SlideShare una empresa de Scribd logo

Technologies You Need to Safely Use the Cloud

Descargar como PPTX, PDF
CloudPassage
CloudPassage
TecnologíaEmpresariales
1 de 7
Cloud Security: Technologies You Need to Safely Use the Cloud 1 Carson Sweet, CEO & Co-Founder CloudPassage
Public infrastructure as a service 2 Overview: Many companies deploy their own applications, websites and other workloads in public infrastructure as a service (IaaS) and platform as a service (PaaS) solutions because it allows for rapid access to infrastructure on demand and can scale rapidly. Risk: The security that comes with public IaaS service is not complete as it fails to protect workloads - exposing the company to compliance failures, brand damage, fines, legal liability and data theft.
Infrastructure as a service 3 Technology: There are two categories of security for public IaaS – point solutions and platform providers. Broader cloud-forward providers focus on the strategic capabilities that transcend any specific cloud provider, similar to CloudPassage's software-defined security. Point solutions only provide one or two functions; an example would be the SIEM capabilities provided by ArcSight or Splunk. These few technology providers offer a diverse group of security controls but all focus on securing the workload in the cloud. IaaS requires the ability to verify integrity of the workload, alert to unauthorized changes, and track for incidents of compromise – details that an IaaS provider would be unable to ascertain but are the responsibility of the business
Software as a service 4 Overview: SaaS providers offer ready-to-use business applications that are available on demand and can scale. Risk: SaaS providers handle sensitive business information, but your company is still ultimately responsible for its data and should perform due diligence on the SaaS providers. With SaaS, we see common routes to data theft through: 1. Attackers exploiting weak or poorly managed SaaS authentication mechanisms to gain access to user accounts. 2. Weaknesses in application functionality that allow intruders to gain a foothold or extract data. 3. Vulnerabilities of infrastructure that can be exploited.
Software as a service 5 Technologies: The two major focus areas for businesses to address regarding SaaS security are data encryption and user access control. Data encryption focuses on protecting the end- user data within the service infrastructure with companies like CipherCloud. User access control focuses on stronger authentication and more effective identity management that collectively protects access to a company's SaaS data, accounts and supporting services. Examples include OneLogin, Okta and Ping Identity.
Governance of cloud services 6 Overview: As companies use IaaS, PaaS and SaaS, they need to have mechanisms in place that will track, monitor and govern the use of these services, which is critical to companies maintaining control of information technology and protecting data assets. Risk: Without governance, there's a lack of visibility into how company data is being used, where it's being sent and the threats it's being exposed to.
Governance of cloud services 7 Technologies: The governance and utilization monitoring of cloud services is newly emerging. Companies can monitor and set granular policies regarding employee access to and usage of common SaaS, PaaS and IaaS providers, which allows them to mitigate potentially risky data handling in the cloud and cloud data loss protection. Companies can also control what can be used and done with approved cloud services and report on utilization and activity integrated with identity and access management. Examples of governance of cloud services include NetSkope and Skyhigh.

Recomendados

Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
CloudPassage
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
CloudPassage
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
CloudPassage
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
CloudPassage
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
CloudPassage
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
CloudPassage
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
CloudPassage
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
EnergySec
 

Recomendados

Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
CloudPassage
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
CloudPassage
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
CloudPassage
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
CloudPassage
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
CloudPassage
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
CloudPassage
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
CloudPassage
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
EnergySec
 
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysWebinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Georg Knon
 
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
Risk Analysis Consultants, s.r.o.
 
AWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - IntelAWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - Intel
Amazon Web Services
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
Vishwas Manral
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
Alert Logic
 
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud
Alert Logic
 
Pros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed ServicesPros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed Services
Eagle Technologies
 
Security for cloud native workloads
Security for cloud native workloadsSecurity for cloud native workloads
Security for cloud native workloads
Runcy Oommen
 
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersEnsuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
AlgoSec
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud
AlgoSec
 
Migrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best PracticesMigrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best Practices
shira koper
 
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Alert Logic
 
Securing Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAASecuring Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAA
Alert Logic
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment
Alert Logic
 
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
#ALSummit: Amazon Web Services: Understanding the Shared Security Model#ALSummit: Amazon Web Services: Understanding the Shared Security Model
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
Alert Logic
 
Cloud university intel security
Cloud university intel securityCloud university intel security
Cloud university intel security
Ingram Micro Cloud
 
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
MarketingArrowECS_CZ
 
Securing virtual workload and cloud
Securing virtual workload and cloudSecuring virtual workload and cloud
Securing virtual workload and cloud
Himani Singh
 
SAP Cloud security overview 2.0
SAP Cloud security overview 2.0SAP Cloud security overview 2.0
SAP Cloud security overview 2.0
Rasmi Swain
 
compliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarcompliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinar
AlgoSec
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
sarah david
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
sarah david
 

Más contenido relacionado

La actualidad más candente

QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
Risk Analysis Consultants, s.r.o.
 
Pros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed ServicesPros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed Services
Eagle Technologies
 
Migrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best PracticesMigrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best Practices
shira koper
 
Cloud university intel security
Cloud university intel securityCloud university intel security
Cloud university intel security
Ingram Micro Cloud
 
SAP Cloud security overview 2.0
SAP Cloud security overview 2.0SAP Cloud security overview 2.0
SAP Cloud security overview 2.0
Rasmi Swain
 

La actualidad más candente (20)

Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysWebinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
 
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
 
AWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - IntelAWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - Intel
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
 
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud
 
Pros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed ServicesPros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed Services
 
Security for cloud native workloads
Security for cloud native workloadsSecurity for cloud native workloads
Security for cloud native workloads
 
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersEnsuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud
 
Migrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best PracticesMigrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best Practices
 
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
 
Securing Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAASecuring Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAA
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment
 
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
#ALSummit: Amazon Web Services: Understanding the Shared Security Model#ALSummit: Amazon Web Services: Understanding the Shared Security Model
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
 
Cloud university intel security
Cloud university intel securityCloud university intel security
Cloud university intel security
 
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
 
Securing virtual workload and cloud
Securing virtual workload and cloudSecuring virtual workload and cloud
Securing virtual workload and cloud
 
SAP Cloud security overview 2.0
SAP Cloud security overview 2.0SAP Cloud security overview 2.0
SAP Cloud security overview 2.0
 
compliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarcompliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinar
 

Similar a Technologies You Need to Safely Use the Cloud

A proficient 5 c approach to boost the security in the saas model's technical...
A proficient 5 c approach to boost the security in the saas model's technical...A proficient 5 c approach to boost the security in the saas model's technical...
A proficient 5 c approach to boost the security in the saas model's technical...
ijccsa
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud Security
VAST
 

Similar a Technologies You Need to Safely Use the Cloud (20)

the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
A proficient 5 c approach to boost the security in the saas model's technical...
A proficient 5 c approach to boost the security in the saas model's technical...A proficient 5 c approach to boost the security in the saas model's technical...
A proficient 5 c approach to boost the security in the saas model's technical...
 
Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the Cloud
 
SaaS Platform Securing
SaaS Platform SecuringSaaS Platform Securing
SaaS Platform Securing
 
Cloud computing & IAAS The Dual Edged Sword of New Technology
Cloud computing & IAAS The Dual Edged Sword of New Technology Cloud computing & IAAS The Dual Edged Sword of New Technology
Cloud computing & IAAS The Dual Edged Sword of New Technology
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud Computing
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud Security
 
TOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONTOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTION
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
 
J3602068071
J3602068071J3602068071
J3602068071
 
Security threats in cloud computing
Security threats in cloud computingSecurity threats in cloud computing
Security threats in cloud computing
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
 
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
SecSecuring Software as a Service Model of Cloud Computing: Issues and SolutionsSecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
 
Presentation1
Presentation1Presentation1
Presentation1
 

Más de CloudPassage

Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business Enabler
CloudPassage
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
CloudPassage
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
CloudPassage
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
CloudPassage
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
CloudPassage
 
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityWhat You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud Security
CloudPassage
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
CloudPassage
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
CloudPassage
 
Automating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it SafeAutomating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it Safe
CloudPassage
 
Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecSecuring Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSec
CloudPassage
 
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingBayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes Everything
CloudPassage
 

Más de CloudPassage (17)

CloudPassage Careers
CloudPassage CareersCloudPassage Careers
CloudPassage Careers
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business Enabler
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
 
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachComprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated Approach
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityWhat You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud Security
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
 
Delivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsDelivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS Products
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
 
Halo Installfest Slides
Halo Installfest SlidesHalo Installfest Slides
Halo Installfest Slides
 
Automating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it SafeAutomating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it Safe
 
BSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the CloudBSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the Cloud
 
Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecSecuring Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSec
 
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingBayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes Everything
 

Último

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Technologies You Need to Safely Use the Cloud

  • 1. Cloud Security: Technologies You Need to Safely Use the Cloud 1 Carson Sweet, CEO & Co-Founder CloudPassage
  • 2. Public infrastructure as a service 2 Overview: Many companies deploy their own applications, websites and other workloads in public infrastructure as a service (IaaS) and platform as a service (PaaS) solutions because it allows for rapid access to infrastructure on demand and can scale rapidly. Risk: The security that comes with public IaaS service is not complete as it fails to protect workloads - exposing the company to compliance failures, brand damage, fines, legal liability and data theft.
  • 3. Infrastructure as a service 3 Technology: There are two categories of security for public IaaS – point solutions and platform providers. Broader cloud-forward providers focus on the strategic capabilities that transcend any specific cloud provider, similar to CloudPassage's software-defined security. Point solutions only provide one or two functions; an example would be the SIEM capabilities provided by ArcSight or Splunk. These few technology providers offer a diverse group of security controls but all focus on securing the workload in the cloud. IaaS requires the ability to verify integrity of the workload, alert to unauthorized changes, and track for incidents of compromise – details that an IaaS provider would be unable to ascertain but are the responsibility of the business
  • 4. Software as a service 4 Overview: SaaS providers offer ready-to-use business applications that are available on demand and can scale. Risk: SaaS providers handle sensitive business information, but your company is still ultimately responsible for its data and should perform due diligence on the SaaS providers. With SaaS, we see common routes to data theft through: 1. Attackers exploiting weak or poorly managed SaaS authentication mechanisms to gain access to user accounts. 2. Weaknesses in application functionality that allow intruders to gain a foothold or extract data. 3. Vulnerabilities of infrastructure that can be exploited.
  • 5. Software as a service 5 Technologies: The two major focus areas for businesses to address regarding SaaS security are data encryption and user access control. Data encryption focuses on protecting the end- user data within the service infrastructure with companies like CipherCloud. User access control focuses on stronger authentication and more effective identity management that collectively protects access to a company's SaaS data, accounts and supporting services. Examples include OneLogin, Okta and Ping Identity.
  • 6. Governance of cloud services 6 Overview: As companies use IaaS, PaaS and SaaS, they need to have mechanisms in place that will track, monitor and govern the use of these services, which is critical to companies maintaining control of information technology and protecting data assets. Risk: Without governance, there's a lack of visibility into how company data is being used, where it's being sent and the threats it's being exposed to.
  • 7. Governance of cloud services 7 Technologies: The governance and utilization monitoring of cloud services is newly emerging. Companies can monitor and set granular policies regarding employee access to and usage of common SaaS, PaaS and IaaS providers, which allows them to mitigate potentially risky data handling in the cloud and cloud data loss protection. Companies can also control what can be used and done with approved cloud services and report on utilization and activity integrated with identity and access management. Examples of governance of cloud services include NetSkope and Skyhigh.