PwC industry expert, Josh McKibben, helps us break down what a breach is truly comprised of, analyze key breaches as examples, and look for lessons you can bring back to your organization to avoid being the next headline.
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
The Anatomy of a Cloud Security Breach
1. Webinar
The Anatomy of a Cloud
Security Breach
Joshua McKibben, CISSP
Director, PwC Cybersecurity & Risk
Joshua.w.mckibben@us.pwc.com
Prashanth Ram, CISSP
Sr. Sales Engineer, Cloudlock
pram@cloudlock.com
2. Continuing Professional Education (CPE) Credits
Claim your CPE credit for attending this webinar
https://www.isc2.org/
For more information or questions please contact us
info@cloudlock.com
2
3. Agenda
01
02
03
04
State of Cloud Security
The Anatomy of a Cloud Security Breach
Who is Affected - Facts and Examples
What Can You Do About It?
3
05 Q&A
4. State of Cloud Security
1. Cloud is driving disintermediation between business and IT; significant
implications IT and Security
2. The overall breach landscape is rapidly evolving
3. Cloud vendors frequently provide more relevant and mature internal
controls and protections than consumers
4. Highest risk exposure points with Cloud are often those things you can
control / influence
5. Leading organizations are taking a strategic approach - revising their
security architectures, processes, technologies, and skills to address
these paradigm shifts and enable secure adoption of Cloud services
5. Security Compromises - A Persistent Business Risk
● The US government notifies 3,000 companies that they were attacked and
charges nation-backed hackers with economic espionage.
● Compromises of retailers culminate in a recent breach of 56 million credit
cards.
● Heartbleed defect results in the loss of 4.5 million healthcare records.
● Powerful malware infects hundreds of energy companies worldwide.
● More than half of global securities exchanges are hacked.
● Regulators around the world are beginning to more proactively address cyber
risks. ** Source: PwC’s 2014 Global State
of Information Security Survey
6. The Breach Landscape is Evolving
66% year-over-year growth in “detected security
incidents” since 2009.
The total number of security incidents
detected by survey respondents climbed to
42.8 million this year, an increase of 48% over
2013.
** Source: PwC’s 2014 Global State
of Information Security Survey
7. The Source of Incidents is Changing
Insiders
• Current or former employees - current
employees jumped 4% over last year
• Current / former service providers - 2nd
followed by suppliers
Outsiders
• Competitors and hackers represent
biggest source of incidents (though
significant change)
• Information brokers, activists, and
organized crime reported as equal
sources of incidents
** Source: PwC’s 2014 Global State
of Information Security Survey
8. Context for Cloud Breach: Top Cloud Use Cases
SaaS Adoption
How do I enable and
monitor access into and
across SaaS
environments?
1
Internal Private /
Hybrid IaaS
How do I build, and
operate a private / hybrid
infrastructure service
securely?
Data Security and
Compliance Across SaaS
& IaaS
How do I detect, respond, and
protect what’s already in the
cloud across heterogeneous
cloud environments?
Shadow IT & Cloud
Governance
We can't protect what we
don't know. How do I
detect and govern shadow IT
use of cloud without
impeding innovation?
4
Data Center Migration to
Public IAAS
How should risk and security
play into migration decision
making, architecture, and
operations? What controls do I
need?
5
Secure DevOps
How do I bake security
into my continuous
development and release
lifecycles?
6
2 3
9. Attack types
Simple Complex
Phishing Spear Phishing
Brute force via default
passwords
Exploiting a vulnerability
Script Kiddie DDos
Malware Key logger
10. How is a Cloud Security Breach Any Different?
The OAuth 2.0 authorization
framework enables a third-
party application to obtain
limited access to an HTTP
service.
Source: http:/oauth.net
11. An Example of a Cloud Security Breach - via OAuth
11
01
Authorizes a
“trusted”
application
via an app
marketplace
Adopt Cloud
Application
User authorizes a application
using OAuth from a trusted app
marketplace
03
Application
starts to
exfiltrate
data via
malware
Exfiltration
Begins
Application slowly starts to
exfiltrate data from the users
cloud environment by installing
malware on device
04
Profit?
Sell/Post Data
Application owner starts to sell
the data to one or multiple
outlets.
02
Application
access scope
is potentially
un-bounded
Access Scopes
Application scope to the cloud
environment can be un-bounded
(ie: location information, USB
storage,etc),
14. 67,596,246 Records - 2014
80,013,415 Records - 2015
Source: https://www.privacyrights.org/data-breach/new . Timeframe: Jan-March 2015. Sourced on March 3, 2015
All Industries Are Impacted
16. Now What? Taking Action
1
2
3 5
4
Assess Your
Capabilities
Assess your security
architecture, threat
detection, and breach
response capabilities
& optimize to align
with cloud workloads
and infrastructure
Protect Your
Data
Discover and protect
sensitive Cloud data
using purpose-built
tools and integration
with SOC operations
Manage 3rd
Party Risks
Discover & Control 3rd
Party Apps
Perform 3rd party
Vendor risk assessment
Log &
Monitor
Turn on robust
logging, define and
optimize events, and
monitor continually for
behavioral anomalies
Manage
Access
Apply step-up and 2-
factor auth
Apply privileged access
management
Log and monitor
17. 17
Cloud Security Core Use Cases
DATA
INFRASTRUCTURE
Cloud Data
Protection
App Discovery
& Control
Risk & Compliance
Management
Threat
Protection
Auditing
& Forensics
Monitor user activity to
detect user anomalies
Track privileged user access
modifications
Alert security teams about
compromised accounts with
real-time alerts
Discover and control PII, PCI,
PHI and IP data
Comply with regulations
such as PCI DSS, HIPPA, SOX,
CIPA, FISMA and FERPA
Control risk with automated
policies
Discover risk in Shadow
apps that directly connect
into your corporate
environment
Gain insight into apps with
Community Trust Ratings
Control which apps are
enabled and revoked
Continuously monitor SaaS
and PaaS environments for
sensitive data
Secure your public cloud
apps with DLP policies
Manage the entire incident
lifecycle and automate
response actions
Investigate suspicious
behavior
Document an immutable
audit trail of key actions
Maintain evidence for
compliance and forensics