SlideShare una empresa de Scribd logo

Secure Cloud Hosting: Real Requirements to Protect your Data

Great Wide Open
Great Wide Open

Great Wide Open - Day 2 Chris Hinkley - Firehost 2:45 PM - Operations 1 (Cloud)

Tecnología
1 de 22
Descargar para leer sin conexión
Secure Cloud Hosting: Real Requirements to Protect your Data Chris Hinkley Senior Security Architect Great Wide Open – Atlanta, GA April 2 – 3, 2014
Locking Down the Cloud – A Holistic View Agenda •  The Specialization of IT •  Challenges Facing Cloud Consumers and Providers •  A To-Do List for Cloud Consumers and Providers •  The Secure Cloud is Not a Myth •  Physical Security •  Perimeter Security •  Virtual Server Security •  Supporting Security Services •  Secure Administrative Access •  Business Continuity and DR •  Compliance for Cloud
The Specialization of IT •  Complexities of IT has meant more specialists than generalists, each responsible for a small piece of the puzzle •  New tools and technologies has led to increased staffing levels, with specific experience on implementation and management •  Rapid change in technology means nearly continuous training for specialists •  High cost to implement and maintain IT infrastructure have many companies looking for ways to offload as much as possible Locking Down the Cloud – A Holistic View
Challenges Facing Cloud Consumers and Providers •  Consumers want to outsource both technology and compliance responsibilities •  Consumers cannot abdicate their compliance responsibility  •  Providers do not adequately define the division of responsibilities between themselves and customers •  Providers often do not clearly articulate how they can help customers meet compliance requirements •  All can lead to confusion in the purchasing decision and create conflicts during an audit Locking Down the Cloud – A Holistic View
A To-Do List For Cloud Consumers and Providers •  Consumers need to fully understand all of their security and compliance responsibilities •  Consumers need to effectively evaluate and understand the various cloud provider models •  Consumers need to ask for clear definition of all services, the division of their responsibilities and those of their providers •  Consumers must put programs in place to ensure that their providers are meeting their responsibilities. •  Providers must become transparent about their security programs and deliver adequate details about offered services •  Providers must clearly articulate the delineation of responsibilities between themselves and customers •  Providers must be clear about how their offered services can assist consumers in meeting compliance requirements Locking Down the Cloud – A Holistic View
The Secure Cloud is Not a Myth •  Build for security not compliance •  Follow security best practices vs. chasing compliance guidelines •  Use a common controls approach •  Deploy multiple security countermeasures using a layered approach Locking Down the Cloud – A Holistic View
Physical Security •  Locate data center in area at low risk to natural disasters •  No identifying signage •  24X7 manned security, roving patrols •  Multi-factor authentication for entry •  Comprehensive CCTV coverage •  Log all entries, monitor systems, securely store logs and video Locking Down the Cloud – A Holistic View
Attackers need Targets Verizon DBR Data •  92% of breaches were perpetrated by outsiders •  78% of initial intrusions rated as low difficulty •  Attack Targeting •  Opportunistic – 75% •  Targeted – 25% FireHost Superfecta •  47,917,145 of IPRM blocks in 2013 •  14,057,093 of blocked attacks via WAF Locking Down the Cloud – A Holistic View •  Cross-Site Request Forgery – 3,347,515 •  Cross-Site Scripting – 4,904,651 Broken  down  into  the  4  categories     •  Directory Traversal – 3,269,680 •  SQL Injection – 2,535,247
Vulnerability Trends Locking Down the Cloud – A Holistic View Source:  Secunia  Vulnerability  Review  2014  
Vulnerability Trends Locking Down the Cloud – A Holistic View Source:  Secunia  Vulnerability  Review  2014  
Locking Down the Cloud – A Holistic View Routers w/IP Reputation Filtering Redundant DoS/DDoS Mitigation Redundant Web Application Firewalls Redundant Public Traffic Intrusion Detection Perimeter Security
Locking Down the Cloud – A Holistic View SECURITY ZONE Application Servers Database Servers Load Balancers VMware Hypervisor (Hardened) Blade/SAN Architecture High Availability Architecture 20 Gbps Network (Public & Private) Per VM Firewall Policies Unlimited Security Zones Web Servers SECURITY ZONE Secure SAN Storage Physically Isolated Secure Storage Area Network Secure Data Deletion and Destruction Complete Data Obfuscation VM VM VM VM VM LB LB VM VM VM VM VM SAN Virtual Server Security
Locking Down the Cloud – A Holistic View Data Leakage Protection Antimalware/ Antivirus File Integrity Monitoring Vulnerability Management Log Management Patch Management Configuration Management Supporting Security Services
Locking Down the Cloud – A Holistic View Protecting from the Outside In
Locking Down the Cloud – A Holistic View Secure Administrative Access Physically Isolated Network Secure Jump Hosts Privileged Access Management Full Session Recording Multi-Factor Authentication SSLVPN/L2LVPN Secure Access MPLS Termination Secure Customer Access Secure Administrative Access
Locking Down the Cloud – A Holistic View Putting It All Together
Locking Down the Cloud – A Holistic View IsolatedCustomerEnvironment IsolatedCustomerEnvironment Data Leakage Protection Antimalware/ Antivirus File Integrity Monitoring Vulnerability Management Log Management Patch Management Configuration Management Secure Administrative Access Physically Isolated Network Secure Jump Hosts Privileged Access Management Full Session Recording SECURITY ZONE Application Servers Database Servers Load Balancers VMware Hypervisor (Hardened) Blade/SAN Architecture High Availability Architecture 20 Gbps Network (Public & Private) Per VM Firewall Policies Unlimited Security Zones Web Servers SECURITY ZONE Secure SAN Storage Physically Isolated Secure Storage Area Network Secure Data Deletion and Destruction Complete Data Obfuscation VM VM VM VM VM LB LB VM VM VM VM VM SAN Multi-Factor Authentication SSLVPN/L2LVPN Secure Access MPLS Termination Secure Customer Access Routers w/IP Reputation Filtering Redundant DoS/DDoS Mitigation Redundant Web Application Firewalls Redundant Public Traffic Intrusion Detection
Business Continuity & DR •  Lessons (supposedly) learned from Katrina and other recent disasters •  Did we really learn? What about Sandy and Nemo? •  Location of data centers, loss of transportation, large scale power and other critical service outage, employees worrying more about personal and family safety •  Didn’t fully learn from the past •  BCDR Solutions •  Focus on business continuity part of BCDR •  Build for high availability •  Implement redundant sites with geographic load balancing •  At minimum replicate data to another location Full Infrastructure Geographic Location 1 Full Infrastructure Geographic Location 2 Primary Infrastructure File/Database Backups Regular Backups Real-Time Replication Locking Down the Cloud – A Holistic View
Managing Compliance for Cloud •  Treat all data as sensitive (after all, it’s just 1’s and 0’s to the systems) •  Develop a common controls framework (CCF) of controls based on industry standard frameworks; enabling efficient compliance adoption and validation reporting •  Use existing industry standards like ISO 27001 and NIST 800-53 as a baseline and add specific requirements based on your needs (PCI, HIPAA, GLBA, etc.) •  Future proof compliance iterations by keeping your CCF updated •  Implement a continuous monitoring and audit program Locking Down the Cloud – A Holistic View
Continuous Monitoring for Compliance •  Confusing term and application depending on who you talk to •  What is the definition of “real-time?” •  Define the appropriate monitoring interval for each control •  Patching – 30 days upon release •  Log reviews - daily •  Malware scans – real-time alerting and reporting •  Access reviews – privileged accounts monthly, others quarterly •  Implement tools to monitor the controls at the defined interval •  Centralize all monitoring results in a secure system •  Build dashboard to track compliance based on results Locking Down the Cloud – A Holistic View
What about data sovereignty and regional regulation? •  Ensure you understand what regulations apply to your business •  Engage with your customers to understand their requirements •  Take these regulations and customer requirements into account within your CCF •  Architect your cloud to enable data sovereignty and allow customers to select the location(s) for their servers and data •  Provide monitoring/reporting that allows customers to validate where their data is at any time •  Keep up with changes to the regulations Locking Down the Cloud – A Holistic View
Thank You Email Phone Chris Hinkley Senior Security Architect chris.hinkley@firehost.com 1-877-262-3473 x8032 Questions? Locking Down the Cloud – A Holistic View

Recomendados

Algosec security policy management for financial institutions
Algosec security policy management for financial institutionsAlgosec security policy management for financial institutions
Algosec security policy management for financial institutions
Maytal Levi
 
Assessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsAssessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS Solutions
Digital Bond
 
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveTop PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
AlgoSec
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
AlgoSec
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
AlgoSec
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
ColorTokens Inc
 
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersEnsuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
AlgoSec
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation
Maytal Levi
 

Recomendados

Algosec security policy management for financial institutions
Algosec security policy management for financial institutionsAlgosec security policy management for financial institutions
Algosec security policy management for financial institutions
Maytal Levi
 
Assessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsAssessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS Solutions
Digital Bond
 
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveTop PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
AlgoSec
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
AlgoSec
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
AlgoSec
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
ColorTokens Inc
 
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersEnsuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
AlgoSec
 
Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation Tying cyber attacks to business processes, for faster mitigation
Tying cyber attacks to business processes, for faster mitigation
Maytal Levi
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
CloudPassage
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware
AlgoSec
 
Network Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceNetwork Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack Surface
Skybox Security
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the Curve
AlgoSec
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
AlgoSec
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability
Skybox Security
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
CloudPassage
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
AlgoSec
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11
Skybox Security
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
AlgoSec
 
Migrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best PracticesMigrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best Practices
shira koper
 
Best Practices for Network Security Management
Best Practices for Network Security Management Best Practices for Network Security Management
Best Practices for Network Security Management
Skybox Security
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network final
AlgoSec
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix It
Skybox Security
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud
AlgoSec
 
Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Security
shira koper
 
Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...
AlgoSec
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
AlgoSec
 
Ransomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondRansomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respond
AlgoSec
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best Practices
AlgoSec
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
Moshe Ferber
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdf
Ciente
 

Más contenido relacionado

La actualidad más candente

Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
CloudPassage
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
AlgoSec
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
AlgoSec
 
Migrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best PracticesMigrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best Practices
shira koper
 
Best Practices for Network Security Management
Best Practices for Network Security Management Best Practices for Network Security Management
Best Practices for Network Security Management
Skybox Security
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network final
AlgoSec
 
Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Security
shira koper
 
Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...
AlgoSec
 
Ransomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondRansomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respond
AlgoSec
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best Practices
AlgoSec
 

La actualidad más candente (20)

Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware
 
Network Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceNetwork Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack Surface
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the Curve
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
 
Migrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best PracticesMigrating and Managing Security in an AWS Environment- Best Practices
Migrating and Managing Security in an AWS Environment- Best Practices
 
Best Practices for Network Security Management
Best Practices for Network Security Management Best Practices for Network Security Management
Best Practices for Network Security Management
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network final
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix It
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud
 
Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Security
 
Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...Managing application connectivity securely through a merger or acquisition – ...
Managing application connectivity securely through a merger or acquisition – ...
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
 
Ransomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respondRansomware Attack: Best Practices to proactively prevent contain and respond
Ransomware Attack: Best Practices to proactively prevent contain and respond
 
Create and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best PracticesCreate and Manage a Micro-Segmented Data Center – Best Practices
Create and Manage a Micro-Segmented Data Center – Best Practices
 

Similar a Secure Cloud Hosting: Real Requirements to Protect your Data

AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
Amazon Web Services
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Standards Customer Council
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
Cloud Standards Customer Council
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
CloudPassage
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
NJVC, LLC
 
gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2
Anne Starr
 

Similar a Secure Cloud Hosting: Real Requirements to Protect your Data (20)

Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdf
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
Cloud Security Guidance from CESG and AWS
Cloud Security Guidance from CESG and AWSCloud Security Guidance from CESG and AWS
Cloud Security Guidance from CESG and AWS
 
Secure Cloud Issues
Secure Cloud IssuesSecure Cloud Issues
Secure Cloud Issues
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Is it an internal affair
Is it an internal affairIs it an internal affair
Is it an internal affair
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwari
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 
chapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptxchapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptx
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
 
gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2
 
Zero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxZero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptx
 

Más de Great Wide Open

Más de Great Wide Open (20)

The Little Meetup That Could
The Little Meetup That CouldThe Little Meetup That Could
The Little Meetup That Could
 
Lightning Talk - 5 Hacks to Getting the Job of Your Dreams
Lightning Talk - 5 Hacks to Getting the Job of Your DreamsLightning Talk - 5 Hacks to Getting the Job of Your Dreams
Lightning Talk - 5 Hacks to Getting the Job of Your Dreams
 
Breaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational PullBreaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational Pull
 
Dealing with Unstructured Data: Scaling to Infinity
Dealing with Unstructured Data: Scaling to InfinityDealing with Unstructured Data: Scaling to Infinity
Dealing with Unstructured Data: Scaling to Infinity
 
You Don't Know Node: Quick Intro to 6 Core Features
You Don't Know Node: Quick Intro to 6 Core FeaturesYou Don't Know Node: Quick Intro to 6 Core Features
You Don't Know Node: Quick Intro to 6 Core Features
 
Hidden Features in HTTP
Hidden Features in HTTPHidden Features in HTTP
Hidden Features in HTTP
 
Using Cryptography Properly in Applications
Using Cryptography Properly in ApplicationsUsing Cryptography Properly in Applications
Using Cryptography Properly in Applications
 
Lightning Talk - Getting Students Involved In Open Source
Lightning Talk - Getting Students Involved In Open SourceLightning Talk - Getting Students Involved In Open Source
Lightning Talk - Getting Students Involved In Open Source
 
You have Selenium... Now what?
You have Selenium... Now what?You have Selenium... Now what?
You have Selenium... Now what?
 
How Constraints Cultivate Growth
How Constraints Cultivate GrowthHow Constraints Cultivate Growth
How Constraints Cultivate Growth
 
Inner Source 101
Inner Source 101Inner Source 101
Inner Source 101
 
Running MySQL on Linux
Running MySQL on LinuxRunning MySQL on Linux
Running MySQL on Linux
 
Search is the new UI
Search is the new UISearch is the new UI
Search is the new UI
 
Troubleshooting Hadoop: Distributed Debugging
Troubleshooting Hadoop: Distributed DebuggingTroubleshooting Hadoop: Distributed Debugging
Troubleshooting Hadoop: Distributed Debugging
 
The Current Messaging Landscape
The Current Messaging LandscapeThe Current Messaging Landscape
The Current Messaging Landscape
 
Apache httpd v2.4
Apache httpd v2.4Apache httpd v2.4
Apache httpd v2.4
 
Understanding Open Source Class 101
Understanding Open Source Class 101Understanding Open Source Class 101
Understanding Open Source Class 101
 
Thinking in Git
Thinking in GitThinking in Git
Thinking in Git
 
Antifragile Design
Antifragile DesignAntifragile Design
Antifragile Design
 
Elasticsearch for SQL Users
Elasticsearch for SQL UsersElasticsearch for SQL Users
Elasticsearch for SQL Users
 

Último

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Último (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

Secure Cloud Hosting: Real Requirements to Protect your Data

  • 1. Secure Cloud Hosting: Real Requirements to Protect your Data Chris Hinkley Senior Security Architect Great Wide Open – Atlanta, GA April 2 – 3, 2014
  • 2. Locking Down the Cloud – A Holistic View Agenda •  The Specialization of IT •  Challenges Facing Cloud Consumers and Providers •  A To-Do List for Cloud Consumers and Providers •  The Secure Cloud is Not a Myth •  Physical Security •  Perimeter Security •  Virtual Server Security •  Supporting Security Services •  Secure Administrative Access •  Business Continuity and DR •  Compliance for Cloud
  • 3. The Specialization of IT •  Complexities of IT has meant more specialists than generalists, each responsible for a small piece of the puzzle •  New tools and technologies has led to increased staffing levels, with specific experience on implementation and management •  Rapid change in technology means nearly continuous training for specialists •  High cost to implement and maintain IT infrastructure have many companies looking for ways to offload as much as possible Locking Down the Cloud – A Holistic View
  • 4. Challenges Facing Cloud Consumers and Providers •  Consumers want to outsource both technology and compliance responsibilities •  Consumers cannot abdicate their compliance responsibility  •  Providers do not adequately define the division of responsibilities between themselves and customers •  Providers often do not clearly articulate how they can help customers meet compliance requirements •  All can lead to confusion in the purchasing decision and create conflicts during an audit Locking Down the Cloud – A Holistic View
  • 5. A To-Do List For Cloud Consumers and Providers •  Consumers need to fully understand all of their security and compliance responsibilities •  Consumers need to effectively evaluate and understand the various cloud provider models •  Consumers need to ask for clear definition of all services, the division of their responsibilities and those of their providers •  Consumers must put programs in place to ensure that their providers are meeting their responsibilities. •  Providers must become transparent about their security programs and deliver adequate details about offered services •  Providers must clearly articulate the delineation of responsibilities between themselves and customers •  Providers must be clear about how their offered services can assist consumers in meeting compliance requirements Locking Down the Cloud – A Holistic View
  • 6. The Secure Cloud is Not a Myth •  Build for security not compliance •  Follow security best practices vs. chasing compliance guidelines •  Use a common controls approach •  Deploy multiple security countermeasures using a layered approach Locking Down the Cloud – A Holistic View
  • 7. Physical Security •  Locate data center in area at low risk to natural disasters •  No identifying signage •  24X7 manned security, roving patrols •  Multi-factor authentication for entry •  Comprehensive CCTV coverage •  Log all entries, monitor systems, securely store logs and video Locking Down the Cloud – A Holistic View
  • 8. Attackers need Targets Verizon DBR Data •  92% of breaches were perpetrated by outsiders •  78% of initial intrusions rated as low difficulty •  Attack Targeting •  Opportunistic – 75% •  Targeted – 25% FireHost Superfecta •  47,917,145 of IPRM blocks in 2013 •  14,057,093 of blocked attacks via WAF Locking Down the Cloud – A Holistic View •  Cross-Site Request Forgery – 3,347,515 •  Cross-Site Scripting – 4,904,651 Broken  down  into  the  4  categories     •  Directory Traversal – 3,269,680 •  SQL Injection – 2,535,247
  • 9. Vulnerability Trends Locking Down the Cloud – A Holistic View Source:  Secunia  Vulnerability  Review  2014  
  • 10. Vulnerability Trends Locking Down the Cloud – A Holistic View Source:  Secunia  Vulnerability  Review  2014  
  • 11. Locking Down the Cloud – A Holistic View Routers w/IP Reputation Filtering Redundant DoS/DDoS Mitigation Redundant Web Application Firewalls Redundant Public Traffic Intrusion Detection Perimeter Security
  • 12. Locking Down the Cloud – A Holistic View SECURITY ZONE Application Servers Database Servers Load Balancers VMware Hypervisor (Hardened) Blade/SAN Architecture High Availability Architecture 20 Gbps Network (Public & Private) Per VM Firewall Policies Unlimited Security Zones Web Servers SECURITY ZONE Secure SAN Storage Physically Isolated Secure Storage Area Network Secure Data Deletion and Destruction Complete Data Obfuscation VM VM VM VM VM LB LB VM VM VM VM VM SAN Virtual Server Security
  • 13. Locking Down the Cloud – A Holistic View Data Leakage Protection Antimalware/ Antivirus File Integrity Monitoring Vulnerability Management Log Management Patch Management Configuration Management Supporting Security Services
  • 14. Locking Down the Cloud – A Holistic View Protecting from the Outside In
  • 15. Locking Down the Cloud – A Holistic View Secure Administrative Access Physically Isolated Network Secure Jump Hosts Privileged Access Management Full Session Recording Multi-Factor Authentication SSLVPN/L2LVPN Secure Access MPLS Termination Secure Customer Access Secure Administrative Access
  • 16. Locking Down the Cloud – A Holistic View Putting It All Together
  • 17. Locking Down the Cloud – A Holistic View IsolatedCustomerEnvironment IsolatedCustomerEnvironment Data Leakage Protection Antimalware/ Antivirus File Integrity Monitoring Vulnerability Management Log Management Patch Management Configuration Management Secure Administrative Access Physically Isolated Network Secure Jump Hosts Privileged Access Management Full Session Recording SECURITY ZONE Application Servers Database Servers Load Balancers VMware Hypervisor (Hardened) Blade/SAN Architecture High Availability Architecture 20 Gbps Network (Public & Private) Per VM Firewall Policies Unlimited Security Zones Web Servers SECURITY ZONE Secure SAN Storage Physically Isolated Secure Storage Area Network Secure Data Deletion and Destruction Complete Data Obfuscation VM VM VM VM VM LB LB VM VM VM VM VM SAN Multi-Factor Authentication SSLVPN/L2LVPN Secure Access MPLS Termination Secure Customer Access Routers w/IP Reputation Filtering Redundant DoS/DDoS Mitigation Redundant Web Application Firewalls Redundant Public Traffic Intrusion Detection
  • 18. Business Continuity & DR •  Lessons (supposedly) learned from Katrina and other recent disasters •  Did we really learn? What about Sandy and Nemo? •  Location of data centers, loss of transportation, large scale power and other critical service outage, employees worrying more about personal and family safety •  Didn’t fully learn from the past •  BCDR Solutions •  Focus on business continuity part of BCDR •  Build for high availability •  Implement redundant sites with geographic load balancing •  At minimum replicate data to another location Full Infrastructure Geographic Location 1 Full Infrastructure Geographic Location 2 Primary Infrastructure File/Database Backups Regular Backups Real-Time Replication Locking Down the Cloud – A Holistic View
  • 19. Managing Compliance for Cloud •  Treat all data as sensitive (after all, it’s just 1’s and 0’s to the systems) •  Develop a common controls framework (CCF) of controls based on industry standard frameworks; enabling efficient compliance adoption and validation reporting •  Use existing industry standards like ISO 27001 and NIST 800-53 as a baseline and add specific requirements based on your needs (PCI, HIPAA, GLBA, etc.) •  Future proof compliance iterations by keeping your CCF updated •  Implement a continuous monitoring and audit program Locking Down the Cloud – A Holistic View
  • 20. Continuous Monitoring for Compliance •  Confusing term and application depending on who you talk to •  What is the definition of “real-time?” •  Define the appropriate monitoring interval for each control •  Patching – 30 days upon release •  Log reviews - daily •  Malware scans – real-time alerting and reporting •  Access reviews – privileged accounts monthly, others quarterly •  Implement tools to monitor the controls at the defined interval •  Centralize all monitoring results in a secure system •  Build dashboard to track compliance based on results Locking Down the Cloud – A Holistic View
  • 21. What about data sovereignty and regional regulation? •  Ensure you understand what regulations apply to your business •  Engage with your customers to understand their requirements •  Take these regulations and customer requirements into account within your CCF •  Architect your cloud to enable data sovereignty and allow customers to select the location(s) for their servers and data •  Provide monitoring/reporting that allows customers to validate where their data is at any time •  Keep up with changes to the regulations Locking Down the Cloud – A Holistic View
  • 22. Thank You Email Phone Chris Hinkley Senior Security Architect chris.hinkley@firehost.com 1-877-262-3473 x8032 Questions? Locking Down the Cloud – A Holistic View