SlideShare a Scribd company logo

Redefining Security in the Cloud

Mike Spaulding
Mike Spaulding

Ambiguity and uncertainty are synonymous when cloud security is discussed. As organizations transition to the cloud, security must be prepared to handle the new and evolving threats impacting cloud resources. Additional business changes affecting the cloud transition; legal, privacy, mobility, etc must also be considered when developing your overall security strategy. This talk will do a quick breakdown on defining the cloud as it stands today, along with security’s role in the cloud, and how security will evolve in a world that is ‘cloud-centric’ and where the cloud strategy will lead us within the next ten years. The talk will also provide a plan of action for building a cloud security strategy and key considerations when preparing your roadmap in a secure cloud-centric future.

Technology
1 of 20
Download to read offline
DOGFOODCON ‘16 REDEFINING SECURITY IN A CLOUD- CENTRIC FUTURE
MIKE SPAULDING - DOGFOODCON - 2016 DISCLAIMER My opinions, commentary, and discussion today are my own, not my employer(s) My tweets are my own. If they offend you, then you probably shouldn’t follow me. I will not discuss anything about my employer(s) in any detail or extent
MIKE SPAULDING - DOGFOODCON - 2016 HOW THE CLOUD WORKS It’s simple: It really is someone else’s hard drive. The hard drive sits in multiple countries and is shared by lots of people You are placing your trust in the third party to do its job: keep your data separate from other people’s data. Security is either sold softly (ie. ‘we’ve got you covered’) or it is a hard sale (ie. ‘buy this feature and this to feel safe’)
MIKE SPAULDING - DOGFOODCON - 2016 UNDERSTANDING YOUR CLOUD • SalesForce • ServiceNow • Office365 • Kronos It is estimated that most large companies are leveraging between 600 - 1000 SaaS Applications on a daily basis. • Rackspace • MSFT Azure • IBM SmartCloud • SoftLayer • Amazon AWS • MSFT Azure • IBM BlueMix • Cloud Foundry • Google AppEngine Cloud AppsCloud Infrastructure Platforms (SaaS)(IaaS) (PaaS) Owner: Business Relationship Manager Owner: Historically Legacy Infrastructure Teams Owner: Sometimes Developers, other times it is Infrastructure • SalesForce • ServiceNow • Office365 • Kronos
MIKE SPAULDING - DOGFOODCON - 2016 CLOUD SECURITY RESPONSIBILITY Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking Local/On Premise (Your Data Center) Applications Data Runtime Middleware O/S Virtualization Storage Networking Infrastructure (IaaS) Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking Platform Apps (PaaS) Servers Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking Cloud Apps (SaaS) Your Co. Vendor SharedResponsible Party & Accountability
MIKE SPAULDING - DOGFOODCON - 2016 EXAMPLE: COMPARING YOUR CLOUD WITH PIZZA
MIKE SPAULDING - DOGFOODCON - 2016 UNDERSTANDING YOUR DATA IN THE CLOUD • DropBox • Box • iCloud • Facebook Information Sharing (SaaS) Owner:Business Relationship Mgr. Security Requirements Authentication Authorization Confidentiality Audit Non-Repudiation Solutions Company Modified PaaS Company Modified SaaS Hybrid Cloud Accountability Business Owner Technical Owner Process Owner Technical Requirements Two-Factor Authentication Business Intelligence Encryption Data Loss Prevention Verification Services Business Requirements Rights Management: Expiration Dates Limited Distribution Ability to limit Users Ability to Audit Activities Stakeholders Legal & Procurement Information Security Architecture Infrastructure Data Types • PII • PHI • PCI • IP
MIKE SPAULDING - DOGFOODCON - 2016 SAAS RESPONSIBILITY CLARIFICATION Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking Cloud Apps (SaaS)Cloud Apps have a shared responsibility at the Application layer: You are accountable for the user access functions, but overall app support (dev, MX, and MGMT) resides with the provider. Administrative Tasks: • User Management • SOX • User Behavior Monitoring Authentication Authorization Audit Technical Tasks: • Application Development • Application Upgrades • Application Management Support Your Co. Vendor SharedResponsible Party & Accountability
MIKE SPAULDING - DOGFOODCON - 2016 MULTITENANCY: HOW THEY MAKE THE CLOUD CHEAPER A software architecture in which a single instance of software runs on a server and serves multiple tenants (or the sharing of a common cloud resource in our situation). Risks: Data Leakage Insecure Configuration Crossover from other Tenants Benefits: Lower Costs Mitigation Strategy: Isolated Resources Security as a Foundation
MIKE SPAULDING - DOGFOODCON - 2016 API SECURITY (OR HOW MOST LARGE CLOUD HACKS HAPPEN) These are application programming interfaces (APIs) used to build applications in the cloud computing market. Cloud APIs allow software to request data and computations from one or more services through a direct or indirect interface. Risks Account or Service HiJacking Insecure APIs Known Vulnerabilities Lack of Control Benefits Customizable Services Integration with Internal Systems Mitigation Strategies Evaluate the type and strength of the API Security Features. Security as a foundation
MIKE SPAULDING - DOGFOODCON - 2016 CLOUD PORTABILITY Cloud Portability and Continuity of Operations is a set of policies and procedures that help to assure that your services continue. Risks Denial of Service Vendor Lock-In Un-Exportable Services Benefits Peace of Mind Structured Approach to BCP/DR Mitigation Strategies Develop Business Continuity Plan Develop an Exit Strategy
MIKE SPAULDING - DOGFOODCON - 2016 CLOUD RELIABILITY Cloud Architecture is more complex and abstract than traditional on-premise computing architectures. Risks Denial of Service Risk is outside of your control Skills Atrophy Benefits Higher Level of Service at a Lower Cost Redundancy, Load Balancing, Network Security Mitigation Strategies Hybrid Cloud Option Documentation
MIKE SPAULDING - DOGFOODCON - 2016 DATA ENCRYPTION Protecting your data both at rest and in-transit. Risks Vendor Lock-In Un-Retrievable Data Proprietary Tooling Benefits Minimized Potential for Data Loss Structured Approach for Data Management Mitigation Strategies Establish an Independent Key Management Service Develop a Data Security Strategy/Standard
MIKE SPAULDING - DOGFOODCON - 2016 SECURITY AS A SERVICE (CASB) Cloud providers are beginning to offer Security capabilities as a service. These services are both traditional (AAA) and non-traditional (cloud to cloud security) Risks Improperly Positioned Services Skills Atrophy Proprietary Tooling Benefits Higher Security Capability with lower barrier Ability to have a single security context across multiple vendors Mitigation Strategies Security as a Foundation Security Auditing
MIKE SPAULDING - DOGFOODCON - 2016 TRADITIONAL SECURITY MIGRATED TO THE CLOUD Leveraging Virtualized Software, many traditional security vendors have created cloud- based firewalls, IPS, reverse proxies, web application firewalls, and malware detection tools into many of the most popular cloud services. Risks Improperly Positioned Services False Sense of Security Benefits Easier transition to cloud services for current staff Ability to understand/visualize security posture Mitigation Strategies Security as a Foundation Security Fundamentals
MIKE SPAULDING - DOGFOODCON - 2016 INTERNATIONAL PRIVACY/COMPLIANCE RISKS The Data in the cloud is still YOUR DATA. Liability of the data is not transferred away, ultimately, YOU ARE responsible for how the data is handled. Risks EU, Non-US resident data co-mingled Data residing within countries which do not have treaties with EU, Canada, etc. Mitigation Strategies Ensure that Location specific services are enabled and that specific data centers are used for meeting international privacy compliance (make sure that German data stays on German servers) Leverage data centers that can handle both US and EU Data Privacy requirements, such as Canadian servers.
MIKE SPAULDING - DOGFOODCON - 2016 LEGALLY YOURS REMEMBER: It is your data, how you use it is at your discretion. No cloud provider will ever sign on as being 100% liable for your data and you must prove how they failed. You will only get your portion of your money back (think of something like tires or a mattress). The warranty is limited to unused services only. The model of the cloud is on shared services, so no respecting cloud provider will sign away their rights to you. Liability is limited and at most they go out of business and walk away from the mess. You will own the mess, not them. YOUR DATA IS YOUR RESPONSIBILITY!
MIKE SPAULDING - DOGFOODCON - 2016 SO WHERE DO WE GO FROM HERE? Everything is moving to the cloud - it is really hard to find an industry that has no cloud presence. Don’t fight the kool aid now! Containerization and portability will be the next big wave for enterprises in the cloud. Although infrastructure in the cloud is becoming very mainstream, we have yet to see the cloud ‘killer’ app. If we look at things like Facebook, SalesForce, or Box what we find is that we made it easier for a large number of people to do something that would previously be more complex or cumbersome. Automation is already hitting the cloud, but we have not truly embraced it. Machine learning will make coding in the cloud even easier for the less technical and sharing data will be almost too easy or simple.
MIKE SPAULDING - DOGFOODCON - 2016 THE SINGLE, BIGGEST QUESTION TO ASK YOUR CLOUD VENDOR Where does your security end and my security begin?
MIKE SPAULDING - DOGFOODCON - 2016 THANK YOU I appreciate your time today during this session. If you need to reach me, try here: https://www.linkedin.com/in/therealfatherofmaddog @fatherofmaddog Columbus BSides Security Conference - January 16th, 2017 Due to my work/personal schedule, I cannot work for you (at least right now). Maybe some time down the road. Who knows. I need to thank - John Sanders (Ent. Architect/CIO), the guys at Secure Idea, and the person that created Pizza as a Service - Albert Barron.

Recommended

Is the Cloud Safe? Ensuring Security in the Cloud
Is the Cloud Safe? Ensuring Security in the CloudIs the Cloud Safe? Ensuring Security in the Cloud
Is the Cloud Safe? Ensuring Security in the Cloud
TechSoup
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_Piece
Paul Richards
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data Protection
MarketingArrowECS_CZ
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Ulf Mattsson
 
Improving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & SecurityImproving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & Security
Doug Copley
 
Webinar: Worried about privacy of your data on public cloud - Bring your own key
Webinar: Worried about privacy of your data on public cloud - Bring your own keyWebinar: Worried about privacy of your data on public cloud - Bring your own key
Webinar: Worried about privacy of your data on public cloud - Bring your own key
Vaultastic
 
Mike Palmer of Veritas: Debunking the myths of multi-cloud to achieve 360 Dat...
Mike Palmer of Veritas: Debunking the myths of multi-cloud to achieve 360 Dat...Mike Palmer of Veritas: Debunking the myths of multi-cloud to achieve 360 Dat...
Mike Palmer of Veritas: Debunking the myths of multi-cloud to achieve 360 Dat...
Veritas Technologies LLC
 
Cloud security lessons learned and audit
Cloud security lessons learned and auditCloud security lessons learned and audit
Cloud security lessons learned and audit
Marc Vael
 

Recommended

Is the Cloud Safe? Ensuring Security in the Cloud
Is the Cloud Safe? Ensuring Security in the CloudIs the Cloud Safe? Ensuring Security in the Cloud
Is the Cloud Safe? Ensuring Security in the Cloud
TechSoup
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_Piece
Paul Richards
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data Protection
MarketingArrowECS_CZ
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Ulf Mattsson
 
Improving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & SecurityImproving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & Security
Doug Copley
 
Webinar: Worried about privacy of your data on public cloud - Bring your own key
Webinar: Worried about privacy of your data on public cloud - Bring your own keyWebinar: Worried about privacy of your data on public cloud - Bring your own key
Webinar: Worried about privacy of your data on public cloud - Bring your own key
Vaultastic
 
Mike Palmer of Veritas: Debunking the myths of multi-cloud to achieve 360 Dat...
Mike Palmer of Veritas: Debunking the myths of multi-cloud to achieve 360 Dat...Mike Palmer of Veritas: Debunking the myths of multi-cloud to achieve 360 Dat...
Mike Palmer of Veritas: Debunking the myths of multi-cloud to achieve 360 Dat...
Veritas Technologies LLC
 
Cloud security lessons learned and audit
Cloud security lessons learned and auditCloud security lessons learned and audit
Cloud security lessons learned and audit
Marc Vael
 
The GDPR - A data revolution
The GDPR - A data revolutionThe GDPR - A data revolution
The GDPR - A data revolution
Dan Brookman
 
Global Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingGlobal Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud Computing
CloudSecurityAllianceAustralia
 
Jason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAJason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEA
Veritas Technologies LLC
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
CloudLock
 
How secure are chat and webconf tools
How secure are chat and webconf toolsHow secure are chat and webconf tools
How secure are chat and webconf tools
Marc Vael
 
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Netskope
 
Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...
Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...
Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...
Marcin Szary
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
The TNS Group
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
YounesChafi1
 
Privacy and social, it's a bitch. Get over it!
Privacy and social, it's a bitch. Get over it!Privacy and social, it's a bitch. Get over it!
Privacy and social, it's a bitch. Get over it!
Aurélie Pols
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud
Peak 10
 
10 Good Reasons: NetApp for Data Protection
10 Good Reasons: NetApp for Data Protection10 Good Reasons: NetApp for Data Protection
10 Good Reasons: NetApp for Data Protection
NetApp
 
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
Microsoft Österreich
 
Cloud Security (CASB) for Slack
Cloud Security (CASB) for SlackCloud Security (CASB) for Slack
Cloud Security (CASB) for Slack
Sachin Yadav
 
Microsoft 365 Compliance
Microsoft 365 ComplianceMicrosoft 365 Compliance
Microsoft 365 Compliance
David J Rosenthal
 
CipherCloud_Corporate Overview
CipherCloud_Corporate OverviewCipherCloud_Corporate Overview
CipherCloud_Corporate Overview
Scott Dierks
 
An Introduction to Cloud computing for SMEs
An Introduction to Cloud computing for SMEsAn Introduction to Cloud computing for SMEs
An Introduction to Cloud computing for SMEs
Tortrix Ltd
 
Scaling the Cloud - Cloud Security
Scaling the Cloud - Cloud SecurityScaling the Cloud - Cloud Security
Scaling the Cloud - Cloud Security
Bill Burns
 
Phil Carter of IDC: An analyst point of view
Phil Carter of IDC: An analyst point of viewPhil Carter of IDC: An analyst point of view
Phil Carter of IDC: An analyst point of view
Veritas Technologies LLC
 
Scot-Cloud 2015
Scot-Cloud 2015Scot-Cloud 2015
Scot-Cloud 2015
Ray Bugg
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's Story
CloudLock
 
Security: Enabling the Journey to the Cloud
Security: Enabling the Journey to the CloudSecurity: Enabling the Journey to the Cloud
Security: Enabling the Journey to the Cloud
Capgemini
 

More Related Content

What's hot

The GDPR - A data revolution
The GDPR - A data revolutionThe GDPR - A data revolution
The GDPR - A data revolution
Dan Brookman
 
Global Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingGlobal Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud Computing
CloudSecurityAllianceAustralia
 
Jason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAJason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEA
Veritas Technologies LLC
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
CloudLock
 
How secure are chat and webconf tools
How secure are chat and webconf toolsHow secure are chat and webconf tools
How secure are chat and webconf tools
Marc Vael
 
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Netskope
 
Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...
Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...
Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...
Marcin Szary
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
The TNS Group
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
YounesChafi1
 
Privacy and social, it's a bitch. Get over it!
Privacy and social, it's a bitch. Get over it!Privacy and social, it's a bitch. Get over it!
Privacy and social, it's a bitch. Get over it!
Aurélie Pols
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud
Peak 10
 
10 Good Reasons: NetApp for Data Protection
10 Good Reasons: NetApp for Data Protection10 Good Reasons: NetApp for Data Protection
10 Good Reasons: NetApp for Data Protection
NetApp
 
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
Microsoft Österreich
 
Cloud Security (CASB) for Slack
Cloud Security (CASB) for SlackCloud Security (CASB) for Slack
Cloud Security (CASB) for Slack
Sachin Yadav
 
Microsoft 365 Compliance
Microsoft 365 ComplianceMicrosoft 365 Compliance
Microsoft 365 Compliance
David J Rosenthal
 
CipherCloud_Corporate Overview
CipherCloud_Corporate OverviewCipherCloud_Corporate Overview
CipherCloud_Corporate Overview
Scott Dierks
 
An Introduction to Cloud computing for SMEs
An Introduction to Cloud computing for SMEsAn Introduction to Cloud computing for SMEs
An Introduction to Cloud computing for SMEs
Tortrix Ltd
 
Scaling the Cloud - Cloud Security
Scaling the Cloud - Cloud SecurityScaling the Cloud - Cloud Security
Scaling the Cloud - Cloud Security
Bill Burns
 
Phil Carter of IDC: An analyst point of view
Phil Carter of IDC: An analyst point of viewPhil Carter of IDC: An analyst point of view
Phil Carter of IDC: An analyst point of view
Veritas Technologies LLC
 

What's hot (19)

The GDPR - A data revolution
The GDPR - A data revolutionThe GDPR - A data revolution
The GDPR - A data revolution
 
Global Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingGlobal Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud Computing
 
Jason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAJason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEA
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
 
How secure are chat and webconf tools
How secure are chat and webconf toolsHow secure are chat and webconf tools
How secure are chat and webconf tools
 
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
 
Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...
Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...
Identity and Access Managemt (IAM) in the era of cloud, mobile and social tra...
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
 
Privacy and social, it's a bitch. Get over it!
Privacy and social, it's a bitch. Get over it!Privacy and social, it's a bitch. Get over it!
Privacy and social, it's a bitch. Get over it!
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud
 
10 Good Reasons: NetApp for Data Protection
10 Good Reasons: NetApp for Data Protection10 Good Reasons: NetApp for Data Protection
10 Good Reasons: NetApp for Data Protection
 
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
 
Cloud Security (CASB) for Slack
Cloud Security (CASB) for SlackCloud Security (CASB) for Slack
Cloud Security (CASB) for Slack
 
Microsoft 365 Compliance
Microsoft 365 ComplianceMicrosoft 365 Compliance
Microsoft 365 Compliance
 
CipherCloud_Corporate Overview
CipherCloud_Corporate OverviewCipherCloud_Corporate Overview
CipherCloud_Corporate Overview
 
An Introduction to Cloud computing for SMEs
An Introduction to Cloud computing for SMEsAn Introduction to Cloud computing for SMEs
An Introduction to Cloud computing for SMEs
 
Scaling the Cloud - Cloud Security
Scaling the Cloud - Cloud SecurityScaling the Cloud - Cloud Security
Scaling the Cloud - Cloud Security
 
Phil Carter of IDC: An analyst point of view
Phil Carter of IDC: An analyst point of viewPhil Carter of IDC: An analyst point of view
Phil Carter of IDC: An analyst point of view
 

Similar to Redefining Security in the Cloud

Scot-Cloud 2015
Scot-Cloud 2015Scot-Cloud 2015
Scot-Cloud 2015
Ray Bugg
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's Story
CloudLock
 
Security: Enabling the Journey to the Cloud
Security: Enabling the Journey to the CloudSecurity: Enabling the Journey to the Cloud
Security: Enabling the Journey to the Cloud
Capgemini
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_Piece
Keith Purves
 
Cloud Seeding
Cloud SeedingCloud Seeding
Cloud Seeding
Trish McGinity, CCSK
 
Hybrid Enterprise IaaS Cloud - what you need to know!
Hybrid Enterprise IaaS Cloud - what you need to know!Hybrid Enterprise IaaS Cloud - what you need to know!
Hybrid Enterprise IaaS Cloud - what you need to know!
ShapeBlue
 
Going to the SP2013 Cloud - what does a business need to make it successful?
Going to the SP2013 Cloud - what does a business need to make it successful?Going to the SP2013 Cloud - what does a business need to make it successful?
Going to the SP2013 Cloud - what does a business need to make it successful?
Matt Groves
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Cloud Security Alliance Lviv Chapter
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
Scalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
patmisasi
 
The evolving CIO|CISO relationship
The evolving CIO|CISO relationship The evolving CIO|CISO relationship
The evolving CIO|CISO relationship
Zscaler
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny Heaberlin
Cloud Expo
 
Moving Sucks. Making Secure Cloud Migration Painless
Moving Sucks. Making Secure Cloud Migration PainlessMoving Sucks. Making Secure Cloud Migration Painless
Moving Sucks. Making Secure Cloud Migration Painless
JoAnna Cheshire
 
Microsoft Teams in the Modern Workplace
Microsoft Teams in the Modern WorkplaceMicrosoft Teams in the Modern Workplace
Microsoft Teams in the Modern Workplace
Joanne Klein
 
CLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHCLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACH
SHAIMA A R
 
What is 'Cloud Computing'?
What is 'Cloud Computing'?What is 'Cloud Computing'?
What is 'Cloud Computing'?
CLASS Training
 
M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365
M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365
M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365
Joanne Klein
 
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Tudor Damian
 
Cloud Industry Forum Report: Cloud for Business, Why Security is No Longer a ...
Cloud Industry Forum Report: Cloud for Business, Why Security is No Longer a ...Cloud Industry Forum Report: Cloud for Business, Why Security is No Longer a ...
Cloud Industry Forum Report: Cloud for Business, Why Security is No Longer a ...
Hewlett Packard Enterprise Business Value Exchange
 
Tech equity - Cloud presentation
Tech equity - Cloud presentationTech equity - Cloud presentation
Tech equity - Cloud presentation
Adrian Hall
 

Similar to Redefining Security in the Cloud (20)

Scot-Cloud 2015
Scot-Cloud 2015Scot-Cloud 2015
Scot-Cloud 2015
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's Story
 
Security: Enabling the Journey to the Cloud
Security: Enabling the Journey to the CloudSecurity: Enabling the Journey to the Cloud
Security: Enabling the Journey to the Cloud
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_Piece
 
Cloud Seeding
Cloud SeedingCloud Seeding
Cloud Seeding
 
Hybrid Enterprise IaaS Cloud - what you need to know!
Hybrid Enterprise IaaS Cloud - what you need to know!Hybrid Enterprise IaaS Cloud - what you need to know!
Hybrid Enterprise IaaS Cloud - what you need to know!
 
Going to the SP2013 Cloud - what does a business need to make it successful?
Going to the SP2013 Cloud - what does a business need to make it successful?Going to the SP2013 Cloud - what does a business need to make it successful?
Going to the SP2013 Cloud - what does a business need to make it successful?
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
The evolving CIO|CISO relationship
The evolving CIO|CISO relationship The evolving CIO|CISO relationship
The evolving CIO|CISO relationship
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny Heaberlin
 
Moving Sucks. Making Secure Cloud Migration Painless
Moving Sucks. Making Secure Cloud Migration PainlessMoving Sucks. Making Secure Cloud Migration Painless
Moving Sucks. Making Secure Cloud Migration Painless
 
Microsoft Teams in the Modern Workplace
Microsoft Teams in the Modern WorkplaceMicrosoft Teams in the Modern Workplace
Microsoft Teams in the Modern Workplace
 
CLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHCLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACH
 
What is 'Cloud Computing'?
What is 'Cloud Computing'?What is 'Cloud Computing'?
What is 'Cloud Computing'?
 
M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365
M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365
M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365
 
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
 
Cloud Industry Forum Report: Cloud for Business, Why Security is No Longer a ...
Cloud Industry Forum Report: Cloud for Business, Why Security is No Longer a ...Cloud Industry Forum Report: Cloud for Business, Why Security is No Longer a ...
Cloud Industry Forum Report: Cloud for Business, Why Security is No Longer a ...
 
Tech equity - Cloud presentation
Tech equity - Cloud presentationTech equity - Cloud presentation
Tech equity - Cloud presentation
 

More from Mike Spaulding

BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
Mike Spaulding
 
Attacking Automation: Hacking for the Next Fifty Years
Attacking Automation: Hacking for the Next Fifty YearsAttacking Automation: Hacking for the Next Fifty Years
Attacking Automation: Hacking for the Next Fifty Years
Mike Spaulding
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
Mike Spaulding
 
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsWindows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti Forensics
Mike Spaulding
 
Policy Map
Policy MapPolicy Map
Policy Map
Mike Spaulding
 
Data Leakage Presentation
Data Leakage PresentationData Leakage Presentation
Data Leakage Presentation
Mike Spaulding
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec Training
Mike Spaulding
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004
Mike Spaulding
 
DNS Vulnerabilities
DNS VulnerabilitiesDNS Vulnerabilities
DNS Vulnerabilities
Mike Spaulding
 
CMH Security Summit 2014 - InfoSec Warrior
CMH Security Summit 2014 - InfoSec WarriorCMH Security Summit 2014 - InfoSec Warrior
CMH Security Summit 2014 - InfoSec Warrior
Mike Spaulding
 
PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015
Mike Spaulding
 

More from Mike Spaulding (11)

BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
 
Attacking Automation: Hacking for the Next Fifty Years
Attacking Automation: Hacking for the Next Fifty YearsAttacking Automation: Hacking for the Next Fifty Years
Attacking Automation: Hacking for the Next Fifty Years
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
 
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsWindows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti Forensics
 
Policy Map
Policy MapPolicy Map
Policy Map
 
Data Leakage Presentation
Data Leakage PresentationData Leakage Presentation
Data Leakage Presentation
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec Training
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004
 
DNS Vulnerabilities
DNS VulnerabilitiesDNS Vulnerabilities
DNS Vulnerabilities
 
CMH Security Summit 2014 - InfoSec Warrior
CMH Security Summit 2014 - InfoSec WarriorCMH Security Summit 2014 - InfoSec Warrior
CMH Security Summit 2014 - InfoSec Warrior
 
PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015
 

Recently uploaded

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 

Recently uploaded (20)

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 

Redefining Security in the Cloud

  • 1. DOGFOODCON ‘16 REDEFINING SECURITY IN A CLOUD- CENTRIC FUTURE
  • 2. MIKE SPAULDING - DOGFOODCON - 2016 DISCLAIMER My opinions, commentary, and discussion today are my own, not my employer(s) My tweets are my own. If they offend you, then you probably shouldn’t follow me. I will not discuss anything about my employer(s) in any detail or extent
  • 3. MIKE SPAULDING - DOGFOODCON - 2016 HOW THE CLOUD WORKS It’s simple: It really is someone else’s hard drive. The hard drive sits in multiple countries and is shared by lots of people You are placing your trust in the third party to do its job: keep your data separate from other people’s data. Security is either sold softly (ie. ‘we’ve got you covered’) or it is a hard sale (ie. ‘buy this feature and this to feel safe’)
  • 4. MIKE SPAULDING - DOGFOODCON - 2016 UNDERSTANDING YOUR CLOUD • SalesForce • ServiceNow • Office365 • Kronos It is estimated that most large companies are leveraging between 600 - 1000 SaaS Applications on a daily basis. • Rackspace • MSFT Azure • IBM SmartCloud • SoftLayer • Amazon AWS • MSFT Azure • IBM BlueMix • Cloud Foundry • Google AppEngine Cloud AppsCloud Infrastructure Platforms (SaaS)(IaaS) (PaaS) Owner: Business Relationship Manager Owner: Historically Legacy Infrastructure Teams Owner: Sometimes Developers, other times it is Infrastructure • SalesForce • ServiceNow • Office365 • Kronos
  • 5. MIKE SPAULDING - DOGFOODCON - 2016 CLOUD SECURITY RESPONSIBILITY Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking Local/On Premise (Your Data Center) Applications Data Runtime Middleware O/S Virtualization Storage Networking Infrastructure (IaaS) Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking Platform Apps (PaaS) Servers Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking Cloud Apps (SaaS) Your Co. Vendor SharedResponsible Party & Accountability
  • 6. MIKE SPAULDING - DOGFOODCON - 2016 EXAMPLE: COMPARING YOUR CLOUD WITH PIZZA
  • 7. MIKE SPAULDING - DOGFOODCON - 2016 UNDERSTANDING YOUR DATA IN THE CLOUD • DropBox • Box • iCloud • Facebook Information Sharing (SaaS) Owner:Business Relationship Mgr. Security Requirements Authentication Authorization Confidentiality Audit Non-Repudiation Solutions Company Modified PaaS Company Modified SaaS Hybrid Cloud Accountability Business Owner Technical Owner Process Owner Technical Requirements Two-Factor Authentication Business Intelligence Encryption Data Loss Prevention Verification Services Business Requirements Rights Management: Expiration Dates Limited Distribution Ability to limit Users Ability to Audit Activities Stakeholders Legal & Procurement Information Security Architecture Infrastructure Data Types • PII • PHI • PCI • IP
  • 8. MIKE SPAULDING - DOGFOODCON - 2016 SAAS RESPONSIBILITY CLARIFICATION Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking Cloud Apps (SaaS)Cloud Apps have a shared responsibility at the Application layer: You are accountable for the user access functions, but overall app support (dev, MX, and MGMT) resides with the provider. Administrative Tasks: • User Management • SOX • User Behavior Monitoring Authentication Authorization Audit Technical Tasks: • Application Development • Application Upgrades • Application Management Support Your Co. Vendor SharedResponsible Party & Accountability
  • 9. MIKE SPAULDING - DOGFOODCON - 2016 MULTITENANCY: HOW THEY MAKE THE CLOUD CHEAPER A software architecture in which a single instance of software runs on a server and serves multiple tenants (or the sharing of a common cloud resource in our situation). Risks: Data Leakage Insecure Configuration Crossover from other Tenants Benefits: Lower Costs Mitigation Strategy: Isolated Resources Security as a Foundation
  • 10. MIKE SPAULDING - DOGFOODCON - 2016 API SECURITY (OR HOW MOST LARGE CLOUD HACKS HAPPEN) These are application programming interfaces (APIs) used to build applications in the cloud computing market. Cloud APIs allow software to request data and computations from one or more services through a direct or indirect interface. Risks Account or Service HiJacking Insecure APIs Known Vulnerabilities Lack of Control Benefits Customizable Services Integration with Internal Systems Mitigation Strategies Evaluate the type and strength of the API Security Features. Security as a foundation
  • 11. MIKE SPAULDING - DOGFOODCON - 2016 CLOUD PORTABILITY Cloud Portability and Continuity of Operations is a set of policies and procedures that help to assure that your services continue. Risks Denial of Service Vendor Lock-In Un-Exportable Services Benefits Peace of Mind Structured Approach to BCP/DR Mitigation Strategies Develop Business Continuity Plan Develop an Exit Strategy
  • 12. MIKE SPAULDING - DOGFOODCON - 2016 CLOUD RELIABILITY Cloud Architecture is more complex and abstract than traditional on-premise computing architectures. Risks Denial of Service Risk is outside of your control Skills Atrophy Benefits Higher Level of Service at a Lower Cost Redundancy, Load Balancing, Network Security Mitigation Strategies Hybrid Cloud Option Documentation
  • 13. MIKE SPAULDING - DOGFOODCON - 2016 DATA ENCRYPTION Protecting your data both at rest and in-transit. Risks Vendor Lock-In Un-Retrievable Data Proprietary Tooling Benefits Minimized Potential for Data Loss Structured Approach for Data Management Mitigation Strategies Establish an Independent Key Management Service Develop a Data Security Strategy/Standard
  • 14. MIKE SPAULDING - DOGFOODCON - 2016 SECURITY AS A SERVICE (CASB) Cloud providers are beginning to offer Security capabilities as a service. These services are both traditional (AAA) and non-traditional (cloud to cloud security) Risks Improperly Positioned Services Skills Atrophy Proprietary Tooling Benefits Higher Security Capability with lower barrier Ability to have a single security context across multiple vendors Mitigation Strategies Security as a Foundation Security Auditing
  • 15. MIKE SPAULDING - DOGFOODCON - 2016 TRADITIONAL SECURITY MIGRATED TO THE CLOUD Leveraging Virtualized Software, many traditional security vendors have created cloud- based firewalls, IPS, reverse proxies, web application firewalls, and malware detection tools into many of the most popular cloud services. Risks Improperly Positioned Services False Sense of Security Benefits Easier transition to cloud services for current staff Ability to understand/visualize security posture Mitigation Strategies Security as a Foundation Security Fundamentals
  • 16. MIKE SPAULDING - DOGFOODCON - 2016 INTERNATIONAL PRIVACY/COMPLIANCE RISKS The Data in the cloud is still YOUR DATA. Liability of the data is not transferred away, ultimately, YOU ARE responsible for how the data is handled. Risks EU, Non-US resident data co-mingled Data residing within countries which do not have treaties with EU, Canada, etc. Mitigation Strategies Ensure that Location specific services are enabled and that specific data centers are used for meeting international privacy compliance (make sure that German data stays on German servers) Leverage data centers that can handle both US and EU Data Privacy requirements, such as Canadian servers.
  • 17. MIKE SPAULDING - DOGFOODCON - 2016 LEGALLY YOURS REMEMBER: It is your data, how you use it is at your discretion. No cloud provider will ever sign on as being 100% liable for your data and you must prove how they failed. You will only get your portion of your money back (think of something like tires or a mattress). The warranty is limited to unused services only. The model of the cloud is on shared services, so no respecting cloud provider will sign away their rights to you. Liability is limited and at most they go out of business and walk away from the mess. You will own the mess, not them. YOUR DATA IS YOUR RESPONSIBILITY!
  • 18. MIKE SPAULDING - DOGFOODCON - 2016 SO WHERE DO WE GO FROM HERE? Everything is moving to the cloud - it is really hard to find an industry that has no cloud presence. Don’t fight the kool aid now! Containerization and portability will be the next big wave for enterprises in the cloud. Although infrastructure in the cloud is becoming very mainstream, we have yet to see the cloud ‘killer’ app. If we look at things like Facebook, SalesForce, or Box what we find is that we made it easier for a large number of people to do something that would previously be more complex or cumbersome. Automation is already hitting the cloud, but we have not truly embraced it. Machine learning will make coding in the cloud even easier for the less technical and sharing data will be almost too easy or simple.
  • 19. MIKE SPAULDING - DOGFOODCON - 2016 THE SINGLE, BIGGEST QUESTION TO ASK YOUR CLOUD VENDOR Where does your security end and my security begin?
  • 20. MIKE SPAULDING - DOGFOODCON - 2016 THANK YOU I appreciate your time today during this session. If you need to reach me, try here: https://www.linkedin.com/in/therealfatherofmaddog @fatherofmaddog Columbus BSides Security Conference - January 16th, 2017 Due to my work/personal schedule, I cannot work for you (at least right now). Maybe some time down the road. Who knows. I need to thank - John Sanders (Ent. Architect/CIO), the guys at Secure Idea, and the person that created Pizza as a Service - Albert Barron.