Cloud Security and Technology Adoption. By John Mathon VP, Enterprise Evangelism and Product Strategy May 2015

Size: px
Start display at page:

Download "Cloud Security and Technology Adoption. By John Mathon VP, Enterprise Evangelism and Product Strategy May 2015"

Transcription

1 Cloud Security and Technology Adoption By John Mathon VP, Enterprise Evangelism and Product Strategy May 2015

2 About the Author o I am a 30+ year veteran of the computer industry, 10 patents, publish / subscribe, founder of TIBCO, also have started a company in the DLP space as well as worked at one of the most secure companies (Bridgewater). o I am not a security expert. o I have implemented SaaS solutions in a number of companies including a company I founded and a large multibillion dollar company.

3 Introduction o The statement that is heard frequently: Cloud security is the biggest factor inhibiting adoption of the cloud in most companies. o The premise of this statement is that cloud security is a black hole or is much more risky than traditional enterprise security.

4 History o New Technologies that were described as being too insecure to do business with: o Internet and credit cards o Internet and o Internet and business transactions o Electronic Signatures o B2B o I questioned the reality of these claims o I believe I was right o However, economic / business realities forced these things to happen o So, are the following the same? Are they safe for personal or business use? o Cloud IaaS o Mobile Devices o Cloud SaaS applications o Cloud Data Storage o Cloud PaaS o Internet of Things o Personal Cloud

5 The Cloud is a large business today growing very fast considering it s size o Today o IaaS - $12Billion 2014 business (8yrs from start) o 136% annual growth rate today o SaaS companies - $100Billion o Mobile 1.5 Billion smartphones o Social 1.2 Billion followers (22% of world population, 50% of US population) o Future 2017 (3 years) o Total Cloud Services: $0.5Trillion (4X) o IaaS - $100Billion (16X) o PaaS - $14Billion (40X) o SaaS - $0.4Trillion (3X) o 2/3rds of all workloads will be processed in the cloud (*Cisco) o 3 Billion smartphones

6 Cloud Adoption o 9/2013 According to a survey from Spiceworks, 70% of IT professionals are using cloud-based web hosting applications, with 60% using cloud-based security and 30% backup applications. o Numbers climbing very fast with near universal adoption possible within a few years o

7 Why is the Cloud growing so fast? o For Small Companies o Less capital needed o Grow as fast as your business o Self Service / DevOps o Cloud providers provide superior service to in-house o For Large Companies o Less Capital needed means faster to market o DevOps efficiencies to compete be more nimble o Less Excess hardware - A waste of energy, money, space, time o SaaS apps can increase productivity o APIs, Social, Cloud Services enable new lines of revenue

8 The potential is almost incalculable in just the next 5-7 years o Datacenters of 50% of companies in the world o SaaS/PaaS and other services o Becoming the dominant and maybe only way most software is delivered o Other impacts o Social, Behavioral o Life without the cloud will be essentially impossible for most people

9 Why is this overwhelmingly good? o Most companies are not/should not be managing technology at the level they are o They are not competent at security, cost management, optimization or technology in general o vastly underutilization of what they acquire o unnecessary duplicative work of many people doing the same technology over and over o technology that is being used way beyond it s productive life. o Universal Connectivity - People, Things, Applications o Network Effect - Spurring massive cascading unpredictable innovation o Possibly not all positive o Overall huge cost savings and improved efficiency o Due to the first and second points the US/World economy will see massive gains in productivity and improvements in services and technology usage

10 Financial Firms have a higher standard o Generally well endowed compared to many other businesses. o Federal regulation, International regulation (Basel and individual country rules) and State regulation. o Fines assessed regularly. o Financial data among the most sensitive and private of all information of any corporation. Of great concern to customers. o 37% of all breaches (2012*) *

11 Other Industries with similar constraints: o Health o Aerospace

12 Ecosystem PaaS s o Boeing Ecosystem PaaS o Encourage airlines to buy Boeing Airplanes o Create a PaaS for all Airlines and service providers o Make it easier to buy Boeing, cheaper easier to run an airline with Boeing airplanes o Cars o Google Android, OpenCar, OpenXC, Webinos, Apple, Blackberry / QNX o Entertainment o Finance

13 Should you adopt a technology? Technology Gives Employees Choice (BYOD, applications, ) Is better than an internal technology Is necessary for business with customers or partners saves money over internal service Faster time to market Lack of cohesive common technology More expensive than internal service Increased Security Risk Benefit or Cost Increased productivity (and morale, retention) Increased productivity (anything from slight to huge benefit) Increased sales (unavoidable) Reduced costs (depends if productivity improvement or loss accompanies) Increased sales (potentially huge benefit) Decreased productivity Increased support costs and difficult integration or sometimes collaboration Increasing costs (not very frequently true especially when one considers all lifecycle costs). There can be variable costs that are uncontrolled. Productivity gains may offset higher cost. Can be mitigated to some extent

14 These benefits can be substantial o A new technology can easily give a 30% increase in productivity, reduced costs or increased income. o In many cases it is not optional to use a certain technology, but how do we do it safely? o Security must find ways to minimize risk of the new technology.

15 The point of this talk is perspective o Security is part of a business decision o The cloud will be made safe for business o A strategy to minimize risk and maximize adoption by segregating information and applications in a fine grained way as they make sense to migrate is essential o The safety of the cloud is not great but it is no worse than where we are in business, possibly better. This may be sad but it is expected in my opinion.

16 Agenda o What is the cloud? o Security in General o Cloud vs Enterprise

17 What is the cloud? Many things o IaaS and Infrastructure Services (compute, data) o *6B 2013, 136% annual YOY growth o SaaS (Web Services and applications) o APIs (at least 20,000 today doubling annually) o PaaS and Platform Services (ipaas, DaaS, APIMaaS, BPMaaS ) o *14B by 2016 o Mobile Apps, Web and BaaS o Personal Cloud o Internet of Things *Gartner, 2013

18 Not all information is the same o Customer information o Extremely sensitive customer information o Passwords, pins, personal data, health data, SS# o Company employee information o Extremely sensitive employee information o passwords, SS# o Company information o Extremely sensitive company information o Sales projections, roadmaps, customer interactions, information that you would be liable for releasing o Information that gives you significant market advantage

19 Risks you face: o Loss of personal data of employees o Loss of customer personal data o Loss of Corporate data that results in lost business (customers upset, competitors find advantage) o Loss of Service (Caused by security lapse) o Lawsuits (loss of data/service related) o Fines (Loss of data/service considered regulated) o Reputation Damage o Transitive Loss (you help someone compromise someone else) o And more

20 Sources of loss (irrespective of cloud or not cloud) o Technology o External hacking o Infection / malware o Denial of service o Processes o Physical penetration or data lost in transit o Poor IT Practices o People o Internal o Employee mistakes / phishing

21 The Enterprise physical and electronic 4 walls is being continuously eroded by new stuff: o Employees taking home data or electronics that contain data on them (cell phones, USB, computers, ) o SaaS (corporate data contained within) o APIs and Web services, EDI or partner electronic interfaces o Personal Cloud o Internet of Things (coming) o Cloud Services (IaaS) o Higher level Cloud Services (PaaS and other) o Social - Discussion boards, twitter o Skunkworks/Unauthorized use: o Personal Cloud(Dropbox, Google docs and apps, ) o POC s being done in PaaS or IaaS environments o Enterprise Apps being used with corporate data o Interactions with partners through cloud o The people who violate controls most : IT people and executives

22 Cloud vs Enterprise o Anything that can be accessed from the outside is under identical attack* o However, on-premises environment users or customers actually suffer more incidents than those of service provider environments. On-premises environment users experience an average of 61.4 attacks, while service provider environment customers averaged only 27.8.* o After looking at both, there is no proof that cloud computing is any more of a security risk than traditional internet usage. The research in this paper has shown that there is no significant difference that makes one better than the other. o It is not provable that the cloud is less secure than enterprise security o o * ** / Cloud Computing vs Traditional Internet Setting: Which One is More Secur

23 Security is a problem o At least 200+million s disclosed with passwords. Credit cards of at least million people with social sec# s in some cases. A Very High Percentage of these losses are non-cloud, possibly as o Medical records for 4 million people. o Average of 60 attacks / year reported o 37% of breaches affected financial organizations o 14% insiders o 19% china related breaches high as 80% It is unclear what percentage of private companies disclose breaches o 35% involve physical compromise Cloud Companies are required by law to disclose any loss* o 76% exploited weak passwords * o vulnerability discovered to patch: days at enterprises!

24 Cloud Companies are responding to threats o Most cloud companies now enforce multifactor authentication o Most cloud companies employ encryption with salted passwords o Google and others changing policies on password resets o AWS wiping disks now as default o The feeling is the cloud service companies are learning and becoming more and more astute o What we really need is transparency!

25 Cloud is theoretically worse on security o Ability to attack from anywhere and from anyone could lead to many more attacks o Specific cloud-based attacks such as exploiting virtual machine vulnerability, building mobile apps to exploit APIs o Ubiquitous connectivity seems to imply more chance for attacks o yet so far not the case

26 I am not saying: o Cloud companies are all safer generically o All Private companies enterprise security is rotten o That cloud is better than enterprise for security if enterprise is done well

27 I am saying: o Cloud is not blatantly more insecure than enterprises o For whatever reason the attention of hackers has not become focused on cloud YET because the number of incidents and severity is still clearly more in the enterprise o Some cloud companies are way better than many enterprises in security today o For the vast majority of companies large and small the cloud is probably better

28 Cloud Companies use the same technology and approaches as private companies o Antivirus / Malware detection / Scanning o Patching regimes o Audits / Penetration testing o Personnel training o DLP technology / hardware o Multiple authentication schemes o Automated Event Detection o Multiple Region backups / DR o Physical Security

29 Vast majority of non-cloud companies not competent in security* * This is NOT true in Finance Companies like Fidelity hopefully

30 Actual Losses some data o 400 cases of fraudulent ACH transactions of $255 million with actual loss of $85 million o July 2009, two U.S. stock exchanges were victims of a sustained DDoS attack o Outages have real cost o Adobe lost actual source code for photoshop o Reputation risk is an extreme concern

31 The cloud is not a black hole of security o No evidence cloud computing IS riskier than enterprise based computing o More attacks reported both anecdotally, statistically as well as admitted by private companies than companies using cloud services o Full disclosure at private companies doubtful o Over the last 4 years as incidents happen the strength of cloud security has increased. Most companies now support 2 factor authentication for instance. But problems clearly still exist.

32 Cloud vs NonCloud Security

33 Nine Top Threats 1. Data Breaches 2. Data Loss 3. Account Hijacking 4. Insecure APIs 5. Denial of Service 6. Malicious Insiders 7. Abuse of Cloud Services 8. Insufficient Due Diligence 9. Shared Technology Issues CLOUD SECURITY ALLIANCE The Notorious Nine: Cloud Computing Top Threats in , Cloud Security Alliance. All rights reserved. 7 Infoworld 2/2013

34 Cloud Specific Security Concerns o Data from one company leaking to another (multi-tenancy isolation failure) o Demand from one company leaking to another (poor service) o Inability to control specific policies and personnel or change them at will o Lack of transparency o Inability to conduct effective investigations o Naïveté in using the cloud* o *

35 Good Ideas

36 The Broadest Enterprise Agility Platform

37 Connect the World / Open Source

38 The Solution to Enterprise IT Agility Enterprise Asset Management, Identity Management, API Management, Mobile and IOT Device Management, Integration, Cloud Platform as a Service, BigData, Machine Learning, High Performance Transaction Processing Multi-tenancy, Enterprise Connectivity, Internet of Things Platform

39 Thanks4Listening My My blog: CloudRamblings

FACING SECURITY CHALLENGES

FACING SECURITY CHALLENGES 24 July 2013 TimeTec Cloud Security FACING SECURITY CHALLENGES HEAD-ON - by Mr. Daryl Choo, Chief Information Officer, FingerTec HQ Cloud usage and trend Cloud Computing is getting more common nowadays

More information

Public Cloud Security: Surviving in a Hostile Multitenant Environment

Public Cloud Security: Surviving in a Hostile Multitenant Environment Public Cloud Security: Surviving in a Hostile Multitenant Environment SESSION ID: EXP-R01 Mark Russinovich Technical Fellow Windows Azure, Microsoft @markrussinovich The Third Computing Era Security Could

More information

Is it Time to Trust the Cloud? Unpacking the Notorious Nine

Is it Time to Trust the Cloud? Unpacking the Notorious Nine Is it Time to Trust the Cloud? Unpacking the Notorious Nine Jonathan C. Trull, CISO, Qualys Cloud Security Alliance Agenda Cloud Security Model Background on the Notorious Nine Unpacking the Notorious

More information

Cyber Security. John Leek Chief Strategist

Cyber Security. John Leek Chief Strategist Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity

More information

How-To Guide: Cyber Security. Content Provided by

How-To Guide: Cyber Security. Content Provided by How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses

More information

Risks and Challenges

Risks and Challenges Cloud and Mobile Security: Risks and Challenges Chong Sau Wei (CISM) chong@scan associates.net General Manager Managed Security Services SCAN Associates Berhad Seminar e Kerajaan Negeri Pulau Pinang 14

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

Cloud Security and Managing Use Risks

Cloud Security and Managing Use Risks Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access

More information

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. The Magical Cloud Lennart Franked Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. 2014-10-20 Lennart Franked (MIUN IKS) The Magical Cloud 2014-10-20 1 / 35

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

Data Protection: From PKI to Virtualization & Cloud

Data Protection: From PKI to Virtualization & Cloud Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security

More information

Expert Reference Series of White Papers. 10 Security Concerns for Cloud Computing

Expert Reference Series of White Papers. 10 Security Concerns for Cloud Computing Expert Reference Series of White Papers 10 Security Concerns for Cloud Computing 1-800-COURSES www.globalknowledge.com 10 Security Concerns for Cloud Computing Michael Gregg, Global Knowledge Instructor,

More information

CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST

CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST CENTER FOR ADVANCED SECURITY TRAINING 618 Designing and Implementing Cloud Security About EC-Council Center of Advanced Security Training () The rapidly evolving information security landscape now requires

More information

Dynamic Security for the Hybrid Cloud

Dynamic Security for the Hybrid Cloud Dynamic Security for the Hybrid Cloud Marc van Zadelhoff, VP Strategy, Marketing and Product Management, IBM Security Nataraj Nagaratnam, Distinguished Engineer and CTO Security Solutions, IBM Security

More information

Cloud Security Who do you trust?

Cloud Security Who do you trust? Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud

More information

Information Security for the Rest of Us

Information Security for the Rest of Us Secure Your Way Forward. AuditWest.com Information Security for the Rest of Us Practical Advice for Small Businesses Brian Morkert President and Chief Consultant 1 Introduction President Audit West IT

More information

2012 NCSA / Symantec. National Small Business Study

2012 NCSA / Symantec. National Small Business Study 2012 NCSA / Symantec National Small Business Study National Cyber Security Alliance Symantec JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National

More information

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies

More information

Global IT Security Risks: 2012

Global IT Security Risks: 2012 Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection

More information

Whitepaper: Cloud Computing for Credit Unions

Whitepaper: Cloud Computing for Credit Unions Whitepaper: Cloud Computing for Credit Unions A new twist on an old strategy MYCU SERVICES December 29, 2011 Authored by: Lingle, Linda Table of Contents Introduction... 2 Cloud Providers... 3 Cloud Components...

More information

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad

More information

Data Security in a Mobile, Cloud-Based World

Data Security in a Mobile, Cloud-Based World Data Security in a Mobile, Cloud-Based World Jacob Buckley-Fortin CEO ehana What we ll cover Trends Risks Recommendations 1 Trends Mobile Has Taken Over Trend #1 2 3 450 million users worldwide Adopted

More information

Why Email Encryption is Essential to the Safety of Your Business

Why Email Encryption is Essential to the Safety of Your Business Why Email Encryption is Essential to the Safety of Your Business What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations

More information

The Cloud, Virtualization, and Security

The Cloud, Virtualization, and Security A Cloud: Large groups of remote servers that are networked to allow centralized, shared data storage and online access to computer services or resources A Cloud: Large groups of remote servers that are

More information

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals

More information

About me & Submission details

About me & Submission details About me & Submission details Parveen Yadav Security Researcher aka Ethical Hacker. Working as a Freelancer. White Hat Hacking work. Few Recognitions :- Got listed my name in Google Hall of fame,amazon,paypal,adobe

More information

New Risks in the New World of Emerging Technologies

New Risks in the New World of Emerging Technologies New Risks in the New World of Emerging Technologies Victor Chu Client Technical Professional Identity, Security, and Compliance Management Software Group IBM Malaysia Risk it s NOT a four simple letter

More information

BYOD & MOBILE SECURITY

BYOD & MOBILE SECURITY 2013 surve y results BYOD & MOBILE SECURITY Group Partner Information Security Sponsored by Symantec KPMG Zimbani MailGuard INTRODUCTION Welcome to the 2013 BYOD & Mobile Security Report! Bring Your Own

More information

Cloud-Security: Show-Stopper or Enabling Technology?

Cloud-Security: Show-Stopper or Enabling Technology? Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

CLOUD COMPUTING: WHAT YOU SHOULD KNOW

CLOUD COMPUTING: WHAT YOU SHOULD KNOW CLOUD COMPUTING: WHAT YOU SHOULD KNOW There is hardly a topic creating more of a buzz in software industry, than the Cloud. Cloud computing is a dramatic shift in the way we think about providing computing

More information

What Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen

What Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen What Is The Cloud And How Can Your Agency Use It Tom Konop Mark Piontek Cathleen Christensen Video Computer Basics: What is the Cloud What is Cloud Computing Cloud Computing Basics The use of the word

More information

Cloud Security:Threats & Mitgations

Cloud Security:Threats & Mitgations Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One End User Security, IS Control Evaluation & Self- Assessment Information Security Trends and Countermeasures

More information

Managing Mobile Devices in a Device-Agnostic World Finding and Enforcing a Policy That Makes Business Sense

Managing Mobile Devices in a Device-Agnostic World Finding and Enforcing a Policy That Makes Business Sense SAP White Paper SAP Partner Organization Mobile Device Management Managing Mobile Devices in a Device-Agnostic World Finding and Enforcing a Policy That Makes Business Sense Table of Content 4 Mobile Device

More information

Hands on, field experiences with BYOD. BYOD Seminar

Hands on, field experiences with BYOD. BYOD Seminar Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl

More information

Westcon Presentation on Security Innovation, Opportunity, and Compromise

Westcon Presentation on Security Innovation, Opportunity, and Compromise Westcon Presentation on Security Innovation, Opportunity, and Compromise Christian A. Christiansen Program Vice President IDC Security Products & Services What s Happening with Threats? 1.5B 80% 33% $1.3M

More information

Bringing Continuous Security to the Global Enterprise

Bringing Continuous Security to the Global Enterprise Bringing Continuous to the Global Enterprise Asset Discovery Network Web App Compliance Monitoring Threat Protection The Most Advanced Platform 3+ Billion IP Scans/Audits a Year 1+ Trillion Events The

More information

Cloud Security Enterprise Concerns and Mitigations. November 3 rd 2015

Cloud Security Enterprise Concerns and Mitigations. November 3 rd 2015 Cloud Security Enterprise Concerns and Mitigations November 3 rd 2015 Biography Javed Samuel - Technical Director at NCC Group Lead Training Services Technical Account Manager for various clients Deliver

More information

D. L. Corbet & Assoc., LLC

D. L. Corbet & Assoc., LLC Demystifying the Cloud OR Cloudy with a Chance of Data D. L. Corbet & Assoc., LLC thelinuxguy@donet.com Why 'The Cloud' Common Clouds Considerations and Risk Why 'The Cloud' Distributed Very Large / Very

More information

White Paper - Crypto Virus. A guide to protecting your IT

White Paper - Crypto Virus. A guide to protecting your IT White Paper - Crypto Virus A guide to protecting your IT Contents What is Crypto Virus?... 3 How to protect yourself from Crypto Virus?... 3 Antivirus or Managed Agents... 3 Enhanced Email Services & Extra

More information

Compliance and Cloud Computing

Compliance and Cloud Computing Compliance and Cloud Computing Balaji Palanisamy Director, Southwest- US Coalfire Systems, Inc. July 24, 2014 Agenda Introduction Cloud Computing Basics Cloud Computing Threats Security vs. Compliance

More information

Cloud computing: benefits, risks and recommendations for information security

Cloud computing: benefits, risks and recommendations for information security Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

Cloud Computing. Cloud Computing An insight in the Governance & Security aspects

Cloud Computing. Cloud Computing An insight in the Governance & Security aspects Cloud Computing An insight in the Governance & Security aspects AGENDA Introduction Security Governance Risks Compliance Recommendations References 1 Cloud Computing Peter Hinssen, The New Normal, 2010

More information

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide

More information

AB 1149 Compliance: Data Security Best Practices

AB 1149 Compliance: Data Security Best Practices AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California

More information

Understanding Financial Cloud Services

Understanding Financial Cloud Services Understanding Financial Cloud Services A Complete Guide for Hedge Funds About RFA RFA (Richard Fleischman & Associates) has been a Financial Cloud and trusted technology partner to our financial services

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing

More information

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment

More information

FOR THE FUTURE OF DATA CENTERS?

FOR THE FUTURE OF DATA CENTERS? WHAT DOES THE CLOUD MEAN FOR THE FUTURE OF DATA CENTERS? A WHITEPAPER BROUGHT TO YOU BY SEI WHAT DOES THE CLOUD MEAN FOR THE FUTURE OF DATA CENTERS? files via the Internet to a hard drive located in a

More information

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com

More information

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them?

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them? Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com Smartphones and BYOD: what are the risks and how do you manage them? Tablets on the rise 2 Diverse 3 The Changing Mobile World Powerful devices

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

How To Protect Yourself From Cyber Threats

How To Protect Yourself From Cyber Threats Cyber Security for Non- Profit Organizations Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3 May 2015 Agenda IT Security Basics e- Discovery Compliance Legal Risk Disaster Plans Non- Profit

More information

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination

More information

Top 10 Cloud Risks That Will Keep You Awake at Night

Top 10 Cloud Risks That Will Keep You Awake at Night Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com

More information

Protect Yourself in the Cloud Age

Protect Yourself in the Cloud Age Protect Yourself in the Cloud Age Matthew Wu Consultant Hong Kong Computer Emergency Response Team Coordination Centre About HKCERT HKCERT ( 香 港 電 腦 保 安 事 故 協 調 中 心 ) Established in 2001 Funding & Operation

More information

White Paper: The Current State of BYOD

White Paper: The Current State of BYOD CTOlabs.com White Paper: The Current State of BYOD May 2012 A White Paper providing context and guidance you can use Inside: Snapshot of a fast moving trend Summary of recent surveys Considerations for

More information

Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald

Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald About DN-Systems Global Consulting and Technology Services Planning Evaluation Auditing Operates own Security Lab Project Management Integral

More information

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways

More information

Brainloop Cloud Security

Brainloop Cloud Security Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

More information

Global Corporate IT Security Risks: 2013

Global Corporate IT Security Risks: 2013 Global Corporate IT Security Risks: 2013 May 2013 For Kaspersky Lab, the world s largest private developer of advanced security solutions for home users and corporate IT infrastructures, meeting the needs

More information

EMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST

EMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST EMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST Enabling user efficiency with a cloud-based email platform With productivity, revenues and reputation at stake, an

More information

Addressing Security for Hybrid Cloud

Addressing Security for Hybrid Cloud Addressing Security for Hybrid Cloud Sreekanth Iyer Executive IT Architect IBM Cloud (CTO Office) Email : sreek.iyer@in.ibm.com Twitter: @sreek Blog: http://ibm.co/sreek July 18, 2015 Cloud is rapidly

More information

Summary of the State of Security

Summary of the State of Security Summary of the State of Security Tram Jewett, CISA CliftonLarsonAllen LLP Virginia GFOA Annual Spring Conference, 2016 1 1 Summary of the State of Security Tram Jewett, MS., CISA, 11 years IT audit and

More information

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

Securing the Cloud infrastructure with IBM Dynamic Cloud Security Securing the Cloud infrastructure with IBM Dynamic Cloud Security Ngo Duy Hiep Security Brand Manager Cell phone: +84 912216753 Email: hiepnd@vn.ibm.com 12015 IBM Corporation Cloud is rapidly transforming

More information

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data

More information

PCI Compliance for Healthcare

PCI Compliance for Healthcare PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

4 Steps to Effective Mobile Application Security

4 Steps to Effective Mobile Application Security Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional

More information

Mobile Device Management in the Systems Management Ecosystem. Katie Wiederholt, Dell Software

Mobile Device Management in the Systems Management Ecosystem. Katie Wiederholt, Dell Software Mobile Device Management in the Systems Management Ecosystem Katie Wiederholt, The forces driving change in mobility Agenda The journey to MDM Where do we want to be and mobile security technologies 2

More information

CLOUD COMPUTING SECURITY CONCERNS

CLOUD COMPUTING SECURITY CONCERNS CLOUD COMPUTING SECURITY CONCERNS ABSTRACT ASMA GULAM MOHAMED Saveetha School of Engineering Cloud computing is set of resources including data storage, programs and hardware offered through the Internet.

More information

Agenda. What is cloud? Cloud based services The Good bad and Ugly.. Anatomy of a cloud Guidelines for you

Agenda. What is cloud? Cloud based services The Good bad and Ugly.. Anatomy of a cloud Guidelines for you Agenda What is cloud? Cloud based services The Good bad and Ugly.. Anatomy of a cloud Guidelines for you What is Cloud Computing? Compute as a utility: third major era of computing Cloud enabled by Moore

More information

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?

More information

Cloud Security Who do you trust?

Cloud Security Who do you trust? Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud

More information

Hope for the best, prepare for the worst:

Hope for the best, prepare for the worst: Hope for the best, prepare for the worst: Why your customers will demand self-service back-up Presented by Ridley Ruth, COO Breaking News Yahoo email Accounts were hacked in Jan 2014 (Washington Post)

More information

Ensuring security the last barrier to Cloud adoption

Ensuring security the last barrier to Cloud adoption Ensuring security the last barrier to Cloud adoption Publication date: March 2011 Ensuring security the last barrier to Cloud adoption Cloud computing has powerful attractions for the organisation. It

More information

How To Protect Your Cloud Computing Resources From Attack

How To Protect Your Cloud Computing Resources From Attack Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview

More information

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015 Identity & Management The Cloud Perspective Andrea Themistou 08 October 2015 Agenda Cloud Adoption Benefits & Risks Security Evolution for Cloud Adoption Securing Cloud Applications with IAM Securing Cloud

More information

Mobile Security: Controlling Growing Threats with Mobile Device Management

Mobile Security: Controlling Growing Threats with Mobile Device Management Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work

More information

EXECUTIVE BRIEF PON SPON. The Cloud Application Explosion. Published April 2013. An Osterman Research Executive Brief. sponsored by.

EXECUTIVE BRIEF PON SPON. The Cloud Application Explosion. Published April 2013. An Osterman Research Executive Brief. sponsored by. EXECUTIVE BRIEF PON Explosion An Osterman Research Executive Brief Published April 2013 sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA Tel:

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

Digital Barracuda Information Security Reports that the Risk from Viruses and Worms is Only the Tip of the Iceberg FACT SHEET

Digital Barracuda Information Security Reports that the Risk from Viruses and Worms is Only the Tip of the Iceberg FACT SHEET Digital Barracuda Information Security Worms is Only the Tip FACT SHEET from Viruses and Worms is Only the Tip Do you have security with teeth? You had better, because if the worms don t get you, the viruses

More information

IT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA

IT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA IT TRENDS AND FUTURE CONSIDERATIONS Paul Rainbow CPA, CISA, CIA, CISSP, CTGA AGENDA BYOD Cloud Computing PCI Fraud Internet Banking Questions The Mobile Explosion Mobile traffic data in 2011 was nearly

More information

Password Management Evaluation Guide for Businesses

Password Management Evaluation Guide for Businesses Password Management Evaluation Guide for Businesses White Paper 2016 Executive Summary Passwords and the need for effective password management are at the heart of the rise in costly data breaches. Various

More information

Google Identity Services for work

Google Identity Services for work INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new

More information

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper Safeguarding data through increased awareness November 2015 1 Contents Executive Summary 3 Introduction 4 Martime Security 5 Perimeters Breached

More information

ITAR Compliance Best Practices Guide

ITAR Compliance Best Practices Guide ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations

More information

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure

More information

How To Deal With A Converged Threat From A Cloud And Mobile Device To A Business Or A Customer'S Computer Or Network To A Cloud Device

How To Deal With A Converged Threat From A Cloud And Mobile Device To A Business Or A Customer'S Computer Or Network To A Cloud Device Ten Tips for Managing Risks on Convergent Networks The Risk Management Group April 2012 Sponsored by: Lavastorm Analytics is a global business performance analytics company that enables companies to analyze,

More information

BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective

BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective Kit Colbert CTO, End-User Computing 2014 VMware Inc. All rights reserved. VMware: Addressing the Market From Data Center

More information

1. Understanding Big Data

1. Understanding Big Data Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview Erik Luysterborg Partner, Deloitte EMEA Data Protection & Privacy leader Prague, SCCE, March 22 nd 2016 1. 2016 Deloitte

More information

Cloud Backup and Recovery for Endpoint Devices

Cloud Backup and Recovery for Endpoint Devices Cloud Backup and Recovery for Endpoint Devices Executive Summary Armed with their own devices and faster wireless speeds, your employees are looking to access corporate data on the move. They are creating,

More information