SlideShare una empresa de Scribd logo

The Datacenter Security Continuum

Descargar como PPT, PDF
Martin Hingley
Martin Hingley

The presentation given to the DataCenterDynamics Converged 2014 conference in the UK based on our research commissioned by DCDi

Tecnología
1 de 10
The Datacenter security DataCenterDynami continuum Martin Hingley ITCandor The Secure Data Center
Agenda • The security continuum • Same ‘bad boys,’ deeper threats • Don’t be wise after the event • Organisation, technology, process – a balanced approach • Conclusions – how to build better data center security DataCenterDynami
Introduction • A review of a published DataCenterDynamics research paper • Contributors: – Amichai Shulman, Imperva – Felix Martin, Richard Archdeacon, HP – Mike Smart, Symantec – Peter Jopling, IBM – Warren Wu, Fortinet • Designed as a strategic review DataCenterDynami
Data center protection is part of the security continuum Mainframe Mini Client/Server LANs DataCenterDynami • New trends change the definition of the datacenter • The attack surface includes the network and endpoints • Virtualisation changes everything • Security is forgotten in the need for instant gratification • Compliance is akin security • You can’t lock the datacenter away any more Internet Virtualisation Cloud Computing Mobility IoT Social 1980 1990 2000 2010 2020 Low Insecurity High Insecurity grows as technology develops
The Potential sources of data center insecurity DataCenterDynami Internal External Deliberate Accidental Disgruntled staff Unhappy Ex-staff Criminal Hackers Automated Spam Government Spies Un-vetted Partners Insufficient Controls Naïve Digital Natives Unplanned Downtime Insecure Clouds Network Failures Criminal Partners
The data center under attack – the different forms of hacking SQL Injection Physical Access DataCenterDynami Spear Phishing The Secure Data Center Distributed Denial Of Service Trojan Software Cross-Site Scripting
Security issues and Cloud Computing choices Private Cloud (on premise) Average Hybrid Multi- Tennant Cloud (off premise) Average DataCenterDynami Hybrid Private Cloud (on/off premise) Average Performance Elasticity Public Cloud (off premise) TCO Security Performance Elasticity TCO Security Performance Elasticity TCO TCO Security Security Average Performance Elasticity
Don’t be wise after the event • Security events can be a 10k issue • Watch your competitors – take action to avoid their lapses • If breached, don’t just buy new software – reconsider your attitude towards risk, security posture and precautions • Governments, Cloud Security Alliance, PCI can help train you • Telco and Finance are highly regulated and typically more secure • Manufacturing and IP-rich sectors are less so • Criminals expect you to secure the datacenter in a standard way DataCenterDynami
Addressing organizations, technologies and processes Educate the board, staff and contractors Increase awareness of Security issues Use the best discrete software, appliances and services Assess the affects of new devices DataCenterDynami Organisation The Secure Data Center Identify privileged users Make security Technology Process part of the business process Identify high security apps
DataCenterDynami The Secure Data Center Key Findings • Datacenters are now logical – not just physical entities • The number of users, interactions and vulnerabilities are growing • Hackers are just part of the internal, external, deliberate and accidental threats • Don’t wait for a breach to make positive changes • Highly-regulated sectors tend to do those better than others • Address organizational, technology and process issues in your policy • Protect your privileged users and most sensitive data deeply - find creative ways to handle the vulnerabilities of the rest • Look deeply for vulnerabilities • Be creative in your precautions • Make the data center part of the wider security continuum

Recomendados

Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesHinne Hettema
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISSaazan Shrestha
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security StrategyLaura Vanassche
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 

Recomendados

Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesHinne Hettema
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISSaazan Shrestha
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security StrategyLaura Vanassche
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017EQS Group
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziKashif Semple
 
2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat KeynoteJohn D. Johnson
 
2015 Year to Date Security Trends
2015 Year to Date Security Trends2015 Year to Date Security Trends
2015 Year to Date Security TrendsTerra Verde
 
ComResource Business Solutions
ComResource Business SolutionsComResource Business Solutions
ComResource Business SolutionsAnthony Dials
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Avinash Ramineni
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachEast Midlands Cyber Security Forum
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseDesmond Devendran
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
10 Security issues facing NZ Enterprises
10 Security issues facing NZ Enterprises10 Security issues facing NZ Enterprises
10 Security issues facing NZ EnterprisesNigel Hanson
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1misecho
 
Mis
MisMis
Mismisecho
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Edgescan 2021 Vulnerability Stats Report
Edgescan 2021 Vulnerability Stats ReportEdgescan 2021 Vulnerability Stats Report
Edgescan 2021 Vulnerability Stats ReportEoin Keary
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterpriseQuick Heal Technologies Ltd.
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 

Más contenido relacionado

La actualidad más candente

Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017EQS Group
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziKashif Semple
 
2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat KeynoteJohn D. Johnson
 
2015 Year to Date Security Trends
2015 Year to Date Security Trends2015 Year to Date Security Trends
2015 Year to Date Security TrendsTerra Verde
 
ComResource Business Solutions
ComResource Business SolutionsComResource Business Solutions
ComResource Business SolutionsAnthony Dials
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Avinash Ramineni
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseDesmond Devendran
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
10 Security issues facing NZ Enterprises
10 Security issues facing NZ Enterprises10 Security issues facing NZ Enterprises
10 Security issues facing NZ EnterprisesNigel Hanson
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1misecho
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Edgescan 2021 Vulnerability Stats Report
Edgescan 2021 Vulnerability Stats ReportEdgescan 2021 Vulnerability Stats Report
Edgescan 2021 Vulnerability Stats ReportEoin Keary
 

La actualidad más candente (20)

Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint Prezi
 
2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote
 
2015 Year to Date Security Trends
2015 Year to Date Security Trends2015 Year to Date Security Trends
2015 Year to Date Security Trends
 
ComResource Business Solutions
ComResource Business SolutionsComResource Business Solutions
ComResource Business Solutions
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review Course
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
 
10 Security issues facing NZ Enterprises
10 Security issues facing NZ Enterprises10 Security issues facing NZ Enterprises
10 Security issues facing NZ Enterprises
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
 
Mis
MisMis
Mis
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
 
Edgescan 2021 Vulnerability Stats Report
Edgescan 2021 Vulnerability Stats ReportEdgescan 2021 Vulnerability Stats Report
Edgescan 2021 Vulnerability Stats Report
 

Similar a The Datacenter Security Continuum

Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfSecureCurve
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSonny Hashmi
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSonny Hashmi
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DaySymantec
 
nist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptxnist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptxJkYt1
 
Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...Marco Casassa Mont
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxCNSHacking
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHEQS Group
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)OnRamp
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptxSAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptxhforhassan101
 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity nado-web
 

Similar a The Datacenter Security Continuum (20)

Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global Findings
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb es
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO Day
 
nist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptxnist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptx
 
Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
 
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptxSAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 

Más de Martin Hingley

ITCandor 2021 predictions for the IT and communications market
ITCandor 2021 predictions for the IT and communications marketITCandor 2021 predictions for the IT and communications market
ITCandor 2021 predictions for the IT and communications marketMartin Hingley
 
ITCandor's 2018 predictions for the ITC industry
ITCandor's 2018 predictions for the ITC industryITCandor's 2018 predictions for the ITC industry
ITCandor's 2018 predictions for the ITC industryMartin Hingley
 
2015 IT and Communications Predictions
2015 IT and Communications Predictions2015 IT and Communications Predictions
2015 IT and Communications PredictionsMartin Hingley
 
Consolidate, Virtualise, Integrate, Cloudify - 2014 Data Centre Imperatives
Consolidate, Virtualise, Integrate, Cloudify - 2014 Data Centre ImperativesConsolidate, Virtualise, Integrate, Cloudify - 2014 Data Centre Imperatives
Consolidate, Virtualise, Integrate, Cloudify - 2014 Data Centre ImperativesMartin Hingley
 
Cloud Computing and Data Center Futures
Cloud Computing and Data Center FuturesCloud Computing and Data Center Futures
Cloud Computing and Data Center FuturesMartin Hingley
 
ITCandor 2014 predictions
ITCandor 2014 predictionsITCandor 2014 predictions
ITCandor 2014 predictionsMartin Hingley
 
Converged Infrastructure and Integrated Systems Futures
Converged Infrastructure and Integrated Systems FuturesConverged Infrastructure and Integrated Systems Futures
Converged Infrastructure and Integrated Systems FuturesMartin Hingley
 
EMEA Trends in Servers, Storage, Networking
EMEA Trends in Servers, Storage, NetworkingEMEA Trends in Servers, Storage, Networking
EMEA Trends in Servers, Storage, NetworkingMartin Hingley
 
Server market development infobomb
Server market development infobombServer market development infobomb
Server market development infobombMartin Hingley
 
Sony Playstation 3 Market Development
Sony Playstation 3 Market DevelopmentSony Playstation 3 Market Development
Sony Playstation 3 Market DevelopmentMartin Hingley
 
Dell Financial Results Infobomb
Dell Financial Results InfobombDell Financial Results Infobomb
Dell Financial Results InfobombMartin Hingley
 
IBM quarterly financials infobomb
IBM quarterly financials infobombIBM quarterly financials infobomb
IBM quarterly financials infobombMartin Hingley
 
The Changes In Service Delivery With Cloud Computing
The Changes In Service Delivery With Cloud ComputingThe Changes In Service Delivery With Cloud Computing
The Changes In Service Delivery With Cloud ComputingMartin Hingley
 
UK Cloud Computing 2011
UK Cloud Computing 2011UK Cloud Computing 2011
UK Cloud Computing 2011Martin Hingley
 
ITCandor 'Expectations 2011'
ITCandor 'Expectations 2011'ITCandor 'Expectations 2011'
ITCandor 'Expectations 2011'Martin Hingley
 
It business climate v3
It business climate v3It business climate v3
It business climate v3Martin Hingley
 
The Politics Of Cloud Computing
The Politics Of Cloud ComputingThe Politics Of Cloud Computing
The Politics Of Cloud ComputingMartin Hingley
 
ITCandor ‘Expectations 2010’
ITCandor ‘Expectations 2010’ITCandor ‘Expectations 2010’
ITCandor ‘Expectations 2010’Martin Hingley
 

Más de Martin Hingley (20)

ITCandor 2021 predictions for the IT and communications market
ITCandor 2021 predictions for the IT and communications marketITCandor 2021 predictions for the IT and communications market
ITCandor 2021 predictions for the IT and communications market
 
ITCandor's 2018 predictions for the ITC industry
ITCandor's 2018 predictions for the ITC industryITCandor's 2018 predictions for the ITC industry
ITCandor's 2018 predictions for the ITC industry
 
2015 IT and Communications Predictions
2015 IT and Communications Predictions2015 IT and Communications Predictions
2015 IT and Communications Predictions
 
Consolidate, Virtualise, Integrate, Cloudify - 2014 Data Centre Imperatives
Consolidate, Virtualise, Integrate, Cloudify - 2014 Data Centre ImperativesConsolidate, Virtualise, Integrate, Cloudify - 2014 Data Centre Imperatives
Consolidate, Virtualise, Integrate, Cloudify - 2014 Data Centre Imperatives
 
SAP Landscape 2014
SAP Landscape 2014SAP Landscape 2014
SAP Landscape 2014
 
Cloud Computing and Data Center Futures
Cloud Computing and Data Center FuturesCloud Computing and Data Center Futures
Cloud Computing and Data Center Futures
 
ITCandor 2014 predictions
ITCandor 2014 predictionsITCandor 2014 predictions
ITCandor 2014 predictions
 
Converged Infrastructure and Integrated Systems Futures
Converged Infrastructure and Integrated Systems FuturesConverged Infrastructure and Integrated Systems Futures
Converged Infrastructure and Integrated Systems Futures
 
EMEA Trends in Servers, Storage, Networking
EMEA Trends in Servers, Storage, NetworkingEMEA Trends in Servers, Storage, Networking
EMEA Trends in Servers, Storage, Networking
 
Server market development infobomb
Server market development infobombServer market development infobomb
Server market development infobomb
 
Sony Playstation 3 Market Development
Sony Playstation 3 Market DevelopmentSony Playstation 3 Market Development
Sony Playstation 3 Market Development
 
Dell Financial Results Infobomb
Dell Financial Results InfobombDell Financial Results Infobomb
Dell Financial Results Infobomb
 
Symantec
SymantecSymantec
Symantec
 
IBM quarterly financials infobomb
IBM quarterly financials infobombIBM quarterly financials infobomb
IBM quarterly financials infobomb
 
The Changes In Service Delivery With Cloud Computing
The Changes In Service Delivery With Cloud ComputingThe Changes In Service Delivery With Cloud Computing
The Changes In Service Delivery With Cloud Computing
 
UK Cloud Computing 2011
UK Cloud Computing 2011UK Cloud Computing 2011
UK Cloud Computing 2011
 
ITCandor 'Expectations 2011'
ITCandor 'Expectations 2011'ITCandor 'Expectations 2011'
ITCandor 'Expectations 2011'
 
It business climate v3
It business climate v3It business climate v3
It business climate v3
 
The Politics Of Cloud Computing
The Politics Of Cloud ComputingThe Politics Of Cloud Computing
The Politics Of Cloud Computing
 
ITCandor ‘Expectations 2010’
ITCandor ‘Expectations 2010’ITCandor ‘Expectations 2010’
ITCandor ‘Expectations 2010’
 

Último

ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureFemke de Vroome
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKUXDXConf
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelreely ones
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101vincent683379
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 

Último (20)

ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreel
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 

The Datacenter Security Continuum

  • 1. The Datacenter security DataCenterDynami continuum Martin Hingley ITCandor The Secure Data Center
  • 2. Agenda • The security continuum • Same ‘bad boys,’ deeper threats • Don’t be wise after the event • Organisation, technology, process – a balanced approach • Conclusions – how to build better data center security DataCenterDynami
  • 3. Introduction • A review of a published DataCenterDynamics research paper • Contributors: – Amichai Shulman, Imperva – Felix Martin, Richard Archdeacon, HP – Mike Smart, Symantec – Peter Jopling, IBM – Warren Wu, Fortinet • Designed as a strategic review DataCenterDynami
  • 4. Data center protection is part of the security continuum Mainframe Mini Client/Server LANs DataCenterDynami • New trends change the definition of the datacenter • The attack surface includes the network and endpoints • Virtualisation changes everything • Security is forgotten in the need for instant gratification • Compliance is akin security • You can’t lock the datacenter away any more Internet Virtualisation Cloud Computing Mobility IoT Social 1980 1990 2000 2010 2020 Low Insecurity High Insecurity grows as technology develops
  • 5. The Potential sources of data center insecurity DataCenterDynami Internal External Deliberate Accidental Disgruntled staff Unhappy Ex-staff Criminal Hackers Automated Spam Government Spies Un-vetted Partners Insufficient Controls Naïve Digital Natives Unplanned Downtime Insecure Clouds Network Failures Criminal Partners
  • 6. The data center under attack – the different forms of hacking SQL Injection Physical Access DataCenterDynami Spear Phishing The Secure Data Center Distributed Denial Of Service Trojan Software Cross-Site Scripting
  • 7. Security issues and Cloud Computing choices Private Cloud (on premise) Average Hybrid Multi- Tennant Cloud (off premise) Average DataCenterDynami Hybrid Private Cloud (on/off premise) Average Performance Elasticity Public Cloud (off premise) TCO Security Performance Elasticity TCO Security Performance Elasticity TCO TCO Security Security Average Performance Elasticity
  • 8. Don’t be wise after the event • Security events can be a 10k issue • Watch your competitors – take action to avoid their lapses • If breached, don’t just buy new software – reconsider your attitude towards risk, security posture and precautions • Governments, Cloud Security Alliance, PCI can help train you • Telco and Finance are highly regulated and typically more secure • Manufacturing and IP-rich sectors are less so • Criminals expect you to secure the datacenter in a standard way DataCenterDynami
  • 9. Addressing organizations, technologies and processes Educate the board, staff and contractors Increase awareness of Security issues Use the best discrete software, appliances and services Assess the affects of new devices DataCenterDynami Organisation The Secure Data Center Identify privileged users Make security Technology Process part of the business process Identify high security apps
  • 10. DataCenterDynami The Secure Data Center Key Findings • Datacenters are now logical – not just physical entities • The number of users, interactions and vulnerabilities are growing • Hackers are just part of the internal, external, deliberate and accidental threats • Don’t wait for a breach to make positive changes • Highly-regulated sectors tend to do those better than others • Address organizational, technology and process issues in your policy • Protect your privileged users and most sensitive data deeply - find creative ways to handle the vulnerabilities of the rest • Look deeply for vulnerabilities • Be creative in your precautions • Make the data center part of the wider security continuum