FireHost's Senior Security Engineer will discuss the need for acute awareness to secure data in the Cloud, and how the advancement of the environment has also accelerated the way this technology can be breached. The session will also include case studies on attacks and what you need to be asking yourself and your provider.

1. Chris Hinkley
Senior Security Engineer
@incrediblehink www.firehost.com

2. Secure Cloud Hosting
Real Requirements
To Protect Your Data

3. WHAT IS THE CLOUD?
One Word, Infinite Definitions
Secure Cloud Hosting: Real Requirements to Protect Your Data

4. WHY THE CLOUD?
It Far Outweighs The Alternatives
• Cost savings with virtualization
• Getting out the Hardware and software
management business
• Ease and speed of scaling
• Niche cloud service providers that are
specializing in secure cloud hosting
Secure Cloud Hosting: Real Requirements to Protect Your Data

5. WHO IS MOVING TO THE CLOUD?
Google Trends Search Volume ON THE RISE
Cloud Hosting Cloud Security
• Google Trend Screens
Scale is based on the average search traffic in the World
Secure Cloud Hosting: Real Requirements to Protect Your Data

6. WHO IS MOVING TO THE CLOUD?
Google Trends Search Volume ON THE DECLINE
Dedicated Hosting
Scale is based on the average search traffic in the World
Secure Cloud Hosting: Real Requirements to Protect Your Data

7. CAN THE CLOUD BE SECURE?
Just The Facts Please
“ We are often asked whether the Cloud factors into many of the breaches
we investigate. The easy answer is No–not really. It‟s more about giving up
control of our assets and data (and not controlling the associated risk) than
any technology specific to the Cloud.
Location/Hosting of assets by percent of breaches*
”
6% 6% 14% 76%
N/A Co-Located External Internal
2% Unknown
1% Mobile
Management of assets by percent of breaches*
5% 16% 34% 48%
N/A Co-Managed External Internal
2% Unknown
Secure Cloud Hosting: Real Requirements to Protect Your Data *Verizon caseload only

8. CAN THE CLOUD BE SECURE?
Just The Facts Please
“ Given the industry‟s hyper-focus on cloud computing, we do our best to track
relevant details during breach investigations and subsequent analysis. We
have yet to see a breach involving a successful attack against the hypervisor.
Attack targeting by percent of breaches*
” Attack difficulty by percent of breaches*
High None
8% 6%
17%
Targeted
37%
Low
49%
83% Medium
Opportunistic
Secure Cloud Hosting: Real Requirements to Protect Your Data *Verizon caseload only

9. HOW CAN YOU CREATE ISOLATION?
Separating Your Data
• Network Traffic Separation
• Virtual Machine Isolation
• Storage Separation
• Multi-tenant Security Devices
Secure Cloud Hosting: Real Requirements to Protect Your Data

10. KEEPING HACKERS AT BAY
Protecting Your Web Application
• Security in your SDLC
• Code Review
• Vulnerability Scanning
• Penetration Testing
• Change Management
Secure Cloud Hosting: Real Requirements to Protect Your Data

11. SECURITY IN DEPTH
Web Application Firewalls
• Security in Depth
• Firewalls=sledgehammer
• WAFs=scalpel
• Signatures and Profiling
• Virtual Patching
• 0-day Mitigation
Secure Cloud Hosting: Real Requirements to Protect Your Data

12. CASE STUDY
TimThumb Wordpress Plugin
• Image Resizing Plugin for Wordpress Blogs
• Included In Many Themes
• 0-Day Remote File Include Exploit
• Flawed Logic allowed trivial RFI
Secure Cloud Hosting: Real Requirements to Protect Your Data

13. 13

14. FIX ALL THE THINGS
Virtually Instant Patching
• Applying a single „patch‟ Secured Many
• Allowed Adequate Time
• Provided Security / Preserved Functionality
Secure Cloud Hosting: Real Requirements to Protect Your Data

15. IN CONCLUSION
Cloud Security Is Not A Myth
• Traditional infrastructure
is no more secure than
the cloud.
• Tackle the low-hanging
fruit first.
• Your application evolves.
So should your security.
Secure Cloud Hosting: Real Requirements to Protect Your Data

16. Thank You
Questions?
Chris Hinkley Email chris.hinkley@firehost.com
Twitter twitter.com/FireHost