Cloud Security and Technology Adoption. By John Mathon VP, Enterprise Evangelism and Product Strategy May 2015
|
|
- Allen Sanders
- 8 years ago
- Views:
Transcription
1 Cloud Security and Technology Adoption By John Mathon VP, Enterprise Evangelism and Product Strategy May 2015
2 About the Author o I am a 30+ year veteran of the computer industry, 10 patents, publish / subscribe, founder of TIBCO, also have started a company in the DLP space as well as worked at one of the most secure companies (Bridgewater). o I am not a security expert. o I have implemented SaaS solutions in a number of companies including a company I founded and a large multibillion dollar company.
3 Introduction o The statement that is heard frequently: Cloud security is the biggest factor inhibiting adoption of the cloud in most companies. o The premise of this statement is that cloud security is a black hole or is much more risky than traditional enterprise security.
4 History o New Technologies that were described as being too insecure to do business with: o Internet and credit cards o Internet and o Internet and business transactions o Electronic Signatures o B2B o I questioned the reality of these claims o I believe I was right o However, economic / business realities forced these things to happen o So, are the following the same? Are they safe for personal or business use? o Cloud IaaS o Mobile Devices o Cloud SaaS applications o Cloud Data Storage o Cloud PaaS o Internet of Things o Personal Cloud
5 The Cloud is a large business today growing very fast considering it s size o Today o IaaS - $12Billion 2014 business (8yrs from start) o 136% annual growth rate today o SaaS companies - $100Billion o Mobile 1.5 Billion smartphones o Social 1.2 Billion followers (22% of world population, 50% of US population) o Future 2017 (3 years) o Total Cloud Services: $0.5Trillion (4X) o IaaS - $100Billion (16X) o PaaS - $14Billion (40X) o SaaS - $0.4Trillion (3X) o 2/3rds of all workloads will be processed in the cloud (*Cisco) o 3 Billion smartphones
6 Cloud Adoption o 9/2013 According to a survey from Spiceworks, 70% of IT professionals are using cloud-based web hosting applications, with 60% using cloud-based security and 30% backup applications. o Numbers climbing very fast with near universal adoption possible within a few years o
7 Why is the Cloud growing so fast? o For Small Companies o Less capital needed o Grow as fast as your business o Self Service / DevOps o Cloud providers provide superior service to in-house o For Large Companies o Less Capital needed means faster to market o DevOps efficiencies to compete be more nimble o Less Excess hardware - A waste of energy, money, space, time o SaaS apps can increase productivity o APIs, Social, Cloud Services enable new lines of revenue
8 The potential is almost incalculable in just the next 5-7 years o Datacenters of 50% of companies in the world o SaaS/PaaS and other services o Becoming the dominant and maybe only way most software is delivered o Other impacts o Social, Behavioral o Life without the cloud will be essentially impossible for most people
9 Why is this overwhelmingly good? o Most companies are not/should not be managing technology at the level they are o They are not competent at security, cost management, optimization or technology in general o vastly underutilization of what they acquire o unnecessary duplicative work of many people doing the same technology over and over o technology that is being used way beyond it s productive life. o Universal Connectivity - People, Things, Applications o Network Effect - Spurring massive cascading unpredictable innovation o Possibly not all positive o Overall huge cost savings and improved efficiency o Due to the first and second points the US/World economy will see massive gains in productivity and improvements in services and technology usage
10 Financial Firms have a higher standard o Generally well endowed compared to many other businesses. o Federal regulation, International regulation (Basel and individual country rules) and State regulation. o Fines assessed regularly. o Financial data among the most sensitive and private of all information of any corporation. Of great concern to customers. o 37% of all breaches (2012*) *
11 Other Industries with similar constraints: o Health o Aerospace
12 Ecosystem PaaS s o Boeing Ecosystem PaaS o Encourage airlines to buy Boeing Airplanes o Create a PaaS for all Airlines and service providers o Make it easier to buy Boeing, cheaper easier to run an airline with Boeing airplanes o Cars o Google Android, OpenCar, OpenXC, Webinos, Apple, Blackberry / QNX o Entertainment o Finance
13 Should you adopt a technology? Technology Gives Employees Choice (BYOD, applications, ) Is better than an internal technology Is necessary for business with customers or partners saves money over internal service Faster time to market Lack of cohesive common technology More expensive than internal service Increased Security Risk Benefit or Cost Increased productivity (and morale, retention) Increased productivity (anything from slight to huge benefit) Increased sales (unavoidable) Reduced costs (depends if productivity improvement or loss accompanies) Increased sales (potentially huge benefit) Decreased productivity Increased support costs and difficult integration or sometimes collaboration Increasing costs (not very frequently true especially when one considers all lifecycle costs). There can be variable costs that are uncontrolled. Productivity gains may offset higher cost. Can be mitigated to some extent
14 These benefits can be substantial o A new technology can easily give a 30% increase in productivity, reduced costs or increased income. o In many cases it is not optional to use a certain technology, but how do we do it safely? o Security must find ways to minimize risk of the new technology.
15 The point of this talk is perspective o Security is part of a business decision o The cloud will be made safe for business o A strategy to minimize risk and maximize adoption by segregating information and applications in a fine grained way as they make sense to migrate is essential o The safety of the cloud is not great but it is no worse than where we are in business, possibly better. This may be sad but it is expected in my opinion.
16 Agenda o What is the cloud? o Security in General o Cloud vs Enterprise
17 What is the cloud? Many things o IaaS and Infrastructure Services (compute, data) o *6B 2013, 136% annual YOY growth o SaaS (Web Services and applications) o APIs (at least 20,000 today doubling annually) o PaaS and Platform Services (ipaas, DaaS, APIMaaS, BPMaaS ) o *14B by 2016 o Mobile Apps, Web and BaaS o Personal Cloud o Internet of Things *Gartner, 2013
18 Not all information is the same o Customer information o Extremely sensitive customer information o Passwords, pins, personal data, health data, SS# o Company employee information o Extremely sensitive employee information o passwords, SS# o Company information o Extremely sensitive company information o Sales projections, roadmaps, customer interactions, information that you would be liable for releasing o Information that gives you significant market advantage
19 Risks you face: o Loss of personal data of employees o Loss of customer personal data o Loss of Corporate data that results in lost business (customers upset, competitors find advantage) o Loss of Service (Caused by security lapse) o Lawsuits (loss of data/service related) o Fines (Loss of data/service considered regulated) o Reputation Damage o Transitive Loss (you help someone compromise someone else) o And more
20 Sources of loss (irrespective of cloud or not cloud) o Technology o External hacking o Infection / malware o Denial of service o Processes o Physical penetration or data lost in transit o Poor IT Practices o People o Internal o Employee mistakes / phishing
21 The Enterprise physical and electronic 4 walls is being continuously eroded by new stuff: o Employees taking home data or electronics that contain data on them (cell phones, USB, computers, ) o SaaS (corporate data contained within) o APIs and Web services, EDI or partner electronic interfaces o Personal Cloud o Internet of Things (coming) o Cloud Services (IaaS) o Higher level Cloud Services (PaaS and other) o Social - Discussion boards, twitter o Skunkworks/Unauthorized use: o Personal Cloud(Dropbox, Google docs and apps, ) o POC s being done in PaaS or IaaS environments o Enterprise Apps being used with corporate data o Interactions with partners through cloud o The people who violate controls most : IT people and executives
22 Cloud vs Enterprise o Anything that can be accessed from the outside is under identical attack* o However, on-premises environment users or customers actually suffer more incidents than those of service provider environments. On-premises environment users experience an average of 61.4 attacks, while service provider environment customers averaged only 27.8.* o After looking at both, there is no proof that cloud computing is any more of a security risk than traditional internet usage. The research in this paper has shown that there is no significant difference that makes one better than the other. o It is not provable that the cloud is less secure than enterprise security o o * ** / Cloud Computing vs Traditional Internet Setting: Which One is More Secur
23 Security is a problem o At least 200+million s disclosed with passwords. Credit cards of at least million people with social sec# s in some cases. A Very High Percentage of these losses are non-cloud, possibly as o Medical records for 4 million people. o Average of 60 attacks / year reported o 37% of breaches affected financial organizations o 14% insiders o 19% china related breaches high as 80% It is unclear what percentage of private companies disclose breaches o 35% involve physical compromise Cloud Companies are required by law to disclose any loss* o 76% exploited weak passwords * o vulnerability discovered to patch: days at enterprises!
24 Cloud Companies are responding to threats o Most cloud companies now enforce multifactor authentication o Most cloud companies employ encryption with salted passwords o Google and others changing policies on password resets o AWS wiping disks now as default o The feeling is the cloud service companies are learning and becoming more and more astute o What we really need is transparency!
25 Cloud is theoretically worse on security o Ability to attack from anywhere and from anyone could lead to many more attacks o Specific cloud-based attacks such as exploiting virtual machine vulnerability, building mobile apps to exploit APIs o Ubiquitous connectivity seems to imply more chance for attacks o yet so far not the case
26 I am not saying: o Cloud companies are all safer generically o All Private companies enterprise security is rotten o That cloud is better than enterprise for security if enterprise is done well
27 I am saying: o Cloud is not blatantly more insecure than enterprises o For whatever reason the attention of hackers has not become focused on cloud YET because the number of incidents and severity is still clearly more in the enterprise o Some cloud companies are way better than many enterprises in security today o For the vast majority of companies large and small the cloud is probably better
28 Cloud Companies use the same technology and approaches as private companies o Antivirus / Malware detection / Scanning o Patching regimes o Audits / Penetration testing o Personnel training o DLP technology / hardware o Multiple authentication schemes o Automated Event Detection o Multiple Region backups / DR o Physical Security
29 Vast majority of non-cloud companies not competent in security* * This is NOT true in Finance Companies like Fidelity hopefully
30 Actual Losses some data o 400 cases of fraudulent ACH transactions of $255 million with actual loss of $85 million o July 2009, two U.S. stock exchanges were victims of a sustained DDoS attack o Outages have real cost o Adobe lost actual source code for photoshop o Reputation risk is an extreme concern
31 The cloud is not a black hole of security o No evidence cloud computing IS riskier than enterprise based computing o More attacks reported both anecdotally, statistically as well as admitted by private companies than companies using cloud services o Full disclosure at private companies doubtful o Over the last 4 years as incidents happen the strength of cloud security has increased. Most companies now support 2 factor authentication for instance. But problems clearly still exist.
32 Cloud vs NonCloud Security
33 Nine Top Threats 1. Data Breaches 2. Data Loss 3. Account Hijacking 4. Insecure APIs 5. Denial of Service 6. Malicious Insiders 7. Abuse of Cloud Services 8. Insufficient Due Diligence 9. Shared Technology Issues CLOUD SECURITY ALLIANCE The Notorious Nine: Cloud Computing Top Threats in , Cloud Security Alliance. All rights reserved. 7 Infoworld 2/2013
34 Cloud Specific Security Concerns o Data from one company leaking to another (multi-tenancy isolation failure) o Demand from one company leaking to another (poor service) o Inability to control specific policies and personnel or change them at will o Lack of transparency o Inability to conduct effective investigations o Naïveté in using the cloud* o *
35 Good Ideas
36 The Broadest Enterprise Agility Platform
37 Connect the World / Open Source
38 The Solution to Enterprise IT Agility Enterprise Asset Management, Identity Management, API Management, Mobile and IOT Device Management, Integration, Cloud Platform as a Service, BigData, Machine Learning, High Performance Transaction Processing Multi-tenancy, Enterprise Connectivity, Internet of Things Platform
39 Thanks4Listening My My blog: CloudRamblings
FACING SECURITY CHALLENGES
24 July 2013 TimeTec Cloud Security FACING SECURITY CHALLENGES HEAD-ON - by Mr. Daryl Choo, Chief Information Officer, FingerTec HQ Cloud usage and trend Cloud Computing is getting more common nowadays
More informationPublic Cloud Security: Surviving in a Hostile Multitenant Environment
Public Cloud Security: Surviving in a Hostile Multitenant Environment SESSION ID: EXP-R01 Mark Russinovich Technical Fellow Windows Azure, Microsoft @markrussinovich The Third Computing Era Security Could
More informationIs it Time to Trust the Cloud? Unpacking the Notorious Nine
Is it Time to Trust the Cloud? Unpacking the Notorious Nine Jonathan C. Trull, CISO, Qualys Cloud Security Alliance Agenda Cloud Security Model Background on the Notorious Nine Unpacking the Notorious
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationRisks and Challenges
Cloud and Mobile Security: Risks and Challenges Chong Sau Wei (CISM) chong@scan associates.net General Manager Managed Security Services SCAN Associates Berhad Seminar e Kerajaan Negeri Pulau Pinang 14
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationThe Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.
The Magical Cloud Lennart Franked Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. 2014-10-20 Lennart Franked (MIUN IKS) The Magical Cloud 2014-10-20 1 / 35
More informationWHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?
WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationData Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
More informationExpert Reference Series of White Papers. 10 Security Concerns for Cloud Computing
Expert Reference Series of White Papers 10 Security Concerns for Cloud Computing 1-800-COURSES www.globalknowledge.com 10 Security Concerns for Cloud Computing Michael Gregg, Global Knowledge Instructor,
More informationCAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST
CENTER FOR ADVANCED SECURITY TRAINING 618 Designing and Implementing Cloud Security About EC-Council Center of Advanced Security Training () The rapidly evolving information security landscape now requires
More informationDynamic Security for the Hybrid Cloud
Dynamic Security for the Hybrid Cloud Marc van Zadelhoff, VP Strategy, Marketing and Product Management, IBM Security Nataraj Nagaratnam, Distinguished Engineer and CTO Security Solutions, IBM Security
More informationCloud Security Who do you trust?
Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud
More informationInformation Security for the Rest of Us
Secure Your Way Forward. AuditWest.com Information Security for the Rest of Us Practical Advice for Small Businesses Brian Morkert President and Chief Consultant 1 Introduction President Audit West IT
More information2012 NCSA / Symantec. National Small Business Study
2012 NCSA / Symantec National Small Business Study National Cyber Security Alliance Symantec JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National
More informationCyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
More informationGlobal IT Security Risks: 2012
Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection
More informationWhitepaper: Cloud Computing for Credit Unions
Whitepaper: Cloud Computing for Credit Unions A new twist on an old strategy MYCU SERVICES December 29, 2011 Authored by: Lingle, Linda Table of Contents Introduction... 2 Cloud Providers... 3 Cloud Components...
More information10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns
BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad
More informationData Security in a Mobile, Cloud-Based World
Data Security in a Mobile, Cloud-Based World Jacob Buckley-Fortin CEO ehana What we ll cover Trends Risks Recommendations 1 Trends Mobile Has Taken Over Trend #1 2 3 450 million users worldwide Adopted
More informationWhy Email Encryption is Essential to the Safety of Your Business
Why Email Encryption is Essential to the Safety of Your Business What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations
More informationThe Cloud, Virtualization, and Security
A Cloud: Large groups of remote servers that are networked to allow centralized, shared data storage and online access to computer services or resources A Cloud: Large groups of remote servers that are
More informationAHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS
AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals
More informationAbout me & Submission details
About me & Submission details Parveen Yadav Security Researcher aka Ethical Hacker. Working as a Freelancer. White Hat Hacking work. Few Recognitions :- Got listed my name in Google Hall of fame,amazon,paypal,adobe
More informationNew Risks in the New World of Emerging Technologies
New Risks in the New World of Emerging Technologies Victor Chu Client Technical Professional Identity, Security, and Compliance Management Software Group IBM Malaysia Risk it s NOT a four simple letter
More informationBYOD & MOBILE SECURITY
2013 surve y results BYOD & MOBILE SECURITY Group Partner Information Security Sponsored by Symantec KPMG Zimbani MailGuard INTRODUCTION Welcome to the 2013 BYOD & Mobile Security Report! Bring Your Own
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationCLOUD COMPUTING: WHAT YOU SHOULD KNOW
CLOUD COMPUTING: WHAT YOU SHOULD KNOW There is hardly a topic creating more of a buzz in software industry, than the Cloud. Cloud computing is a dramatic shift in the way we think about providing computing
More informationWhat Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen
What Is The Cloud And How Can Your Agency Use It Tom Konop Mark Piontek Cathleen Christensen Video Computer Basics: What is the Cloud What is Cloud Computing Cloud Computing Basics The use of the word
More informationCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One End User Security, IS Control Evaluation & Self- Assessment Information Security Trends and Countermeasures
More informationManaging Mobile Devices in a Device-Agnostic World Finding and Enforcing a Policy That Makes Business Sense
SAP White Paper SAP Partner Organization Mobile Device Management Managing Mobile Devices in a Device-Agnostic World Finding and Enforcing a Policy That Makes Business Sense Table of Content 4 Mobile Device
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationWestcon Presentation on Security Innovation, Opportunity, and Compromise
Westcon Presentation on Security Innovation, Opportunity, and Compromise Christian A. Christiansen Program Vice President IDC Security Products & Services What s Happening with Threats? 1.5B 80% 33% $1.3M
More informationBringing Continuous Security to the Global Enterprise
Bringing Continuous to the Global Enterprise Asset Discovery Network Web App Compliance Monitoring Threat Protection The Most Advanced Platform 3+ Billion IP Scans/Audits a Year 1+ Trillion Events The
More informationCloud Security Enterprise Concerns and Mitigations. November 3 rd 2015
Cloud Security Enterprise Concerns and Mitigations November 3 rd 2015 Biography Javed Samuel - Technical Director at NCC Group Lead Training Services Technical Account Manager for various clients Deliver
More informationD. L. Corbet & Assoc., LLC
Demystifying the Cloud OR Cloudy with a Chance of Data D. L. Corbet & Assoc., LLC thelinuxguy@donet.com Why 'The Cloud' Common Clouds Considerations and Risk Why 'The Cloud' Distributed Very Large / Very
More informationWhite Paper - Crypto Virus. A guide to protecting your IT
White Paper - Crypto Virus A guide to protecting your IT Contents What is Crypto Virus?... 3 How to protect yourself from Crypto Virus?... 3 Antivirus or Managed Agents... 3 Enhanced Email Services & Extra
More informationCompliance and Cloud Computing
Compliance and Cloud Computing Balaji Palanisamy Director, Southwest- US Coalfire Systems, Inc. July 24, 2014 Agenda Introduction Cloud Computing Basics Cloud Computing Threats Security vs. Compliance
More informationCloud computing: benefits, risks and recommendations for information security
Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation
More informationWhat Cloud computing means in real life
ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)
More informationCloud Computing. Cloud Computing An insight in the Governance & Security aspects
Cloud Computing An insight in the Governance & Security aspects AGENDA Introduction Security Governance Risks Compliance Recommendations References 1 Cloud Computing Peter Hinssen, The New Normal, 2010
More informationSecuring Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits
A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide
More informationAB 1149 Compliance: Data Security Best Practices
AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California
More informationUnderstanding Financial Cloud Services
Understanding Financial Cloud Services A Complete Guide for Hedge Funds About RFA RFA (Richard Fleischman & Associates) has been a Financial Cloud and trusted technology partner to our financial services
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationClouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst
Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment
More informationFOR THE FUTURE OF DATA CENTERS?
WHAT DOES THE CLOUD MEAN FOR THE FUTURE OF DATA CENTERS? A WHITEPAPER BROUGHT TO YOU BY SEI WHAT DOES THE CLOUD MEAN FOR THE FUTURE OF DATA CENTERS? files via the Internet to a hard drive located in a
More informationThis session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.
The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com
More informationIbrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them?
Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com Smartphones and BYOD: what are the risks and how do you manage them? Tablets on the rise 2 Diverse 3 The Changing Mobile World Powerful devices
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationHow To Protect Yourself From Cyber Threats
Cyber Security for Non- Profit Organizations Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3 May 2015 Agenda IT Security Basics e- Discovery Compliance Legal Risk Disaster Plans Non- Profit
More informationHong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination
More informationTop 10 Cloud Risks That Will Keep You Awake at Night
Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com
More informationProtect Yourself in the Cloud Age
Protect Yourself in the Cloud Age Matthew Wu Consultant Hong Kong Computer Emergency Response Team Coordination Centre About HKCERT HKCERT ( 香 港 電 腦 保 安 事 故 協 調 中 心 ) Established in 2001 Funding & Operation
More informationWhite Paper: The Current State of BYOD
CTOlabs.com White Paper: The Current State of BYOD May 2012 A White Paper providing context and guidance you can use Inside: Snapshot of a fast moving trend Summary of recent surveys Considerations for
More informationCloud and Security (Cloud hacked via Cloud) Lukas Grunwald
Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald About DN-Systems Global Consulting and Technology Services Planning Evaluation Auditing Operates own Security Lab Project Management Integral
More informationCloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
More informationBrainloop Cloud Security
Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating
More informationGlobal Corporate IT Security Risks: 2013
Global Corporate IT Security Risks: 2013 May 2013 For Kaspersky Lab, the world s largest private developer of advanced security solutions for home users and corporate IT infrastructures, meeting the needs
More informationEMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST
EMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST Enabling user efficiency with a cloud-based email platform With productivity, revenues and reputation at stake, an
More informationAddressing Security for Hybrid Cloud
Addressing Security for Hybrid Cloud Sreekanth Iyer Executive IT Architect IBM Cloud (CTO Office) Email : sreek.iyer@in.ibm.com Twitter: @sreek Blog: http://ibm.co/sreek July 18, 2015 Cloud is rapidly
More informationSummary of the State of Security
Summary of the State of Security Tram Jewett, CISA CliftonLarsonAllen LLP Virginia GFOA Annual Spring Conference, 2016 1 1 Summary of the State of Security Tram Jewett, MS., CISA, 11 years IT audit and
More informationSecuring the Cloud infrastructure with IBM Dynamic Cloud Security
Securing the Cloud infrastructure with IBM Dynamic Cloud Security Ngo Duy Hiep Security Brand Manager Cell phone: +84 912216753 Email: hiepnd@vn.ibm.com 12015 IBM Corporation Cloud is rapidly transforming
More informationCloud Computing: What needs to Be Validated and Qualified. Ivan Soto
Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data
More informationPCI Compliance for Healthcare
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More information4 Steps to Effective Mobile Application Security
Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional
More informationMobile Device Management in the Systems Management Ecosystem. Katie Wiederholt, Dell Software
Mobile Device Management in the Systems Management Ecosystem Katie Wiederholt, The forces driving change in mobility Agenda The journey to MDM Where do we want to be and mobile security technologies 2
More informationCLOUD COMPUTING SECURITY CONCERNS
CLOUD COMPUTING SECURITY CONCERNS ABSTRACT ASMA GULAM MOHAMED Saveetha School of Engineering Cloud computing is set of resources including data storage, programs and hardware offered through the Internet.
More informationAgenda. What is cloud? Cloud based services The Good bad and Ugly.. Anatomy of a cloud Guidelines for you
Agenda What is cloud? Cloud based services The Good bad and Ugly.. Anatomy of a cloud Guidelines for you What is Cloud Computing? Compute as a utility: third major era of computing Cloud enabled by Moore
More informationThe Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing
Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?
More informationCloud Security Who do you trust?
Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud
More informationHope for the best, prepare for the worst:
Hope for the best, prepare for the worst: Why your customers will demand self-service back-up Presented by Ridley Ruth, COO Breaking News Yahoo email Accounts were hacked in Jan 2014 (Washington Post)
More informationEnsuring security the last barrier to Cloud adoption
Ensuring security the last barrier to Cloud adoption Publication date: March 2011 Ensuring security the last barrier to Cloud adoption Cloud computing has powerful attractions for the organisation. It
More informationHow To Protect Your Cloud Computing Resources From Attack
Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview
More informationIdentity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015
Identity & Management The Cloud Perspective Andrea Themistou 08 October 2015 Agenda Cloud Adoption Benefits & Risks Security Evolution for Cloud Adoption Securing Cloud Applications with IAM Securing Cloud
More informationMobile Security: Controlling Growing Threats with Mobile Device Management
Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work
More informationEXECUTIVE BRIEF PON SPON. The Cloud Application Explosion. Published April 2013. An Osterman Research Executive Brief. sponsored by.
EXECUTIVE BRIEF PON Explosion An Osterman Research Executive Brief Published April 2013 sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA Tel:
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationDigital Barracuda Information Security Reports that the Risk from Viruses and Worms is Only the Tip of the Iceberg FACT SHEET
Digital Barracuda Information Security Worms is Only the Tip FACT SHEET from Viruses and Worms is Only the Tip Do you have security with teeth? You had better, because if the worms don t get you, the viruses
More informationIT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA
IT TRENDS AND FUTURE CONSIDERATIONS Paul Rainbow CPA, CISA, CIA, CISSP, CTGA AGENDA BYOD Cloud Computing PCI Fraud Internet Banking Questions The Mobile Explosion Mobile traffic data in 2011 was nearly
More informationPassword Management Evaluation Guide for Businesses
Password Management Evaluation Guide for Businesses White Paper 2016 Executive Summary Passwords and the need for effective password management are at the heart of the rise in costly data breaches. Various
More informationGoogle Identity Services for work
INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new
More informationSOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness
SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper Safeguarding data through increased awareness November 2015 1 Contents Executive Summary 3 Introduction 4 Martime Security 5 Perimeters Breached
More informationITAR Compliance Best Practices Guide
ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations
More informationRE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC
RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure
More informationHow To Deal With A Converged Threat From A Cloud And Mobile Device To A Business Or A Customer'S Computer Or Network To A Cloud Device
Ten Tips for Managing Risks on Convergent Networks The Risk Management Group April 2012 Sponsored by: Lavastorm Analytics is a global business performance analytics company that enables companies to analyze,
More informationBYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective
BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective Kit Colbert CTO, End-User Computing 2014 VMware Inc. All rights reserved. VMware: Addressing the Market From Data Center
More information1. Understanding Big Data
Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview Erik Luysterborg Partner, Deloitte EMEA Data Protection & Privacy leader Prague, SCCE, March 22 nd 2016 1. 2016 Deloitte
More informationCloud Backup and Recovery for Endpoint Devices
Cloud Backup and Recovery for Endpoint Devices Executive Summary Armed with their own devices and faster wireless speeds, your employees are looking to access corporate data on the move. They are creating,
More information