SlideShare una empresa de Scribd logo

Nsc42 - is the cloud secure - is easy if you do it smart UNICOM

Descargar como PPTX, PDF
NSC42 Ltd
NSC42 Ltd

UNICOM Presentation. Francesco Cipollone delivers a presentation on the cloud challenges and how to overcome them in 8 pragmatic 'easy' steps

Ingeniería
1 de 34
Is the Cloud Secure? UNICOM Cloud Native @FrankSEC42 It’s easy if you do it smart https://uk.linkedin.com/in/fracipo
Disclaimer: the pictures and the format in this presentation are under license to NSC42 Ltd Agenda About the author Conclusions & Take Away Q&A Solution to reach there The problem and ideal world How things have changed Context @FrankSEC42
www.nsc42.co.uk About the Francesco 3 Francesco Cipollone Founder – NSC42 LTD I’m a CISO and a CISO Advisor, Cybersecurity Cloud Expert. Public Speaker, Researcher and Director of Events of Cloud security Alliance UK, Researcher and associate to ISC2. I’ve been helping organizations define and implement cybersecurity strategies and protect their organizations against cybersecurity attacks FC-LinkedIn E-Mail Website Articles NSC42 LinkedIn Security is everybody’s job Security is a challenging field and as professional we are supposed to know a lot about everything @FrankSEC42 @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk How Things Have Changed 4 How did we evolve to reach here? What is the impact on the security? @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Setting the Context 5 What is the Cloud? How do we make sure cloud is ‘secure’ ? Security is everybody’s responsibility @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Cloud Evolution 6 2005 2006 Datacentre Land 2007 2008 2013 2010 2011 2012 2014 Cloud Adoption @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Why security 7 Why do we need security in all this cloud? Security is everybody’s responsibility @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Problems 8 What challenges faces the cloud security professional? @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Major Breaches 9 2009/ 2010 2012 Microsoft Heartland US Military Aol TJMax 2013 2016 2017 2014 2015 2018 Sony PSN NHS Betfair Steam Deep Root IRS Anthem Dropbox Lastfm Blizzard Marriot Twitter MyHeritage Uber Quora.. Why security is everybody’s responsibility? Myspace Twitter Yahoo Linkedin Friend Finder Dailymotion Mossack Fonseca JP Morgan Home Depo Ebay Yahoo(orignal) US Retailers Adobe UbiSoft Court Ventures 2012 2019 … Because we all get affected by it… @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Major Breaches 10@FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Breaches numbers 11 • Cost of cybercrime will reach $2 trillion by 2019 3x increase from 2015 ($500 billion) • Cybercrime will create over $1.5 trillion in profits in 2018 • In UK Over 4 in 10 business (43%) had a cyber security breach in 2018 • ¾ of business (74%) cyber security is a high priority • 90% of remote code execution attacks are associated with cryptomining. @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Challenge Recap 12 - Increasing number of breaches - Brand and impact - Fast change - No unified team - No security involvement in Design - No security involvement of security in appsec Security is everybody’s responsibility @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Ideal cybersecurity world 13 In an ideal cybersecurity world we would have infinite time, infinite resource to do things right, and all the boring chores would be automated @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Solutions 14 How Do we get to the ideal world? Let me introduce to few solutions @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Solutions 15 1. Cloud Responsibility 2. Cloud Foundation 3. Cloud Patterns 4. Design Security 5. Security by Design 6. Dev shift left 7. Security Testing 8. DEV-SEC-OPS + BIZ/ARCH Security by design = everyone participate in security @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Step 1 - Cloud Responsibilities 16 Customer Application & Content Network Security Identity & Access Control Operating System/ Platform Data Encryption The Customer Customer Defines controls security IN Cloud Customer takes care of the security OF Cloud Physical Infrastructure Network Infrastructure Virtualization Layer Cloud platform “Understand Shared Responsibility model Delegation and you’ll master cloud” Consider what are you are getting yourself into in a cloud migration. Cloud is not natively secure or insecure @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Step 1 - Cloud Pizza 17 IaaS, PaaS, SaaS, … Who cares give me pizza! @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Step 2 – Foundation 18 How do you build a solid house? You don’t skip the foundation! How do you build a solid cloud? You don’t skip the foundation! @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Step 2 – Foundation 19 1. Management Support 2. Disruption and strategy 3. Security as part of the cloud journey 4. Skills shortages 5. Architecture patterns & Re-use How do you build a solid cloud (security) foundation? Cultural, Management support and skills @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Step 2 – Foundation 20 What Tools do you use for the solid cloud (Security) Foundation? @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Step 3 – Cloud Patterns 21 - Account Isolation - Traditional vs cloud controls - Logging and monitoring - Identity and access management - Key Management “There is no such a thing as free lunch… but leverage on patterns as starting point” @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Step 4 – Design Security 22 “How would expand the security team without expanding the team?” Train Software Engineers on security and you’ll have ‘extended security team’” @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Step 5 – Security by Design 23 “So what would the software engineer do with the security hat on?” “gamification…remember to have fun when doing your job” How do we make threat security fun?” @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Step 6 – Shift left in DEV 24 “Security as early as possible: Integrate security in the software development pipeline” Keep Threat or fraud model exercise concise and fun! Don’t overcomplicate @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Step 7 – Security in Test 25 “Security (Testing) as early as possible” Security testing as bug bounty program! Make it fun and rewarding @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Step 8 - DEV–SEC–OPS(BIZ) 26 What kind of animal is the DEV-SEC-OPS? Integrating Security Integrate security into the OPS team (and add a spark of BIZ) Security is everybody responsability. Reward security effort with -> Low cost High reward @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk The Future 27 “Cybersecurity due diligence will remain the same regardless of the technology chosen” @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Take Away 28 - Responsibility & Contracts - Strategy & Vision - Foundation (Security) - Security by Design - Patterns & Native Controls - Shift Left, Gamification, Automation @FrankSEC42https://uk.linkedin.com/in/fracipo Key Take away from today
www.nsc42.co.uk Conclusions 29 - Evolution & Challenges - Ideal world and step to reach it - What’s in the future Security in the journey to the Cloud not at destination Security is everybody’s job @FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk CSA-UK - We need you 30 “To take the best of the Global CSA guidance and make it relevant and practical for a UK audience, encouraging the growth of local cloud security talent.” Mentoring Research Events Networking Twitter: @csaukchapter LinkedIn: https://www.linkedin.com/groups/3745837/ @FrankSEC42https://uk.linkedin.com/in/fracipo
CSA UK AGM – 2019: Annual Conference #CSAUKAGM19JUNE 2019 – Stay tuned for the date & details @FraSEC42 http://www.cloudsecurityalliance.org.uk @ csaukchapter https://www.linkedin.com/groups/3745837/ Francesco.cipollone (at) cloudsecurityalliance.org.uk Event Sponsors
Cybersecurity awards 2019 Cloud Security Influencer of the Year Submission – 10 of May 2019 Ceremony 4 July 2019 #CYSECAWARDS19 https://cybersecurityawards.com/ https://cloudsecurityalliance.org.uk Submit: info@cybersecurityawards.com Info:
www.nsc42.co.uk Q&A 33@FrankSEC42https://uk.linkedin.com/in/fracipo
www.nsc42.co.uk Contacts 34 Get in touch: https://uk.linkedin.com/in/fracipo Francesco.cipollone (at) nsc42.co.uk www.nsc42.co.uk Thank you WHEN YOU ARE CYBERSAFE WE ARE CYBERHAPPY @FrankSEC42 @FrankSEC42https://uk.linkedin.com/in/fracipo

Recomendados

Nsc42 - is the cloud secure - is easy if you do it smart Cybersecurity&Cloud ...
Nsc42 - is the cloud secure - is easy if you do it smart Cybersecurity&Cloud ...Nsc42 - is the cloud secure - is easy if you do it smart Cybersecurity&Cloud ...
Nsc42 - is the cloud secure - is easy if you do it smart Cybersecurity&Cloud ...
NSC42 Ltd
 
Nsc42-CSA AGM is the cloud secure - is easy if you do it smart
Nsc42-CSA AGM is the cloud secure - is easy if you do it smartNsc42-CSA AGM is the cloud secure - is easy if you do it smart
Nsc42-CSA AGM is the cloud secure - is easy if you do it smart
NSC42 Ltd
 
Nsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC ConferenceNsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC Conference
NSC42 Ltd
 
Web/Azure Application Proxy : des apps, de la sécurité, partout !
Web/Azure Application Proxy : des apps, de la sécurité, partout !Web/Azure Application Proxy : des apps, de la sécurité, partout !
Web/Azure Application Proxy : des apps, de la sécurité, partout !
Microsoft Décideurs IT
 
Technology
TechnologyTechnology
Technology
yanyandechavez
 
Cisco canada education @ CAIS IT leadership conference 2014
Cisco canada education @ CAIS IT leadership conference 2014 Cisco canada education @ CAIS IT leadership conference 2014
Cisco canada education @ CAIS IT leadership conference 2014
Marc Lijour, OCT, BSc, MBA
 
ESA - Hacking the aerospace industry - should we worry ?
ESA - Hacking the aerospace industry - should we worry ? ESA - Hacking the aerospace industry - should we worry ?
ESA - Hacking the aerospace industry - should we worry ?
Jakub Kałużny
 
Safety training and communication using web 2.0 slideshare
Safety training and communication using web 2.0 slideshareSafety training and communication using web 2.0 slideshare
Safety training and communication using web 2.0 slideshare
Linda Tapp
 

Recomendados

Nsc42 - is the cloud secure - is easy if you do it smart Cybersecurity&Cloud ...
Nsc42 - is the cloud secure - is easy if you do it smart Cybersecurity&Cloud ...Nsc42 - is the cloud secure - is easy if you do it smart Cybersecurity&Cloud ...
Nsc42 - is the cloud secure - is easy if you do it smart Cybersecurity&Cloud ...
NSC42 Ltd
 
Nsc42-CSA AGM is the cloud secure - is easy if you do it smart
Nsc42-CSA AGM is the cloud secure - is easy if you do it smartNsc42-CSA AGM is the cloud secure - is easy if you do it smart
Nsc42-CSA AGM is the cloud secure - is easy if you do it smart
NSC42 Ltd
 
Nsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC ConferenceNsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC Conference
NSC42 Ltd
 
Web/Azure Application Proxy : des apps, de la sécurité, partout !
Web/Azure Application Proxy : des apps, de la sécurité, partout !Web/Azure Application Proxy : des apps, de la sécurité, partout !
Web/Azure Application Proxy : des apps, de la sécurité, partout !
Microsoft Décideurs IT
 
Technology
TechnologyTechnology
Technology
yanyandechavez
 
Cisco canada education @ CAIS IT leadership conference 2014
Cisco canada education @ CAIS IT leadership conference 2014 Cisco canada education @ CAIS IT leadership conference 2014
Cisco canada education @ CAIS IT leadership conference 2014
Marc Lijour, OCT, BSc, MBA
 
ESA - Hacking the aerospace industry - should we worry ?
ESA - Hacking the aerospace industry - should we worry ? ESA - Hacking the aerospace industry - should we worry ?
ESA - Hacking the aerospace industry - should we worry ?
Jakub Kałużny
 
Safety training and communication using web 2.0 slideshare
Safety training and communication using web 2.0 slideshareSafety training and communication using web 2.0 slideshare
Safety training and communication using web 2.0 slideshare
Linda Tapp
 
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Cloud Security Alliance, UK chapter
 
Nsc42 security knights slayer of dragons 0-5_very_short_15m_share
Nsc42 security knights slayer of dragons 0-5_very_short_15m_shareNsc42 security knights slayer of dragons 0-5_very_short_15m_share
Nsc42 security knights slayer of dragons 0-5_very_short_15m_share
NSC42 Ltd
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
lior mazor
 
Nsc42 the security phoenix
Nsc42 the security phoenixNsc42 the security phoenix
Nsc42 the security phoenix
NSC42 Ltd
 
Nsc42 - the security phoenix devsecops - risk-present_0_3 share
Nsc42 - the security phoenix devsecops - risk-present_0_3 shareNsc42 - the security phoenix devsecops - risk-present_0_3 share
Nsc42 - the security phoenix devsecops - risk-present_0_3 share
NSC42 Ltd
 
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
NSC42 Ltd
 
Reversing & Malware Analysis Training Part 13 - Future Roadmap
Reversing & Malware Analysis Training Part 13 - Future RoadmapReversing & Malware Analysis Training Part 13 - Future Roadmap
Reversing & Malware Analysis Training Part 13 - Future Roadmap
securityxploded
 
CSA - Nsc42 - London chapter keynote - cloud transformation security challenges
CSA - Nsc42 - London chapter keynote - cloud transformation security challenges CSA - Nsc42 - London chapter keynote - cloud transformation security challenges
CSA - Nsc42 - London chapter keynote - cloud transformation security challenges
NSC42 Ltd
 
Steering a Bullet Train: Owasp Latam Tour BA 2015
Steering a Bullet Train: Owasp Latam Tour BA 2015Steering a Bullet Train: Owasp Latam Tour BA 2015
Steering a Bullet Train: Owasp Latam Tour BA 2015
skantos
 
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
Cyber Security Alliance
 
2020 FRsecure CISSP Mentor Program - Class 1
2020 FRsecure CISSP Mentor Program - Class 12020 FRsecure CISSP Mentor Program - Class 1
2020 FRsecure CISSP Mentor Program - Class 1
FRSecure
 
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Mighty Guides, Inc.
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
SeniorStoryteller
 
2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery
devopsdaysaustin
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down Attacks
Mighty Guides, Inc.
 
Identity and Access Management At Mozilla
Identity and Access Management At MozillaIdentity and Access Management At Mozilla
Identity and Access Management At Mozilla
Michael Van Kleeck
 
Cloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security PractitionerCloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security Practitioner
Adrian Sanabria
 
Arduino: Programación Arduino con .NET y Sketch
Arduino: Programación Arduino con .NET y SketchArduino: Programación Arduino con .NET y Sketch
Arduino: Programación Arduino con .NET y Sketch
SANTIAGO PABLO ALBERTO
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
Haydn Johnson
 
Alexander Antukh. (In)security of Appliances
Alexander Antukh. (In)security of AppliancesAlexander Antukh. (In)security of Appliances
Alexander Antukh. (In)security of Appliances
Positive Hack Days
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
Asutosh Ranjan
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Christo Ananth
 

Más contenido relacionado

Similar a Nsc42 - is the cloud secure - is easy if you do it smart UNICOM

Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Cloud Security Alliance, UK chapter
 
Nsc42 security knights slayer of dragons 0-5_very_short_15m_share
Nsc42 security knights slayer of dragons 0-5_very_short_15m_shareNsc42 security knights slayer of dragons 0-5_very_short_15m_share
Nsc42 security knights slayer of dragons 0-5_very_short_15m_share
NSC42 Ltd
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
lior mazor
 
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
NSC42 Ltd
 
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
Cyber Security Alliance
 
2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery
devopsdaysaustin
 
Cloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security PractitionerCloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security Practitioner
Adrian Sanabria
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
Haydn Johnson
 
Alexander Antukh. (In)security of Appliances
Alexander Antukh. (In)security of AppliancesAlexander Antukh. (In)security of Appliances
Alexander Antukh. (In)security of Appliances
Positive Hack Days
 

Similar a Nsc42 - is the cloud secure - is easy if you do it smart UNICOM (20)

Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
 
Nsc42 security knights slayer of dragons 0-5_very_short_15m_share
Nsc42 security knights slayer of dragons 0-5_very_short_15m_shareNsc42 security knights slayer of dragons 0-5_very_short_15m_share
Nsc42 security knights slayer of dragons 0-5_very_short_15m_share
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
 
Nsc42 the security phoenix
Nsc42 the security phoenixNsc42 the security phoenix
Nsc42 the security phoenix
 
Nsc42 - the security phoenix devsecops - risk-present_0_3 share
Nsc42 - the security phoenix devsecops - risk-present_0_3 shareNsc42 - the security phoenix devsecops - risk-present_0_3 share
Nsc42 - the security phoenix devsecops - risk-present_0_3 share
 
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
 
Reversing & Malware Analysis Training Part 13 - Future Roadmap
Reversing & Malware Analysis Training Part 13 - Future RoadmapReversing & Malware Analysis Training Part 13 - Future Roadmap
Reversing & Malware Analysis Training Part 13 - Future Roadmap
 
CSA - Nsc42 - London chapter keynote - cloud transformation security challenges
CSA - Nsc42 - London chapter keynote - cloud transformation security challenges CSA - Nsc42 - London chapter keynote - cloud transformation security challenges
CSA - Nsc42 - London chapter keynote - cloud transformation security challenges
 
Steering a Bullet Train: Owasp Latam Tour BA 2015
Steering a Bullet Train: Owasp Latam Tour BA 2015Steering a Bullet Train: Owasp Latam Tour BA 2015
Steering a Bullet Train: Owasp Latam Tour BA 2015
 
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
 
2020 FRsecure CISSP Mentor Program - Class 1
2020 FRsecure CISSP Mentor Program - Class 12020 FRsecure CISSP Mentor Program - Class 1
2020 FRsecure CISSP Mentor Program - Class 1
 
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
 
2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down Attacks
 
Identity and Access Management At Mozilla
Identity and Access Management At MozillaIdentity and Access Management At Mozilla
Identity and Access Management At Mozilla
 
Cloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security PractitionerCloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security Practitioner
 
Arduino: Programación Arduino con .NET y Sketch
Arduino: Programación Arduino con .NET y SketchArduino: Programación Arduino con .NET y Sketch
Arduino: Programación Arduino con .NET y Sketch
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
 
Alexander Antukh. (In)security of Appliances
Alexander Antukh. (In)security of AppliancesAlexander Antukh. (In)security of Appliances
Alexander Antukh. (In)security of Appliances
 

Último

Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Christo Ananth
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
SUHANI PANDEY
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
Tonystark477637
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
ranjana rawat
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Call Girls in Nagpur High Profile
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Dr.Costas Sachpazis
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 

Último (20)

Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
Vivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design SpainVivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design Spain
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
Glass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesGlass Ceramics: Processing and Properties
Glass Ceramics: Processing and Properties
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLPVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSUNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 

Nsc42 - is the cloud secure - is easy if you do it smart UNICOM

  • 1. Is the Cloud Secure? UNICOM Cloud Native @FrankSEC42 It’s easy if you do it smart https://uk.linkedin.com/in/fracipo
  • 2. Disclaimer: the pictures and the format in this presentation are under license to NSC42 Ltd Agenda About the author Conclusions & Take Away Q&A Solution to reach there The problem and ideal world How things have changed Context @FrankSEC42
  • 3. www.nsc42.co.uk About the Francesco 3 Francesco Cipollone Founder – NSC42 LTD I’m a CISO and a CISO Advisor, Cybersecurity Cloud Expert. Public Speaker, Researcher and Director of Events of Cloud security Alliance UK, Researcher and associate to ISC2. I’ve been helping organizations define and implement cybersecurity strategies and protect their organizations against cybersecurity attacks FC-LinkedIn E-Mail Website Articles NSC42 LinkedIn Security is everybody’s job Security is a challenging field and as professional we are supposed to know a lot about everything @FrankSEC42 @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 4. www.nsc42.co.uk How Things Have Changed 4 How did we evolve to reach here? What is the impact on the security? @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 5. www.nsc42.co.uk Setting the Context 5 What is the Cloud? How do we make sure cloud is ‘secure’ ? Security is everybody’s responsibility @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 7. www.nsc42.co.uk Why security 7 Why do we need security in all this cloud? Security is everybody’s responsibility @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 8. www.nsc42.co.uk Problems 8 What challenges faces the cloud security professional? @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 9. www.nsc42.co.uk Major Breaches 9 2009/ 2010 2012 Microsoft Heartland US Military Aol TJMax 2013 2016 2017 2014 2015 2018 Sony PSN NHS Betfair Steam Deep Root IRS Anthem Dropbox Lastfm Blizzard Marriot Twitter MyHeritage Uber Quora.. Why security is everybody’s responsibility? Myspace Twitter Yahoo Linkedin Friend Finder Dailymotion Mossack Fonseca JP Morgan Home Depo Ebay Yahoo(orignal) US Retailers Adobe UbiSoft Court Ventures 2012 2019 … Because we all get affected by it… @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 11. www.nsc42.co.uk Breaches numbers 11 • Cost of cybercrime will reach $2 trillion by 2019 3x increase from 2015 ($500 billion) • Cybercrime will create over $1.5 trillion in profits in 2018 • In UK Over 4 in 10 business (43%) had a cyber security breach in 2018 • ¾ of business (74%) cyber security is a high priority • 90% of remote code execution attacks are associated with cryptomining. @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 12. www.nsc42.co.uk Challenge Recap 12 - Increasing number of breaches - Brand and impact - Fast change - No unified team - No security involvement in Design - No security involvement of security in appsec Security is everybody’s responsibility @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 13. www.nsc42.co.uk Ideal cybersecurity world 13 In an ideal cybersecurity world we would have infinite time, infinite resource to do things right, and all the boring chores would be automated @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 14. www.nsc42.co.uk Solutions 14 How Do we get to the ideal world? Let me introduce to few solutions @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 15. www.nsc42.co.uk Solutions 15 1. Cloud Responsibility 2. Cloud Foundation 3. Cloud Patterns 4. Design Security 5. Security by Design 6. Dev shift left 7. Security Testing 8. DEV-SEC-OPS + BIZ/ARCH Security by design = everyone participate in security @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 16. www.nsc42.co.uk Step 1 - Cloud Responsibilities 16 Customer Application & Content Network Security Identity & Access Control Operating System/ Platform Data Encryption The Customer Customer Defines controls security IN Cloud Customer takes care of the security OF Cloud Physical Infrastructure Network Infrastructure Virtualization Layer Cloud platform “Understand Shared Responsibility model Delegation and you’ll master cloud” Consider what are you are getting yourself into in a cloud migration. Cloud is not natively secure or insecure @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 17. www.nsc42.co.uk Step 1 - Cloud Pizza 17 IaaS, PaaS, SaaS, … Who cares give me pizza! @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 18. www.nsc42.co.uk Step 2 – Foundation 18 How do you build a solid house? You don’t skip the foundation! How do you build a solid cloud? You don’t skip the foundation! @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 19. www.nsc42.co.uk Step 2 – Foundation 19 1. Management Support 2. Disruption and strategy 3. Security as part of the cloud journey 4. Skills shortages 5. Architecture patterns & Re-use How do you build a solid cloud (security) foundation? Cultural, Management support and skills @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 20. www.nsc42.co.uk Step 2 – Foundation 20 What Tools do you use for the solid cloud (Security) Foundation? @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 21. www.nsc42.co.uk Step 3 – Cloud Patterns 21 - Account Isolation - Traditional vs cloud controls - Logging and monitoring - Identity and access management - Key Management “There is no such a thing as free lunch… but leverage on patterns as starting point” @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 22. www.nsc42.co.uk Step 4 – Design Security 22 “How would expand the security team without expanding the team?” Train Software Engineers on security and you’ll have ‘extended security team’” @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 23. www.nsc42.co.uk Step 5 – Security by Design 23 “So what would the software engineer do with the security hat on?” “gamification…remember to have fun when doing your job” How do we make threat security fun?” @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 24. www.nsc42.co.uk Step 6 – Shift left in DEV 24 “Security as early as possible: Integrate security in the software development pipeline” Keep Threat or fraud model exercise concise and fun! Don’t overcomplicate @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 25. www.nsc42.co.uk Step 7 – Security in Test 25 “Security (Testing) as early as possible” Security testing as bug bounty program! Make it fun and rewarding @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 26. www.nsc42.co.uk Step 8 - DEV–SEC–OPS(BIZ) 26 What kind of animal is the DEV-SEC-OPS? Integrating Security Integrate security into the OPS team (and add a spark of BIZ) Security is everybody responsability. Reward security effort with -> Low cost High reward @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 27. www.nsc42.co.uk The Future 27 “Cybersecurity due diligence will remain the same regardless of the technology chosen” @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 28. www.nsc42.co.uk Take Away 28 - Responsibility & Contracts - Strategy & Vision - Foundation (Security) - Security by Design - Patterns & Native Controls - Shift Left, Gamification, Automation @FrankSEC42https://uk.linkedin.com/in/fracipo Key Take away from today
  • 29. www.nsc42.co.uk Conclusions 29 - Evolution & Challenges - Ideal world and step to reach it - What’s in the future Security in the journey to the Cloud not at destination Security is everybody’s job @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 30. www.nsc42.co.uk CSA-UK - We need you 30 “To take the best of the Global CSA guidance and make it relevant and practical for a UK audience, encouraging the growth of local cloud security talent.” Mentoring Research Events Networking Twitter: @csaukchapter LinkedIn: https://www.linkedin.com/groups/3745837/ @FrankSEC42https://uk.linkedin.com/in/fracipo
  • 31. CSA UK AGM – 2019: Annual Conference #CSAUKAGM19JUNE 2019 – Stay tuned for the date & details @FraSEC42 http://www.cloudsecurityalliance.org.uk @ csaukchapter https://www.linkedin.com/groups/3745837/ Francesco.cipollone (at) cloudsecurityalliance.org.uk Event Sponsors
  • 32. Cybersecurity awards 2019 Cloud Security Influencer of the Year Submission – 10 of May 2019 Ceremony 4 July 2019 #CYSECAWARDS19 https://cybersecurityawards.com/ https://cloudsecurityalliance.org.uk Submit: info@cybersecurityawards.com Info:
  • 34. www.nsc42.co.uk Contacts 34 Get in touch: https://uk.linkedin.com/in/fracipo Francesco.cipollone (at) nsc42.co.uk www.nsc42.co.uk Thank you WHEN YOU ARE CYBERSAFE WE ARE CYBERHAPPY @FrankSEC42 @FrankSEC42https://uk.linkedin.com/in/fracipo

Notas del editor

  1. Q&A
  2. Q&A
  3. I’d like to thank you all for your time and attention hope this session was useful and provided an insight in the cybersecurity programme. Have you figure out the question? No: hitchhiker guide to the galaxy : 42: The answer to life, the universe and everything https://www.independent.co.uk/life-style/history/42-the-answer-to-life-the-universe-and-everything-2205734.html "The answer to the ultimate question of life, the universe and everything is 42.” A thanks to our host UNICOM and did you manage to figure out what question does the 42 answer to? Check it out in the website For this and any any other cybersecurity need please get in contacts. Also please contact me for future date on our cybersecurity strategy workshop/webinar.