1) 84% of UK businesses now use cloud services, with adoption increasing yearly, as hybrid cloud environments become more common. 2) To properly secure these complex hybrid environments, businesses must understand the evolving threat landscape and who may be attacking them, implement strong access management and patching practices similar to on-premise systems, and acknowledge security as an ongoing responsibility. 3) When using cloud services, both the service provider and customer share responsibility for security - while providers focus on foundational security of networks and platforms, customers are responsible for securing applications and custom configurations.

1. Securing Your
Business in
the Digital
Age
Kevin Linsell, Director, Strategy & Architecture
Scott Nicholson, Head of Security & Compliance
Adapt
SERVICE PROVIDER VIEW:
7 Best Practices for Cloud Security

2. 02 The New Wave: The Role of Cloud
84% of UK businesses use cloud services
48
53
61
69
78
84
0
10
20
30
40
50
60
70
80
90
2010 2011 2012 2013 2014 2015

3. 03 The New Wave: The Role of Cloud
38%will increase their cloud adoption
25%will refine their cloud environment
18%will transform their cloud environment

4. 04 Riding The Wave
04
Always
Online
Smartphone
Revolution
Laptops &
‘Camera Phones’
Consumer Tech
HybridVirtualPhysical
Data Centre
Growth Via
Innovation
Credit CrunchEnd Of The
Dotcom Goldrush
UK Business
Advanced, Multi
Vector Attacks
Proliferation &
Organisation
Basic Malware,
Solo Mischief
Threats & Attacks

5. 05 Our Role: What Customers Need From Us
Increasing adoption of hybrid cloud creates diverse
estates with diverse security requirements.
Keep It Simple, Stupid MAKE It Simple, Stupid

6. 06 #1: Understand Who Is Attacking You (& Why)

7. 07 #2: …And What They Are Looking For
54%
Advertising
APP ATTACKS
37%
Accounting
BRUTE FORCE 33%
Financial
BRUTE FORCE 46%
Manufacturing
APP ATTACKS
79%
Mining
TROJAN
39%
Healthcare
BRUTE FORCE 45%
Retail
APP ATTACKS 71%
Transportation
APP ATTACKS
 Web applications will be targeted
 Customer data is the goal
 Traditional attacks (i.e. brute force) more prevalent
 Company confidential information is the target

8. #3: Stay Informed08
2011
IOS Basic
Constraints
2013
Lucky 13
2011
Comodo and
DigiNotar
2011
BEAST
2013
Alina
2012
Dexter
2014
Heartbleed
2014
Kaptoxa
2008
MD5
Considered
Harmful
2009
Null-prefix
Attack

9. 09 #4: Secure Virtual Worlds As You Would On-Premise
Most companies do security
well on-premise… so why is
best practice forgotten
when moving to the cloud?
 Assume the worst can (and will!) happen
 Give responsibility to the right people
 Create robust access management
policies
 Plan for rapid recovery
 Review logs regularly

10. 010 #5: Adopt a Patch Management Approach
1. CLASSIFY
your risk exposure based on
vulnerability & likelihood
2. TEST
patches before you release
into production
3. MAINTAIN
a regular patching schedule

11. 011 #6: Acknowledge Security & Compliance as 24x7
01
1
A case of ‘when’, not ‘if’
Cannot be just an ‘add-on’ to the day
job…
The rise of the Chief Security Officer:
 Ownership
 Empowerment
 Accountability
 People, partners, tools, processes, skills

12. 012 #7: Understand Your CSP Security Model
ServiceProviderResponsibility
Foundation Services
(ISO 27001 compliant)
Hypervisor
& OS
• Firewall & perimeter security services
• Segregation of Adapt & Customer Networks
• Regular Pen-tested network
• Accredited platform design & build
• Controlled access for customers
• Guest OS hardening
• Patch management
• Infrastructure updates
• Client access management
• Permission policies
• Security monitoring
• Log analysis
Apps
• Secure coding and best practices
• Software and virtual patching
• Configuration management
• Access management
• Application level attack monitoring
• Network threat
detection
• Security monitoring
• DDoS Protection
Networks
Compute Storage DB Network
CustomerResponsibility

13. Securing Your
Business in
the Digital
Age
Securing Your Business in the Digital Age
Cabinet War Rooms, 14th October 2015