Chapter 7CCNA Security - Chapter 7
CCNA Security - Chapter 7
Irsandi Hasan
 
Physician Office Presentation
Physician Office PresentationPhysician Office Presentation
Physician Office Presentation
franbodh
 
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CloudIDSummit
 
Pawaa OCC Presentation
Pawaa OCC PresentationPawaa OCC Presentation
Pawaa OCC Presentation
CloudComputing
 
Croi4 hc
Croi4 hcCroi4 hc
Croi4 hc
Carolina Rossini
 
Iritech Inc.
Iritech Inc.Iritech Inc.
Iritech Inc.
LicensingLive! - SafeNet
 
Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009
apompliano
 
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
Skoda Minotti
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
GovCloud Network
 
The Network Enabled EOC
The Network Enabled EOCThe Network Enabled EOC
The Network Enabled EOC
Cisco Crisis Response
 
Staying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave MillierStaying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave Millier
TriNimbus
 
Re-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptxRe-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptx
tmbainjr131
 
Usage Based Metering in the Cloud (Subscribed13)
Usage Based Metering in the Cloud (Subscribed13)Usage Based Metering in the Cloud (Subscribed13)
Usage Based Metering in the Cloud (Subscribed13)
Zuora, Inc.
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
CloudPassage
 
Cloud computing white paper who do you trust
Cloud computing white paper who do you trustCloud computing white paper who do you trust
Cloud computing white paper who do you trust
Arun Gopinath
 
The Build vs. Buy Decision for SaaS Delivery
The Build vs. Buy Decision for SaaS DeliveryThe Build vs. Buy Decision for SaaS Delivery
The Build vs. Buy Decision for SaaS Delivery
OpSource
 
Congress 2012: Enterprise Cloud Adoption – an Evolution from Infrastructure ...
Congress 2012: Enterprise Cloud Adoption – an Evolution from Infrastructure ...Congress 2012: Enterprise Cloud Adoption – an Evolution from Infrastructure ...
Congress 2012: Enterprise Cloud Adoption – an Evolution from Infrastructure ...
eurocloud
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
Ajay Rathi
 

More Related Content

What's hot

Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify Pillar
Ed Wong
 
ccmigration_09186a008033a3b4
ccmigration_09186a008033a3b4ccmigration_09186a008033a3b4
ccmigration_09186a008033a3b4
guest66dc5f
 
The Beginner's Guide for Algorithm Architects
The Beginner's Guide for Algorithm ArchitectsThe Beginner's Guide for Algorithm Architects
The Beginner's Guide for Algorithm Architects
CloudNSci
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security Monitoring
Anton Goncharov
 
CCNA Security - Chapter 7
CCNA Security - Chapter 7CCNA Security - Chapter 7
CCNA Security - Chapter 7
Irsandi Hasan
 
Physician Office Presentation
Physician Office PresentationPhysician Office Presentation
Physician Office Presentation
franbodh
 
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CloudIDSummit
 
Pawaa OCC Presentation
Pawaa OCC PresentationPawaa OCC Presentation
Pawaa OCC Presentation
CloudComputing
 
Croi4 hc
Croi4 hcCroi4 hc
Croi4 hc
Carolina Rossini
 
Iritech Inc.
Iritech Inc.Iritech Inc.
Iritech Inc.
LicensingLive! - SafeNet
 
Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009
apompliano
 

What's hot (11)

Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify Pillar
 
ccmigration_09186a008033a3b4
ccmigration_09186a008033a3b4ccmigration_09186a008033a3b4
ccmigration_09186a008033a3b4
 
The Beginner's Guide for Algorithm Architects
The Beginner's Guide for Algorithm ArchitectsThe Beginner's Guide for Algorithm Architects
The Beginner's Guide for Algorithm Architects
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security Monitoring
 
CCNA Security - Chapter 7
CCNA Security - Chapter 7CCNA Security - Chapter 7
CCNA Security - Chapter 7
 
Physician Office Presentation
Physician Office PresentationPhysician Office Presentation
Physician Office Presentation
 
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
 
Pawaa OCC Presentation
Pawaa OCC PresentationPawaa OCC Presentation
Pawaa OCC Presentation
 
Croi4 hc
Croi4 hcCroi4 hc
Croi4 hc
 
Iritech Inc.
Iritech Inc.Iritech Inc.
Iritech Inc.
 
Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009
 

Similar to Nephos Technologies - Extending Security to the Cloud - Cloud Expo 2013

IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
Skoda Minotti
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
GovCloud Network
 
The Network Enabled EOC
The Network Enabled EOCThe Network Enabled EOC
The Network Enabled EOC
Cisco Crisis Response
 
Staying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave MillierStaying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave Millier
TriNimbus
 
Re-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptxRe-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptx
tmbainjr131
 
Usage Based Metering in the Cloud (Subscribed13)
Usage Based Metering in the Cloud (Subscribed13)Usage Based Metering in the Cloud (Subscribed13)
Usage Based Metering in the Cloud (Subscribed13)
Zuora, Inc.
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
CloudPassage
 
Cloud computing white paper who do you trust
Cloud computing white paper who do you trustCloud computing white paper who do you trust
Cloud computing white paper who do you trust
Arun Gopinath
 
The Build vs. Buy Decision for SaaS Delivery
The Build vs. Buy Decision for SaaS DeliveryThe Build vs. Buy Decision for SaaS Delivery
The Build vs. Buy Decision for SaaS Delivery
OpSource
 
Congress 2012: Enterprise Cloud Adoption – an Evolution from Infrastructure ...
Congress 2012: Enterprise Cloud Adoption – an Evolution from Infrastructure ...Congress 2012: Enterprise Cloud Adoption – an Evolution from Infrastructure ...
Congress 2012: Enterprise Cloud Adoption – an Evolution from Infrastructure ...
eurocloud
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
Ajay Rathi
 
Cloud Computing And Soa Convergence Linthicum 02 09 10
Cloud Computing And Soa Convergence Linthicum 02 09 10Cloud Computing And Soa Convergence Linthicum 02 09 10
Cloud Computing And Soa Convergence Linthicum 02 09 10
David Linthicum
 
Ibm cloud security who do you trust thought leadership white paper-ibm
Ibm cloud security who do you trust thought leadership white paper-ibmIbm cloud security who do you trust thought leadership white paper-ibm
Ibm cloud security who do you trust thought leadership white paper-ibm
None
 
Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation Enabler
Alexander Akinjayeju. MSc, CISM, Prince2
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
Risk Crew
 
Cloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnCloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate On
Samuel Reed
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
Valencell, Inc.
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
CloudPassage
 
Risks vs real life
Risks vs real lifeRisks vs real life
Risks vs real life
Mona Arkhipova
 
Splunk at Aaron's Inc
Splunk at Aaron's IncSplunk at Aaron's Inc
Splunk at Aaron's Inc
Splunk
 

Similar to Nephos Technologies - Extending Security to the Cloud - Cloud Expo 2013 (20)

IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
The Network Enabled EOC
The Network Enabled EOCThe Network Enabled EOC
The Network Enabled EOC
 
Staying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave MillierStaying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave Millier
 
Re-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptxRe-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptx
 
Usage Based Metering in the Cloud (Subscribed13)
Usage Based Metering in the Cloud (Subscribed13)Usage Based Metering in the Cloud (Subscribed13)
Usage Based Metering in the Cloud (Subscribed13)
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 
Cloud computing white paper who do you trust
Cloud computing white paper who do you trustCloud computing white paper who do you trust
Cloud computing white paper who do you trust
 
The Build vs. Buy Decision for SaaS Delivery
The Build vs. Buy Decision for SaaS DeliveryThe Build vs. Buy Decision for SaaS Delivery
The Build vs. Buy Decision for SaaS Delivery
 
Congress 2012: Enterprise Cloud Adoption – an Evolution from Infrastructure ...
Congress 2012: Enterprise Cloud Adoption – an Evolution from Infrastructure ...Congress 2012: Enterprise Cloud Adoption – an Evolution from Infrastructure ...
Congress 2012: Enterprise Cloud Adoption – an Evolution from Infrastructure ...
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
 
Cloud Computing And Soa Convergence Linthicum 02 09 10
Cloud Computing And Soa Convergence Linthicum 02 09 10Cloud Computing And Soa Convergence Linthicum 02 09 10
Cloud Computing And Soa Convergence Linthicum 02 09 10
 
Ibm cloud security who do you trust thought leadership white paper-ibm
Ibm cloud security who do you trust thought leadership white paper-ibmIbm cloud security who do you trust thought leadership white paper-ibm
Ibm cloud security who do you trust thought leadership white paper-ibm
 
Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation Enabler
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
 
Cloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnCloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate On
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
 
Risks vs real life
Risks vs real lifeRisks vs real life
Risks vs real life
 
Splunk at Aaron's Inc
Splunk at Aaron's IncSplunk at Aaron's Inc
Splunk at Aaron's Inc
 

Recently uploaded

Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
ScyllaDB
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 

Recently uploaded (20)

Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 

Nephos Technologies - Extending Security to the Cloud - Cloud Expo 2013

  • 1. NEPHOS TECHNOLOGIES Cloud Services Broker! Extending Security To The Cloud ! 30th January 2013 – Cloud Expo Europe! ! Lee Biggenden!
  • 2. EXTENDING SECURITY TO THE CLOUD! 1.  Realistic Expectations! 2.  Identifying Risks! 3.  Considerations & Steps To Take! 4.  Where Can We Get Some Help?! 5.  Q&A! ! ! 02/01/2013! Nephos Technologies Ltd.! 2!
  • 3. WHAT SHOULD YOU EXPECT FROM YOUR CSP?! DON’T   EXPECT   YOUR  CSP   EXPECT   To  Be  Given  Informa=on   Image  Valida=on   Your  CSP  should  share  informa3on  on  their   Typically  CSP’s  will  not  validate  server  images,  the   accredita3ons,  geographies'  and  security  measures   responsibility  will  be  on  you   Blurred  Boundaries   Perimeter  Security  or  Tiered  Security   The  “network  perimeter”  is  blurred  in  the   CSP’s  don’t  normally  provide  a  perimeter   Cloud  so  be  prepared  for  it   Firewall,  or  services  like  IPS  as  standard   +   A  Different  Approach  to  Security   Dedicated  Infrastructure     -­‐   For  example,  typically  CSPs  won’t  provide   Typically  dedicated  Cloud  services  are  not  the   security  measures  like  Firewalls  as  standard   standard  but  they  are  available  at  extra  cost   To  Have  To  Do  Your  Homework!   The  CSP  To  Take  Ownership   You  need  to  research  your  providers,  and  to   Public  CSPs  typically  don’t  offer  complex  solu3ons  –   understand  the  impact  of  one  over  another   YOUR  DATA  IS  YOUR  RESPONSIBILITY!   JUST BECAUSE THEY DON’T PROVIDE IT DIRECTLY DOESN’T MEAN ITS NOT POSSIBLE! 02/01/2013! Nephos Technologies Ltd.! 3!
  • 4. CLOUD: WHERE ARE THE POTENTIAL RISKS?! •  Unknown risk! –  What standards do your providers follow (if any) ! ! •  Abuse & nefarious use of Cloud services! Pre-Deployment! –  Consumable in nature ! –  Weak validation of user credentials ! •  Insecure interfaces, API’s & open perimeters! –  Important application layer control point between systems ! –  Lack of perimeter security = open target for professional hackers! •  Multitenancy and shared technology! –  Understand shared infrastructure and the potential risk! –  Limited isolation methods as standard! Post-Deployment! •  Data loss and leakage ! –  Who has access to what data and where is it?! –  Malicious corruption of data ! •  Account or service hijacking ! –  Data access to account information ! –  Weak portal authentication ! 02/01/2013! Nephos Technologies Ltd.! 4!
  • 5. WHAT QUESTIONS SHOULD YOU ASK OF CSP’S AND YOURSELF?! Ask Ask Your Yourself! CSP! 1.  Why are we moving?! 1.  Accreditations?! 2.  Who does have access?! 2.  Customer segregation?! 3.  Who should have access?! 3.  Perimeter security?! 4.  Data sovereignty?! 4.  Known partners?! 5.  Regulatory compliance?! 5.  Monitoring/audit capabilities?! 6.  What’s the application flow?! 6.  Failover scenarios?! 02/01/2013! Nephos Technologies Ltd.! 5!
  • 6. INCLUDE SECURITY AS PART OF YOUR PLANNING PROCESS (EARLY)! PLANNING   1.  Identify! •  Business Priorities! Identify! •  Workloads! •  Regulatory Requirements! 2.  Evaluate! •  Sensitivity of assets ! Investigate! Evaluate! •  Provider services! 3.  Map! •  Security workload to Cloud delivery model! •  Data flow between tiers! 4.  Analyse! •  Dataflows, security and delivery models against requirements! •  Gap analysis ! Analyse! Map! 5.  Investigate ! •  User behaviours and access requirements! •  Data classification requirements! Example  text   ! 02/01/2013! Nephos Technologies Ltd.! 6!
  • 7. WHAT SECURITY STEPS SHOULD YOU CONSIDER?! •  Physical & Operating System! –  Build trusted compute pools & create secure connections! –  Enable service and security monitoring / auditing ! –  Patch management process needs to be applied ! •  Data! –  Classify your data (and what risks you can afford to take with it)! –  Move your security closer to your data ! –  Encrypt your data – in motion and at rest ! –  Compliance and regulatory requirements! •  Users! –  Create strong access policy – you still need to control data access ! –  Understand the access risks and the devices that you’re exposing to your data! 02/01/2013! Nephos Technologies Ltd.! 7!
  • 8. WHO CAN OFFER INDEPENDENT ADVICE?! Independent  Advice  and  Service  Is  a  Must  When  You  Choose  to  Deploy…   Cloud Security Alliance! ODCA! Independent consortium that Independent consortium of Global identifies and promotes the IT leaders from over 300 use of cloud security companies working on a unified assurance best practices.! customer vision for deployments.! DMTF! TCG! Working on cloud Independent consortium developing, infrastructure management defining, and promoting open, interface specifications to vendor-neutral industry standards improve management for interoperable trusted computing interoperability. ! platforms! Cloud Industry Forum! Cloud Brokers / Aggregators! Established to provide transparency Independent advisors for Cloud, through certification to a Code of providing advice and value added Practice and to assist end users in services! gaining access to core information .! 02/01/2013! Nephos Technologies Ltd.! 8!
  • 9. THE CLOUD SERVICES BROKER MODEL! 02/01/2013! Nephos Technologies Ltd.! 9!
  • 10. HOW DO NEPHOS TECHNOLOGIES DELIVER SERVICE ! Cloud  Migra=on   •  P-­‐to-­‐V,  V-­‐to-­‐C   •  Applica3on/Data  Migra3on   4   Support  &  Management     •  Tes3ng     •  SLA  management     •  Project  Management   •  Service  restora3on   •  Service  Transi3on  Management   •  Managed  service     •  Infrastructure  monitoring   •  Capacity  planning     3   •  Cost  certainty         Architectural  Design   CLOUD     •  Public,  Private  or  Hybrid     FUNDAMENTALS   •  Security  considera3ons     •  Performance  certainty   •  Architect  for  the  Cloud,  not  the  DC     2   Strategy  &  Planning     •  The  right  provider     •  The  right  services     •  The  business  opportunity     •  How  do  you  measure  success     1   •  The  business  case         02/01/2013! Nephos Technologies Ltd.! 10!
  • 11. CUSTOMER USE CASE: UK BASED B2B RETAILER! •  1,500 Users across 8 European datacenter locations ! •  Circa $1bn turnover 2012 (Europe)! •  Under UK, European and US regulations (SOX, PCIDSS)! SCENARIO   PROBLEM     SOLUTION   •  Initial feaisbility work! •  Weak and antiquated security Phase 1:! mechanisms ! •  Benefits of Cloud identified! •  Engaged QSA! •  No consistant security models •  Inconsistant European •  Gap Analysis of existing across Europe! delivery of service! infrastructure Vs. requirements! •  Not currently meeting PCIDSS •  Develop a strategy/solution •  Identified Cloud provider! requirements ! to enable a PCIDSS •  Identfied Gaps and overlay compliant migration to a •  No Cloud experience in-house! technologies ! Hybrid Cloud environment! •  Limited security expertise in- Phase 2:! house! •  Solution deployment! ! •  Tight timescales (< 6 months)! •  SA and OHO! ! Encrypted network extension to public Cloud, data encryption, NGFW, key management, AAA, a compliant provider! 02/01/2013! Nephos Technologies Ltd.! 11!
  • 12. THANK  YOU!   LinkedIn: http://linkd.in/TKYmyR! Twitter: @NephosTech / @LeeBiggenden! Online: www.nephostechnologies.com ! Email: lee@nephostechnologies.com ! ! WE’RE ALSO AVAILABLE AT STAND 719!