The document analyzes security incident data from over 1,500 customers with infrastructure in both on-premise and cloud/hosted environments. It finds that while security incidents occurred in both environments, on-premise environments experienced higher rates of occurrence and frequency for most incident categories as well as greater threat diversity. In particular, on-premise environments were much more likely to experience malware/botnet and misconfiguration issues.
The variety and complexity of cyber attacks is increasing. The attackers have a strong economic and political motivation thus leading to organized and targeted attacks. We have concluded that intrusions are inevitable, and have focused on strategies to work through the attack while limiting the losses. Our approach, called Self Cleansing Intrusion Tolerance (SCIT), leads to the next generation of secure servers. SCIT shifts the focus from intrusion avoidance to reducing the losses resulting from an intrusion. This additional layer of defense is justified, because the current reactive approaches cannot keep up with the rapidly increasing new threats.
The variety and complexity of cyber attacks is increasing. The attackers have a strong economic and political motivation thus leading to organized and targeted attacks. We have concluded that intrusions are inevitable, and have focused on strategies to work through the attack while limiting the losses. Our approach, called Self Cleansing Intrusion Tolerance (SCIT), leads to the next generation of secure servers. SCIT shifts the focus from intrusion avoidance to reducing the losses resulting from an intrusion. This additional layer of defense is justified, because the current reactive approaches cannot keep up with the rapidly increasing new threats.
A breakdown of the top misconceptions enterprises are facing when assessing the security levels of cloud computing environments, and the realities behind them
Becoming the safe choice for the cloud by addressing cloud fraud & security t...cVidya Networks
Nava Levy, cVidya's VP SaaS/Cloud Solutions, chaired and spoke at TM Forum's Management World America's 2011 on Racing Ahead of the Competition by Capitalizing on Your Potential to be the Safe and Secure Choice for Cloud at The Race to Cloud Services Summit
A breakdown of the top misconceptions enterprises are facing when assessing the security levels of cloud computing environments, and the realities behind them
Becoming the safe choice for the cloud by addressing cloud fraud & security t...cVidya Networks
Nava Levy, cVidya's VP SaaS/Cloud Solutions, chaired and spoke at TM Forum's Management World America's 2011 on Racing Ahead of the Competition by Capitalizing on Your Potential to be the Safe and Secure Choice for Cloud at The Race to Cloud Services Summit
In cloud computing IT (Information Technology) related resources like infrastructure, platform and software can be utilized using web based tools and application through internet. Here Organizations are moving to the cloud computing some faster than others. However, moving to the cloud presents the organization with a number of risks to assess. Information security is the most critical risk for many organizations. This is because the intellectual property, trade secrets, personally identifiable information,
or other sensitive information can be powered by protecting information. This paper classified cloud
security based on the three service models of cloud computing SaaS, PaaS and IaaS. Attributes for each
type of security has also identified and briefly described here. We compared securities provided in different
services by world's best known cloud service providing companies such as Amazon AWS, Google App Engine, Windows Azure etc. considering cloud security category. Furthermore, we included recommendations for organizations who have decided to move their data into the cloud, but confused to choose the best service provider for their organization regarding information security.
In the cloud, data is not tied to one server or even one group of servers, and it can be accessed from multiple devices simultaneously. To protect data, therefore, security solutions must shift from defense of a fixed perimeter towards an approach that protects the data as it travels from physical to virtual to cloud environments.
In the post-PC era, Trend Micro envisions a smart, data-centric security framework that advances the capabilities of our cloud-based Smart Protection Network™, adds smarter threat protection that correlates local threat intelligence; smarter data protection that follows and protects your data; and unified security management that increases visibility into data access and potential attacks.
This presentation was given at the Information Security Executive Summit on 28th / 29th February 2012
Review on Security Aspects for Cloud Architecture IJECEIAES
Cloud computing is one of the fastest growing and popular technology in the field of computing. As the concept of cloud computing was introduced in 2006. Since then large number of IT industries join the queue to develop many cloud services and put sensitive information over cloud. In fact cloud computing is no doubt the great innovation in the field of computing but at the same time also poses many challenges. Since a large number of organizations migrate their business to cloud and hence it appears as an attractive target for the malicious attack. The purpose of the paper is to review the available literature for security concerns and highlight a relationship between vulnerabilities, attacks and threats in SaaS model. A mapping is being presented to highlight the impact of vulnerabilities and attacks.
This summary cloud security survey from Intel captures key findings from 800 IT managers in the U.S., the U.K., China, and Germany that provide insight into cloud computing security concerns and how those concerns might be alleviated.
Cloud Computing IT Lexicon's Latest Hot SpotTech Mahindra
Cloud computing, a highly flexible deployment model is emerging because of enhancing interdependence of business and IT. Effective and efficient resource sharing, interconnecting between people, department and companies is possible because of this emerging technology. Cloud computing also provides a stable environment where Telcos can improve business outcomes by leveraging their experience in offering IT centric managed services. Though not without its flaws, cloud computing looks to change the way companies do business in the near future.
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...IJNSA Journal
Multi-cloud is an advanced version of cloud computing that allows its users to utilize different cloud systems from several Cloud Service Providers (CSPs) remotely. Although it is a very efficient computing
facility, threat detection, data protection, and vendor lock-in are the major security drawbacks of this infrastructure. These factors act as a catalyst in promoting serious cyber-crimes of the virtual world. Privacy and safety issues of a multi-cloud environment have been overviewed in this research paper. The
objective of this research is to analyze some logical automation and monitoring provisions, such as monitoring Cyber-physical Systems (CPS), home automation, automation in Big Data Infrastructure (BDI), Disaster Recovery (DR), and secret protection. The Results of this research investigation indicate that it is possible to avoid security snags of a multi-cloud interface by adopting these scientific solutions methodically.
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
In the IoT scenario, things at the edge can create significantly large amounts of data. Fog Computing has recently emerged as the paradigm to address the needs of edge computing in the Internet of Things (IoT) and Industrial Internet of Things (IIoT) applications. In a Fog Computing environment, much of the processing would take place closer to the edge in a router device, rather than having to be transmitted to the Fog. Authentication is an important issue for the security of fog computing since services are offered to massive-scale end users by front fog nodes.Fog computing faces new security and privacy challenges besides those inherited from cloud computing. Authentication helps to ensure and confirms a user's identity. The existing traditional password authentication does not provide enough security for the data and there have been instances when the password-based authentication has been manipulated to gain access into the data. Since the conventional methods such as passwords do not serve the purpose of data security, research worksare focused on biometric user authentication in fog computing environment. In this paper, we present biometric smartcard authentication to protect the fog computing environment.
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
In the IoT scenario, things at the edge can create significantly large amounts of data. Fog Computing has recently emerged as the paradigm to address the needs of edge computing in the Internet of Things (IoT) and Industrial Internet of Things (IIoT) applications. In a Fog Computing environment, much of the processing would take place closer to the edge in a router device, rather than having to be transmitted to the Fog. Authentication is an important issue for the security of fog computing since services are offered to massive-scale end users by front fog nodes.Fog computing faces new security and privacy challenges besides those inherited from cloud computing. Authentication helps to ensure and confirms a user's identity. The existing traditional password authentication does not provide enough security for the data and there have been instances when the password-based authentication has been manipulated to gain access into the data. Since the conventional methods such as passwords do not serve the purpose of data security, research worksare focused on biometric user authentication in fog computing environment. In this paper, we present biometric smartcard authentication to protect the fog computing environment.
We're constantly reminded about how fleeting time is—but what if you had more time? What would you do? We decided to illustrate some of the answers we found on Twitter.
If you're looking to get some time back in your day, consider letting Rackspace manage your servers. We can focus on the tech so that you can focus on innovation.
Learn more about Rackspace: http://rackspace.com
Learn more about this project: https://blog.rackspace.com/moretime-question-ages
Learn how to overcome security challenges, such as: identity theft, spoofed transactions, DDoS business disruption, criminal extortion and more. You'll learn how a security strategy promotes confidence in the cloud.
6 Commonly Asked Questions from Customers Building on AWSRackspace
This session is ideal for IT/Infrastructure Manager, Application Developers, System Architects/Administrators and anyone who is growing their AWS footprint. We will uncover recent customer experiences at every stage while you can network with peers that face similar challenges.
The Evolution of OpenStack – From Infancy to EnterpriseRackspace
As OpenStack turns 5 this year, we thought it would be a good time to take a look back at the evolution of OpenStack. We start with a quick overview of what OpenStack is, how OpenStack came to be and describe the OpenStack Foundation. Next we describe the problem that OpenStack helps to solve, the components of OpenStack and the timeline for when these components came to be. Last, we outline the current features and benefits that make OpenStack ready for the enterprise with supporting Enterprise use case examples. Blog can be found here (
https://developer.rackspace.com/blog/evolution-of-openstack-from-infancy-to-enterprise/) and webinar can be found here (https://www.brighttalk.com/webcast/11427/138613)
Data is being generated at a feverish pace and forward thinking companies are integrating big data and analytics as part of their core strategy from day one. However, it is often hard to sift through the hype around big data and many companies start with only a small subset of data. Can smaller companies benefit from big data efforts? We will discuss several use cases and examples of how startups are using data to optimize their operations, connect with their users, and expand their market.
Deploy Apache Spark™ on Rackspace OnMetal™ for Cloud Big Data PlatformRackspace
There's an elephant in the room when it comes to Big Data. Apache Hadoop and Spark offer the promise to transform how businesses leverage Big Data, finding the right mix of flexible deployments, elastic scalability, and performance can be daunting.
Introducing Rackspace OnMetal™ for Apache Spark™ an industry first that combines the performance and efficiency of bare metal with the ease and flexibility of cloud. With Rackspace OnMetal for Cloud Big Data Platform you can transform how you run Hadoop and Spark workloads:
•Deploy in minutes, not months
•Spin instances up or down on demand
•Process data in-memory for faster query times
•Get bare metal performance and say goodbye to virtualization taxes
Sign up and learn how Rackspace OnMetal for Cloud Big Data Platform can rapidly move your organization from planning to deploying.
Rackspace::Solve NYC - Welcome Keynote featuring Rackspace CTO John EngatesRackspace
Solving business challenges - that was the focus at Rackspace::Solve in New York City, the second of three one-day summits that showcase how companies are overcoming the toughest challenges in their businesses and for their customers. In this presentation, Rackspace CTO John Engates kicks off the day with an overview of some of those challenges, and the various ways some of our customers and partners help solve them by using Rackspace's Managed Cloud offerings.
Rackspace (NYSE: RAX) is the #1 managed cloud company. Our technical expertise and Fanatical Support® allow companies to tap the power of the cloud without the pain of hiring experts in dozens of complex technologies. Rackspace is also the leader in hybrid cloud, giving each customer the best fit for its unique needs — whether on single- or multi-tenant servers, or a combination of those platforms. Rackspace is the founder of OpenStack®, the open-source operating system for the cloud. Headquartered in San Antonio, we serve more than 200,000 business customers from data centers on four continents. We rank 29th on Fortune’s list of 100 Best Companies to Work For. For more information, visit www.rackspace.com.
Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...Rackspace
At Rackspace::Solve NYC, Jon Hyman, CIO of Appboy and Prashanth Chandrasekar, GM of DevOps at Rackspace, discuss the role of DevOps in helping to solve the technical challenges that come with rapid growth.
Rackspace (NYSE: RAX) is the #1 managed cloud company. Our technical expertise and Fanatical Support® allow companies to tap the power of the cloud without the pain of hiring experts in dozens of complex technologies. Rackspace is also the leader in hybrid cloud, giving each customer the best fit for its unique needs — whether on single- or multi-tenant servers, or a combination of those platforms. Rackspace is the founder of OpenStack®, the open-source operating system for the cloud. Headquartered in San Antonio, we serve more than 200,000 business customers from data centers on four continents. We rank 29th on Fortune’s list of 100 Best Companies to Work For. For more information, visit www.rackspace.com.
Rackspace::Solve NYC - Second Stage CloudRackspace
James Staten, VP and top Analyst at Forrester Research discusses tech adoption of cloud computing at Rackspace::Solve New York. Staten explains the Second-Stage Cloud, which means that the optimization phase of client-server is ending while we enter the rationalizations phase of cloud computing. This makes the cloud-competition today based on “service-value”, causing a hyper-growth for cloud services.
Rackspace::Solve NYC - Solving for Rapid Customer Growth and Scale Through De...Rackspace
At Rackspace Solve New York, Jon Hyman, CIO of AppBoy, shared how AppBoy uses Rackspace’s DevOps Automation Services to increase app engagement for their clients, including Urban Outfitters and Shape Magazine. With Rackspace’s managed cloud providing support, Appboy was able to excel rapid customer growth and scale through DevOps.
Rackspace::Solve NYC - The Future of Applications with Ken Cochrane, Engineer...Rackspace
What does intermodal shipping have to do with managing your app’s components in different environments? Ken Cochrane, Engineering Manager at Docker, explains in this presentation from Rackspace::Solve NYC. For more information about Rackspace::Solve, visit http://www.rackspacesolve.com.
Rackspace (NYSE: RAX) is the #1 managed cloud company. Our technical expertise and Fanatical Support® allow companies to tap the power of the cloud without the pain of hiring experts in dozens of complex technologies. Rackspace is also the leader in hybrid cloud, giving each customer the best fit for its unique needs — whether on single- or multi-tenant servers, or a combination of those platforms. Rackspace is the founder of OpenStack®, the open-source operating system for the cloud. Headquartered in San Antonio, we serve more than 200,000 business customers from data centers on four continents. We rank 29th on Fortune’s list of 100 Best Companies to Work For. For more information, visit www.rackspace.com.
vCenter Site Recovery Manager: Architecting a DR SolutionRackspace
VMware’s vCenter Site Recovery Manager is the market-leading disaster-recovery management product. It ensures the simplest and most reliable disaster protection for all virtualized applications. However, it is not a turn-key DR solution. Architecting your SRM solution requires deep thought and heavy planning. This presentation will help you with planning and architecting your SRM solution as well as addressing specific configuration and installation challenges. Our goal is to help you deploy and maintain a solid SRM solution to enable your DR Plan.
Outsourcing IT Projects to Managed Hosting of the CloudRackspace
Is your organization looking to cut costs, reduce deployment time, or gain new capabilities that you find challenging to implement with traditional on-premises infrastructure? Then outsourcing IT may be right for you.
Nearly every IT leader these days is wresting with Shadow IT – the dynamic in which end users obtain IT solutions from cloud service providers without informing corporate IT.
Some IT initiatives, such as disaster recovery, are natural fits for cloud computing. Yet it can be challenging to know exactly where to begin when it comes to configuring self-managed recovery plans and replicating virtual machines (VMs) from on-premises to a cloud service provider.
Migrating Traditional Apps from On-Premises to the Hybrid CloudRackspace
Re-architecting legacy apps for the public cloud is very resource intensive. However, migrating apps to a hosted hybrid cloud that’s composed of bare-metal servers, VMware® virtualization, EMC® storage and public cloud offers cloud-bursting benefits, but with less risk and cost. Check out our presentation and learn the five-step path to hybrid cloud.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
2. State of Cloud Security Report | Spring 2012
www.alertlogic.com
Removing
The cloud of
insecurity
State of Cloud Securit y Report Spring 2012
State of Cloud Securit y Report
Executive Summary 2
Methodology
Analyzing Real-World Data 4
PERCEPTION VS. DATA
Is the Cloud Really Insecure? 5
Incident Identification 6
SUMMARY OF RESULTS
Just the Facts 7
STATISTICS
Incident Occurrence and Frequency Rates 8
conclusions
The Alert Logic Perspective 9
WRAPPING UP
The Data Tells the Story 10
APPENDIX
Data Tables 11
1
3. State of Cloud Security Report | Spring 2012
www.alertlogic.com
State of Cloud Securit y Report
Executive Summary
Gartner surveyed While there is clearly a heightened perception of risk in the cloud,
are these fears supported by empirical data? The customers and partners
m o re t h an
300
of Alert Logic demand an answer to this question. This report is the first in
a series of twice-yearly, data-driven analyses in which Alert Logic examines
security trends across traditional on-premise and service-provider-managed
environments. Alert Logic utilizes real-world security findings to understand
the foundational differences between the classes of threats encountered in
cloud computing
traditional on-premise deployments versus those found in service provider
users, asking them environments where cloud and hosted infrastructures are managed.
to rank their top
three concerns. In analyzing the state of security, Alert Logic draws on security data from real
end-user environments, both on-premise and managed by service providers,
NEARLY from its base of over 1,500 customers. In this report, the Alert Logic Security
50 % Research Team utilized twelve months of security event data captured from
July 2010 through June 2011. Security incidents were identified through a
combination of automated correlation and validation by certified security
analysts. It should be noted that the sample is composed of data from
of respondents customers who are making an active investment in security. As a result, the
identified service findings of this report may represent security-aware organizations and any
conclusions drawn based on the data should be understood in that context.
provider security as
their primary issue.1
Tier1 Research’s 2011 report
on the hosting market
RISK INCREASES WITH SIZE AND DIVERSITY
indicates that the majority
of enterprises consider
securing infrastructure as
the most problematic
aspect of the cloud.2
risk
ON-PREMISE
SERVICE
PROVIDER FIG. A
1
Gartner Global IT Council for
Cloud Services report (2010)
2
Tier1 Research Global
Managed Hosting Market size and diversity
Overview (2011)
2
4. State of Cloud Security Report | Spring 2012
www.alertlogic.com
Key Findings: What does this mean for security
Findings from this study show that while there are differences between the management decisions, especially
classes and pervasiveness of incidents experienced in the on-premise and in the context of migrating
service provider environments, those differences may not necessarily line up infrastructure to hosted and
with general perceptions about security: cloud deployments?
S
ecurity fears should not
• When compared to traditional in-house managed IT environments, service
prevent organizations from
provider environments show lower occurrence rates for every class of taking advantage of hosting and
incident examined. cloud services. While security
management is a critical
• Service provider customers experienced lower threat diversity (i.e., the issue when choosing a service
number of unique incident classes experienced by a customer) than provider, the decision should be
based on a review of actual risks,
on-premise customers.
not perceptions that are not
supported by data.
• On-premise environments were twelve times more likely than service
provider environments to have common configuration issues, opening Service providers, who tend
the door to compromise. to have detailed, repeatable
management processes and
infrastructure configurations,
• While conventional wisdom suggests a higher rate of Web application
provide a good model for
attacks in the service provider environment, Alert Logic found a higher enterprises committed to
frequency of these incidents in on-premise environments. maintaining on-premise
infrastructure.
Part of the difference in risk level observed in these two environments can be
Service providers should focus
explained by relevant IT surface area. While service providers often manage tens
their security management efforts
of thousands of servers and applications across multiple data centers, they are on the threats most prevalent
composed of vast numbers of individual customer or tenant environments. Each in their environment, while
individual customer environment tends to have fewer application types residing continuing to manage to best
practices to create secure, highly
on server-based operating systems (OSs) with tightly controlled network access,
available environments.
resulting in a relatively small relevant surface area for attack. In contrast, on-premise
enterprise IT deployments tend to have a larger surface area due to their more IT decision-makers should
diverse environments characterized by a broad array of OSs and applications, consider the benefits and risks
of each model when deciding
along with desktops, mobile devices and more network entry points.
which workloads and applications
to deploy in service provider
environments and which to keep
on-premise. In turn, internal
resources can focus on the
security posture of the area for
which they maintain management
responsibility.
3
5. State of Cloud Security Report | Spring 2012
www.alertlogic.com
Methodology:
Analyzing Real-World Data
This report provides a comparative quantitative analysis of the classes and
frequencies of incidents encountered in on-premise environments vs. service
provider environments.
The analysis for both the service Alert Logic utilizes a patented The service provider cohort is
provider and on-premise cohorts expert system that evaluates seven composed of hosted and cloud
is based on incident data detected factors in determining if one or environments managed by one of
in actual customer environments more network-based events elevate the Alert Logic service provider
secured by Alert Logic, not to the level of an authentic security partners.
from surveys, lab environments, incident (See Fig. D). Further, a
or honeypots. Alert Logic team of GIAC-certified security These providers include
captures security events in these analysts reviews each incident to more than half of the top 30
environments through network- ensure validity and to confirm the service providers headquarted
based, signature-driven intrusion threat or compromise, providing in North America and are listed
detection systems (IDS). To correct an additional layer of scrutiny to in the appendix.
for noise and false positives, minimize false positives.
The on-premise cohort represents
environments deployed on the
customer’s premises. Alert Logic
visibility across on-premise customers come from a
multiple environments FIG. B broad range of organizations,
cutting across all verticals, with
a concentration of enterprises in
highly regulated industries such as
health care, finance, energy and
retail/e-commerce. As expected,
on-premise deployments were
typically larger than service
provider deployments, featuring
a broader set of applications and
operating systems. The majority of
both cohorts are located in North
America and Western Europe.
Service Provider On-Premise
4
6. State of Cloud Security Report | Spring 2012
www.alertlogic.com
PERCEPTION VS. DATA:
Is the Alert Logic customer DATA set
Cloud Really FIG. C
Insecure?
Improved agility and financial
benefits have driven the growth of
the Infrastructure-as-a-Service (IaaS)
model. However, a perception
remains that IaaS offerings from
service providers pose greater
security risks than traditional
on-premise deployments.
While there is clearly a heightened
perception of risk, do managed
and cloud environments hosted by
service providers actually experience
different classes of threats, or
different frequencies of incidents? ON-PREMISE? HOSTED? SERVICE PROVIDER? CLOUD?
As providers of Security-as-a-Service
How Alert Logic
to over 1,500 organizations with categorized its customer data
IT infrastructure housed either in
on-premise environments or with
For its analysis, Alert Logic has
managed service providers,
categorized security data into
Alert Logic draws on an extensive
two environments: on-premise
warehouse of security event data
and service provider. On-premise
to examine this assumption and
customers own and manage
is uniquely poised to assess the
their own IT infrastructure.
validity of popular beliefs regarding
Service provider customers are
the relative security of service
an aggregation of all customers
provider environments.
utilizing Infrastructure-as-a-
Service solutions from a service
provider, spanning from the
elastic cloud to managed or
dedicated hosted environments.
5
7. State of Cloud Security Report | Spring 2012
www.alertlogic.com
Incident Identification
2.2 B i ll i o n
security events observed
ALERT L OG IC SE CURIT Y I NCID E N T CATE G ORI E S
INCIDENT CLASS D E F I N ITIO N EXAMPLES
during the study period were Application Attack Exploit attempts against applications Buffer overflow
automatically evaluated and or services that are not running over
correlated through Alert Logic’s HTTP protocol.
expert system and reviewed by Brute Force Exploit attempts enumerating a large Password cracking
number of combinations, typically attempts
Alert Logic’s security analysts.
involving numerous credential failures.
m o re t h an
62,000
Malware/ Malicious software installed on a host Conficker, Zeus
Botnet Activity engaging in unscrupulous activity, data botnet, command
destruction, information gathering and control botnet
or creation of backdoors. Included communication
in this category is botnet activity: activity
i n c i d en t s post-compromise activity displaying
were verified and classified into characteristics of command and control
communication.
seven incident categories.
Misconfiguration Network/host/application configuration Missing patches and
issues that introduce possible security writable anonymous
EVENT VS. INCIDENT vulnerabilities, typically a result of FTP directories
inadequate hardening.
Event : Evidence of suspicious
behavior detected via an IDS signature. Reconnaissance Activity focused on mapping the Port scans and
networks, applications and/or fingerprinting
Inc ident: Validated threat services.
deemed to require a response, identified
by correlating one or more events. Vulnerability Scan Automated vulnerability discovery Unauthorized
in applications, services or protocol Nessus scan
Example: A single port scan is an event. implementations.
A series of port scans over time from a
host recognized as an attack source is Web Application Attacks targeting the presentation, SQL injection
Attack logic or database layer of Web
an incident. applications.
FIG. D Incid ent I d en ti fi cati on Approach
THREAT
IDENTIFICATION AUTOMATED EXPERT
SYSTEM ANALYSIS
CERTIFIED
SECURITY ANALYST
EVENTS REVIEW INCIDENTS
More Than
2.2 Billion
62,000
6
8. State of Cloud Security Report | Spring 2012
www.alertlogic.com
SUMMARY OF RESULTS:
Just the Facts
To assess whether on-premise and service provider
environments experience different levels of risk,
Alert Logic evaluated three factors:
Occurrence: The percentage of customers in each cohort These measures, in combination, help define the critical
experiencing each class of incident defined in the Security elements of a security program. The class and frequency
Incident Categories chart. Customers are included if they of events help determine the core elements of a program;
experienced a specific class of incident at least once higher threat diversity requires a more complex and
during the study period. involved security program to adequately protect assets.
Frequency: The average frequency of incidents, by class, Analysis of these three factors shows that even in security-
for impacted customers, indicating how often customers conscious environments, virtually every environment will
experience an incident of a particular category. encounter meaningful threats. Further, service-provider
managed-environments encountered more favorable
Threat Diversity: The threat diversity in each group, results in all three of the criteria analyzed in this report.
i.e., the number of unique incident classes (of the seven It should be noted that some of this could be explained by
categories reviewed) encountered by the customers the differences in size and platform diversity of cloud vs.
in each cohort. on-premise environments.
The rate of occurrence in an The frequency of experienced The threat diversity for
on-premise environment is more incidents is higher for on-premise on-premise environments is greater
likely to be greater than the environments across most of the than the threat diversity for service
occurrence rate for service provider threat categories. provider environments.
customers. This observation is
true for all threat categories.
Top Three FIG. E OCCURRENCE: FIG. F
Incident Classes PERCENT OF ALERT LOGIC customers
experiencing security incidents
By Class of Incident
Web Application Brute Force Reconnaissance
Attack
Brute Force Web Application Vulnerability
Attack Scan
7
9. State of Cloud Security Report | Spring 2012
www.alertlogic.com
STATISTICS:
Incident Occurrence and Frequency Rates
While service-provider-managed The most significant spread was
environments encountered lower found in malware/botnet incidents. Threat diversity:
rates and frequency of security On-premise environments were
incidents across all categories, overwhelmingly more likely to
there are notable differences in encounter such incidents in their Threat diversity is the third
the data. Alert Logic observed environments when compared element that Alert Logic analyzed.
a far greater percentage of to service-provider-managed While a lower threat diversity by
misconfiguration-based incidents environments, with 43% of on-premise itself does not mean an inherently
in the on-premise environment. environments versus 2% of service- less risky environment, a higher
provider-managed environments.
threat diversity indicates that a
The average number of broader set of attack vectors are
misconfiguration-related Both on-premise (71%) and service
at play.
incidents per impacted provider (65 %) customers are highly
likely to have experienced Web
customers are roughly
application attacks, and impacted DISTRIBUTION OF FIG. H
equivalent: 3.0 instances UNIQUE THREATS
customers in both environments were
in hosted/cloud, 4.0
likely to have experienced a high 30%
on-premise. However, number of such attacks over the
Mean: 2.1
Percentage of Environments Impacted
12% of on-premise period of study (on-premise 46.6, 25% Mean: 3.0
customers experienced service provider 32.4).
a misconfiguration incident 20%
while only 1% of service Brute force incidents are even
provider customers did. more commonly experienced in an 15%
FREQUENCY: FIG. G on-premise environment than Web
10%
NUMBER OF INCIDENTS application attacks, with 83% of cus-
PER IMPACTED CUSTOMER tomers receiving an average of 47.3
5%
By Class of Incident such attacks. While brute force inci-
dents in the service provider realm are 0%
significant (44% of customers experi- 0 1 2 3 4 5 6 7
July 2010 - June 2011
enced them), the difference between Unique Threat Classes Encountered
0 10 20 30 40 50
Web the two environments is surprising.
Application Attack Service Provider On-Premise
With more public-facing targets
Brute Force (websites) in the service provider Alert Logic found lower threat
environment, the reverse might have diversity in service provider
Vulnerability Scan
been expected. environments than in on-premise
Malware/Botnet
environments. During the period
Vulnerability scans are observed
Application Attack of this study, service provider
among 37% of service provider
customers averaged threats in
Misconfiguration customers and 54% of on-premise
2.1 categories (out of the seven
customers.
Reconnaissance categories analyzed), while
on-premise customers
Service Provider On-Premise experienced 3.0.
8
10. State of Cloud Security Report | Spring 2012
www.alertlogic.com
conclusions:
The Alert Logic Perspective
A belief persists that service provider OPPORTUNITY TO improve FIG. I
environments are less secure than security posture
on-premise environments, but this is
simply not supported by Alert Logic data.
Alert Logic analysis indicates that service provider
environments tend to be less prone to a broad range
of security incidents than on-premise environments.
risk
Further, service provider environments tend to experience ON-PREMISE
a narrower range of attack vectors. Possible explanations
include the presence of more standardized system
configurations in the service provider world, a narrower SERVICE
range of use cases among service provider customers, PROVIDER
and the relative maturity of the IaaS industry.
size and diversity
It’s not that the cloud is inherently
Fig. I represents a conceptual framework for thinking
secure or insecure. It’s really about about these differences. While service providers manage
the quality of management applied vast networks with tens of thousands of servers and
applications, the relevant surface area a prospective buyer
to any IT environment. of IaaS solutions should consider is that of the individual
customer environment. In Alert Logic’s experience, those
individual customer environments skew to a smaller and
While this data certainly casts doubt on conventional
simpler footprint as measured by a number of nodes and
wisdom and concerns about security in the service
applications, and breadth of operating systems. In contrast,
provider environment, Alert Logic does not believe that
on-premise environments managed by the typical enterprise
it leads to a simple “service provider vs. on-premise”
span a much broader array of endpoints, applications and
conclusion. While we observed differences between the
operating systems.
two environments, we believe that there are several
factors that help explain these variances:
Service provider environments, with smaller deployments,
inherently avoid some of that risk and therefore are a
• The typical size of a customer/user in each environment
good choice for appropriate workloads.
• The types of workloads found in each environment
Organizations making decisions about cloud and hosted
• The diversity of each environment infrastructure can exploit these differences to improve
their security posture and make the most effective use of
• The presence of user endpoints in the on-premise
IT resources.
environments
All of these differences speak to the relationship between
risk level and IT surface area in any environment.
9
11. State of Cloud Security Report | Spring 2012
www.alertlogic.com
Smart enterprises should they wish to let someone else handle Security management is not a
take advantage them. Selection of a service provider discrete goal to be achieved and
of the service provider model should include careful evaluation considered complete; it is an
for certain workloads. of the security policies and solutions ongoing process that is fundamental
that are available from the providers to providing IT infrastructure
Those workloads can take advantage under consideration. management as a service.
of the service provider’s highly repeat-
able configurations and processes and Service providers must be
demonstrated ability to manage to aware that while they benefit WRAPPING UP:
best practices (evident in the far lower
misconfiguration rates observed).
structurally from more limited The Data Tells
and well-defined workloads,
These characteristics allow service
providers to very effectively manage enterprise security concerns the Story
security for a focused set of threats. will not disappear.
For example, a Web-based server With security visibility into both
Lower threat diversity today doesn’t
application and related databases mean that service providers will not on-premise and service provider
containing sensitive customer data face increasing threat diversity in the environments, Alert Logic findings
may be a good fit for migrating future. To protect against leading offer a unique perspective on
to a hosted or cloud environment. threat vectors, service providers are managing IT security. Whether in the
The segregation of server-based best served by focusing time and cloud or an on-premise environment,
applications and assets from energy on the most pervasive risks effectively securing IT infrastructure
a diverse and porous on-premise in their customer environments: Web is largely about the quality of
network with numerous mobile application attacks, brute force and management:
clients and desktops, which are often reconnaissance. In addition, service
targets of highly prevalent malware providers should continue to build • Focusing on basic hygiene,
and botnet infection, can create an on their demonstrated competence Web application security and
inherently more secure environment in managing to best practices around configuration issues
for that application. At the same time, fundamental security hygiene, such
in-house IT resources can focus on the as configuration management and • Strategically isolating
unique challenges in their environment. operating system hardening. workloads in the most
Service-provider-managed appropriate environment
environments are not magic By utilizing strong product
bullets and not all are management disciplines to determine • Building and maintaining
which IaaS solutions are offered security expertise for workloads
created equal.
and supported, service providers can retained on-premise
Alert Logic data and experience play a role in minimizing the threat
suggest that much of the improvement diversity in cloud environments Despite the widespread
in risk profile in the service provider by limiting the IT surface area for perception that the cloud
customer data comes from a lower potential attacks. Managing security presents an increased
complexity and diversity and better programs requires service providers security risk, fears that
management of the basics, most to maintain continued visibility
the cloud is inherently
notably configuration management. into the threats encountered by
insecure are not supported
The primary decision an enterprise customers and continuous
by the data.n
must make is whether they wish to improvement in identifying and
replicate those best practices or if defending against those threats.
10
12. State of Cloud Security Report | Spring 2012
www.alertlogic.com
APPENDIX:
Data Tables
OCCURrENCE: Percent of Customers THreat diversity: DISTRIBUTION
Experiencing Security Incidents OF UNIQUE THREATS
By Class of Incident SERVICE THREAT SERVICE
Jul 2010 – Jun 2011 ON-PREMISE ON-PREMISE
PROVIDER DIVERSITY PROVIDER
Web Application 0 9% 0%
65% 71%
Attack
1 27% 20%
Brute Force 44% 83%
2 27% 23%
Reconnaissance 42% 51% 3 21% 22%
Vulnerability Scan 4 14% 18%
37% 54%
5 2% 11%
Application Attack 3% 9%
6 0% 5%
Malware/ 2% 43% 7 0% 2%
Botnet Activity
Misconfiguration 1% 12% Mean No. of Threat 2.1 3.0
Classes Encountered
FREQUENCY: Number of Incidents per Service provider partners
Impacted Customer INCLUDED IN STUDY
By Class of Incident SERVICE
Jul 2010 – Jun 2011 ON-PREMISE SERVICE PROVIDER PARTNER WEBSITE
PROVIDER
Web Application ATOS Origin atos.net
32.4 46.6
Attack CyrusOne cyrusone.com
Brute Force 22.4 47.3 Datapipe datapipe.com
Vulnerability Scan 21.8 22.9 DediPower dedipower.com
Malware/ Hosting.com hosting.com
8.4 28.1
Botnet Activity
Hostway hostway.com
Application Attack 6.2 6.2 Internap internap.com
Misconfiguration 3.0 4.0 Latisys latisys.com
Reconnaissance 2.4 10.1 LayeredTech layeredtech.com
LogicWorks logicworks.net
Megapath megapath.com
Top three incident cLASSES
NaviSite navisite.com
SERVICE PROVIDER ON-PREMISE OpSource opsource.net
Peer1 peer1.com
1. eb App. Attack (65%)
W 1. Brute Force (83%) Rackspace rackspace.com
Sungard Availability Services sungardas.com
2. Brute Force (44%) 2. eb App. Attack (71%)
W
Visi visi.com
3. Reconnaissance (42%) 3. Reconnaissance (54%) Windstream windstreambusiness.com
11