SlideShare una empresa de Scribd logo

The Datacenter Security Continuum

Descargar como PPT, PDF
Martin Hingley
Martin Hingley

The presentation given to the DataCenterDynamics Converged 2014 conference in the UK based on our research commissioned by DCDi

Tecnología
1 de 10
The Datacenter security DataCenterDynami continuum Martin Hingley ITCandor The Secure Data Center
Agenda • The security continuum • Same ‘bad boys,’ deeper threats • Don’t be wise after the event • Organisation, technology, process – a balanced approach • Conclusions – how to build better data center security DataCenterDynami
Introduction • A review of a published DataCenterDynamics research paper • Contributors: – Amichai Shulman, Imperva – Felix Martin, Richard Archdeacon, HP – Mike Smart, Symantec – Peter Jopling, IBM – Warren Wu, Fortinet • Designed as a strategic review DataCenterDynami
Data center protection is part of the security continuum Mainframe Mini Client/Server LANs DataCenterDynami • New trends change the definition of the datacenter • The attack surface includes the network and endpoints • Virtualisation changes everything • Security is forgotten in the need for instant gratification • Compliance is akin security • You can’t lock the datacenter away any more Internet Virtualisation Cloud Computing Mobility IoT Social 1980 1990 2000 2010 2020 Low Insecurity High Insecurity grows as technology develops
The Potential sources of data center insecurity DataCenterDynami Internal External Deliberate Accidental Disgruntled staff Unhappy Ex-staff Criminal Hackers Automated Spam Government Spies Un-vetted Partners Insufficient Controls Naïve Digital Natives Unplanned Downtime Insecure Clouds Network Failures Criminal Partners
The data center under attack – the different forms of hacking SQL Injection Physical Access DataCenterDynami Spear Phishing The Secure Data Center Distributed Denial Of Service Trojan Software Cross-Site Scripting
Security issues and Cloud Computing choices Private Cloud (on premise) Average Hybrid Multi- Tennant Cloud (off premise) Average DataCenterDynami Hybrid Private Cloud (on/off premise) Average Performance Elasticity Public Cloud (off premise) TCO Security Performance Elasticity TCO Security Performance Elasticity TCO TCO Security Security Average Performance Elasticity
Don’t be wise after the event • Security events can be a 10k issue • Watch your competitors – take action to avoid their lapses • If breached, don’t just buy new software – reconsider your attitude towards risk, security posture and precautions • Governments, Cloud Security Alliance, PCI can help train you • Telco and Finance are highly regulated and typically more secure • Manufacturing and IP-rich sectors are less so • Criminals expect you to secure the datacenter in a standard way DataCenterDynami
Addressing organizations, technologies and processes Educate the board, staff and contractors Increase awareness of Security issues Use the best discrete software, appliances and services Assess the affects of new devices DataCenterDynami Organisation The Secure Data Center Identify privileged users Make security Technology Process part of the business process Identify high security apps
DataCenterDynami The Secure Data Center Key Findings • Datacenters are now logical – not just physical entities • The number of users, interactions and vulnerabilities are growing • Hackers are just part of the internal, external, deliberate and accidental threats • Don’t wait for a breach to make positive changes • Highly-regulated sectors tend to do those better than others • Address organizational, technology and process issues in your policy • Protect your privileged users and most sensitive data deeply - find creative ways to handle the vulnerabilities of the rest • Look deeply for vulnerabilities • Be creative in your precautions • Make the data center part of the wider security continuum

Recomendados

Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
Infonaligy
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security services
Hinne Hettema
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MIS
Saazan Shrestha
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
Laura Vanassche
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Intergen
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
newbie2019
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
Andrew S. Baker (ASB)
 

Recomendados

Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
Infonaligy
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security services
Hinne Hettema
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MIS
Saazan Shrestha
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
Laura Vanassche
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Intergen
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
newbie2019
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
Andrew S. Baker (ASB)
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Empired
 
M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017
EQS Group
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
Matthew Rosenquist
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint Prezi
Kashif Semple
 
2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote
John D. Johnson
 
2015 Year to Date Security Trends
2015 Year to Date Security Trends2015 Year to Date Security Trends
2015 Year to Date Security Trends
Terra Verde
 
ComResource Business Solutions
ComResource Business SolutionsComResource Business Solutions
ComResource Business Solutions
Anthony Dials
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
Avinash Ramineni
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
Jason Clark
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
East Midlands Cyber Security Forum
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review Course
Desmond Devendran
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
PECB
 
10 Security issues facing NZ Enterprises
10 Security issues facing NZ Enterprises10 Security issues facing NZ Enterprises
10 Security issues facing NZ Enterprises
Nigel Hanson
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
misecho
 
Mis
MisMis
Mis
misecho
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
Ernest Staats
 
Edgescan 2021 Vulnerability Stats Report
Edgescan 2021 Vulnerability Stats ReportEdgescan 2021 Vulnerability Stats Report
Edgescan 2021 Vulnerability Stats Report
Eoin Keary
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
Quick Heal Technologies Ltd.
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
Michele Chubirka
 

Más contenido relacionado

La actualidad más candente

Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Empired
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
Matthew Rosenquist
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint Prezi
Kashif Semple
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
Avinash Ramineni
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review Course
Desmond Devendran
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
PECB
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
misecho
 

La actualidad más candente (20)

Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint Prezi
 
2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote
 
2015 Year to Date Security Trends
2015 Year to Date Security Trends2015 Year to Date Security Trends
2015 Year to Date Security Trends
 
ComResource Business Solutions
ComResource Business SolutionsComResource Business Solutions
ComResource Business Solutions
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review Course
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
 
10 Security issues facing NZ Enterprises
10 Security issues facing NZ Enterprises10 Security issues facing NZ Enterprises
10 Security issues facing NZ Enterprises
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
 
Mis
MisMis
Mis
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
 
Edgescan 2021 Vulnerability Stats Report
Edgescan 2021 Vulnerability Stats ReportEdgescan 2021 Vulnerability Stats Report
Edgescan 2021 Vulnerability Stats Report
 

Similar a The Datacenter Security Continuum

Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
Michele Chubirka
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Resilient Systems
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
Sonny Hashmi
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
CNSHacking
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
EQS Group
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
OnRamp
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
Valencell, Inc.
 
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptxSAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
hforhassan101
 

Similar a The Datacenter Security Continuum (20)

Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global Findings
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb es
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO Day
 
nist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptxnist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptx
 
Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
 
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptxSAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 

Más de Martin Hingley

Más de Martin Hingley (20)

ITCandor 2021 predictions for the IT and communications market
ITCandor 2021 predictions for the IT and communications marketITCandor 2021 predictions for the IT and communications market
ITCandor 2021 predictions for the IT and communications market
 
ITCandor's 2018 predictions for the ITC industry
ITCandor's 2018 predictions for the ITC industryITCandor's 2018 predictions for the ITC industry
ITCandor's 2018 predictions for the ITC industry
 
2015 IT and Communications Predictions
2015 IT and Communications Predictions2015 IT and Communications Predictions
2015 IT and Communications Predictions
 
Consolidate, Virtualise, Integrate, Cloudify - 2014 Data Centre Imperatives
Consolidate, Virtualise, Integrate, Cloudify - 2014 Data Centre ImperativesConsolidate, Virtualise, Integrate, Cloudify - 2014 Data Centre Imperatives
Consolidate, Virtualise, Integrate, Cloudify - 2014 Data Centre Imperatives
 
SAP Landscape 2014
SAP Landscape 2014SAP Landscape 2014
SAP Landscape 2014
 
Cloud Computing and Data Center Futures
Cloud Computing and Data Center FuturesCloud Computing and Data Center Futures
Cloud Computing and Data Center Futures
 
ITCandor 2014 predictions
ITCandor 2014 predictionsITCandor 2014 predictions
ITCandor 2014 predictions
 
Converged Infrastructure and Integrated Systems Futures
Converged Infrastructure and Integrated Systems FuturesConverged Infrastructure and Integrated Systems Futures
Converged Infrastructure and Integrated Systems Futures
 
EMEA Trends in Servers, Storage, Networking
EMEA Trends in Servers, Storage, NetworkingEMEA Trends in Servers, Storage, Networking
EMEA Trends in Servers, Storage, Networking
 
Server market development infobomb
Server market development infobombServer market development infobomb
Server market development infobomb
 
Sony Playstation 3 Market Development
Sony Playstation 3 Market DevelopmentSony Playstation 3 Market Development
Sony Playstation 3 Market Development
 
Dell Financial Results Infobomb
Dell Financial Results InfobombDell Financial Results Infobomb
Dell Financial Results Infobomb
 
Symantec
SymantecSymantec
Symantec
 
IBM quarterly financials infobomb
IBM quarterly financials infobombIBM quarterly financials infobomb
IBM quarterly financials infobomb
 
The Changes In Service Delivery With Cloud Computing
The Changes In Service Delivery With Cloud ComputingThe Changes In Service Delivery With Cloud Computing
The Changes In Service Delivery With Cloud Computing
 
UK Cloud Computing 2011
UK Cloud Computing 2011UK Cloud Computing 2011
UK Cloud Computing 2011
 
ITCandor 'Expectations 2011'
ITCandor 'Expectations 2011'ITCandor 'Expectations 2011'
ITCandor 'Expectations 2011'
 
It business climate v3
It business climate v3It business climate v3
It business climate v3
 
The Politics Of Cloud Computing
The Politics Of Cloud ComputingThe Politics Of Cloud Computing
The Politics Of Cloud Computing
 
ITCandor ‘Expectations 2010’
ITCandor ‘Expectations 2010’ITCandor ‘Expectations 2010’
ITCandor ‘Expectations 2010’
 

Último

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Último (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 

The Datacenter Security Continuum

  • 1. The Datacenter security DataCenterDynami continuum Martin Hingley ITCandor The Secure Data Center
  • 2. Agenda • The security continuum • Same ‘bad boys,’ deeper threats • Don’t be wise after the event • Organisation, technology, process – a balanced approach • Conclusions – how to build better data center security DataCenterDynami
  • 3. Introduction • A review of a published DataCenterDynamics research paper • Contributors: – Amichai Shulman, Imperva – Felix Martin, Richard Archdeacon, HP – Mike Smart, Symantec – Peter Jopling, IBM – Warren Wu, Fortinet • Designed as a strategic review DataCenterDynami
  • 4. Data center protection is part of the security continuum Mainframe Mini Client/Server LANs DataCenterDynami • New trends change the definition of the datacenter • The attack surface includes the network and endpoints • Virtualisation changes everything • Security is forgotten in the need for instant gratification • Compliance is akin security • You can’t lock the datacenter away any more Internet Virtualisation Cloud Computing Mobility IoT Social 1980 1990 2000 2010 2020 Low Insecurity High Insecurity grows as technology develops
  • 5. The Potential sources of data center insecurity DataCenterDynami Internal External Deliberate Accidental Disgruntled staff Unhappy Ex-staff Criminal Hackers Automated Spam Government Spies Un-vetted Partners Insufficient Controls Naïve Digital Natives Unplanned Downtime Insecure Clouds Network Failures Criminal Partners
  • 6. The data center under attack – the different forms of hacking SQL Injection Physical Access DataCenterDynami Spear Phishing The Secure Data Center Distributed Denial Of Service Trojan Software Cross-Site Scripting
  • 7. Security issues and Cloud Computing choices Private Cloud (on premise) Average Hybrid Multi- Tennant Cloud (off premise) Average DataCenterDynami Hybrid Private Cloud (on/off premise) Average Performance Elasticity Public Cloud (off premise) TCO Security Performance Elasticity TCO Security Performance Elasticity TCO TCO Security Security Average Performance Elasticity
  • 8. Don’t be wise after the event • Security events can be a 10k issue • Watch your competitors – take action to avoid their lapses • If breached, don’t just buy new software – reconsider your attitude towards risk, security posture and precautions • Governments, Cloud Security Alliance, PCI can help train you • Telco and Finance are highly regulated and typically more secure • Manufacturing and IP-rich sectors are less so • Criminals expect you to secure the datacenter in a standard way DataCenterDynami
  • 9. Addressing organizations, technologies and processes Educate the board, staff and contractors Increase awareness of Security issues Use the best discrete software, appliances and services Assess the affects of new devices DataCenterDynami Organisation The Secure Data Center Identify privileged users Make security Technology Process part of the business process Identify high security apps
  • 10. DataCenterDynami The Secure Data Center Key Findings • Datacenters are now logical – not just physical entities • The number of users, interactions and vulnerabilities are growing • Hackers are just part of the internal, external, deliberate and accidental threats • Don’t wait for a breach to make positive changes • Highly-regulated sectors tend to do those better than others • Address organizational, technology and process issues in your policy • Protect your privileged users and most sensitive data deeply - find creative ways to handle the vulnerabilities of the rest • Look deeply for vulnerabilities • Be creative in your precautions • Make the data center part of the wider security continuum