Protect Yourself in the Cloud Age

Similar documents

AT&T Global Network Client for Windows Product Support Matrix January 29, 2015

Hong Kong Information Security Outlook 2015 香港資訊保安展望

Information Security Threat Trends

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH Agenda. Security Cases What is Cloud? Road Map Security Concerns

Current counter-measures and responses by CERTs

Case 2:08-cv ABC-E Document 1-4 Filed 04/15/2008 Page 1 of 138. Exhibit 8

Analysis One Code Desc. Transaction Amount. Fiscal Period

Enhanced Vessel Traffic Management System Booking Slots Available and Vessels Booked per Day From 12-JAN-2016 To 30-JUN-2017

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions

Deep Security/Intrusion Defense Firewall - IDS/IPS Coverage Statistics and Comparison

Is Your SSL Website and Mobile App Really Secure?

Deep Security Intrusion Detection & Prevention (IDS/IPS) Coverage Statistics and Comparison

Consumer ID Theft Total Costs

Jumpstarting Your Security Awareness Program

Computing & Telecommunications Services Monthly Report March 2015

Cloud Web-Based Operating System (Cloud Web Os)

Tutorial on Smartphone Security

Hands on, field experiences with BYOD. BYOD Seminar

Cybersecurity Practices of Ohio Investment Advisers; A Summary of Survey Responses

Internet threats: steps to security for your small business

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

GlobalSign Malware Monitoring

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One

John Essner, CISO Office of Information Technology State of New Jersey

Incident Response. Proactive Incident Management. Sean Curran Director

Egress Switch Best Practice Security Guide V4.x

Cloud Computing TODAY S TOPICS WHAT IS CLOUD COMPUTING? ICAC Webinar Cloud Computing September 4, What Cloud Computing is and How it Works

Continuous compliance through good governance

EMC Software Release and Service Dates for NetWorker and NetWorker Modules Last Updated on August 16, 2012

Introduction to Cloud Storage GOOGLE DRIVE

SD Monthly Report Period : August 2013

Ashley Institute of Training Schedule of VET Tuition Fees 2015

Centers of Academic Excellence in Cyber Security (CAE-C) Knowledge Units Review

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

D. L. Corbet & Assoc., LLC

AgriLife Information Technology IT General Session January 2010

End of Life Content Report November Produced By The NHS Choices Reporting Team

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

Cloud Security Overview

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in

Glasnost or Tyranny? You Can Have Secure and Open Networks!

The Education Fellowship Finance Centralisation IT Security Strategy

ARIS 9 Highlights and Outlook

Perkhidmatan Kerajaan Pintar : Meningkatkan Kepuasan Pelanggan

Mobile Security Framework; Advances in Mobile Governance in Korea. TaeKyung Kim

Defense Media Activity Guide To Keeping Your Social Media Accounts Secure

Using big data analytics to identify malicious content: a case study on spam s

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

Manual for Android 1.5

Deep Security Vulnerability Protection Summary

Cisco & Big Data Security

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security

Cost effective methods of test environment management. Prabhu Meruga Director - Solution Engineering 16 th July SCQAA Irvine, CA

Spine Warranted Environment Specification

Cyber Self Assessment

Computer Forensics and Incident Response in the Cloud. Stephen Coty AlertLogic, AlertLogic_ACID

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Protecting against Mobile Attacks

Getting Familiar With Android

Cloud-Security: Show-Stopper or Enabling Technology?

December P Xerox App Studio 3.0 Information Assurance Disclosure

Management and Storage of Sensitive Information UH Information Security Team (InfoSec)

USER MANUAL. v Windows Client January

IT Security Incident Management Policies and Practices

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

Information Shield Solution Matrix for CIP Security Standards

EMC Software Release and Service Dates for NetWorker and NetWorker Modules Last Updated on February 21, 2013

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

Five keys to a more secure data environment

A!Team!Cymru!EIS!Report:!Growing!Exploitation!of!Small! OfCice!Routers!Creating!Serious!Risks!

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager

Transcription:

Protect Yourself in the Cloud Age Matthew Wu Consultant Hong Kong Computer Emergency Response Team Coordination Centre

About HKCERT HKCERT ( 香港電腦保安事故協調中心 ) Established in 2001 Funding & Operation 100% funded by the HKSAR Government Operated by HKPC Role Local constituency: Internet Users and SME International: POC of cyber security incidents

Services Incident Response Cross Border Coordination Early Warning and Advices Awareness Promotion

HKCERT Statistics

Security Incident Reports Handled 1,593 961 980 810 1,050 +30% +52% 2009 2010 2011 2012 2013

Distribution of Security Incident Reports Handled Others, 13 Defacement, 214 Botnet, 423 Phishing, 384 DDoS, 55 Malware, Hacking, Scanning, 504 Involving smartphone = 37

Invisible Bots (Unreported compromised computers) 9,575 Mostly home computers 8,657 8,374 Q2 2013 Q3 2013 Q4 2013

Assist Bot Clean Up Work with ISPs to clean up unreported bots Provide steps and tools for users https://www.hkcert.org/botnet Content Management System (CMS) - Joomla - Wordpress

Incident in the Cloud Do incidents happen in the Cloud? What is it?? 11,491 news articles on cloud computing-related outages from 39 news sources between Jan 2008 and Feb 2012 were reviewed. The investigation revealed that the top three threats were 1. Insecure Interfaces & APIs 2. Data Loss & Leakage 3. Hardware Failure These three threats accounted for 64% of all Cloud outage incidents Source: CSA Cloud Computing Vulnerability Incidents: A Statistical Overview

Incident in the Cloud 25 % of reported cloud incident did not reveal the causes of the outages. Now cloud service providers became more transparent with their reports of incidents.

Service Status Dashboard

Outage of Cloud Services Providers 2013 Amazon (Jan, Aug, Sep) Dropbox (Jan, May) Facebook (Jan, Jun) Microsoft Office 365 and Outlook.com (Jan, Aug, Nov) Microsoft Azure cloud (Feb, Nov) Google Drive (Mar) CloudFlare (Mar) Twitter (Jun) Google Services (Jul, Aug, Sep) Apple icloud (Aug) Verizon (Oct) Yahoo Mail (Dec) Source: InfoWorld

Cloud Service Providers

How to protect yourself "Information Security Starts from Me 資訊保安從我做起 "

How to protect yourself How do you manage a cloud service? Client PC (Windows, Mac, Linux or mobile devices ) Web Browser Customized GUI client (provided by CSP) Mobile Apps

How to protect yourself Baseline Update security and software patch regularly (Operating system, Web Browser and application software) Do not root or jailbreak devices Update GUI Client provided by service providers Install security software (PC and mobile devices)

How to protect yourself Identification and Authentication Use 2 Factor authentication (if available) Use strong password for each account Do not share user account Use different passwords for different accounts. Change password periodically. Review account privilege regularly. Disable or delete account if not in use.

How to protect yourself Data Protection Data classification - Assess the risk before you store data on Cloud Ownership of the data on the cloud Use encryption (SSL) when transmit data between office and cloud Encrypt the data on cloud if available (be careful of key management) or encrypt by yourself Backup and restore (online and offline) Compatibility on data format or application API

How to protect yourself Access Use only trustworthy devices to administrate or access cloud services. Access permission (system and data level) Log off the cloud service after use

How to protect yourself Monitoring Health status / outage monitoring Performance Incident management Logging (unauthorized access)

How to protect yourself Contingency Plan Outage of internet connection Backup connection? Outage of cloud service provider Switch to alternative geo location or backup cloud service provider? Switch to private cloud? Emergency contact Help desk support (24x7?)

To learn more about Cloud Computing InfoCloud ( 雲資訊 ) http://www.infocloud.gov.hk/ Cloud Security Alliance https://cloudsecurityalliance.org/

Security Guideline https://www.hkcert.org/security-guideline Security Tools https://www.hkcert.org/security-tools Mobile Security Tools https://www.hkcert.org/mobile-security-tools HKCERT Mobile App Search by keyword: HKCERT

Thank You HKCERT Contact 8105-6060 (24 hrs) hkcert@hkcert.org www.hkcert.org/