Security for the Cloud of Clouds

Size: px

Start display at page:

Download "Security for the Cloud of Clouds"

Leona McKenzie
8 years ago
Views:

1 Security for the Cloud of Clouds Ramy Houssaini. Vice President, BT Security Europe. RamyHoussaini strategicleadership

BT has 14 global Security Operations Centres (SOCs) and +250 customer specific operations.

2 About BT Security BT s end to end Security portfolio integrates classic perimeter security with the latest identity, mobility, and cloud solutions. A trusted security provider for over 1500 global customers. BT has 14 global Security Operations Centres (SOCs) and +250 customer specific operations. 500 security professionals in Europe and 2,300 around the world. BT provides security services to all of these global organisations and more: 2

3 Security and the cloud: the discussion captured in an economist debate. May 26th 2015 to Jun 5th 2015

5 The changing threat landscape We used to send a gunboat up the river, now we send a hacker.

6 The changing impact

8 Top 5 concerns Data access from mobile devices. Access control & identity management. Ongoing compliance concerns. Co-mingling of customer data. Security standards & certifications.

9 Identity is necessary for security. Most frequent attack vector & point of control. 80 % 84 % 76 % Attacks target weak passwords Target user interaction Exploit stolen credentials Source: 2013 Verizon Data Breach Investigations Report Source: 2013 Verizon Data Breach Investigations Report Source: 2013 Verizon Data Breach Investigations Report

10 Laws with data residency considerations. United Kingdom USA Federal GLBA, HIPAA, COPPA, Do Not Call, Safe Harbor, US Patriot Act Canada PIPEDA,US Patriot ICO Privacy and Electronic Communications Regulations European Union EU Data Protection Directive, State Data Protection Laws South Korea Network Utilization and Data Protection Act Japan Personal Information Protection Act Chile Law for the Protection of Private Life US States Breach notification in 39 states Argentina Personal Data Protection Law, Information Confidentiality Law South Africa Electronic Communications and Transactions Act India Pending Laws under discussion Hong Kong Personal Data Privacy Ordinance Australia National Privacy Principals, State Privacy Bills, Spam and Privacy Bills Taiwan Computer-Processed Personal Data Protection Philippines Propose Data Privacy Law Privacy Act New Zealand

11 A word on Safe Harbour. Get visibility into exactly what data is moving outside of your network and where. Discover shadow clouds, inventory (potentially) sanctioned clouds, and determine where all the data centres are and which ones need to get compliant. Take proactive steps to tokenize data to ensure compliance with prevailing EU data privacy regulations. Tokenization is considered by many to be the de facto standard to address data privacy and compliance since tokens have no mathematical relationship to the original clear text sensitive data and no possibility of back doors/trap doors. The regulatory and data privacy landscape will continue to change, so future proof your IT and cloud infrastructure to allow you the flexibility to quickly adapt to evolving regulations, for example, by parsing, anonymising and encrypting data. As an enterprise, make sure you are taking responsibility for implementing ways to share data in an anonymised fashion that still allows you to get the insights you need without violating individual privacy specifications. Protected in all 3 phases of the cloud data lifecycle: in transit, at rest and in use. A ship in harbor is safe, but that is not what ships are built for. J. A. Shedd.

12 The future of attacks. Likely to increase with more sophisticated methods used to defeat advancing defences. Increase in social media and apps as a method of attack. Use of trusted technology e.g. SMS or voice mail to trick users into Phishing sites. Accessing personal information to damage reputations or facilitate fraud. SCADA probing and exploration of control system attacks terrorism. Continued DDoS and increases in intellectual property loss.

13 The future of attacks. Likely to increase with more sophisticated methods used to defeat advancing defences. Increase in social media and apps as a method of attack. Use of trusted technology e.g. SMS or voice mail to trick users into Phishing sites. Accessing personal information to damage reputations or facilitate fraud. SCADA probing and exploration of control system attacks terrorism. Continued DDoS and increases in Intellectual Property Loss. Predominance of Phishing: Still a leading method. 90% 1 victim. 23% open. 11% click. 85% of cyber-attacks start with an .

14 The future of attacks Likely to increase with more sophisticated methods used to defeat advancing defences. Increase in social media and apps as a method of attack. Use of trusted technology e.g. SMS or voice mail to trick users into Phishing sites. Accessing personal information to damage reputations or facilitate fraud. Convergence of cyber crime and fraud will make PII even more valuable. SCADA probing and exploration of control system attacks terrorism. Continued DDoS and increases in Intellectual Property Loss.

15 BT s Cloud of Clouds strategy Cloud of Clouds is a Network Service Integration model for the modern business. We ve gathered together the services of all the major cloud providers with our own. We ve built our data centres in the locations you need them and we ve brought our partners services onto our network.

16 Control + visibility = trust. The BT framework for securing the Cloud of Clouds. 16

17 Cloud of Clouds for security.

18 Analytics. Moving from Perimeter Protection to smoke detection. We are not only looking for direct known indicators of compromise, we are looking for the nuances, the hints, the subtle changes deviation from normal what is your normal? Companies are quickly moving more towards the full packet / data capture level for visibility. Stealthier attacks require more data, to be held longer for persistent threat analysis and timeline. Ensure we use people and process as well as technology and don t forget integration! Controlling data across logical and physical boundaries to get the full picture without backhauling it to the middle. Leveraging the use of Big Data to best effect, not for the sake using it.

19 BT Assure portfolio cyber. 19 Assure Cyber. BT Assure Cyber offers comprehensive and fully integrated cyber security for large organisations. Our cyber platform puts the vast amounts of data across your organisation at the fingertips of your cyber analysts.

20 Visual analytics: massively scalable stream-based architectures. Agile fusion of information feeds from multiple sources. Artificial intelligence-based knowledge management and interactive visualisation. Interactive human/machine data analysis for identifying patterns or links. Enabling automatic notification of: Failures Anomalies Potential threats Attacks. BT Assure Analytics.

22 22

23 MANAGE THE RISK

24 PREVENT THE THREATS

25 ACCELERATE YOUR CLOUD STRATEGY

26 SECURE YOUR CLOUD

27 Questions?

28 bt.com/globalservices

Can Cloud Providers Guarantee Data Privacy & Sovereignty?

Can Cloud Providers Guarantee Data Privacy & Sovereignty? Andrew Bartlam, VP EMEA Business Development Cloud Exo Europe 11 th Marcg 2015 2014 CipherCloud All rights reserved. 2014 CipherCloud All rights