SlideShare a Scribd company logo

Should we fear the cloud?

Gabe Akisanmi
Gabe Akisanmi

When you’re planning to move to the cloud and manage a hybrid environment, security is a top concern. But cloud is not necessarily less secure than a traditional environment. In fact, it may be possible to deliver even greater security in a hybrid cloud environment because it offers new and advanced opportunities. In this eBook, you’ll discover how hackers are using traditional tactics in new ways to attack the cloud. You’ll also find out how the cloud can help you increase security with innovative approaches designed to detect threats long before they threaten your enterprise.

Technology
1 of 30
Download to read offline
5 SHOULD WE FEAR THE CLOUD? It may be the key to security EBOOK 0 COVER
TABLEOF CONTENTS For more information Legal + PREVIOUS NEXT INTRODUCTION: IS CLOUD OUR GREATEST SECURITY RISK OR OPPORTUNITY? TODAY’S TOP 5 SECURITY THREATS A NEW SECURITY PARADIGM PUT THESE APPROACHES TO WORK + + + + TABLE OF CONTENTS 3 chapter 5 chapter NEXT-GENERATION CLOUD SECURITY + 1 chapter 2 chapter 4 chapter 6 chapter INNOVATIVE SECURITY APPROACHES + 0 TABLE OF CONTENTS
It’s a fear that many organizations have— a major breach of security where sensitive customer data is compromised and the business faces not only serious liability but also loss of brand value. It could happen as an attack on a traditional data center, or it could happen as an attack on the cloud. However, the first is a more realistic scenario. While data breaches can happen on the cloud, attacks on traditional data centers are more common. IS CLOUD OUR GREATEST SECURITY RISK OR OPPORTUNITY? IS THE CLOUD INSECURE? OR ARE WE? WHAT IS THE REAL COST OF A DATA BREACH? page 1 of 2 PREVIOUS NEXT Introduction: Is cloud our greatest security risk or opportunity?CHAPTER 1 TABLE OF CONTENTS BACK TO 1.1 INTRODUCTION (p.1)
IS CLOUD OUR GREATEST SECURITY RISK OR OPPORTUNITY? IS THE CLOUD INSECURE? OR ARE WE? WHAT IS THE REAL COST OF A DATA BREACH? It’s a fear that many organizations have— a major breach of security where sensitive customer data is compromised and the business faces not only serious liability but also loss of brand value. It could happen as an attack on a traditional data center, or it could happen as an attack on the cloud. However, the first is a more realistic scenario. While data breaches can happen on the cloud, attacks on traditional data centers are more common. page 1 of 2 PREVIOUS NEXT Introduction: Is cloud our greatest security risk or opportunity?CHAPTER 1 TABLE OF CONTENTS BACK TO The financial cost of a data breach is rising. The average total cost of a data breach has increased 15 percent in the past year—to USD3.5 million.1 Data breaches often cause a loss of customers—and this abnormal churn rate is particularly acute in the pharmaceutical, financial services and healthcare industries.2 CLOSE X 1,2 Ponemon Institute (sponsored by IBM), 2014 Cost of Data Breach Study: Global Analysis, May 2014. $3.5MILLION 1.2 INTRODUCTION - Cost of data breach
IS CLOUD OUR GREATEST SECURITY RISK OR OPPORTUNITY? IS THE CLOUD INSECURE? OR ARE WE? WHAT IS THE REAL COST OF A DATA BREACH? It’s a fear that many organizations have— a major breach of security where sensitive customer data is compromised and the business faces not only serious liability but also loss of brand value. It could happen as an attack on a traditional data center, or it could happen as an attack on the cloud. However, the first is a more realistic scenario. While data breaches can happen on the cloud, attacks on traditional data centers are more common. page 1 of 2 PREVIOUS NEXT Introduction: Is cloud our greatest security risk or opportunity?CHAPTER 1 TABLE OF CONTENTS BACK TO Of 250 senior IT and business decision makers interviewed in the United Kingdom, only 2 percent said they’d experienced a cloud-related security breach.3 CLOSE X 2% 250SENIOR IT AND BUSINESS DECISION MAKERS EXPERIENCED A CLOUD- RELATED SECURITY BREACH. } 3 The Cloud Industry Forum, “Cloud FUD fails to match up with experiences, says CIF,” press release, September 2014. 1.3 INTRODUCTION - Cloud insecure
When you’re planning to move to the cloud and manage a hybrid environment, security is a top concern. But cloud is not necessarily less secure than a traditional environment. In fact, it may be possible to deliver even greater se- curity in a hybrid cloud environment because it offers new and advanced opportunities. In this ebook, you’ll discover how hackers are using traditional tactics in new ways to attack the cloud. You’ll also find out how the cloud can help you increase security with innovative approaches designed to detect threats long before they threaten your enterprise. page 2 of 2 PREVIOUS NEXT Introduction: Is cloud our greatest security risk or opportunity?CHAPTER 1 TABLE OF CONTENTS BACK TO 1.4 INTRODUCTION (p.2)
Our cloud security fears may have more basis in the changing threat landscape— the botnets, advanced persistent threats and dynamic polymorphic malware of our world—than in cloud technology itself. In fact, there’s nothing fundamental in the cloud that makes it any more vulnerable than a traditional envi- ronment. With each new innovation in computing, hackers have exploited new vulnerabilities to launch attacks, and the cloud is simply their newest target. As more workloads move to the cloud, more data follows, and hackers go where the data is. Right now, they’re using traditional tactics in new ways to infiltrate a new environment. FIVE TOP SECURITY THREATS: old threats, new environment page 1 of 7 5 PREVIOUS NEXT TABLE OF CONTENTS BACK TO Today’s top 5 security threatsCHAPTER 2 2.1 TOP FIVE
5 CLOUD THREATS 5 DATA BREACHES DATA LOSS DENIAL-OF-SERVICE ATTACKS INSECURE INTERFACE AND API SERVICE TRAFFIC HIJACKING We’ve compiled a list of the five top current cloud threats and pro- vided tips on how to protect against each. TOP page 2 of 7 PREVIOUS NEXT TABLE OF CONTENTS BACK TO Today’s top 5 security threatsCHAPTER 2 01 02 03 04 05 + + + + + 2.2 CLOUD THREATS
1 page 3 of 7 PREVIOUS NEXT TABLE OF CONTENTS BACK TO Today’s top 5 security threatsCHAPTER 2 DATA BREACHES Your cloud provider may not alert you if your servers are breached Hackers are using sophisticated tactics to steal data in the cloud just as they do in other environments, but they’re coming up against sophisti- cated, cloud-based security approaches. One way thieves steal data is if it’s encrypted for only one part of its cloud journey. However, this can be prevented if data is encrypted throughout its cloud journey until it’s been processed by the authorized application. Respond quickly You have to respond quickly to a data breach—speed and skill are critical, and every minute counts. Yet because breach protection laws vary by state and country, your cloud provider may not be required to alert you to a security threat. To limit disruption to your operations, data leakage, compliance complications and damage to your corporate reputation, you need a data breach response plan that will quickly assess the source of the problem and immediately begin mitigating further damage. One possible solution is a plan that deploys a unified data breach response system, in conjunction with consultants, to minimize the effect of a security incident and prevent data breaches in the future. This system should be monitoring your IT environment 24x7. 01 CLOSE X data breaches TIPS 2.2.A CLOUD THREATS (data breaches)
2 page 4 of 7 PREVIOUS NEXT TABLE OF CONTENTS BACK TO Today’s top 5 security threatsCHAPTER 2 CLOSE X DATA LOSS Data may be accidentally deleted Given that companies can go out of business after a major data loss, the threat is understandably a big fear in most industries. In the cloud, the potential causes of data loss can be more expansive than in a traditional environment, where hardware or system malfunction are often culprits. Data loss in the cloud may be caused by cloud service provider error, accidental deletion of virtual machines, file corruption and internal virtual disk corruption, among others. Focus on endpoint security To prevent this, you need a data loss prevention solution that focuses on improving endpoint security. The solution you choose should protect sensitive data at every point, whether it’s being accessed, stored or transmitted on your endpoint devices. A solution that prevents data access when a device is lost or stolen, encrypts e-mail and instant messages, and blocks unauthorized and abusive behavior will give you significant protection. 02 x data loss TIPS 2.2.B CLOUD THREATS (data loss)
3 page 5 of 7 PREVIOUS NEXT TABLE OF CONTENTS BACK TO Today’s top 5 security threatsCHAPTER 2 CLOSE X SERVICE TRAFFIC HIJACKING Your services can be compromised A few years ago, a cross-site scripting (XSS) bug gave hackers a free pass to one website’s credentials, using the trust the company had gained to hurt its own customers. In the cloud, hackers can create chaos, manipu- lating data and redirecting customers to illicit sites. A primary reason for XSS attacks like this is that developers trust users. Developers may think that users will never perform malicious actions so they create applications without filtering user input to block them. Another reason for the frequency of these kinds of attacks is that they have so many variants. Sometimes, an application that properly tries to filter any malicious scripts gets confused and allows a script, opening the door to hijacking. The solution: contextual output encoding or escaping The primary defense against XSS is contextual output encoding or escaping. Several escaping schemes can be used depending on where the untrusted string needs to be placed within an HTML document, including HTML entity encoding, JavaScript escaping, Cascading Style Sheets (CSS) escaping and URL (or percent) encoding. Most web applications that do not need to accept rich data can use escaping to largely eliminate the risk of XSS in a fairly straightforward manner. Because encoding can be tricky, a security encoding library is recommended. 03 TIPS service traffic hijacking 2.2.C CLOUD THREATS (service traffic hijacking)
4 INTERFACE APIs page 6 of 7 PREVIOUS NEXT TABLE OF CONTENTS BACK TO Today’s top 5 security threatsCHAPTER 2 CLOSE X INSECURE INTERFACE AND APIs Malicious access on the cloud If interfaces and application programming interfaces (APIs) aren’t secure, cloud services won’t be either. Here are just some of the security break- downs that can happen: malicious or unidentified access, improper authorizations, and reusable passwords. You need a secure provider Access to cloud services needs to be secure on the static and dynamic front, and that eventually boils down to choosing a secure cloud service provider. A provider should continuously capture—and provide the full chain of provenance for—access to any cloud service, starting with hardware root of trust for the runtime environment. The secure access itself can be established through multilevel security (MLS), including mandatory access control (MAC). 04 insecure interface and APIs TIPS 2.2.D CLOUD THREATS (insecured API)
5 page 7 of 7 PREVIOUS NEXT TABLE OF CONTENTS BACK TO Today’s top 5 security threatsCHAPTER 2 CLOSE X TIPS DENIAL-OF-SERVICE ATTACKS The black cloud market It’s not uncommon for cloud service providers to be compromised by distributed denial-of-service (DDoS) attacks that eat up customers’ time, resources and processing power. In the cloud, virtual machines are hijacked as zombies and used to launch the attacks. Hackers also run a “black cloud market” that offers DDoS as a service. One key to preventing these attacks is comprehensive workload monitoring. Your best defense: intercept and circumvent As soon as an attack happens, the outgoing DDoS and the incoming DDoS need to be intercepted and circumvented. This means providing continuous monitoring of the cloud environment and issuing early warnings for those bare metal systems and virtual machines that have been hijacked as zombies. A cloud service provider should also block the outgoing DDoS attack that might be launched by these hijacked machines (and suspend them after they have been detected). 05 denial-of-service attacks 2.2.E CLOUD THREATS (denial of service)
NEXT-GENERATION SECURITY FROM THE CLOUD Even though hackers are using traditional methods to attack the cloud, traditional security methods aren’t likely to stop the attacks. In the past, some cloud providers have applied static, perimeter-based controls, such as firewalls and intrusion protection systems (IPSs), with additional layers of defense, assuming that multiple integrated layers provide greater defense. Next-generation cloud security page 1 of 2 PREVIOUS NEXT TABLE OF CONTENTS BACK TO CHAPTER 3 3.1 NEXT GENERATION SECURITY (p.1)
But this is the traditional security model, which may no longer provide the highest security possible because it is marred by three key vulnerabilities: • Numerous security controls can lead to a fragmented security posture, overhead in security management and a never-ending stream of alerts. • Security attacks are sophisticated and can more easily leapfrog the current generation of static security controls. • Attackers are able to quickly exploit platform shifts, such as software-defined environments, to their advantage. Next-generation cloud security page 2 of 2 PREVIOUS NEXT TABLE OF CONTENTS BACK TO CHAPTER 3 3.2 NEXT GENERATION SECURITY (p.2)
A NEW SECURITY PARADIGM To truly combat today’s threats, you need security measures that eliminate these shortcomings. As you move high-value, industry-specific workloads to the cloud, you need to build in the right security from the start. Keeping track of who is accessing data governed by regulations will not only be critical for regulatory compliance but also for providing the security assurances you and your clients expect. A new security paradigmCHAPTER 4 page 1 of 2 PREVIOUS NEXT TABLE OF CONTENTS BACK TO 4.1 NEW SECURITY PARADIGM (p.1)
New exposures Public clouds also have certain exposures that new security approaches need to take into account. These can raise security concerns: • “Black box” sharing in clouds can reduce visibility and control and increase the risk of unauthorized access and disclosures. • Limited compatibility with existing enterprise security infrastructure may limit adoption for mission-critical applications. • Limited experience and low assurance can raise doubts over cloud reliability (operational availability, long-term perspective). • Privacy and accountability regulations may prevent cloud adoption for certain data and in certain geographies. A new security paradigmCHAPTER 4 page 2 of 2 PREVIOUS NEXT TABLE OF CONTENTS BACK TO 4.2 NEW SECURITY PARADIGM (p.2)
INNOVATIVE SECURITY APPROACHES Three new and advanced security approaches can help you fortify your cloud environments against traditional and new security threats. Together, fine-grained contextual security, provenance and the honey pot can provide greater visibility; track data, location and access; and support regulatory compliance. 3 Innovative security approachesCHAPTER 5 page 1 of 4 PREVIOUS NEXT TABLE OF CONTENTS BACK TO FINE-GRAINED CONTEXTUAL SECURITY PROVENANCE HONEY POT 5.1 INNOVATIVE SECURITY (p.1)
Fine-grained contextual security FINE-GRAINED CONTEXTUAL SECURITY HONEY POT Innovative security approachesCHAPTER 5 page 2 of 4 360º PREVIOUS NEXT TABLE OF CONTENTS BACK TO CLOSE X ++ PROVENANCE HOW IT WORKS FINE-GRAINED CONTEXTUAL SECURITY Get a 360-degree view of your cloud threat landscape Because many cloud security breaches may be the result of poorly monitored work- loads, fine-grained contextual security, which is designed to provide a 360-degree view of the cloud workload and threat landscape, is critical to protecting your data in the cloud. Think of it as perimeter defense for the virtual environment. HOW YOU CAN BENEFIT 5.2.A INNOVATIVE SECURITY (fine grained diagram)
Monitor and distill. Here, virtually all aspects of workloads are instrumented, including data, applications and business processes, to monitor and collect security-related data. These observations build a 360-degree view of the cloud workload. Correlate and predict. The security posture is predicted based on this 360-degree view, the current threat environment, the service level agreements (SLAs) governing the cloud workload and assessment of response alternatives. Here, you use techniques such as data mining, machine learning and cognitive computing to aid security administra- tors with automated methods to build models, track normal behavior and flag anomalous activity. Adapt and preempt. In this phase, security controls are inserted by leveraging the agility of software-defined compute, storage and networks to increase the workload of the attacker. This approach can raise the defender’s stakes in the security arms race. PHASE 1 PHASE 2 PHASE 3 FINE-GRAINED CONTEXTUAL SECURITY HONEY POTPROVENANCE Innovative security approachesCHAPTER 5 page 2 of 4 PREVIOUS NEXT TABLE OF CONTENTS BACK TO CLOSE X ++ How it works HOW IT WORKS FINE-GRAINED CONTEXTUAL SECURITY Get a 360-degree view of your cloud threat landscape Because many cloud security breaches may be the result of poorly monitored work- loads, fine-grained contextual security, which is designed to provide a 360-degree view of the cloud workload and threat landscape, is critical to protecting your data in the cloud. Think of it as perimeter defense for the virtual environment. HOW YOU CAN BENEFIT 5.2.B INNOVATIVE SECURITY (fine grained - how it works)
• Gives you the security of communication across domains, knowing it can be trusted and fully logged and audited • Facilitates fast workload migration with minimal disruption • Enables you to react to SLA violations; identify long-term activities caused by low-and-slow threats; and isolate infrequent, unanticipated device activity FINE-GRAINED CONTEXTUAL SECURITY HONEY POTPROVENANCE Innovative security approachesCHAPTER 5 page 2 of 4 PREVIOUS NEXT TABLE OF CONTENTS BACK TO CLOSE X ++HOW IT WORKS How can you benefit FINE-GRAINED CONTEXTUAL SECURITY Get a 360-degree view of your cloud threat landscape Because many cloud security breaches may be the result of poorly monitored work- loads, fine-grained contextual security, which is designed to provide a 360-degree view of the cloud workload and threat landscape, is critical to protecting your data in the cloud. Think of it as perimeter defense for the virtual environment. HOW YOU CAN BENEFIT 5.2.C INNOVATIVE SECURITY (fine grained - benefit)
Provenance Innovative security approachesCHAPTER 5 page 3 of 4 FINE-GRAINED CONTEXTUAL SECURITY PROVENANCE HONEY POT PREVIOUS NEXT TABLE OF CONTENTS BACK TO CLOSE X ++HOW IT WORKS EXPLORE PROVENANCE Close the loop on compliance threats Provenance, a term borrowed from fine art, describes how an object came to be in its present state. For example, the provenance of the Mona Lisa establishes who painted it at what time, when it was scratched and restored, and which museums have held it. In technology, provenance is metadata that represents the ancestry of an application and shows where it was developed, when it was patched or updated, and who has used it for what purpose. It can also be the metadata for a piece of data in terms of when it was created as well as when, how, where and by whom it was altered. HOW YOU CAN BENEFIT 5.3.A INNOVATIVE SECURITY (provenance - diagram)
Provenance links log and audit data from all over the map to provide the complete history of an event. It tracks the data and processes that travel through your cloud so you can know the how, what, where, when, who and why of virtually any threat event. Innovative security approachesCHAPTER 5 page 3 of 4 PREVIOUS NEXT TABLE OF CONTENTS BACK TO CLOSE X ++ FINE-GRAINED CONTEXTUAL SECURITY PROVENANCE HONEY POT HOW IT WORKS HOW YOU CAN BENEFIT How it works EXPLORE PROVENANCE Close the loop on compliance threats Provenance, a term borrowed from fine art, describes how an object came to be in its present state. For example, the provenance of the Mona Lisa establishes who painted it at what time, when it was scratched and restored, and which museums have held it. In technology, provenance is metadata that represents the ancestry of an application and shows where it was developed, when it was patched or updated, and who has used it for what purpose. It can also be the metadata for a piece of data in terms of when it was created as well as when, how, where and by whom it was altered. 5.3.B INNOVATIVE SECURITY (provenance- how it works)
• Empowers you to isolate the correct contextual information and tune out potential interference from adjacent work- loads that have nothing to do with your workload • Helps you manage and facilitate compliance because it gives you a clear, complete and fully authenticated audit trail • In an environment where security regulations and standards change across states and countries, it can help you deter- mine where your security is breaking down and where it’s holding up on the data journey Innovative security approachesCHAPTER 5 page 3 of 4 FINE-GRAINED CONTEXTUAL SECURITY PROVENANCE HONEY POT PREVIOUS NEXT TABLE OF CONTENTS BACK TO CLOSE X ++ EXPLORE PROVENANCE Close the loop on compliance threats Provenance, a term borrowed from fine art, describes how an object came to be in its present state. For example, the provenance of the Mona Lisa establishes who painted it at what time, when it was scratched and restored, and which museums have held it. In technology, provenance is metadata that represents the ancestry of an application and shows where it was developed, when it was patched or updated, and who has used it for what purpose. It can also be the metadata for a piece of data in terms of when it was created as well as when, how, where and by whom it was altered. HOW IT WORKS HOW YOU CAN BENEFIT How can you benefit 5.3.C INNOVATIVE SECURITY (provenance - benefit)
Honey pot Innovative security approachesCHAPTER 5 page 4 of 4 PREVIOUS NEXT TABLE OF CONTENTS BACK TO CLOSE X ++ FINE-GRAINED CONTEXTUAL SECURITY HONEY POTPROVENANCE HOW IT WORKS MEET THE HONEY POT A decoy that tricks hackers The honey pot is a decoy, a fake computing environment expressly set up for trapping hackers and new or unconventional hacking methods. It gives hackers a playground (that they believe is real) where they can unleash their threats, and reveal their methods and identities, before they reach your real computing environ- ment. The result is effectively quarantined malware along with the less tangible satisfaction (and amusement) that comes from outwitting smug hackers. HOW YOU CAN BENEFIT 5.4.A INNOVATIVE SECURITY (honey pot - diagram)
The honey pot reroutes traffic to a decoy within a well- controlled and quarantined environment. It then generates a detailed report designed to reveal the identity of the target, files, hackers and threat. Attacks delivered by email or in unexpected and unconventional ways (such as through a heating, ventilation and air-conditioning [HVAC] system) should never reach the network with a honey pot defense. Innovative security approachesCHAPTER 5 page 4 of 4 PREVIOUS NEXT TABLE OF CONTENTS BACK TO CLOSE X ++ FINE-GRAINED CONTEXTUAL SECURITY HONEY POTPROVENANCE HOW IT WORKS MEET THE HONEY POT A decoy that tricks hackers The honey pot is a decoy, a fake computing environment expressly set up for trapping hackers and new or unconventional hacking methods. It gives hackers a playground (that they believe is real) where they can unleash their threats, and reveal their methods and identities, before they reach your real computing environ- ment. The result is effectively quarantined malware along with the less tangible satisfaction (and amusement) that comes from outwitting smug hackers. HOW YOU CAN BENEFIT How it works 5.4.B INNOVATIVE SECURITY (honey pot - how it works)
• Gives you the peace of mind of knowing that malware should be quarantined before it reaches your infrastructure • Makes you less vulnerable to unconventional hacking methods because this approach spots attacks that other approaches might not • Helps you speed up threat analysis with precise informa- tion in an easy format Innovative security approachesCHAPTER 5 page 4 of 4 PREVIOUS NEXT TABLE OF CONTENTS BACK TO CLOSE X ++ FINE-GRAINED CONTEXTUAL SECURITY HONEY POTPROVENANCE HOW IT WORKS MEET THE HONEY POT A decoy that tricks hackers The honey pot is a decoy, a fake computing environment expressly set up for trapping hackers and new or unconventional hacking methods. It gives hackers a playground (that they believe is real) where they can unleash their threats, and reveal their methods and identities, before they reach your real computing environ- ment. The result is effectively quarantined malware along with the less tangible satisfaction (and amusement) that comes from outwitting smug hackers. HOW YOU CAN BENEFIT How can you benefit 5.4.C INNOVATIVE SECURITY (honey pot - benefit)
HOW TO PUT THESE APPROACHES TO WORK FOR YOUR ENTERPRISE When you’re trying to determine which security approach is right for your enterprise, you’ll likely be better off by taking a value-at-risk approach, considering the value of the information and the value of the infrastructure. Assessment also needs to be conducted in terms of threat level. To take advantage of these new approaches, you may also need to add new tools and skills, including: • Risk and value assessment methodology and skills • Provenance generation and capturing, integration, and fusion • Proactive probing and monitoring; deep introspection; and behavior modeling of system, user and workload • Leveraging your software-defined environment to dynamically configure, quarantine and define a fine-grained perimeter • Closed-loop, continuous auditing; continuous assurance; and continuous remediation Put these approaches to workCHAPTER 6 PREVIOUS NEXT TABLE OF CONTENTS BACK TO 6.1 SECURITY APPROACHES (p.1)
For more information Go to Steps to Cloud Expertise for more information on other cloud topics and to start your journey. ibm.com/cloud/expertise For more information PREVIOUS NEXT TABLE OF CONTENTS BACK TO 7.1 FOR MORE INFORMATION
© Copyright IBM Corporation 2014 IBM Corporation Software Group Route 100 Somers, NY 10589 Produced in the United States of America November 2014 IBM, the IBM logo, and ibm.com are trademarks of International Business Ma- chines Corp., registered in many jurisdictions worldwide. Other product and ser- vice names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are war- ranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applica- ble to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. PREVIOUS TABLE OF CONTENTS BACK TO 8.1 LEGAL

Recommended

Is your infrastructure holding you back?
Is your infrastructure holding you back?Is your infrastructure holding you back?
Is your infrastructure holding you back?
Gabe Akisanmi
 
Hybrid cloud- driving a business
Hybrid cloud- driving a businessHybrid cloud- driving a business
Hybrid cloud- driving a business
Gabe Akisanmi
 
IBM cloud e book
IBM cloud e bookIBM cloud e book
IBM cloud e book
elan405
 
Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotCloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot Spot
Tech Mahindra
 
The benefits of cloud technology for remote working
The benefits of cloud technology for remote workingThe benefits of cloud technology for remote working
The benefits of cloud technology for remote working
Abaram Network Solutions
 
Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417
Основна школа "Миливоје Боровић" Мачкат
 
Securing a Collaborative Environment
Securing a Collaborative EnvironmentSecuring a Collaborative Environment
Securing a Collaborative EnvironmentJoseph Pidala
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving services
CloudMask inc.
 

Recommended

Is your infrastructure holding you back?
Is your infrastructure holding you back?Is your infrastructure holding you back?
Is your infrastructure holding you back?
Gabe Akisanmi
 
Hybrid cloud- driving a business
Hybrid cloud- driving a businessHybrid cloud- driving a business
Hybrid cloud- driving a business
Gabe Akisanmi
 
IBM cloud e book
IBM cloud e bookIBM cloud e book
IBM cloud e book
elan405
 
Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotCloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot Spot
Tech Mahindra
 
The benefits of cloud technology for remote working
The benefits of cloud technology for remote workingThe benefits of cloud technology for remote working
The benefits of cloud technology for remote working
Abaram Network Solutions
 
Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417
Основна школа "Миливоје Боровић" Мачкат
 
Securing a Collaborative Environment
Securing a Collaborative EnvironmentSecuring a Collaborative Environment
Securing a Collaborative EnvironmentJoseph Pidala
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving services
CloudMask inc.
 
Why Migrate your emails to a Cloud solution?
Why Migrate your emails to a Cloud solution?Why Migrate your emails to a Cloud solution?
Why Migrate your emails to a Cloud solution?
Chris Allen
 
7 Steps to Better Cybersecurity Hygiene
7 Steps to Better Cybersecurity Hygiene 7 Steps to Better Cybersecurity Hygiene
7 Steps to Better Cybersecurity Hygiene
Microsoft
 
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...
DivvyCloud
 
Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Booz Allen Hamilton
 
Secure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud EnvironmentsSecure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud Environments
Shaun Thomas
 
Life in the Digital Workspace
Life in the Digital WorkspaceLife in the Digital Workspace
Life in the Digital Workspace
Citrix
 
With-All-Due-Diligence20150330
With-All-Due-Diligence20150330With-All-Due-Diligence20150330
With-All-Due-Diligence20150330Jim Kramer
 
Massive Data Analytics and the Cloud
Massive Data Analytics and the CloudMassive Data Analytics and the Cloud
Massive Data Analytics and the Cloud
Booz Allen Hamilton
 
Secure Remote Browser
Secure Remote BrowserSecure Remote Browser
Secure Remote Browser
Citrix
 
Is MDM In the Cloud Right For You?
Is MDM In the Cloud Right For You?Is MDM In the Cloud Right For You?
Is MDM In the Cloud Right For You?
Innovative_Systems
 
Statewide Insurance - Cloud Computing with ACE Insurance
Statewide Insurance - Cloud Computing with ACE InsuranceStatewide Insurance - Cloud Computing with ACE Insurance
Statewide Insurance - Cloud Computing with ACE Insurance
Statewide Insurance Brokers
 
Security Strategies for Success
Security Strategies for SuccessSecurity Strategies for Success
Security Strategies for Success
Citrix
 
Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]
KVH Co. Ltd.
 
Big Data Dectives
Big Data DectivesBig Data Dectives
Big Data Dectives
- Mark - Fullbright
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
CloudMask inc.
 
Disaster Recovery - Deep Dive
Disaster Recovery - Deep DiveDisaster Recovery - Deep Dive
Disaster Recovery - Deep Dive
Envision Technology Advisors
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud
Peak 10
 
Manage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usageManage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usage
Citrix
 
CMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docxCMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docx
mccormicknadine86
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
Techugo
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
Techugo
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
Melbourne IT
 

More Related Content

What's hot

Why Migrate your emails to a Cloud solution?
Why Migrate your emails to a Cloud solution?Why Migrate your emails to a Cloud solution?
Why Migrate your emails to a Cloud solution?
Chris Allen
 
7 Steps to Better Cybersecurity Hygiene
7 Steps to Better Cybersecurity Hygiene 7 Steps to Better Cybersecurity Hygiene
7 Steps to Better Cybersecurity Hygiene
Microsoft
 
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...
DivvyCloud
 
Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Booz Allen Hamilton
 
Secure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud EnvironmentsSecure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud Environments
Shaun Thomas
 
Life in the Digital Workspace
Life in the Digital WorkspaceLife in the Digital Workspace
Life in the Digital Workspace
Citrix
 
With-All-Due-Diligence20150330
With-All-Due-Diligence20150330With-All-Due-Diligence20150330
With-All-Due-Diligence20150330Jim Kramer
 
Massive Data Analytics and the Cloud
Massive Data Analytics and the CloudMassive Data Analytics and the Cloud
Massive Data Analytics and the Cloud
Booz Allen Hamilton
 
Secure Remote Browser
Secure Remote BrowserSecure Remote Browser
Secure Remote Browser
Citrix
 
Is MDM In the Cloud Right For You?
Is MDM In the Cloud Right For You?Is MDM In the Cloud Right For You?
Is MDM In the Cloud Right For You?
Innovative_Systems
 
Statewide Insurance - Cloud Computing with ACE Insurance
Statewide Insurance - Cloud Computing with ACE InsuranceStatewide Insurance - Cloud Computing with ACE Insurance
Statewide Insurance - Cloud Computing with ACE Insurance
Statewide Insurance Brokers
 
Security Strategies for Success
Security Strategies for SuccessSecurity Strategies for Success
Security Strategies for Success
Citrix
 
Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]
KVH Co. Ltd.
 
Big Data Dectives
Big Data DectivesBig Data Dectives
Big Data Dectives
- Mark - Fullbright
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
CloudMask inc.
 
Disaster Recovery - Deep Dive
Disaster Recovery - Deep DiveDisaster Recovery - Deep Dive
Disaster Recovery - Deep Dive
Envision Technology Advisors
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud
Peak 10
 
Manage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usageManage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usage
Citrix
 

What's hot (18)

Why Migrate your emails to a Cloud solution?
Why Migrate your emails to a Cloud solution?Why Migrate your emails to a Cloud solution?
Why Migrate your emails to a Cloud solution?
 
7 Steps to Better Cybersecurity Hygiene
7 Steps to Better Cybersecurity Hygiene 7 Steps to Better Cybersecurity Hygiene
7 Steps to Better Cybersecurity Hygiene
 
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...
Bringing Cloud Computing Out of the Shadows: Shine the light on Shadow IT wit...
 
Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...
 
Secure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud EnvironmentsSecure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud Environments
 
Life in the Digital Workspace
Life in the Digital WorkspaceLife in the Digital Workspace
Life in the Digital Workspace
 
With-All-Due-Diligence20150330
With-All-Due-Diligence20150330With-All-Due-Diligence20150330
With-All-Due-Diligence20150330
 
Massive Data Analytics and the Cloud
Massive Data Analytics and the CloudMassive Data Analytics and the Cloud
Massive Data Analytics and the Cloud
 
Secure Remote Browser
Secure Remote BrowserSecure Remote Browser
Secure Remote Browser
 
Is MDM In the Cloud Right For You?
Is MDM In the Cloud Right For You?Is MDM In the Cloud Right For You?
Is MDM In the Cloud Right For You?
 
Statewide Insurance - Cloud Computing with ACE Insurance
Statewide Insurance - Cloud Computing with ACE InsuranceStatewide Insurance - Cloud Computing with ACE Insurance
Statewide Insurance - Cloud Computing with ACE Insurance
 
Security Strategies for Success
Security Strategies for SuccessSecurity Strategies for Success
Security Strategies for Success
 
Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]
 
Big Data Dectives
Big Data DectivesBig Data Dectives
Big Data Dectives
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
 
Disaster Recovery - Deep Dive
Disaster Recovery - Deep DiveDisaster Recovery - Deep Dive
Disaster Recovery - Deep Dive
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud
 
Manage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usageManage risk by protecting apps, data and usage
Manage risk by protecting apps, data and usage
 

Similar to Should we fear the cloud?

CMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docxCMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docx
mccormicknadine86
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
Techugo
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
Techugo
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
Melbourne IT
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
GFI Software
 
security_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepapersecurity_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepaperAlan Rudd
 
Master Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian LeeMaster Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian LeeIan Lee
 
Incident-Response-and-Recovery and cloud security.pptx
Incident-Response-and-Recovery and cloud security.pptxIncident-Response-and-Recovery and cloud security.pptx
Incident-Response-and-Recovery and cloud security.pptx
SHIVASAI508232
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to it
IT-Toolkits.org
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to it
IT-Toolkits.org
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017
Bret Piatt
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
Kumar Goud
 
Ijnsa050215
Ijnsa050215Ijnsa050215
Ijnsa050215
IJNSA Journal
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 
9 Security Threats Everyone Should Be Aware Of
9 Security Threats Everyone Should Be Aware Of9 Security Threats Everyone Should Be Aware Of
9 Security Threats Everyone Should Be Aware Of
Aditya Prakhar Singh
 
Top 10 Cyber security Threats | Cyber security
Top 10 Cyber security Threats | Cyber securityTop 10 Cyber security Threats | Cyber security
Top 10 Cyber security Threats | Cyber security
HeritageCyberworld
 
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseThe Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
Moshe Ferber
 
Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe
Priyanka Aash
 

Similar to Should we fear the cloud? (20)

CMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docxCMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docx
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
security_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepapersecurity_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepaper
 
Master Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian LeeMaster Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian Lee
 
Incident-Response-and-Recovery and cloud security.pptx
Incident-Response-and-Recovery and cloud security.pptxIncident-Response-and-Recovery and cloud security.pptx
Incident-Response-and-Recovery and cloud security.pptx
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to it
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to it
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
 
Ijnsa050215
Ijnsa050215Ijnsa050215
Ijnsa050215
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 
9 Security Threats Everyone Should Be Aware Of
9 Security Threats Everyone Should Be Aware Of9 Security Threats Everyone Should Be Aware Of
9 Security Threats Everyone Should Be Aware Of
 
Top 10 Cyber security Threats | Cyber security
Top 10 Cyber security Threats | Cyber securityTop 10 Cyber security Threats | Cyber security
Top 10 Cyber security Threats | Cyber security
 
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseThe Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
 
Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe
 

More from Gabe Akisanmi

SaaS company in north america
SaaS company in north americaSaaS company in north america
SaaS company in north america
Gabe Akisanmi
 
Netscout threat report 2018
Netscout threat report 2018Netscout threat report 2018
Netscout threat report 2018
Gabe Akisanmi
 
Cloud security monitoring
Cloud security monitoringCloud security monitoring
Cloud security monitoring
Gabe Akisanmi
 
VMware Validated Design
VMware Validated DesignVMware Validated Design
VMware Validated Design
Gabe Akisanmi
 
The shortest path to cloud success - your roadmap
The shortest path to cloud success - your roadmapThe shortest path to cloud success - your roadmap
The shortest path to cloud success - your roadmap
Gabe Akisanmi
 
Clustered data ontap_83_physical_storage
Clustered data ontap_83_physical_storageClustered data ontap_83_physical_storage
Clustered data ontap_83_physical_storage
Gabe Akisanmi
 
Alert logic cloud security report
Alert logic cloud security reportAlert logic cloud security report
Alert logic cloud security report
Gabe Akisanmi
 
Windows 2008 R2 & Windows7
Windows 2008 R2 & Windows7Windows 2008 R2 & Windows7
Windows 2008 R2 & Windows7
Gabe Akisanmi
 

More from Gabe Akisanmi (8)

SaaS company in north america
SaaS company in north americaSaaS company in north america
SaaS company in north america
 
Netscout threat report 2018
Netscout threat report 2018Netscout threat report 2018
Netscout threat report 2018
 
Cloud security monitoring
Cloud security monitoringCloud security monitoring
Cloud security monitoring
 
VMware Validated Design
VMware Validated DesignVMware Validated Design
VMware Validated Design
 
The shortest path to cloud success - your roadmap
The shortest path to cloud success - your roadmapThe shortest path to cloud success - your roadmap
The shortest path to cloud success - your roadmap
 
Clustered data ontap_83_physical_storage
Clustered data ontap_83_physical_storageClustered data ontap_83_physical_storage
Clustered data ontap_83_physical_storage
 
Alert logic cloud security report
Alert logic cloud security reportAlert logic cloud security report
Alert logic cloud security report
 
Windows 2008 R2 & Windows7
Windows 2008 R2 & Windows7Windows 2008 R2 & Windows7
Windows 2008 R2 & Windows7
 

Recently uploaded

Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
Globus
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 

Recently uploaded (20)

Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 

Should we fear the cloud?

  • 1. 5 SHOULD WE FEAR THE CLOUD? It may be the key to security EBOOK 0 COVER
  • 2. TABLEOF CONTENTS For more information Legal + PREVIOUS NEXT INTRODUCTION: IS CLOUD OUR GREATEST SECURITY RISK OR OPPORTUNITY? TODAY’S TOP 5 SECURITY THREATS A NEW SECURITY PARADIGM PUT THESE APPROACHES TO WORK + + + + TABLE OF CONTENTS 3 chapter 5 chapter NEXT-GENERATION CLOUD SECURITY + 1 chapter 2 chapter 4 chapter 6 chapter INNOVATIVE SECURITY APPROACHES + 0 TABLE OF CONTENTS
  • 3. It’s a fear that many organizations have— a major breach of security where sensitive customer data is compromised and the business faces not only serious liability but also loss of brand value. It could happen as an attack on a traditional data center, or it could happen as an attack on the cloud. However, the first is a more realistic scenario. While data breaches can happen on the cloud, attacks on traditional data centers are more common. IS CLOUD OUR GREATEST SECURITY RISK OR OPPORTUNITY? IS THE CLOUD INSECURE? OR ARE WE? WHAT IS THE REAL COST OF A DATA BREACH? page 1 of 2 PREVIOUS NEXT Introduction: Is cloud our greatest security risk or opportunity?CHAPTER 1 TABLE OF CONTENTS BACK TO 1.1 INTRODUCTION (p.1)
  • 4. IS CLOUD OUR GREATEST SECURITY RISK OR OPPORTUNITY? IS THE CLOUD INSECURE? OR ARE WE? WHAT IS THE REAL COST OF A DATA BREACH? It’s a fear that many organizations have— a major breach of security where sensitive customer data is compromised and the business faces not only serious liability but also loss of brand value. It could happen as an attack on a traditional data center, or it could happen as an attack on the cloud. However, the first is a more realistic scenario. While data breaches can happen on the cloud, attacks on traditional data centers are more common. page 1 of 2 PREVIOUS NEXT Introduction: Is cloud our greatest security risk or opportunity?CHAPTER 1 TABLE OF CONTENTS BACK TO The financial cost of a data breach is rising. The average total cost of a data breach has increased 15 percent in the past year—to USD3.5 million.1 Data breaches often cause a loss of customers—and this abnormal churn rate is particularly acute in the pharmaceutical, financial services and healthcare industries.2 CLOSE X 1,2 Ponemon Institute (sponsored by IBM), 2014 Cost of Data Breach Study: Global Analysis, May 2014. $3.5MILLION 1.2 INTRODUCTION - Cost of data breach
  • 5. IS CLOUD OUR GREATEST SECURITY RISK OR OPPORTUNITY? IS THE CLOUD INSECURE? OR ARE WE? WHAT IS THE REAL COST OF A DATA BREACH? It’s a fear that many organizations have— a major breach of security where sensitive customer data is compromised and the business faces not only serious liability but also loss of brand value. It could happen as an attack on a traditional data center, or it could happen as an attack on the cloud. However, the first is a more realistic scenario. While data breaches can happen on the cloud, attacks on traditional data centers are more common. page 1 of 2 PREVIOUS NEXT Introduction: Is cloud our greatest security risk or opportunity?CHAPTER 1 TABLE OF CONTENTS BACK TO Of 250 senior IT and business decision makers interviewed in the United Kingdom, only 2 percent said they’d experienced a cloud-related security breach.3 CLOSE X 2% 250SENIOR IT AND BUSINESS DECISION MAKERS EXPERIENCED A CLOUD- RELATED SECURITY BREACH. } 3 The Cloud Industry Forum, “Cloud FUD fails to match up with experiences, says CIF,” press release, September 2014. 1.3 INTRODUCTION - Cloud insecure
  • 6. When you’re planning to move to the cloud and manage a hybrid environment, security is a top concern. But cloud is not necessarily less secure than a traditional environment. In fact, it may be possible to deliver even greater se- curity in a hybrid cloud environment because it offers new and advanced opportunities. In this ebook, you’ll discover how hackers are using traditional tactics in new ways to attack the cloud. You’ll also find out how the cloud can help you increase security with innovative approaches designed to detect threats long before they threaten your enterprise. page 2 of 2 PREVIOUS NEXT Introduction: Is cloud our greatest security risk or opportunity?CHAPTER 1 TABLE OF CONTENTS BACK TO 1.4 INTRODUCTION (p.2)
  • 7. Our cloud security fears may have more basis in the changing threat landscape— the botnets, advanced persistent threats and dynamic polymorphic malware of our world—than in cloud technology itself. In fact, there’s nothing fundamental in the cloud that makes it any more vulnerable than a traditional envi- ronment. With each new innovation in computing, hackers have exploited new vulnerabilities to launch attacks, and the cloud is simply their newest target. As more workloads move to the cloud, more data follows, and hackers go where the data is. Right now, they’re using traditional tactics in new ways to infiltrate a new environment. FIVE TOP SECURITY THREATS: old threats, new environment page 1 of 7 5 PREVIOUS NEXT TABLE OF CONTENTS BACK TO Today’s top 5 security threatsCHAPTER 2 2.1 TOP FIVE
  • 8. 5 CLOUD THREATS 5 DATA BREACHES DATA LOSS DENIAL-OF-SERVICE ATTACKS INSECURE INTERFACE AND API SERVICE TRAFFIC HIJACKING We’ve compiled a list of the five top current cloud threats and pro- vided tips on how to protect against each. TOP page 2 of 7 PREVIOUS NEXT TABLE OF CONTENTS BACK TO Today’s top 5 security threatsCHAPTER 2 01 02 03 04 05 + + + + + 2.2 CLOUD THREATS
  • 9. 1 page 3 of 7 PREVIOUS NEXT TABLE OF CONTENTS BACK TO Today’s top 5 security threatsCHAPTER 2 DATA BREACHES Your cloud provider may not alert you if your servers are breached Hackers are using sophisticated tactics to steal data in the cloud just as they do in other environments, but they’re coming up against sophisti- cated, cloud-based security approaches. One way thieves steal data is if it’s encrypted for only one part of its cloud journey. However, this can be prevented if data is encrypted throughout its cloud journey until it’s been processed by the authorized application. Respond quickly You have to respond quickly to a data breach—speed and skill are critical, and every minute counts. Yet because breach protection laws vary by state and country, your cloud provider may not be required to alert you to a security threat. To limit disruption to your operations, data leakage, compliance complications and damage to your corporate reputation, you need a data breach response plan that will quickly assess the source of the problem and immediately begin mitigating further damage. One possible solution is a plan that deploys a unified data breach response system, in conjunction with consultants, to minimize the effect of a security incident and prevent data breaches in the future. This system should be monitoring your IT environment 24x7. 01 CLOSE X data breaches TIPS 2.2.A CLOUD THREATS (data breaches)
  • 10. 2 page 4 of 7 PREVIOUS NEXT TABLE OF CONTENTS BACK TO Today’s top 5 security threatsCHAPTER 2 CLOSE X DATA LOSS Data may be accidentally deleted Given that companies can go out of business after a major data loss, the threat is understandably a big fear in most industries. In the cloud, the potential causes of data loss can be more expansive than in a traditional environment, where hardware or system malfunction are often culprits. Data loss in the cloud may be caused by cloud service provider error, accidental deletion of virtual machines, file corruption and internal virtual disk corruption, among others. Focus on endpoint security To prevent this, you need a data loss prevention solution that focuses on improving endpoint security. The solution you choose should protect sensitive data at every point, whether it’s being accessed, stored or transmitted on your endpoint devices. A solution that prevents data access when a device is lost or stolen, encrypts e-mail and instant messages, and blocks unauthorized and abusive behavior will give you significant protection. 02 x data loss TIPS 2.2.B CLOUD THREATS (data loss)
  • 11. 3 page 5 of 7 PREVIOUS NEXT TABLE OF CONTENTS BACK TO Today’s top 5 security threatsCHAPTER 2 CLOSE X SERVICE TRAFFIC HIJACKING Your services can be compromised A few years ago, a cross-site scripting (XSS) bug gave hackers a free pass to one website’s credentials, using the trust the company had gained to hurt its own customers. In the cloud, hackers can create chaos, manipu- lating data and redirecting customers to illicit sites. A primary reason for XSS attacks like this is that developers trust users. Developers may think that users will never perform malicious actions so they create applications without filtering user input to block them. Another reason for the frequency of these kinds of attacks is that they have so many variants. Sometimes, an application that properly tries to filter any malicious scripts gets confused and allows a script, opening the door to hijacking. The solution: contextual output encoding or escaping The primary defense against XSS is contextual output encoding or escaping. Several escaping schemes can be used depending on where the untrusted string needs to be placed within an HTML document, including HTML entity encoding, JavaScript escaping, Cascading Style Sheets (CSS) escaping and URL (or percent) encoding. Most web applications that do not need to accept rich data can use escaping to largely eliminate the risk of XSS in a fairly straightforward manner. Because encoding can be tricky, a security encoding library is recommended. 03 TIPS service traffic hijacking 2.2.C CLOUD THREATS (service traffic hijacking)
  • 12. 4 INTERFACE APIs page 6 of 7 PREVIOUS NEXT TABLE OF CONTENTS BACK TO Today’s top 5 security threatsCHAPTER 2 CLOSE X INSECURE INTERFACE AND APIs Malicious access on the cloud If interfaces and application programming interfaces (APIs) aren’t secure, cloud services won’t be either. Here are just some of the security break- downs that can happen: malicious or unidentified access, improper authorizations, and reusable passwords. You need a secure provider Access to cloud services needs to be secure on the static and dynamic front, and that eventually boils down to choosing a secure cloud service provider. A provider should continuously capture—and provide the full chain of provenance for—access to any cloud service, starting with hardware root of trust for the runtime environment. The secure access itself can be established through multilevel security (MLS), including mandatory access control (MAC). 04 insecure interface and APIs TIPS 2.2.D CLOUD THREATS (insecured API)
  • 13. 5 page 7 of 7 PREVIOUS NEXT TABLE OF CONTENTS BACK TO Today’s top 5 security threatsCHAPTER 2 CLOSE X TIPS DENIAL-OF-SERVICE ATTACKS The black cloud market It’s not uncommon for cloud service providers to be compromised by distributed denial-of-service (DDoS) attacks that eat up customers’ time, resources and processing power. In the cloud, virtual machines are hijacked as zombies and used to launch the attacks. Hackers also run a “black cloud market” that offers DDoS as a service. One key to preventing these attacks is comprehensive workload monitoring. Your best defense: intercept and circumvent As soon as an attack happens, the outgoing DDoS and the incoming DDoS need to be intercepted and circumvented. This means providing continuous monitoring of the cloud environment and issuing early warnings for those bare metal systems and virtual machines that have been hijacked as zombies. A cloud service provider should also block the outgoing DDoS attack that might be launched by these hijacked machines (and suspend them after they have been detected). 05 denial-of-service attacks 2.2.E CLOUD THREATS (denial of service)
  • 14. NEXT-GENERATION SECURITY FROM THE CLOUD Even though hackers are using traditional methods to attack the cloud, traditional security methods aren’t likely to stop the attacks. In the past, some cloud providers have applied static, perimeter-based controls, such as firewalls and intrusion protection systems (IPSs), with additional layers of defense, assuming that multiple integrated layers provide greater defense. Next-generation cloud security page 1 of 2 PREVIOUS NEXT TABLE OF CONTENTS BACK TO CHAPTER 3 3.1 NEXT GENERATION SECURITY (p.1)
  • 15. But this is the traditional security model, which may no longer provide the highest security possible because it is marred by three key vulnerabilities: • Numerous security controls can lead to a fragmented security posture, overhead in security management and a never-ending stream of alerts. • Security attacks are sophisticated and can more easily leapfrog the current generation of static security controls. • Attackers are able to quickly exploit platform shifts, such as software-defined environments, to their advantage. Next-generation cloud security page 2 of 2 PREVIOUS NEXT TABLE OF CONTENTS BACK TO CHAPTER 3 3.2 NEXT GENERATION SECURITY (p.2)
  • 16. A NEW SECURITY PARADIGM To truly combat today’s threats, you need security measures that eliminate these shortcomings. As you move high-value, industry-specific workloads to the cloud, you need to build in the right security from the start. Keeping track of who is accessing data governed by regulations will not only be critical for regulatory compliance but also for providing the security assurances you and your clients expect. A new security paradigmCHAPTER 4 page 1 of 2 PREVIOUS NEXT TABLE OF CONTENTS BACK TO 4.1 NEW SECURITY PARADIGM (p.1)
  • 17. New exposures Public clouds also have certain exposures that new security approaches need to take into account. These can raise security concerns: • “Black box” sharing in clouds can reduce visibility and control and increase the risk of unauthorized access and disclosures. • Limited compatibility with existing enterprise security infrastructure may limit adoption for mission-critical applications. • Limited experience and low assurance can raise doubts over cloud reliability (operational availability, long-term perspective). • Privacy and accountability regulations may prevent cloud adoption for certain data and in certain geographies. A new security paradigmCHAPTER 4 page 2 of 2 PREVIOUS NEXT TABLE OF CONTENTS BACK TO 4.2 NEW SECURITY PARADIGM (p.2)
  • 18. INNOVATIVE SECURITY APPROACHES Three new and advanced security approaches can help you fortify your cloud environments against traditional and new security threats. Together, fine-grained contextual security, provenance and the honey pot can provide greater visibility; track data, location and access; and support regulatory compliance. 3 Innovative security approachesCHAPTER 5 page 1 of 4 PREVIOUS NEXT TABLE OF CONTENTS BACK TO FINE-GRAINED CONTEXTUAL SECURITY PROVENANCE HONEY POT 5.1 INNOVATIVE SECURITY (p.1)
  • 19. Fine-grained contextual security FINE-GRAINED CONTEXTUAL SECURITY HONEY POT Innovative security approachesCHAPTER 5 page 2 of 4 360º PREVIOUS NEXT TABLE OF CONTENTS BACK TO CLOSE X ++ PROVENANCE HOW IT WORKS FINE-GRAINED CONTEXTUAL SECURITY Get a 360-degree view of your cloud threat landscape Because many cloud security breaches may be the result of poorly monitored work- loads, fine-grained contextual security, which is designed to provide a 360-degree view of the cloud workload and threat landscape, is critical to protecting your data in the cloud. Think of it as perimeter defense for the virtual environment. HOW YOU CAN BENEFIT 5.2.A INNOVATIVE SECURITY (fine grained diagram)
  • 20. Monitor and distill. Here, virtually all aspects of workloads are instrumented, including data, applications and business processes, to monitor and collect security-related data. These observations build a 360-degree view of the cloud workload. Correlate and predict. The security posture is predicted based on this 360-degree view, the current threat environment, the service level agreements (SLAs) governing the cloud workload and assessment of response alternatives. Here, you use techniques such as data mining, machine learning and cognitive computing to aid security administra- tors with automated methods to build models, track normal behavior and flag anomalous activity. Adapt and preempt. In this phase, security controls are inserted by leveraging the agility of software-defined compute, storage and networks to increase the workload of the attacker. This approach can raise the defender’s stakes in the security arms race. PHASE 1 PHASE 2 PHASE 3 FINE-GRAINED CONTEXTUAL SECURITY HONEY POTPROVENANCE Innovative security approachesCHAPTER 5 page 2 of 4 PREVIOUS NEXT TABLE OF CONTENTS BACK TO CLOSE X ++ How it works HOW IT WORKS FINE-GRAINED CONTEXTUAL SECURITY Get a 360-degree view of your cloud threat landscape Because many cloud security breaches may be the result of poorly monitored work- loads, fine-grained contextual security, which is designed to provide a 360-degree view of the cloud workload and threat landscape, is critical to protecting your data in the cloud. Think of it as perimeter defense for the virtual environment. HOW YOU CAN BENEFIT 5.2.B INNOVATIVE SECURITY (fine grained - how it works)
  • 21. • Gives you the security of communication across domains, knowing it can be trusted and fully logged and audited • Facilitates fast workload migration with minimal disruption • Enables you to react to SLA violations; identify long-term activities caused by low-and-slow threats; and isolate infrequent, unanticipated device activity FINE-GRAINED CONTEXTUAL SECURITY HONEY POTPROVENANCE Innovative security approachesCHAPTER 5 page 2 of 4 PREVIOUS NEXT TABLE OF CONTENTS BACK TO CLOSE X ++HOW IT WORKS How can you benefit FINE-GRAINED CONTEXTUAL SECURITY Get a 360-degree view of your cloud threat landscape Because many cloud security breaches may be the result of poorly monitored work- loads, fine-grained contextual security, which is designed to provide a 360-degree view of the cloud workload and threat landscape, is critical to protecting your data in the cloud. Think of it as perimeter defense for the virtual environment. HOW YOU CAN BENEFIT 5.2.C INNOVATIVE SECURITY (fine grained - benefit)
  • 22. Provenance Innovative security approachesCHAPTER 5 page 3 of 4 FINE-GRAINED CONTEXTUAL SECURITY PROVENANCE HONEY POT PREVIOUS NEXT TABLE OF CONTENTS BACK TO CLOSE X ++HOW IT WORKS EXPLORE PROVENANCE Close the loop on compliance threats Provenance, a term borrowed from fine art, describes how an object came to be in its present state. For example, the provenance of the Mona Lisa establishes who painted it at what time, when it was scratched and restored, and which museums have held it. In technology, provenance is metadata that represents the ancestry of an application and shows where it was developed, when it was patched or updated, and who has used it for what purpose. It can also be the metadata for a piece of data in terms of when it was created as well as when, how, where and by whom it was altered. HOW YOU CAN BENEFIT 5.3.A INNOVATIVE SECURITY (provenance - diagram)
  • 23. Provenance links log and audit data from all over the map to provide the complete history of an event. It tracks the data and processes that travel through your cloud so you can know the how, what, where, when, who and why of virtually any threat event. Innovative security approachesCHAPTER 5 page 3 of 4 PREVIOUS NEXT TABLE OF CONTENTS BACK TO CLOSE X ++ FINE-GRAINED CONTEXTUAL SECURITY PROVENANCE HONEY POT HOW IT WORKS HOW YOU CAN BENEFIT How it works EXPLORE PROVENANCE Close the loop on compliance threats Provenance, a term borrowed from fine art, describes how an object came to be in its present state. For example, the provenance of the Mona Lisa establishes who painted it at what time, when it was scratched and restored, and which museums have held it. In technology, provenance is metadata that represents the ancestry of an application and shows where it was developed, when it was patched or updated, and who has used it for what purpose. It can also be the metadata for a piece of data in terms of when it was created as well as when, how, where and by whom it was altered. 5.3.B INNOVATIVE SECURITY (provenance- how it works)
  • 24. • Empowers you to isolate the correct contextual information and tune out potential interference from adjacent work- loads that have nothing to do with your workload • Helps you manage and facilitate compliance because it gives you a clear, complete and fully authenticated audit trail • In an environment where security regulations and standards change across states and countries, it can help you deter- mine where your security is breaking down and where it’s holding up on the data journey Innovative security approachesCHAPTER 5 page 3 of 4 FINE-GRAINED CONTEXTUAL SECURITY PROVENANCE HONEY POT PREVIOUS NEXT TABLE OF CONTENTS BACK TO CLOSE X ++ EXPLORE PROVENANCE Close the loop on compliance threats Provenance, a term borrowed from fine art, describes how an object came to be in its present state. For example, the provenance of the Mona Lisa establishes who painted it at what time, when it was scratched and restored, and which museums have held it. In technology, provenance is metadata that represents the ancestry of an application and shows where it was developed, when it was patched or updated, and who has used it for what purpose. It can also be the metadata for a piece of data in terms of when it was created as well as when, how, where and by whom it was altered. HOW IT WORKS HOW YOU CAN BENEFIT How can you benefit 5.3.C INNOVATIVE SECURITY (provenance - benefit)
  • 25. Honey pot Innovative security approachesCHAPTER 5 page 4 of 4 PREVIOUS NEXT TABLE OF CONTENTS BACK TO CLOSE X ++ FINE-GRAINED CONTEXTUAL SECURITY HONEY POTPROVENANCE HOW IT WORKS MEET THE HONEY POT A decoy that tricks hackers The honey pot is a decoy, a fake computing environment expressly set up for trapping hackers and new or unconventional hacking methods. It gives hackers a playground (that they believe is real) where they can unleash their threats, and reveal their methods and identities, before they reach your real computing environ- ment. The result is effectively quarantined malware along with the less tangible satisfaction (and amusement) that comes from outwitting smug hackers. HOW YOU CAN BENEFIT 5.4.A INNOVATIVE SECURITY (honey pot - diagram)
  • 26. The honey pot reroutes traffic to a decoy within a well- controlled and quarantined environment. It then generates a detailed report designed to reveal the identity of the target, files, hackers and threat. Attacks delivered by email or in unexpected and unconventional ways (such as through a heating, ventilation and air-conditioning [HVAC] system) should never reach the network with a honey pot defense. Innovative security approachesCHAPTER 5 page 4 of 4 PREVIOUS NEXT TABLE OF CONTENTS BACK TO CLOSE X ++ FINE-GRAINED CONTEXTUAL SECURITY HONEY POTPROVENANCE HOW IT WORKS MEET THE HONEY POT A decoy that tricks hackers The honey pot is a decoy, a fake computing environment expressly set up for trapping hackers and new or unconventional hacking methods. It gives hackers a playground (that they believe is real) where they can unleash their threats, and reveal their methods and identities, before they reach your real computing environ- ment. The result is effectively quarantined malware along with the less tangible satisfaction (and amusement) that comes from outwitting smug hackers. HOW YOU CAN BENEFIT How it works 5.4.B INNOVATIVE SECURITY (honey pot - how it works)
  • 27. • Gives you the peace of mind of knowing that malware should be quarantined before it reaches your infrastructure • Makes you less vulnerable to unconventional hacking methods because this approach spots attacks that other approaches might not • Helps you speed up threat analysis with precise informa- tion in an easy format Innovative security approachesCHAPTER 5 page 4 of 4 PREVIOUS NEXT TABLE OF CONTENTS BACK TO CLOSE X ++ FINE-GRAINED CONTEXTUAL SECURITY HONEY POTPROVENANCE HOW IT WORKS MEET THE HONEY POT A decoy that tricks hackers The honey pot is a decoy, a fake computing environment expressly set up for trapping hackers and new or unconventional hacking methods. It gives hackers a playground (that they believe is real) where they can unleash their threats, and reveal their methods and identities, before they reach your real computing environ- ment. The result is effectively quarantined malware along with the less tangible satisfaction (and amusement) that comes from outwitting smug hackers. HOW YOU CAN BENEFIT How can you benefit 5.4.C INNOVATIVE SECURITY (honey pot - benefit)
  • 28. HOW TO PUT THESE APPROACHES TO WORK FOR YOUR ENTERPRISE When you’re trying to determine which security approach is right for your enterprise, you’ll likely be better off by taking a value-at-risk approach, considering the value of the information and the value of the infrastructure. Assessment also needs to be conducted in terms of threat level. To take advantage of these new approaches, you may also need to add new tools and skills, including: • Risk and value assessment methodology and skills • Provenance generation and capturing, integration, and fusion • Proactive probing and monitoring; deep introspection; and behavior modeling of system, user and workload • Leveraging your software-defined environment to dynamically configure, quarantine and define a fine-grained perimeter • Closed-loop, continuous auditing; continuous assurance; and continuous remediation Put these approaches to workCHAPTER 6 PREVIOUS NEXT TABLE OF CONTENTS BACK TO 6.1 SECURITY APPROACHES (p.1)
  • 29. For more information Go to Steps to Cloud Expertise for more information on other cloud topics and to start your journey. ibm.com/cloud/expertise For more information PREVIOUS NEXT TABLE OF CONTENTS BACK TO 7.1 FOR MORE INFORMATION
  • 30. © Copyright IBM Corporation 2014 IBM Corporation Software Group Route 100 Somers, NY 10589 Produced in the United States of America November 2014 IBM, the IBM logo, and ibm.com are trademarks of International Business Ma- chines Corp., registered in many jurisdictions worldwide. Other product and ser- vice names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are war- ranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applica- ble to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. PREVIOUS TABLE OF CONTENTS BACK TO 8.1 LEGAL