Click here to load reader

Secure Cloud Hosting: Real Requirements to Protect your Data

  • View
    397

  • Download
    3

Embed Size (px)

DESCRIPTION

FireHost's Senior Security Engineer will discuss the need for acute awareness to secure data in the Cloud, and how the advancement of the environment has also accelerated the way this technology can be breached. The session will also include case studies on attacks and what you need to be asking yourself and your provider.

Text of Secure Cloud Hosting: Real Requirements to Protect your Data

2. Secure Cloud HostingReal Requirements To Protect Your Data 3. WHAT IS THE CLOUD?One Word, Infinite DefinitionsSecure Cloud Hosting: Real Requirements to Protect Your Data 4. WHY THE CLOUD?It Far Outweighs The Alternatives Cost savings with virtualization Getting out the Hardware and softwaremanagement business Ease and speed of scaling Niche cloud service providers that arespecializing in secure cloud hostingSecure Cloud Hosting: Real Requirements to Protect Your Data 5. WHO IS MOVING TO THE CLOUD?Google Trends Search Volume ON THE RISECloud HostingCloud Security Google Trend Screens Scale is based on the average search traffic in the WorldSecure Cloud Hosting: Real Requirements to Protect Your Data 6. WHO IS MOVING TO THE CLOUD?Google Trends Search Volume ON THE DECLINEDedicated Hosting Scale is based on the average search traffic in the WorldSecure Cloud Hosting: Real Requirements to Protect Your Data 7. CAN THE CLOUD BE SECURE?Just The Facts PleaseWe are often asked whether the Cloud factors into many of the breaches we investigate. The easy answer is Nonot really. Its more about giving up control of our assets and data (and not controlling the associated risk) than any technology specific to the Cloud.Location/Hosting of assets by percent of breaches* 6% 6% 14% 76% N/A Co-LocatedExternal Internal 2% Unknown1% MobileManagement of assets by percent of breaches* 5%16%34%48% N/ACo-Managed External Internal2% UnknownSecure Cloud Hosting: Real Requirements to Protect Your Data *Verizon caseload only 8. CAN THE CLOUD BE SECURE?Just The Facts PleaseGiven the industrys hyper-focus on cloud computing, we do our best to track relevant details during breach investigations and subsequent analysis. We have yet to see a breach involving a successful attack against the hypervisor. Attack targeting by percent of breaches*Attack difficulty by percent of breaches* HighNone8% 6%17% Targeted37%Low49% 83%Medium OpportunisticSecure Cloud Hosting: Real Requirements to Protect Your Data *Verizon caseload only 9. HOW CAN YOU CREATE ISOLATION?Separating Your Data Network Traffic Separation Virtual Machine Isolation Storage Separation Multi-tenant Security DevicesSecure Cloud Hosting: Real Requirements to Protect Your Data 10. KEEPING HACKERS AT BAYProtecting Your Web Application Security in your SDLC Code Review Vulnerability Scanning Penetration Testing Change ManagementSecure Cloud Hosting: Real Requirements to Protect Your Data 11. SECURITY IN DEPTHWeb Application Firewalls Security in Depth Firewalls=sledgehammer WAFs=scalpel Signatures and Profiling Virtual Patching 0-day MitigationSecure Cloud Hosting: Real Requirements to Protect Your Data 12. CASE STUDYTimThumb Wordpress Plugin Image Resizing Plugin for Wordpress Blogs Included In Many Themes 0-Day Remote File Include Exploit Flawed Logic allowed trivial RFISecure Cloud Hosting: Real Requirements to Protect Your Data 13. 13 14. FIX ALL THE THINGSVirtually Instant Patching Applying a single patch Secured Many Allowed Adequate Time Provided Security / Preserved FunctionalitySecure Cloud Hosting: Real Requirements to Protect Your Data 15. IN CONCLUSIONCloud Security Is Not A Myth Traditional infrastructure is no more secure than the cloud. Tackle the low-hanging fruit first. Your application evolves. So should your security.Secure Cloud Hosting: Real Requirements to Protect Your Data 16. Thank You Questions?Chris Hinkley Email [email protected] twitter.com/FireHost

Search related