SlideShare a Scribd company logo

Myths & Realities of Cloud Data Security

Download as PPTX, PDF
Michael Krouze
Michael Krouze

Debunking some of the "sound bite" myths around Cloud Data Security. Presentation done for the MinneAnalytics "Life Science Lean-In: Analytics & Big Data in Healthcare & Life Science"

TechnologyBusiness
1 of 24
Myths & Realities of Cloud Data Security Michael J. Krouze Chief Technology Officer Charter Solutions, Inc. © 2012
“All our knowledge has its origins in our perceptions.” - Leonardo da Vinci “The first step toward change is awareness. The second step is acceptance.” - Nathaniel Branden “The thing about quotes on the internet is you can not confirm their validity.” - Abraham Lincoln Copyright © 2013, Charter Solutions, Inc. 2.
We don’t use the cloud. Copyright © 2013, Charter Solutions, Inc. 3.
Copyright © 2013, Charter Solutions, Inc. 4.
• Files are encrypted at rest • Files are encrypted during transit • Provide “business” version that allows multiple user access control • Strict policy and technical access controls that prohibit employee access • Users can have weak passwords • Files are ‘synced’ to multiple devices • API allows programs to access your files (with permission) • Always use strong passwords • Encrypt files before you put them there and only share key with the other people who should see that file • Never give permission for API access Copyright © 2013, Charter Solutions, Inc. 5.
Yes, your organization uses the cloud… you just may not know it. Copyright © 2013, Charter Solutions, Inc. 6.
The cloud simply cannot be secure. The cloud isn't safe. If it's on the Internet, it's more vulnerable to hackers. Data stored in the cloud is more vulnerable. My provider has my security covered. Copyright © 2013, Charter Solutions, Inc. Private cloud computing is secure by default. 7.
Security is a Shared Responsibility On-Premise On-Premise (hosted) IaaS PaaS SaaS Application Application Application Application Application Services Services Services Services Services OS OS OS OS OS VM VM VM VM VM Server Server Server Server Server Storage Storage Storage Storage Storage Network Network Network Network Network Organization has Control Copyright © 2013, Charter Solutions, Inc. Organization Shares Control with Vendor Vendor has Control 8.
Industry Groups Targeted Accommodation and Food Services Retail Trade Finance and Insurance Health Care and Social Assistance Information Other 0 10 20 30 40 % of Breaches 50 60 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 9.
Who’s Behind Data Breaches? External Agents Internal Employees Business Partners 0 20 40 60 % of Breaches 80 100 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 10.
Threat Agent Change Over Time 100 90 % of Breaches 80 70 60 50 40 30 20 10 0 '04-'07 2008 External 2009 Internal 2010 2011 Partner Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 11.
How Do Breaches Occur? Hacking Malware Physical Attacks Social Tactics Priviledge Misuse 0 20 40 60 % of Breaches 80 100 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 12.
Attack Commonalities 97% 96% 94% 92% 85% 79% Avoidable through simple or intermediate controls Were not highly difficult Of all data compromised involved servers Were discovered by a third party Took weeks or more to discover Were targets of opportunity Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 13.
Hacking Methods Default/guessable credentials Stolen login credentials Brute force/dictionary attacks Exploit backdoor Exploit insufficient authentication SQL Injection Remote file inclusion Abuse of functionality Unknown 0 10 20 30 40 % of Breaches 50 60 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 14.
Not Just About Data Encryption Public Network SSL Encrypted Application Private Network Clear Text Data Database Storage System OS File System Encrypted at Rest Copyright © 2013, Charter Solutions, Inc. 15.
It’s not that the cloud isn’t secure… It’s that you need to think differently about how to secure it Copyright © 2013, Charter Solutions, Inc. 16.
My datacenter is more secure than the cloud. Copyright © 2013, Charter Solutions, Inc. 17.
A little obvious after the last myth Security is often taken for granted behind the firewall Copyright © 2013, Charter Solutions, Inc. 18.
Data Breaches by Hosting Location Internal External Co-located Mobile 0 10 20 30 40 50 % of Breaches 60 70 80 90 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 19.
Your datacenter (on-premise or cloud) is only as secure as you make it! Both can be equally secure or insecure. Copyright © 2013, Charter Solutions, Inc. 20.
Concluding thoughts… Copyright © 2013, Charter Solutions, Inc. 21.
Understand your data risks & security needs Establish a set of cloud-specific security processes / policies Copyright © 2013, Charter Solutions, Inc. 22.
Review cloud vendors closely to ensure their sphere of control aligns with your cloud-specific processes / policies Implement, monitor, react, review, improve Copyright © 2013, Charter Solutions, Inc. 23.
Thank You! michael.krouze@chartersolutions.com http://www.linkedin.com/in/mjkrouze @mjkrouze Copyright © 2013, Charter Solutions, Inc. 24.

Recommended

Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Aviva Spectrum™
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Enabling Dropbox for Business
Enabling Dropbox for BusinessEnabling Dropbox for Business
Enabling Dropbox for BusinessElastica Inc.
 
Shadow Data Exposed
Shadow Data ExposedShadow Data Exposed
Shadow Data ExposedElastica Inc.
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computingManoj VNV
 
Health information security 2 : Basic concepts
Health information security 2 : Basic conceptsHealth information security 2 : Basic concepts
Health information security 2 : Basic conceptsDr. Lasantha Ranwala
 
Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Varonis
 
How to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxHow to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxElastica Inc.
 

Recommended

Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Aviva Spectrum™
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Enabling Dropbox for Business
Enabling Dropbox for BusinessEnabling Dropbox for Business
Enabling Dropbox for BusinessElastica Inc.
 
Shadow Data Exposed
Shadow Data ExposedShadow Data Exposed
Shadow Data ExposedElastica Inc.
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computingManoj VNV
 
Health information security 2 : Basic concepts
Health information security 2 : Basic conceptsHealth information security 2 : Basic concepts
Health information security 2 : Basic conceptsDr. Lasantha Ranwala
 
Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Varonis
 
How to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxHow to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxElastica Inc.
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A FootholdClaranet UK
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guideanpapathanasiou
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
Health information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskHealth information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskDr. Lasantha Ranwala
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeCore Security
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103Jack McCullough
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices Cloudride LTD
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorCONFENIS 2012
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackCybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackShawn Tuma
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thUnited Technology Group (UTG)
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistJignesh Solanki
 
IT system security principles practices
IT system security principles practicesIT system security principles practices
IT system security principles practicesgufranresearcher
 
Lukas - Ancaman E-Health Security
Lukas - Ancaman E-Health SecurityLukas - Ancaman E-Health Security
Lukas - Ancaman E-Health SecurityIndonesia Honeynet Chapter
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatETech 7
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePace IT at Edmonds Community College
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsKim Jensen
 
'Advanced' Link Building
'Advanced' Link Building'Advanced' Link Building
'Advanced' Link BuildingIan Lurie
 
Sesion 2
Sesion 2Sesion 2
Sesion 2Luis Molina
 

More Related Content

What's hot

Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A FootholdClaranet UK
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
Health information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskHealth information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskDr. Lasantha Ranwala
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeCore Security
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103Jack McCullough
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices Cloudride LTD
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorCONFENIS 2012
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackCybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackShawn Tuma
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thUnited Technology Group (UTG)
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistJignesh Solanki
 
IT system security principles practices
IT system security principles practicesIT system security principles practices
IT system security principles practicesgufranresearcher
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatETech 7
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsKim Jensen
 

What's hot (20)

Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A Foothold
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen?
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guide
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Health information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskHealth information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and risk
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking Sector
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackCybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber Attack
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
 
IT system security principles practices
IT system security principles practicesIT system security principles practices
IT system security principles practices
 
Lukas - Ancaman E-Health Security
Lukas - Ancaman E-Health SecurityLukas - Ancaman E-Health Security
Lukas - Ancaman E-Health Security
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest Threat
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 Threats
 

Viewers also liked

'Advanced' Link Building
'Advanced' Link Building'Advanced' Link Building
'Advanced' Link BuildingIan Lurie
 
Migrating to open unified communication
Migrating to open unified communicationMigrating to open unified communication
Migrating to open unified communicationOlle E Johansson
 
Linda Rising Born To Cycle
Linda Rising Born To CycleLinda Rising Born To Cycle
Linda Rising Born To Cycledeimos
 
04 march 08 :: SkewTube @ Swarthmore
04 march 08 :: SkewTube @ Swarthmore04 march 08 :: SkewTube @ Swarthmore
04 march 08 :: SkewTube @ SwarthmoreJulie Levin Russo
 
Infostudio Chocolate Bars 2
Infostudio Chocolate Bars 2Infostudio Chocolate Bars 2
Infostudio Chocolate Bars 2becz_y
 
concierto oli
concierto oliconcierto oli
concierto olilaulolis
 
Innovation Equations
Innovation EquationsInnovation Equations
Innovation EquationsBen Ullman
 
No Bragging and Nothing Boring: 11 Ways to Share Your Impact
No Bragging and Nothing Boring: 11 Ways to Share Your ImpactNo Bragging and Nothing Boring: 11 Ways to Share Your Impact
No Bragging and Nothing Boring: 11 Ways to Share Your ImpactKivi Leroux Miller
 
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystem
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystemI can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystem
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystemSidu Ponnappa
 
Socioeconomic Impact Assessment
Socioeconomic Impact AssessmentSocioeconomic Impact Assessment
Socioeconomic Impact AssessmentBedanga Bordoloi
 
Java Script
Java ScriptJava Script
Java ScriptLiu Xing
 
Baby bottle tooth decay
Baby bottle tooth decayBaby bottle tooth decay
Baby bottle tooth decaykteach
 
This is all such bullshit
This is all such bullshitThis is all such bullshit
This is all such bullshitJason Falls
 
Lo Sport Visto In Modo Non Convenzionale
Lo Sport Visto In Modo Non ConvenzionaleLo Sport Visto In Modo Non Convenzionale
Lo Sport Visto In Modo Non ConvenzionaleMolinaro Andrea
 
Listen to your customers and they will listen to you optsum phoenix septemb...
Listen to your customers and they will listen to you optsum phoenix septemb...Listen to your customers and they will listen to you optsum phoenix septemb...
Listen to your customers and they will listen to you optsum phoenix septemb...Shashi Bellamkonda
 

Viewers also liked (20)

'Advanced' Link Building
'Advanced' Link Building'Advanced' Link Building
'Advanced' Link Building
 
Sesion 2
Sesion 2Sesion 2
Sesion 2
 
Migrating to open unified communication
Migrating to open unified communicationMigrating to open unified communication
Migrating to open unified communication
 
Linda Rising Born To Cycle
Linda Rising Born To CycleLinda Rising Born To Cycle
Linda Rising Born To Cycle
 
04 march 08 :: SkewTube @ Swarthmore
04 march 08 :: SkewTube @ Swarthmore04 march 08 :: SkewTube @ Swarthmore
04 march 08 :: SkewTube @ Swarthmore
 
connector
connectorconnector
connector
 
Infostudio Chocolate Bars 2
Infostudio Chocolate Bars 2Infostudio Chocolate Bars 2
Infostudio Chocolate Bars 2
 
concierto oli
concierto oliconcierto oli
concierto oli
 
Innovation Equations
Innovation EquationsInnovation Equations
Innovation Equations
 
No Bragging and Nothing Boring: 11 Ways to Share Your Impact
No Bragging and Nothing Boring: 11 Ways to Share Your ImpactNo Bragging and Nothing Boring: 11 Ways to Share Your Impact
No Bragging and Nothing Boring: 11 Ways to Share Your Impact
 
Comercio electrónico en imágenes
Comercio electrónico en imágenesComercio electrónico en imágenes
Comercio electrónico en imágenes
 
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystem
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystemI can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystem
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystem
 
Socioeconomic Impact Assessment
Socioeconomic Impact AssessmentSocioeconomic Impact Assessment
Socioeconomic Impact Assessment
 
Cicluri
CicluriCicluri
Cicluri
 
Java Script
Java ScriptJava Script
Java Script
 
Baby bottle tooth decay
Baby bottle tooth decayBaby bottle tooth decay
Baby bottle tooth decay
 
This is all such bullshit
This is all such bullshitThis is all such bullshit
This is all such bullshit
 
Lo Sport Visto In Modo Non Convenzionale
Lo Sport Visto In Modo Non ConvenzionaleLo Sport Visto In Modo Non Convenzionale
Lo Sport Visto In Modo Non Convenzionale
 
Listen to your customers and they will listen to you optsum phoenix septemb...
Listen to your customers and they will listen to you optsum phoenix septemb...Listen to your customers and they will listen to you optsum phoenix septemb...
Listen to your customers and they will listen to you optsum phoenix septemb...
 
Concierto
ConciertoConcierto
Concierto
 

Similar to Myths & Realities of Cloud Data Security

Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions ErnestStaats
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Osama Salah
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end usersNetWatcher
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfCYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfJenna Murray
 
Secure Android Apps- nVisium Security
Secure Android Apps- nVisium SecuritySecure Android Apps- nVisium Security
Secure Android Apps- nVisium SecurityJack Mannino
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...Michael Noel
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdfmistryritesh
 
TM112 Meeting10-Dangerous Data.pptx
TM112 Meeting10-Dangerous Data.pptxTM112 Meeting10-Dangerous Data.pptx
TM112 Meeting10-Dangerous Data.pptxMohammedYusuf609377
 
CIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfCIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfannaielectronicsvill
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeMelbourne IT
 
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docxRunning head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docxtoltonkendal
 
Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2Education
 
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the CloudFog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the CloudIJSRD
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
Multitenency - Solving Security Issue
Multitenency - Solving Security Issue Multitenency - Solving Security Issue
Multitenency - Solving Security Issue MANVENDRA PRIYADARSHI
 

Similar to Myths & Realities of Cloud Data Security (20)

Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfCYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
 
Secure Android Apps- nVisium Security
Secure Android Apps- nVisium SecuritySecure Android Apps- nVisium Security
Secure Android Apps- nVisium Security
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdf
 
TM112 Meeting10-Dangerous Data.pptx
TM112 Meeting10-Dangerous Data.pptxTM112 Meeting10-Dangerous Data.pptx
TM112 Meeting10-Dangerous Data.pptx
 
CIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfCIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdf
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docxRunning head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
 
Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2
 
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the CloudFog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
cyber security
cyber securitycyber security
cyber security
 
Multitenency - Solving Security Issue
Multitenency - Solving Security Issue Multitenency - Solving Security Issue
Multitenency - Solving Security Issue
 

Recently uploaded

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Recently uploaded (20)

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

Myths & Realities of Cloud Data Security

  • 1. Myths & Realities of Cloud Data Security Michael J. Krouze Chief Technology Officer Charter Solutions, Inc. © 2012
  • 2. “All our knowledge has its origins in our perceptions.” - Leonardo da Vinci “The first step toward change is awareness. The second step is acceptance.” - Nathaniel Branden “The thing about quotes on the internet is you can not confirm their validity.” - Abraham Lincoln Copyright © 2013, Charter Solutions, Inc. 2.
  • 3. We don’t use the cloud. Copyright © 2013, Charter Solutions, Inc. 3.
  • 4. Copyright © 2013, Charter Solutions, Inc. 4.
  • 5. • Files are encrypted at rest • Files are encrypted during transit • Provide “business” version that allows multiple user access control • Strict policy and technical access controls that prohibit employee access • Users can have weak passwords • Files are ‘synced’ to multiple devices • API allows programs to access your files (with permission) • Always use strong passwords • Encrypt files before you put them there and only share key with the other people who should see that file • Never give permission for API access Copyright © 2013, Charter Solutions, Inc. 5.
  • 6. Yes, your organization uses the cloud… you just may not know it. Copyright © 2013, Charter Solutions, Inc. 6.
  • 7. The cloud simply cannot be secure. The cloud isn't safe. If it's on the Internet, it's more vulnerable to hackers. Data stored in the cloud is more vulnerable. My provider has my security covered. Copyright © 2013, Charter Solutions, Inc. Private cloud computing is secure by default. 7.
  • 8. Security is a Shared Responsibility On-Premise On-Premise (hosted) IaaS PaaS SaaS Application Application Application Application Application Services Services Services Services Services OS OS OS OS OS VM VM VM VM VM Server Server Server Server Server Storage Storage Storage Storage Storage Network Network Network Network Network Organization has Control Copyright © 2013, Charter Solutions, Inc. Organization Shares Control with Vendor Vendor has Control 8.
  • 9. Industry Groups Targeted Accommodation and Food Services Retail Trade Finance and Insurance Health Care and Social Assistance Information Other 0 10 20 30 40 % of Breaches 50 60 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 9.
  • 10. Who’s Behind Data Breaches? External Agents Internal Employees Business Partners 0 20 40 60 % of Breaches 80 100 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 10.
  • 11. Threat Agent Change Over Time 100 90 % of Breaches 80 70 60 50 40 30 20 10 0 '04-'07 2008 External 2009 Internal 2010 2011 Partner Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 11.
  • 12. How Do Breaches Occur? Hacking Malware Physical Attacks Social Tactics Priviledge Misuse 0 20 40 60 % of Breaches 80 100 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 12.
  • 13. Attack Commonalities 97% 96% 94% 92% 85% 79% Avoidable through simple or intermediate controls Were not highly difficult Of all data compromised involved servers Were discovered by a third party Took weeks or more to discover Were targets of opportunity Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 13.
  • 14. Hacking Methods Default/guessable credentials Stolen login credentials Brute force/dictionary attacks Exploit backdoor Exploit insufficient authentication SQL Injection Remote file inclusion Abuse of functionality Unknown 0 10 20 30 40 % of Breaches 50 60 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 14.
  • 15. Not Just About Data Encryption Public Network SSL Encrypted Application Private Network Clear Text Data Database Storage System OS File System Encrypted at Rest Copyright © 2013, Charter Solutions, Inc. 15.
  • 16. It’s not that the cloud isn’t secure… It’s that you need to think differently about how to secure it Copyright © 2013, Charter Solutions, Inc. 16.
  • 17. My datacenter is more secure than the cloud. Copyright © 2013, Charter Solutions, Inc. 17.
  • 18. A little obvious after the last myth Security is often taken for granted behind the firewall Copyright © 2013, Charter Solutions, Inc. 18.
  • 19. Data Breaches by Hosting Location Internal External Co-located Mobile 0 10 20 30 40 50 % of Breaches 60 70 80 90 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 19.
  • 20. Your datacenter (on-premise or cloud) is only as secure as you make it! Both can be equally secure or insecure. Copyright © 2013, Charter Solutions, Inc. 20.
  • 21. Concluding thoughts… Copyright © 2013, Charter Solutions, Inc. 21.
  • 22. Understand your data risks & security needs Establish a set of cloud-specific security processes / policies Copyright © 2013, Charter Solutions, Inc. 22.
  • 23. Review cloud vendors closely to ensure their sphere of control aligns with your cloud-specific processes / policies Implement, monitor, react, review, improve Copyright © 2013, Charter Solutions, Inc. 23.