FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
Nsc42 - is the cloud secure - is easy if you do it smart UNICOM
1. Is the Cloud Secure?
UNICOM Cloud Native
@FrankSEC42
It’s easy if you do it smart
https://uk.linkedin.com/in/fracipo
2. Disclaimer: the pictures and the format in this presentation are under license to NSC42 Ltd
Agenda About the author
Conclusions & Take Away
Q&A
Solution to reach there
The problem and ideal
world
How things have changed
Context
@FrankSEC42
3. www.nsc42.co.uk
About the Francesco
3
Francesco Cipollone
Founder – NSC42 LTD
I’m a CISO and a CISO Advisor, Cybersecurity Cloud Expert. Public Speaker, Researcher
and Director of Events of Cloud security Alliance UK, Researcher and associate to ISC2.
I’ve been helping organizations define and implement cybersecurity strategies and protect
their organizations against cybersecurity attacks
FC-LinkedIn E-Mail Website Articles NSC42 LinkedIn
Security is everybody’s job
Security is a challenging field and as professional we are supposed to know a lot about everything
@FrankSEC42
@FrankSEC42https://uk.linkedin.com/in/fracipo
4. www.nsc42.co.uk
How Things Have Changed
4
How did we evolve to reach here?
What is the impact on the security?
@FrankSEC42https://uk.linkedin.com/in/fracipo
5. www.nsc42.co.uk
Setting the Context
5
What is the Cloud?
How do we make sure cloud is ‘secure’ ?
Security is everybody’s responsibility
@FrankSEC42https://uk.linkedin.com/in/fracipo
7. www.nsc42.co.uk
Why security
7
Why do we need security in all this cloud?
Security is everybody’s responsibility
@FrankSEC42https://uk.linkedin.com/in/fracipo
9. www.nsc42.co.uk
Major Breaches
9
2009/
2010
2012
Microsoft
Heartland
US Military
Aol
TJMax
2013
2016
2017
2014
2015
2018
Sony PSN
NHS
Betfair
Steam
Deep Root
IRS
Anthem
Dropbox
Lastfm
Blizzard
Marriot
Twitter
MyHeritage
Uber
Quora..
Why security is everybody’s responsibility?
Myspace
Twitter
Yahoo
Linkedin
Friend Finder
Dailymotion
Mossack Fonseca
JP Morgan
Home Depo
Ebay
Yahoo(orignal)
US Retailers
Adobe
UbiSoft
Court Ventures
2012
2019
…
Because we all get affected by it…
@FrankSEC42https://uk.linkedin.com/in/fracipo
11. www.nsc42.co.uk
Breaches numbers
11
• Cost of cybercrime will reach $2 trillion by 2019
3x increase from 2015 ($500 billion)
• Cybercrime will create over $1.5 trillion in profits
in 2018
• In UK Over 4 in 10 business (43%) had a cyber
security breach in 2018
•
¾ of business (74%) cyber security is a high
priority
• 90% of remote code execution attacks are
associated with cryptomining.
@FrankSEC42https://uk.linkedin.com/in/fracipo
12. www.nsc42.co.uk
Challenge Recap
12
- Increasing number of breaches
- Brand and impact
- Fast change
- No unified team
- No security involvement in Design
- No security involvement of security in appsec
Security is everybody’s responsibility
@FrankSEC42https://uk.linkedin.com/in/fracipo
13. www.nsc42.co.uk
Ideal cybersecurity world
13
In an ideal cybersecurity world we would have infinite time, infinite
resource to do things right, and all the boring chores would be
automated
@FrankSEC42https://uk.linkedin.com/in/fracipo
15. www.nsc42.co.uk
Solutions
15
1. Cloud Responsibility
2. Cloud Foundation
3. Cloud Patterns
4. Design Security
5. Security by Design
6. Dev shift left
7. Security Testing
8. DEV-SEC-OPS + BIZ/ARCH
Security by design = everyone
participate in security
@FrankSEC42https://uk.linkedin.com/in/fracipo
16. www.nsc42.co.uk
Step 1 - Cloud Responsibilities
16
Customer Application & Content
Network
Security
Identity &
Access
Control
Operating
System/
Platform
Data
Encryption
The
Customer
Customer
Defines
controls
security IN
Cloud
Customer
takes care of
the security
OF Cloud
Physical
Infrastructure
Network
Infrastructure
Virtualization
Layer
Cloud platform
“Understand Shared Responsibility model Delegation and you’ll master cloud”
Consider what are you are getting yourself into in a cloud migration. Cloud
is not natively secure or insecure
@FrankSEC42https://uk.linkedin.com/in/fracipo
17. www.nsc42.co.uk
Step 1 - Cloud Pizza
17
IaaS, PaaS, SaaS, …
Who cares give me pizza!
@FrankSEC42https://uk.linkedin.com/in/fracipo
18. www.nsc42.co.uk
Step 2 – Foundation
18
How do you build a solid
house?
You don’t skip the foundation!
How do you build a solid
cloud?
You don’t skip the foundation!
@FrankSEC42https://uk.linkedin.com/in/fracipo
19. www.nsc42.co.uk
Step 2 – Foundation
19
1. Management Support
2. Disruption and strategy
3. Security as part of the cloud journey
4. Skills shortages
5. Architecture patterns & Re-use
How do you build a solid cloud (security) foundation?
Cultural, Management support and skills
@FrankSEC42https://uk.linkedin.com/in/fracipo
20. www.nsc42.co.uk
Step 2 – Foundation
20
What Tools do you use for the solid cloud (Security) Foundation?
@FrankSEC42https://uk.linkedin.com/in/fracipo
21. www.nsc42.co.uk
Step 3 – Cloud Patterns
21
- Account Isolation
- Traditional vs cloud controls
- Logging and monitoring
- Identity and access management
- Key Management
“There is no such a thing as free lunch…
but leverage on patterns as starting point”
@FrankSEC42https://uk.linkedin.com/in/fracipo
22. www.nsc42.co.uk
Step 4 – Design Security
22
“How would expand the security team without expanding the team?”
Train Software Engineers on security and you’ll have ‘extended security team’”
@FrankSEC42https://uk.linkedin.com/in/fracipo
23. www.nsc42.co.uk
Step 5 – Security by Design
23
“So what would the software engineer do with the security hat on?”
“gamification…remember to have fun when doing your job”
How do we make threat security fun?”
@FrankSEC42https://uk.linkedin.com/in/fracipo
24. www.nsc42.co.uk
Step 6 – Shift left in DEV
24
“Security as early as possible: Integrate security in the software
development pipeline”
Keep Threat or fraud model exercise concise and fun! Don’t overcomplicate
@FrankSEC42https://uk.linkedin.com/in/fracipo
25. www.nsc42.co.uk
Step 7 – Security in Test
25
“Security (Testing) as early as possible”
Security testing as bug bounty program! Make it fun and rewarding
@FrankSEC42https://uk.linkedin.com/in/fracipo
26. www.nsc42.co.uk
Step 8 - DEV–SEC–OPS(BIZ)
26
What kind of animal is the DEV-SEC-OPS?
Integrating Security
Integrate security into the OPS team (and add a spark of BIZ)
Security is everybody responsability.
Reward security effort with -> Low cost High reward
@FrankSEC42https://uk.linkedin.com/in/fracipo
28. www.nsc42.co.uk
Take Away
28
- Responsibility & Contracts
- Strategy & Vision
- Foundation (Security)
- Security by Design
- Patterns & Native Controls
- Shift Left, Gamification, Automation
@FrankSEC42https://uk.linkedin.com/in/fracipo
Key Take away from today
29. www.nsc42.co.uk
Conclusions
29
- Evolution & Challenges
- Ideal world and step to reach it
- What’s in the future
Security in the journey to the Cloud not at destination
Security is everybody’s job
@FrankSEC42https://uk.linkedin.com/in/fracipo
30. www.nsc42.co.uk
CSA-UK - We need you
30
“To take the best of the Global
CSA guidance and make it
relevant and practical for a
UK audience, encouraging the
growth of local cloud security
talent.”
Mentoring
Research
Events
Networking
Twitter: @csaukchapter
LinkedIn: https://www.linkedin.com/groups/3745837/
@FrankSEC42https://uk.linkedin.com/in/fracipo
31. CSA UK AGM –
2019:
Annual Conference
#CSAUKAGM19JUNE 2019 – Stay tuned for the date & details
@FraSEC42
http://www.cloudsecurityalliance.org.uk
@ csaukchapter
https://www.linkedin.com/groups/3745837/
Francesco.cipollone (at) cloudsecurityalliance.org.uk
Event
Sponsors
32. Cybersecurity awards
2019
Cloud Security Influencer of the
Year
Submission – 10 of May 2019
Ceremony 4 July 2019
#CYSECAWARDS19
https://cybersecurityawards.com/
https://cloudsecurityalliance.org.uk
Submit: info@cybersecurityawards.com
Info:
I’d like to thank you all for your time and attention hope this session was useful and provided an insight in the cybersecurity programme.
Have you figure out the question? No: hitchhiker guide to the galaxy : 42: The answer to life, the universe and everything
https://www.independent.co.uk/life-style/history/42-the-answer-to-life-the-universe-and-everything-2205734.html
"The answer to the ultimate question of life, the universe and everything is 42.”
A thanks to our host UNICOM and did you manage to figure out what question does the 42 answer to? Check it out in the website
For this and any any other cybersecurity need please get in contacts.
Also please contact me for future date on our cybersecurity strategy workshop/webinar.