1.
Security Benefits of Cloud Computing
Presenter: Eric Jeffery, Solutions Engineer, Vidyo, Inc.

2.
2| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Agenda
• My Background
• Risks and Security Threats
• Status of the Oil & Gas (O&G) Industry
• What is Cloud Computing
• Security Benefits of Cloud Computing
• Moving to “The Cloud”

3.
3| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
My Background

4.
4| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Eric Jeffery Background
• Bachelors Degree in Economics
• >20 Years IT Experience
• Manager at Software Etc.
• IT Contractor
• Systems and Network Administrator
• IT Network Security Analyst
• Network Engineer and Capacity Planning Lead
• Sr. Manager Professional Services
• Solutions Engineer

5.
5| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Risks and Security Threats

6.
6| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Methods that Create Threats and Risks
• In Person Physical Penetration
• Network Intrusion Over the Wire
• Malware, Spyware, Virus, Trojan
• Bots, DoS, DDos
• Phishing
• Pretexting
• IP Spoofing
• Baiting
• Dumpster diving
• Shoulder surfing
TIM HAÏDAR | EDITOR IN CHIEF | OIL & GAS IQ | 2015

7.
7| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Internal Security Threats
Verizon 2015 Data Breach Investigations Report

8.
8| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Status of Oil & Gas Cyber Security

9.
9| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Headlines:
• U.S. Oil and Gas at Greater Risk for Cyber Attacks – June,
2013 – Fox Business
• Russia attacks U.S. oil and gas companies in massive hack
– July, 2014 – CNN Money
• Oil and Gas Industry Preparing for Cyber Attacks –
January, 2015 – iNews
• NatGas, Oil Industry in 'Crosshairs' of Malicious Cyber
Attacks – June, 2015 – Natural Gas Intel Daily
• Oil, Gas firms face cyber attack threats – June, 2014 –
Trade Arabia

10.
10| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
O&G Industry Security Statistices
• Data out of the US show that between April 2013 and 2014, threat
actors hit 53 per cent of energy companies1.
• Cyber attacks are costing the energy sector in the UK some $700
million a year1.
• The Shamoon virus took Saudi Aramco, the world’s largest oil
producing company out of action for almost two weeks1.
• Recent analysis from Frost & Sullivan shows that the security of
critical facilities remains the topmost priority for the global oil and gas
industry. – Security Week, June 2013
• BP’s CEO, Bob Dudley, revealed in 2013 that BP suffered on average
50,000 cyber attacks every day, from both domestic and foreign
offenders.
1 TIM HAÏDAR | EDITOR IN CHIEF | OIL & GAS IQ | 2015

11.
11| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Industry Rankings for Cyber Espionage Attacks
Verizon 2015 Data Breach Investigations Report

12.
12| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Security Threats to O&G Firms
• Internal
• External
• Structured
• Unstructured
Verizon 2015 Data Breach Investigations Report

13.
13| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
O&G Biggest Fear from Cyber Attack(s)
TIM HAÏDAR | EDITOR IN CHIEF | OIL & GAS IQ | 2015

14.
14| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Major O&G Cyber Security Attacks 2010-2014
TIM HAÏDAR | EDITOR IN CHIEF | OIL & GAS IQ | 2015

15.
15| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
What is Cloud Computing?

16.
16| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
What is Cloud Computing?

17.
17| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
XaaS – Anything & Everything “As A Service”
• IaaS – Infrastructure
• PaaS - Platform
• VaaS - Video
• SaaS – Software/Storage
• DRaaS – Disaster Recovery
• DaaS – Desktop
• BaaS – Backup
• EaaS - Email

18.
18| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Security Benefits of Cloud Computing

19.
19| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Top Level Cloud Computing Benefits
• Vetted staff
• Data distribution
• Physical security benefits
• Staffing levels
• Expertise
• Evolving requirements
• Scaling of technical resources
• Legal Considerations
• Experience with forensic analysis

20.
20| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Functional Advantages of Cloud Computing
• Vetted Staff
– Rigorous background screening
– Former military and law enforcement
– 3rd party staff also vetted
• Data Distribution
– Multiple systems, Geographic Disparity
– Threats have no physical access to data
– Increased capability for HA/BC/DR

21.
21| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Functional Advantages of Cloud Computing
• Physical Security
– Redundant power, multiple uplinks
– 24x7 guards, camera’s, logs, badge requirement, escorts, etc.
• Staffing Levels
– Educated with ongoing training
– Extra staff
– Extreme depth of skill

22.
22| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Functional Advantages of Cloud Computing
• Expertise
– Deep Level Experts
– Process Engineering
– Project Management
– Change Management
– Release Management
• Adapt to New Requirements and Regulations
– HIPAA 1996, 2003
– SOX 2002
– SSAE16 (SAS70) 2013/2014

23.
23| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Functional Advantages of Cloud Computing
• Scaling Technical Resources
– Rapid resource deployment
– Ease of upgrade
• Legal Considerations
– Liability Shift?
– Jurisdiction (National/International)
– Data Ownership, Responsibility
• Experience staff dealing with forensic analysis
– Rapidly identify cause/impact of breach

24.
24| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Reasons that Cloud Delivers More Security
• Experience
• Focus
• Staffing
• Up to Date Technology
• Stay current with regulations compliance standards
• Partnerships with largest and best suited vendors in industry

25.
25| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Cloud Computing Risk Mitigation
• Moves the “Honey Pot”
• Reduces physical access risk
• Distributes data physically and logically
• Economies of scale
– Network
– Physical Security Implementations
– Technology
• Ensures proper data destruction

26.
26| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Key Mitigation Methods
: Probable benefits
from Cloud providers
Verizon 2015 Data Breach Investigations Report

27.
27| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Moving to The Cloud

28.
28| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
What to Consider When Moving to the Cloud
• Tenancy: Privacy, Identity, and Access
• Location
• Compliance
• Data Integrity
• Availability
• International Geography Considerations
• Information Protection
• Legal Jurisdiction

29.
29| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Why Move to Cloud Computing?
• Well established
• Multiple layers of security
• Experienced staff
• Energy companies are behind
• Economies of scale

30.
30| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Getting Started
• Understand “Why”
• Validate plan with corporate goals
• Determine which applications are applicable
– Irreplaceable expertise in IT
– Intellectual property
– What’s the budget
– Legal implications
• Find a partner
– Data Center
– Application Management

31.
31| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Thank You
Questions or Comments?
Eric Jeffery
Solutions Engineer, Vidyo, Inc.
ejeffery@vidyo.com
719-641-8114
https://www.linkedin.com/in/ericrjeffery