SlideShare una empresa de Scribd logo

The Cloud Beckons, But is it Safe?

NTEN
NTEN
Tecnología
1 de 54
Descargar para leer sin conexión
The Cloud Beckons, But is it Safe? April 2012
The Cloud Beckons, But is it Safe? #12NTCCSec Laura Quinn Michael Enos
Evaluate This Session! Each entry is a chance to win an NTEN engraved iPad! or Online at www.nten.org/ntc/eval
Introductions Laura Quinn Executive Director Idealware Michael Enos Chief Technology Officer, Second Harvest Food Bank of Santa Clara and San Mateo Counties What are you hoping to get out of this session?
What is The Cloud?
The Lure of the Cloud Low cost of entry Easy remote access No complex infrastructure But what about security?
How Do YOU Feel About Cloud Security?
Why the Concern?
Cloud Security in the News
Under Siege To be on the Internet is to be vulnerable to attack. If you’re on the Internet, you’re in The Cloud
But We Do Lots of Things on the Internet We shop online We bank online We post crazy things on Facebook Why is the cloud different? It’s not.
How Secure is Your On-Site Data? Do any of these sound familiar? • No one patches computers or is responsible for network security • You haven’t really thought about passwords or permissions • No disaster recovery plans • Staff hasn’t had any security training
Myth “We’re a tiny nonprofit. We’re safe because no one would target us for cyber attack.”
Fact Many data security breaches are crimes of opportunity. Organizations don’t always consider the sensitivity of their data until it’s exposed.
Myth “Our data is safer not in the cloud”
A Cloud Data Center
Is This Your Server Closet?
What Does Security Mean?
The Three Pillars of Information Security
Confidentiality Information is available only to authorized parties.
Integrity Information isn’t modified inappropriately, and that you can track who made what change.
Availability Assurance that data is accessible when needed by authorized parties.
Also: Physical Possession Whoever has the data could, for instance, turn it over to the government
How Does This Apply to the Cloud?
Cloud Security The use of the term “Cloud” is cloudy! Three general types of clouds: – Software-as-a-Service – Hosted Private Cloud – Co-located Private Cloud All three have different security models
Software as a Service The vendor owns and manages all aspects of the environment. For instance:
Hosted Private Cloud The vendor owns and manages the equipment only, but all software is managed by the client. The equipment is on the vendors network. For instance:
Co-located Private Cloud The vendor provides the physical environment only in a data center, the client maintains the hardware and the software. For instance:
What Does Security Mean For You?
Rules for Absolute Safety Turn off your Internet connection. Allow no one access to your data and systems. But let’s be realistic…
Know What You’re Protecting What kinds of data are you storing, and how sensitive are they? Think about its value on the open market.
Red Flags You need extremely tight security to store: • Donor’s credit card numbers. • Scanned images of checks. • Donor’s bank account information.
What’s Your Exposure? Consider the impact of exposure of your confidential information, both in monetary terms and reputation.
What’s The Impact of an Outage? How much staff time could you lose from a short term or prolonged outage?
Testing Your On-Site Security Have you recently performed a: • Check on whether your systems have been recently patched? • Systems penetration test ? • Employee training on security procedures? • Backup/recovery test? If not, you’d likely increase your security by moving to the cloud.
A Multi-Level Security Model
Multi-Level Security is the Ideal
Physical Security • Guarded facilities • Protection of your hardware and devices • Power redundancy • Co-location (redundant facilities)
Network Security • Intrusion prevention • Intrusion detection • Firewalled systems • Network proactive anti-virus protection
Transmission Security Is data encrypted in transit? Is the network secure?
Access Controls • Ensuring the right people have access to the right data • Physical access to the server • Training on appropriate passwords and security measures
Data Protection • Data encryption • Solid backup and restore policies • Ability to purge deleted data • Ability to prevent government entities from getting your data with a subpoena
What to Look For in a Vendor
Description of Security Mechanisms Documentation of all the facets of security, and the staff can talk about it intelligently. Proves information security is on the “front burner”
Uptime Do they provide any guarantee of uptime? Any historic uptime figures? Uptime figures are typically in 9s-- 99%, 99.9% or 99.99% Your connection to the internet may well be the weakest link.
Regulatory Compliance: HIPAA Does the vendor support organizations that need to be compliant with HIPAA (the Health Insurance Portability and Accountability Act)?
Regulatory Compliance: SAS70 and SSAE16 Audit for security standards, hardware, and processes. Statement on Accounting Standards 70 (SAS70) Statement of Standards for Attestation Engagements 16 (SSAE16)
Regulatory Compliance: PCI DSS Compliance If you’re storing credit card numbers, your vendor needs to be compliant with PCI DSS (Payment Card Industry Payment Data Security Standard)
In Summary
Understand the Value of Your Data What is it worth to you? To others? What measures are appropriate to protect it?
Your Data Is No Safer Than You Make It Any computer attached to the internet is vulnerable unless you protect it. The cloud isn’t, in of itself, more or less secure
But Many Vendors Make Your Data Really Safe Choose vendors who show they’re serious about data protection (not all vendors are created equal). Consider a vendor’s regulatory compliance.
Questions?

Recomendados

Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - IdealwareIdealware
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?Legal Services National Technology Assistance Project (LSNTAP)
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin RowneySymantec
 
Cloud & Sécurité
Cloud & SécuritéCloud & Sécurité
Cloud & SécuritéTechnofutur TIC
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomwaremarketingunitrends
 
Symantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec
 
Source Code Security the Symantec Way
Source Code Security the Symantec WaySource Code Security the Symantec Way
Source Code Security the Symantec WaySymantec
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataProcore Technologies
 

Recomendados

Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - IdealwareIdealware
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?Legal Services National Technology Assistance Project (LSNTAP)
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin RowneySymantec
 
Cloud & Sécurité
Cloud & SécuritéCloud & Sécurité
Cloud & SécuritéTechnofutur TIC
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomwaremarketingunitrends
 
Symantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec
 
Source Code Security the Symantec Way
Source Code Security the Symantec WaySource Code Security the Symantec Way
Source Code Security the Symantec WaySymantec
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataProcore Technologies
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your CloudthinkASG
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?marketingunitrends
 
IT Security for Nonprofits
IT Security for NonprofitsIT Security for Nonprofits
IT Security for NonprofitsCommunity IT Innovators
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilienceChristophe Foulon, CISSP
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentConSanFrancisco123
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Intel IT Center
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]Stanton Viaduc
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.martin_lee1969
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013Wolfgang Kandek
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourleyGovCloud Network
 
Gavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune SystemGavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune Systemcentralohioissa
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 
Ready, Fire, Aim
Ready, Fire, AimReady, Fire, Aim
Ready, Fire, AimNTEN
 
Be a Design Superhero: Save the World
Be a Design Superhero: Save the WorldBe a Design Superhero: Save the World
Be a Design Superhero: Save the WorldNTEN
 

Más contenido relacionado

La actualidad más candente

White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your CloudthinkASG
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?marketingunitrends
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentConSanFrancisco123
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Intel IT Center
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]Stanton Viaduc
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.martin_lee1969
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013Wolfgang Kandek
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourleyGovCloud Network
 
Gavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune SystemGavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune Systemcentralohioissa
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 

La actualidad más candente (20)

White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your Cloud
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?
 
IT Security for Nonprofits
IT Security for NonprofitsIT Security for Nonprofits
IT Security for Nonprofits
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the Cloud
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Gavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune SystemGavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune System
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
 

Destacado

Ready, Fire, Aim
Ready, Fire, AimReady, Fire, Aim
Ready, Fire, AimNTEN
 
Be a Design Superhero: Save the World
Be a Design Superhero: Save the WorldBe a Design Superhero: Save the World
Be a Design Superhero: Save the WorldNTEN
 
Do it Yourself Cloud Databases. Is it Really Possible? (Hint: Yes)
Do it Yourself Cloud Databases. Is it Really Possible? (Hint: Yes)Do it Yourself Cloud Databases. Is it Really Possible? (Hint: Yes)
Do it Yourself Cloud Databases. Is it Really Possible? (Hint: Yes)NTEN
 
You Don't Have to be Big to be Strong 2
You Don't Have to be Big to be Strong 2You Don't Have to be Big to be Strong 2
You Don't Have to be Big to be Strong 2NTEN
 
Money (It's What We Want)
Money (It's What We Want)Money (It's What We Want)
Money (It's What We Want)NTEN
 
Better Nonprofit Websites: 52 Tweaks in 52 Weeks
Better Nonprofit Websites: 52 Tweaks in 52 WeeksBetter Nonprofit Websites: 52 Tweaks in 52 Weeks
Better Nonprofit Websites: 52 Tweaks in 52 WeeksNTEN
 
Designing Online Engagement to Collaborate with Your Community
Designing Online Engagement to Collaborate with Your CommunityDesigning Online Engagement to Collaborate with Your Community
Designing Online Engagement to Collaborate with Your CommunityNTEN
 
Managing Risk in IT
Managing Risk in ITManaging Risk in IT
Managing Risk in ITNTEN
 

Destacado (8)

Ready, Fire, Aim
Ready, Fire, AimReady, Fire, Aim
Ready, Fire, Aim
 
Be a Design Superhero: Save the World
Be a Design Superhero: Save the WorldBe a Design Superhero: Save the World
Be a Design Superhero: Save the World
 
Do it Yourself Cloud Databases. Is it Really Possible? (Hint: Yes)
Do it Yourself Cloud Databases. Is it Really Possible? (Hint: Yes)Do it Yourself Cloud Databases. Is it Really Possible? (Hint: Yes)
Do it Yourself Cloud Databases. Is it Really Possible? (Hint: Yes)
 
You Don't Have to be Big to be Strong 2
You Don't Have to be Big to be Strong 2You Don't Have to be Big to be Strong 2
You Don't Have to be Big to be Strong 2
 
Money (It's What We Want)
Money (It's What We Want)Money (It's What We Want)
Money (It's What We Want)
 
Better Nonprofit Websites: 52 Tweaks in 52 Weeks
Better Nonprofit Websites: 52 Tweaks in 52 WeeksBetter Nonprofit Websites: 52 Tweaks in 52 Weeks
Better Nonprofit Websites: 52 Tweaks in 52 Weeks
 
Designing Online Engagement to Collaborate with Your Community
Designing Online Engagement to Collaborate with Your CommunityDesigning Online Engagement to Collaborate with Your Community
Designing Online Engagement to Collaborate with Your Community
 
Managing Risk in IT
Managing Risk in ITManaging Risk in IT
Managing Risk in IT
 

Similar a The Cloud Beckons, But is it Safe?

Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Assuring Reliable and Secure IT Services
Assuring Reliable and Secure IT ServicesAssuring Reliable and Secure IT Services
Assuring Reliable and Secure IT Servicestsaiblake
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security DemistyifiedMicrosoft UK
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfYounesChafi1
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions ErnestStaats
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfTop Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfForgeahead Solutions
 
Security Transformation
Security TransformationSecurity Transformation
Security TransformationFaisal Yahya
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
To Cloud or Not To Cloud
To Cloud or Not To CloudTo Cloud or Not To Cloud
To Cloud or Not To CloudMichael Yung
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...Amazon Web Services
 
Cyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyCyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyChristoanSmit
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
Security and the cloud
Security and the cloudSecurity and the cloud
Security and the cloudFREVVO
 
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security EssentialWhy Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security EssentialDana Gardner
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Michele Chubirka
 

Similar a The Cloud Beckons, But is it Safe? (20)

Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Assuring Reliable and Secure IT Services
Assuring Reliable and Secure IT ServicesAssuring Reliable and Secure IT Services
Assuring Reliable and Secure IT Services
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security Demistyified
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfTop Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
 
Security Transformation
Security TransformationSecurity Transformation
Security Transformation
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
To cloud or not to cloud
To cloud or not to cloudTo cloud or not to cloud
To cloud or not to cloud
 
To Cloud or Not To Cloud
To Cloud or Not To CloudTo Cloud or Not To Cloud
To Cloud or Not To Cloud
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
 
Cyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyCyber Security and GDPR Made Easy
Cyber Security and GDPR Made Easy
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
Security and the cloud
Security and the cloudSecurity and the cloud
Security and the cloud
 
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security EssentialWhy Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
 

Más de NTEN

17NTC Overall Speaker Timelines
17NTC Overall Speaker Timelines17NTC Overall Speaker Timelines
17NTC Overall Speaker TimelinesNTEN
 
17NTC Speaker Orientation Call
17NTC Speaker Orientation Call17NTC Speaker Orientation Call
17NTC Speaker Orientation CallNTEN
 
Call for 17NTC Session Proposals
Call for 17NTC Session ProposalsCall for 17NTC Session Proposals
Call for 17NTC Session ProposalsNTEN
 
2015 Leading Change Summit: Making the Most of LCS
2015 Leading Change Summit: Making the Most of LCS2015 Leading Change Summit: Making the Most of LCS
2015 Leading Change Summit: Making the Most of LCSNTEN
 
Community Organizing Tools from the Experts Webinar
Community Organizing Tools from the Experts WebinarCommunity Organizing Tools from the Experts Webinar
Community Organizing Tools from the Experts WebinarNTEN
 
2013 Nonprofit Engagement Data Management Study: A Graphic Report
2013 Nonprofit Engagement Data Management Study: A Graphic Report2013 Nonprofit Engagement Data Management Study: A Graphic Report
2013 Nonprofit Engagement Data Management Study: A Graphic ReportNTEN
 
2012 State of Nonprofit Data Report
2012 State of Nonprofit Data Report2012 State of Nonprofit Data Report
2012 State of Nonprofit Data ReportNTEN
 
Smart Technology Investment for Nonprofits
Smart Technology Investment for NonprofitsSmart Technology Investment for Nonprofits
Smart Technology Investment for NonprofitsNTEN
 
Social Media for Social Good - NCVS Pre-Con Workshp
Social Media for Social Good - NCVS Pre-Con WorkshpSocial Media for Social Good - NCVS Pre-Con Workshp
Social Media for Social Good - NCVS Pre-Con WorkshpNTEN
 
Ready, Fire, Aim
Ready, Fire, AimReady, Fire, Aim
Ready, Fire, AimNTEN
 
But What Do You Actually Do?: Communicating Your Nonprofit's Work in Ways You...
But What Do You Actually Do?: Communicating Your Nonprofit's Work in Ways You...But What Do You Actually Do?: Communicating Your Nonprofit's Work in Ways You...
But What Do You Actually Do?: Communicating Your Nonprofit's Work in Ways You...NTEN
 
The Story of Stuff: How an Environmental Campaigner to New Media Mogul
The Story of Stuff: How an Environmental Campaigner to New Media MogulThe Story of Stuff: How an Environmental Campaigner to New Media Mogul
The Story of Stuff: How an Environmental Campaigner to New Media MogulNTEN
 
Practical Problem Solving Using Mobile Technology
Practical Problem Solving Using Mobile TechnologyPractical Problem Solving Using Mobile Technology
Practical Problem Solving Using Mobile TechnologyNTEN
 
Zen and Art of Workflow Development
Zen and Art of Workflow DevelopmentZen and Art of Workflow Development
Zen and Art of Workflow DevelopmentNTEN
 
12 nt cviz
12 nt cviz12 nt cviz
12 nt cvizNTEN
 
Tips and Tools for Technology Planning
Tips and Tools for Technology PlanningTips and Tools for Technology Planning
Tips and Tools for Technology PlanningNTEN
 
Technology Governance: Smart, Sexy and Simple in Seven Steps
Technology Governance: Smart, Sexy and Simple in Seven StepsTechnology Governance: Smart, Sexy and Simple in Seven Steps
Technology Governance: Smart, Sexy and Simple in Seven StepsNTEN
 
Social Network Fundraising: Facts, Myths, and Strategies that Work
Social Network Fundraising: Facts, Myths, and Strategies that WorkSocial Network Fundraising: Facts, Myths, and Strategies that Work
Social Network Fundraising: Facts, Myths, and Strategies that WorkNTEN
 
Maturing Your Organization's Social Culture... by Creating a Policy?
Maturing Your Organization's Social Culture... by Creating a Policy?Maturing Your Organization's Social Culture... by Creating a Policy?
Maturing Your Organization's Social Culture... by Creating a Policy?NTEN
 
Nonprofit Cultural Revolution: Changing Your Organization's Technology Culture
Nonprofit Cultural Revolution: Changing Your Organization's Technology CultureNonprofit Cultural Revolution: Changing Your Organization's Technology Culture
Nonprofit Cultural Revolution: Changing Your Organization's Technology CultureNTEN
 

Más de NTEN (20)

17NTC Overall Speaker Timelines
17NTC Overall Speaker Timelines17NTC Overall Speaker Timelines
17NTC Overall Speaker Timelines
 
17NTC Speaker Orientation Call
17NTC Speaker Orientation Call17NTC Speaker Orientation Call
17NTC Speaker Orientation Call
 
Call for 17NTC Session Proposals
Call for 17NTC Session ProposalsCall for 17NTC Session Proposals
Call for 17NTC Session Proposals
 
2015 Leading Change Summit: Making the Most of LCS
2015 Leading Change Summit: Making the Most of LCS2015 Leading Change Summit: Making the Most of LCS
2015 Leading Change Summit: Making the Most of LCS
 
Community Organizing Tools from the Experts Webinar
Community Organizing Tools from the Experts WebinarCommunity Organizing Tools from the Experts Webinar
Community Organizing Tools from the Experts Webinar
 
2013 Nonprofit Engagement Data Management Study: A Graphic Report
2013 Nonprofit Engagement Data Management Study: A Graphic Report2013 Nonprofit Engagement Data Management Study: A Graphic Report
2013 Nonprofit Engagement Data Management Study: A Graphic Report
 
2012 State of Nonprofit Data Report
2012 State of Nonprofit Data Report2012 State of Nonprofit Data Report
2012 State of Nonprofit Data Report
 
Smart Technology Investment for Nonprofits
Smart Technology Investment for NonprofitsSmart Technology Investment for Nonprofits
Smart Technology Investment for Nonprofits
 
Social Media for Social Good - NCVS Pre-Con Workshp
Social Media for Social Good - NCVS Pre-Con WorkshpSocial Media for Social Good - NCVS Pre-Con Workshp
Social Media for Social Good - NCVS Pre-Con Workshp
 
Ready, Fire, Aim
Ready, Fire, AimReady, Fire, Aim
Ready, Fire, Aim
 
But What Do You Actually Do?: Communicating Your Nonprofit's Work in Ways You...
But What Do You Actually Do?: Communicating Your Nonprofit's Work in Ways You...But What Do You Actually Do?: Communicating Your Nonprofit's Work in Ways You...
But What Do You Actually Do?: Communicating Your Nonprofit's Work in Ways You...
 
The Story of Stuff: How an Environmental Campaigner to New Media Mogul
The Story of Stuff: How an Environmental Campaigner to New Media MogulThe Story of Stuff: How an Environmental Campaigner to New Media Mogul
The Story of Stuff: How an Environmental Campaigner to New Media Mogul
 
Practical Problem Solving Using Mobile Technology
Practical Problem Solving Using Mobile TechnologyPractical Problem Solving Using Mobile Technology
Practical Problem Solving Using Mobile Technology
 
Zen and Art of Workflow Development
Zen and Art of Workflow DevelopmentZen and Art of Workflow Development
Zen and Art of Workflow Development
 
12 nt cviz
12 nt cviz12 nt cviz
12 nt cviz
 
Tips and Tools for Technology Planning
Tips and Tools for Technology PlanningTips and Tools for Technology Planning
Tips and Tools for Technology Planning
 
Technology Governance: Smart, Sexy and Simple in Seven Steps
Technology Governance: Smart, Sexy and Simple in Seven StepsTechnology Governance: Smart, Sexy and Simple in Seven Steps
Technology Governance: Smart, Sexy and Simple in Seven Steps
 
Social Network Fundraising: Facts, Myths, and Strategies that Work
Social Network Fundraising: Facts, Myths, and Strategies that WorkSocial Network Fundraising: Facts, Myths, and Strategies that Work
Social Network Fundraising: Facts, Myths, and Strategies that Work
 
Maturing Your Organization's Social Culture... by Creating a Policy?
Maturing Your Organization's Social Culture... by Creating a Policy?Maturing Your Organization's Social Culture... by Creating a Policy?
Maturing Your Organization's Social Culture... by Creating a Policy?
 
Nonprofit Cultural Revolution: Changing Your Organization's Technology Culture
Nonprofit Cultural Revolution: Changing Your Organization's Technology CultureNonprofit Cultural Revolution: Changing Your Organization's Technology Culture
Nonprofit Cultural Revolution: Changing Your Organization's Technology Culture
 

Último

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Último (20)

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

The Cloud Beckons, But is it Safe?

  • 1. The Cloud Beckons, But is it Safe? April 2012
  • 2. The Cloud Beckons, But is it Safe? #12NTCCSec Laura Quinn Michael Enos
  • 3. Evaluate This Session! Each entry is a chance to win an NTEN engraved iPad! or Online at www.nten.org/ntc/eval
  • 4. Introductions Laura Quinn Executive Director Idealware Michael Enos Chief Technology Officer, Second Harvest Food Bank of Santa Clara and San Mateo Counties What are you hoping to get out of this session?
  • 5.
  • 6. What is The Cloud?
  • 7. The Lure of the Cloud Low cost of entry Easy remote access No complex infrastructure But what about security?
  • 8. How Do YOU Feel About Cloud Security?
  • 10. Cloud Security in the News
  • 11. Under Siege To be on the Internet is to be vulnerable to attack. If you’re on the Internet, you’re in The Cloud
  • 12. But We Do Lots of Things on the Internet We shop online We bank online We post crazy things on Facebook Why is the cloud different? It’s not.
  • 13. How Secure is Your On-Site Data? Do any of these sound familiar? • No one patches computers or is responsible for network security • You haven’t really thought about passwords or permissions • No disaster recovery plans • Staff hasn’t had any security training
  • 14. Myth “We’re a tiny nonprofit. We’re safe because no one would target us for cyber attack.”
  • 15. Fact Many data security breaches are crimes of opportunity. Organizations don’t always consider the sensitivity of their data until it’s exposed.
  • 16. Myth “Our data is safer not in the cloud”
  • 17. A Cloud Data Center
  • 18. Is This Your Server Closet?
  • 20. The Three Pillars of Information Security
  • 21. Confidentiality Information is available only to authorized parties.
  • 22. Integrity Information isn’t modified inappropriately, and that you can track who made what change.
  • 23. Availability Assurance that data is accessible when needed by authorized parties.
  • 24. Also: Physical Possession Whoever has the data could, for instance, turn it over to the government
  • 25. How Does This Apply to the Cloud?
  • 26. Cloud Security The use of the term “Cloud” is cloudy! Three general types of clouds: – Software-as-a-Service – Hosted Private Cloud – Co-located Private Cloud All three have different security models
  • 27. Software as a Service The vendor owns and manages all aspects of the environment. For instance:
  • 28. Hosted Private Cloud The vendor owns and manages the equipment only, but all software is managed by the client. The equipment is on the vendors network. For instance:
  • 29. Co-located Private Cloud The vendor provides the physical environment only in a data center, the client maintains the hardware and the software. For instance:
  • 30. What Does Security Mean For You?
  • 31. Rules for Absolute Safety Turn off your Internet connection. Allow no one access to your data and systems. But let’s be realistic…
  • 32. Know What You’re Protecting What kinds of data are you storing, and how sensitive are they? Think about its value on the open market.
  • 33. Red Flags You need extremely tight security to store: • Donor’s credit card numbers. • Scanned images of checks. • Donor’s bank account information.
  • 34. What’s Your Exposure? Consider the impact of exposure of your confidential information, both in monetary terms and reputation.
  • 35. What’s The Impact of an Outage? How much staff time could you lose from a short term or prolonged outage?
  • 36. Testing Your On-Site Security Have you recently performed a: • Check on whether your systems have been recently patched? • Systems penetration test ? • Employee training on security procedures? • Backup/recovery test? If not, you’d likely increase your security by moving to the cloud.
  • 39. Physical Security • Guarded facilities • Protection of your hardware and devices • Power redundancy • Co-location (redundant facilities)
  • 40. Network Security • Intrusion prevention • Intrusion detection • Firewalled systems • Network proactive anti-virus protection
  • 41. Transmission Security Is data encrypted in transit? Is the network secure?
  • 42. Access Controls • Ensuring the right people have access to the right data • Physical access to the server • Training on appropriate passwords and security measures
  • 43. Data Protection • Data encryption • Solid backup and restore policies • Ability to purge deleted data • Ability to prevent government entities from getting your data with a subpoena
  • 44. What to Look For in a Vendor
  • 45. Description of Security Mechanisms Documentation of all the facets of security, and the staff can talk about it intelligently. Proves information security is on the “front burner”
  • 46. Uptime Do they provide any guarantee of uptime? Any historic uptime figures? Uptime figures are typically in 9s-- 99%, 99.9% or 99.99% Your connection to the internet may well be the weakest link.
  • 47. Regulatory Compliance: HIPAA Does the vendor support organizations that need to be compliant with HIPAA (the Health Insurance Portability and Accountability Act)?
  • 48. Regulatory Compliance: SAS70 and SSAE16 Audit for security standards, hardware, and processes. Statement on Accounting Standards 70 (SAS70) Statement of Standards for Attestation Engagements 16 (SSAE16)
  • 49. Regulatory Compliance: PCI DSS Compliance If you’re storing credit card numbers, your vendor needs to be compliant with PCI DSS (Payment Card Industry Payment Data Security Standard)
  • 51. Understand the Value of Your Data What is it worth to you? To others? What measures are appropriate to protect it?
  • 52. Your Data Is No Safer Than You Make It Any computer attached to the internet is vulnerable unless you protect it. The cloud isn’t, in of itself, more or less secure
  • 53. But Many Vendors Make Your Data Really Safe Choose vendors who show they’re serious about data protection (not all vendors are created equal). Consider a vendor’s regulatory compliance.