SlideShare una empresa de Scribd logo

Identity theft in the Cloud and remedies

Giuseppe Paterno'
Giuseppe Paterno'

Cloud can provide great flexibility to IT, ensuring business continuity and optimizing costs. But what are the implications for IT security? Even big names such as IEEE, Apple and Samsung are among the victims of identity theft in the Cloud. If you choose to adopt virtual data center (IaaS) or on-line applications (SaaS), you shift the paradigm of security as it was conceived up to now. The presentation will examine the security implications of a Cloud infrastructure and possible remedies with practical examples.

Tecnología
1 de 24
Descargar para leer sin conexión
Identity theft in the Cloud and remedies Giuseppe “Gippa” Paterno’ Friday 26 October 12
My identity: Giuseppe “Gippa” Paternò • Director Digital of GARL, the Swiss bank behind the SecurePass service • EMEA Sales Engineer of Canonical, the company behind Ubuntu • Security researcher, open source enthusiast, and friend of the “Penguin” since 1995 • Leisure pilot ... a good excuse to be back in an airport during the weekends :) • Non-professional Chef (Ramsay, I challenge you :) • Radio-amateur with passion for “strange” WiFi: my association has the world record of 304km link in WiFi!! Friday 26 October 12
Cloud, a buzzword with different means IaaS SaaS PaaS ... what a MesS! Friday 26 October 12
What is meant by “Cloud” A set of services, usually “rented” from a service provider or internal IT department (for large corporations), that enables: • Flexibility: the ability of expanding or reducing our IT infrastructure based on the business needs • Resiliency: high availability of IT services, ensuring business continuity in any event • Accessibility: access to services anytime and anywhere on earth with a simple Internet connection • Cost optimization: you truly have a pay-as-you use IT infrastructure without money wasting Friday 26 October 12
The Cloud: IaaS • Renting a virtual infrastructure from a service provider composed by virtual servers and virtual networks IaaS • Example: Amazon Web Services, = Moresi.Com, ecc.... Infrastructure as • Security risk: total control of the IT a Service infrastructure by an attacker with service disruption or silent data leaking (control panel is accessible from Internet) Friday 26 October 12
The Cloud: SaaS •Renting a given application, usually web-based, from a service provider with high availability and SaaS accessible from anywhere = •Example: SalesForce.com, Office Software as 360, etc... a Service •Security risk: compromising a single identity will lead to corporate data leaking by an attacker or competitor Friday 26 October 12
The Cloud: PaaS • Renting an “application environment” that hosts YOUR application. If compared to IaaS, PaaS does not focus on operating system, but on “operating” the application environment PaaS (app server, languages, frameworks, databases, etc..) = Platform as • Example: Microsoft Azure, Google App Engine, CloudFoundry, etc.... a Service • Security risk: total control of the application(s) by an attacker with service disruption (control panel accessible from Internet), corporate data leaking (users’ identity theft) Friday 26 October 12
Let’s make things complicated: BYOD • Yet another marketing buzzword :) • BYOD = Bring Your Own Device • Basically the use of a “consumer” device within a corporate environment: iPad/ iPhone/Android/.... • Security risk: device lost or stolen means access to confidential data. Many apps for iOS/Android have a “static key” that get rid of the identification process. Friday 26 October 12
Famous victims of identity theft ... and many others! Friday 26 October 12
Identity theft in numbers millions of victims of identity theft in USA in 2008 (Javelin 10 Strategy and Research, 2009) billions dollars lost every year due to identity theft (Aberdeen 221 Group) hours to correct damages due to identity theft, i.e. 2 years 5840 of a working resource (ITRC Aftermath Study, 2004). billion corporate and government records compromised in 35 2010 (ITRC) is the factor of multiplication of the number of breaches 2 from 2009 to 2010. The trend of data breaches due identity theft is doubling each year. Friday 26 October 12
Human factor, an example in aviation An organization can minimize its vulnerability to human error and reduce its risks by implementing human factors best practices [...] It contains guidance material which [...] should help reduce the risks associated with human error and human factors, and improve safety. It [...] concentrates upon risk and error management rather than risk and error elimination. (EASA, JAR 145, Aviation Human Factors) Friday 26 October 12
Human factor in IT (in)security •Human factor is the primary cause of intrusions by hackers, foreign government agencies or competition. Two major issues: •Password easy to guess or crack •Social Engineering •Hope is not a strategy! Friday 26 October 12
Best practices, why they don’t work • Maybe the most adopted is BS/ISO 17799, that eventually became ISO 27001 • Most best practices cover physical access, server hardening, network access and segregation, etc... • they just don’t make sense anymore in a Cloud environment • ... but they could be helpful to select our supplier • What still makes sense is the access control: • secure identification of a given user (identity management) • check and log who’s doing what (auditing) • permissions/rights to access a given piece of data or document (policy management) Friday 26 October 12
Identity theft remedies This is not a remedy! :-) Friday 26 October 12
Identity theft remedies ... and this neither! ;-) Friday 26 October 12
Identity theft remedies Security must be simple and transparent to the end user, otherwise it will be circumvented! • Strong authentication of the users • Identify from which country the user is connecting from (GeoIP) • Patches, patches and ... patches! • Secure application programming Friday 26 October 12
Intranet vs the Cloud and Trusted third party • In a “traditional” world, Microsoft Active Directory covers usually the identity management, auditing and policy role • AD was not conceived to fit a Cloud environment and accessed from “outside” company boundaries (or firewalls) • A distributed identity management system is needed, that implements something like Microsoft Active Directory for Cloud environments, is able to reduce “human errors” through strong authentication and is operated by a trusted third party. Friday 26 October 12
A possible solution: • SecurePass is a Unified Secure Access platform for Cloud, web applications and security devices (VPN, firewalls, ...) • Strong authentication, with hardware tokens or software tokens on smartphones (iOS/Android/BlackBerry) • Identity Management, with personnel’s information • Web seamless Single Sign-On, to simplify user access (and avoid circumventions) • Based on open protocols: LDAP, RADIUS and CAS • Easy to integrate, protect your infrastructure and applications in few minutes. • Guaranteed by a Swiss bank Friday 26 October 12
Case Study: Moresi.Com • Housing / Swiss hosting provider with two data centers, constantly expanding • Highly selected customers, including banks and national and international companies • Moving the focus from traditional housing / hosting to a cloud provider (VMware vCloud based) • Each customer has access to a "virtual datacenter" that can orchestrate at his will • Objective: establish a secure access to the virtual datacenters Friday 26 October 12
Friday 26 October 12
Case Study: Insurance company • World’s second largest multinational insurance company, 48 subsidiaries world- wide, each one with its board of directors, CEO, CFO • All CxO level members are accessing documents and confidential on-the-move through any devices (laptop, tablet, smartphone) with high risk of data leaking • Objective: provide secure access to their board of director classified documents and avoid information leaking through an ad-hoc secure java-based web application Friday 26 October 12
Case Study: Automotive company • One of the top 5 automotive suppliers in the world with over 120.000 employees • Need to solve security issues connected to the BYOD (Bring Your Own Devices) from employees and top manager, in particular tablets and smartphones • Objective: provide secure access to corporate resources from BYOD through SSL VPNs and ad-hoc portals Friday 26 October 12
SecurePass Contest 2012 • Integrate SecurePass and publish a story in a blog or on-line magazine. Good excuse for: • testing SecurePass for free • learn something new • letting your boss or your customers know that you care about security • ... and win something ;-) • http://www.secure-pass.net/contest2012 Friday 26 October 12
Q&A Giuseppe Paternò gpaterno@gpaterno.com gpaterno@garl.ch Web sites: www.gpaterno.com www.secure-pass.net Twitter: @gpaterno Friday 26 October 12

Recomendados

Winkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and MobilityWinkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and MobilityVic Winkler
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
Data Loss Prevention: Brainstorming
Data Loss Prevention: BrainstormingData Loss Prevention: Brainstorming
Data Loss Prevention: BrainstormingDr. Lydia Kostopoulos
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)ClubHack
 
Get your house on order
Get your house on orderGet your house on order
Get your house on orderDekkinga, Ewout
 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Symantec APJ
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 

Recomendados

Winkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and MobilityWinkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and MobilityVic Winkler
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
Data Loss Prevention: Brainstorming
Data Loss Prevention: BrainstormingData Loss Prevention: Brainstorming
Data Loss Prevention: BrainstormingDr. Lydia Kostopoulos
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)ClubHack
 
Get your house on order
Get your house on orderGet your house on order
Get your house on orderDekkinga, Ewout
 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Symantec APJ
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
Efficiency, effectiveness, productivity: Dell Connected Security in action
Efficiency, effectiveness, productivity: Dell Connected Security in actionEfficiency, effectiveness, productivity: Dell Connected Security in action
Efficiency, effectiveness, productivity: Dell Connected Security in actionKenneth de Brucq
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive OverviewKim Jensen
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelIntel - API Security & Tokenization
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protectionAndrew Wong
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineeringPeter Wood
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection NetworkAndrew Wong
 
Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youGlobal Business Events
 
The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing Moshe Ferber
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your OrganizationRaffa Learning Community
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Cloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSCloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSAnchises Moraes
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,Information Security Awareness Group
 
Business Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach FinalBusiness Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach FinalHossam Hassanien
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceJosh Tullo
 
Risks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingRisks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingDLA Piper (Canada) LLP
 
Understanding the Cloud
Understanding the CloudUnderstanding the Cloud
Understanding the Cloudwww.datatrak.com
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Ulf Mattsson
 

Más contenido relacionado

La actualidad más candente

Efficiency, effectiveness, productivity: Dell Connected Security in action
Efficiency, effectiveness, productivity: Dell Connected Security in actionEfficiency, effectiveness, productivity: Dell Connected Security in action
Efficiency, effectiveness, productivity: Dell Connected Security in actionKenneth de Brucq
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive OverviewKim Jensen
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protectionAndrew Wong
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineeringPeter Wood
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection NetworkAndrew Wong
 
Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youGlobal Business Events
 
The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing Moshe Ferber
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your OrganizationRaffa Learning Community
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Cloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSCloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSAnchises Moraes
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
Business Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach FinalBusiness Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach FinalHossam Hassanien
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceJosh Tullo
 

La actualidad más candente (20)

Efficiency, effectiveness, productivity: Dell Connected Security in action
Efficiency, effectiveness, productivity: Dell Connected Security in actionEfficiency, effectiveness, productivity: Dell Connected Security in action
Efficiency, effectiveness, productivity: Dell Connected Security in action
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUG
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive Overview
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protection
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection Network
 
Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are you
 
The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?
 
Cloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSCloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTS
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 
Business Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach FinalBusiness Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach Final
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and Compliance
 
Risks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingRisks and Benefits of Cloud Computing
Risks and Benefits of Cloud Computing
 

Similar a Identity theft in the Cloud and remedies

Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Ulf Mattsson
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Ulf Mattsson
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
 
Turning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceTurning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceDean Iacovelli
 
ICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference PublicationICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference PublicationTejaswi Agarwal
 
Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ramy Houssaini
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceJason Bloomberg
 
Cloud Security for Life Science R&D
Cloud Security for Life Science R&DCloud Security for Life Science R&D
Cloud Security for Life Science R&DChris Dagdigian
 
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersGokul Alex
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data securityUlf Mattsson
 
Tech equity - Cloud presentation
Tech equity - Cloud presentationTech equity - Cloud presentation
Tech equity - Cloud presentationAdrian Hall
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...Amazon Web Services
 
The Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCThe Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCPatrick Sklodowski
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...Michael Noel
 

Similar a Identity theft in the Cloud and remedies (20)

Understanding the Cloud
Understanding the CloudUnderstanding the Cloud
Understanding the Cloud
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
 
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdfUNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
 
Turning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceTurning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conference
 
ICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference PublicationICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference Publication
 
Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011Ciphercloud Solutions Overview hsa oct2011
Ciphercloud Solutions Overview hsa oct2011
 
Turtles, Trust and The Future of Cybersecurity
Turtles, Trust and The Future of Cybersecurity Turtles, Trust and The Future of Cybersecurity
Turtles, Trust and The Future of Cybersecurity
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surface
 
Cloud Security for Life Science R&D
Cloud Security for Life Science R&DCloud Security for Life Science R&D
Cloud Security for Life Science R&D
 
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and Frontiers
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data security
 
Tech equity - Cloud presentation
Tech equity - Cloud presentationTech equity - Cloud presentation
Tech equity - Cloud presentation
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
 
The Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCThe Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYC
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
 

Más de Giuseppe Paterno'

OpenStack e le nuove Infrastrutture IT
OpenStack e le nuove Infrastrutture ITOpenStack e le nuove Infrastrutture IT
OpenStack e le nuove Infrastrutture ITGiuseppe Paterno'
 
OpenStack Explained: Learn OpenStack architecture and the secret of a success...
OpenStack Explained: Learn OpenStack architecture and the secret of a success...OpenStack Explained: Learn OpenStack architecture and the secret of a success...
OpenStack Explained: Learn OpenStack architecture and the secret of a success...Giuseppe Paterno'
 
Let's sleep better: programming techniques to face new security attacks in cloud
Let's sleep better: programming techniques to face new security attacks in cloudLet's sleep better: programming techniques to face new security attacks in cloud
Let's sleep better: programming techniques to face new security attacks in cloudGiuseppe Paterno'
 
OpenStack: Security Beyond Firewalls
OpenStack: Security Beyond FirewallsOpenStack: Security Beyond Firewalls
OpenStack: Security Beyond FirewallsGiuseppe Paterno'
 
Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxGiuseppe Paterno'
 
Il problema dei furti di identità nelle infrastrutture Cloud e possibili rimedi
Il problema dei furti di identità nelle infrastrutture Cloud e possibili rimediIl problema dei furti di identità nelle infrastrutture Cloud e possibili rimedi
Il problema dei furti di identità nelle infrastrutture Cloud e possibili rimediGiuseppe Paterno'
 
How the Post-PC era changed IT Ubuntu for next gen datacenters
How the Post-PC era changed IT Ubuntu for next gen datacentersHow the Post-PC era changed IT Ubuntu for next gen datacenters
How the Post-PC era changed IT Ubuntu for next gen datacentersGiuseppe Paterno'
 
Filesystem Comparison: NFS vs GFS2 vs OCFS2
Filesystem Comparison: NFS vs GFS2 vs OCFS2Filesystem Comparison: NFS vs GFS2 vs OCFS2
Filesystem Comparison: NFS vs GFS2 vs OCFS2Giuseppe Paterno'
 
Creating OTP with free software
Creating OTP with free softwareCreating OTP with free software
Creating OTP with free softwareGiuseppe Paterno'
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxGiuseppe Paterno'
 
Comparing IaaS: VMware vs OpenStack vs Google’s Ganeti
Comparing IaaS: VMware vs OpenStack vs Google’s GanetiComparing IaaS: VMware vs OpenStack vs Google’s Ganeti
Comparing IaaS: VMware vs OpenStack vs Google’s GanetiGiuseppe Paterno'
 
La gestione delle identità per il controllo delle frodi bancarie
La gestione delle identità per il controllo delle frodi bancarieLa gestione delle identità per il controllo delle frodi bancarie
La gestione delle identità per il controllo delle frodi bancarieGiuseppe Paterno'
 
Secure real-time collaboration with SecurePass and Etherpad
Secure real-time collaboration with SecurePass and EtherpadSecure real-time collaboration with SecurePass and Etherpad
Secure real-time collaboration with SecurePass and EtherpadGiuseppe Paterno'
 
Il problema dei furti di identita' nelle infrastrutture Cloud e possibili rimedi
Il problema dei furti di identita' nelle infrastrutture Cloud e possibili rimediIl problema dei furti di identita' nelle infrastrutture Cloud e possibili rimedi
Il problema dei furti di identita' nelle infrastrutture Cloud e possibili rimediGiuseppe Paterno'
 

Más de Giuseppe Paterno' (15)

OpenStack e le nuove Infrastrutture IT
OpenStack e le nuove Infrastrutture ITOpenStack e le nuove Infrastrutture IT
OpenStack e le nuove Infrastrutture IT
 
OpenStack Explained: Learn OpenStack architecture and the secret of a success...
OpenStack Explained: Learn OpenStack architecture and the secret of a success...OpenStack Explained: Learn OpenStack architecture and the secret of a success...
OpenStack Explained: Learn OpenStack architecture and the secret of a success...
 
Let's sleep better: programming techniques to face new security attacks in cloud
Let's sleep better: programming techniques to face new security attacks in cloudLet's sleep better: programming techniques to face new security attacks in cloud
Let's sleep better: programming techniques to face new security attacks in cloud
 
SecurePass at OpenBrighton
SecurePass at OpenBrightonSecurePass at OpenBrighton
SecurePass at OpenBrighton
 
OpenStack: Security Beyond Firewalls
OpenStack: Security Beyond FirewallsOpenStack: Security Beyond Firewalls
OpenStack: Security Beyond Firewalls
 
Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise Linux
 
Il problema dei furti di identità nelle infrastrutture Cloud e possibili rimedi
Il problema dei furti di identità nelle infrastrutture Cloud e possibili rimediIl problema dei furti di identità nelle infrastrutture Cloud e possibili rimedi
Il problema dei furti di identità nelle infrastrutture Cloud e possibili rimedi
 
How the Post-PC era changed IT Ubuntu for next gen datacenters
How the Post-PC era changed IT Ubuntu for next gen datacentersHow the Post-PC era changed IT Ubuntu for next gen datacenters
How the Post-PC era changed IT Ubuntu for next gen datacenters
 
Filesystem Comparison: NFS vs GFS2 vs OCFS2
Filesystem Comparison: NFS vs GFS2 vs OCFS2Filesystem Comparison: NFS vs GFS2 vs OCFS2
Filesystem Comparison: NFS vs GFS2 vs OCFS2
 
Creating OTP with free software
Creating OTP with free softwareCreating OTP with free software
Creating OTP with free software
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-Linux
 
Comparing IaaS: VMware vs OpenStack vs Google’s Ganeti
Comparing IaaS: VMware vs OpenStack vs Google’s GanetiComparing IaaS: VMware vs OpenStack vs Google’s Ganeti
Comparing IaaS: VMware vs OpenStack vs Google’s Ganeti
 
La gestione delle identità per il controllo delle frodi bancarie
La gestione delle identità per il controllo delle frodi bancarieLa gestione delle identità per il controllo delle frodi bancarie
La gestione delle identità per il controllo delle frodi bancarie
 
Secure real-time collaboration with SecurePass and Etherpad
Secure real-time collaboration with SecurePass and EtherpadSecure real-time collaboration with SecurePass and Etherpad
Secure real-time collaboration with SecurePass and Etherpad
 
Il problema dei furti di identita' nelle infrastrutture Cloud e possibili rimedi
Il problema dei furti di identita' nelle infrastrutture Cloud e possibili rimediIl problema dei furti di identita' nelle infrastrutture Cloud e possibili rimedi
Il problema dei furti di identita' nelle infrastrutture Cloud e possibili rimedi
 

Último

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 

Último (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Identity theft in the Cloud and remedies

  • 1. Identity theft in the Cloud and remedies Giuseppe “Gippa” Paterno’ Friday 26 October 12
  • 2. My identity: Giuseppe “Gippa” Paternò • Director Digital of GARL, the Swiss bank behind the SecurePass service • EMEA Sales Engineer of Canonical, the company behind Ubuntu • Security researcher, open source enthusiast, and friend of the “Penguin” since 1995 • Leisure pilot ... a good excuse to be back in an airport during the weekends :) • Non-professional Chef (Ramsay, I challenge you :) • Radio-amateur with passion for “strange” WiFi: my association has the world record of 304km link in WiFi!! Friday 26 October 12
  • 3. Cloud, a buzzword with different means IaaS SaaS PaaS ... what a MesS! Friday 26 October 12
  • 4. What is meant by “Cloud” A set of services, usually “rented” from a service provider or internal IT department (for large corporations), that enables: • Flexibility: the ability of expanding or reducing our IT infrastructure based on the business needs • Resiliency: high availability of IT services, ensuring business continuity in any event • Accessibility: access to services anytime and anywhere on earth with a simple Internet connection • Cost optimization: you truly have a pay-as-you use IT infrastructure without money wasting Friday 26 October 12
  • 5. The Cloud: IaaS • Renting a virtual infrastructure from a service provider composed by virtual servers and virtual networks IaaS • Example: Amazon Web Services, = Moresi.Com, ecc.... Infrastructure as • Security risk: total control of the IT a Service infrastructure by an attacker with service disruption or silent data leaking (control panel is accessible from Internet) Friday 26 October 12
  • 6. The Cloud: SaaS •Renting a given application, usually web-based, from a service provider with high availability and SaaS accessible from anywhere = •Example: SalesForce.com, Office Software as 360, etc... a Service •Security risk: compromising a single identity will lead to corporate data leaking by an attacker or competitor Friday 26 October 12
  • 7. The Cloud: PaaS • Renting an “application environment” that hosts YOUR application. If compared to IaaS, PaaS does not focus on operating system, but on “operating” the application environment PaaS (app server, languages, frameworks, databases, etc..) = Platform as • Example: Microsoft Azure, Google App Engine, CloudFoundry, etc.... a Service • Security risk: total control of the application(s) by an attacker with service disruption (control panel accessible from Internet), corporate data leaking (users’ identity theft) Friday 26 October 12
  • 8. Let’s make things complicated: BYOD • Yet another marketing buzzword :) • BYOD = Bring Your Own Device • Basically the use of a “consumer” device within a corporate environment: iPad/ iPhone/Android/.... • Security risk: device lost or stolen means access to confidential data. Many apps for iOS/Android have a “static key” that get rid of the identification process. Friday 26 October 12
  • 9. Famous victims of identity theft ... and many others! Friday 26 October 12
  • 10. Identity theft in numbers millions of victims of identity theft in USA in 2008 (Javelin 10 Strategy and Research, 2009) billions dollars lost every year due to identity theft (Aberdeen 221 Group) hours to correct damages due to identity theft, i.e. 2 years 5840 of a working resource (ITRC Aftermath Study, 2004). billion corporate and government records compromised in 35 2010 (ITRC) is the factor of multiplication of the number of breaches 2 from 2009 to 2010. The trend of data breaches due identity theft is doubling each year. Friday 26 October 12
  • 11. Human factor, an example in aviation An organization can minimize its vulnerability to human error and reduce its risks by implementing human factors best practices [...] It contains guidance material which [...] should help reduce the risks associated with human error and human factors, and improve safety. It [...] concentrates upon risk and error management rather than risk and error elimination. (EASA, JAR 145, Aviation Human Factors) Friday 26 October 12
  • 12. Human factor in IT (in)security •Human factor is the primary cause of intrusions by hackers, foreign government agencies or competition. Two major issues: •Password easy to guess or crack •Social Engineering •Hope is not a strategy! Friday 26 October 12
  • 13. Best practices, why they don’t work • Maybe the most adopted is BS/ISO 17799, that eventually became ISO 27001 • Most best practices cover physical access, server hardening, network access and segregation, etc... • they just don’t make sense anymore in a Cloud environment • ... but they could be helpful to select our supplier • What still makes sense is the access control: • secure identification of a given user (identity management) • check and log who’s doing what (auditing) • permissions/rights to access a given piece of data or document (policy management) Friday 26 October 12
  • 14. Identity theft remedies This is not a remedy! :-) Friday 26 October 12
  • 15. Identity theft remedies ... and this neither! ;-) Friday 26 October 12
  • 16. Identity theft remedies Security must be simple and transparent to the end user, otherwise it will be circumvented! • Strong authentication of the users • Identify from which country the user is connecting from (GeoIP) • Patches, patches and ... patches! • Secure application programming Friday 26 October 12
  • 17. Intranet vs the Cloud and Trusted third party • In a “traditional” world, Microsoft Active Directory covers usually the identity management, auditing and policy role • AD was not conceived to fit a Cloud environment and accessed from “outside” company boundaries (or firewalls) • A distributed identity management system is needed, that implements something like Microsoft Active Directory for Cloud environments, is able to reduce “human errors” through strong authentication and is operated by a trusted third party. Friday 26 October 12
  • 18. A possible solution: • SecurePass is a Unified Secure Access platform for Cloud, web applications and security devices (VPN, firewalls, ...) • Strong authentication, with hardware tokens or software tokens on smartphones (iOS/Android/BlackBerry) • Identity Management, with personnel’s information • Web seamless Single Sign-On, to simplify user access (and avoid circumventions) • Based on open protocols: LDAP, RADIUS and CAS • Easy to integrate, protect your infrastructure and applications in few minutes. • Guaranteed by a Swiss bank Friday 26 October 12
  • 19. Case Study: Moresi.Com • Housing / Swiss hosting provider with two data centers, constantly expanding • Highly selected customers, including banks and national and international companies • Moving the focus from traditional housing / hosting to a cloud provider (VMware vCloud based) • Each customer has access to a "virtual datacenter" that can orchestrate at his will • Objective: establish a secure access to the virtual datacenters Friday 26 October 12
  • 21. Case Study: Insurance company • World’s second largest multinational insurance company, 48 subsidiaries world- wide, each one with its board of directors, CEO, CFO • All CxO level members are accessing documents and confidential on-the-move through any devices (laptop, tablet, smartphone) with high risk of data leaking • Objective: provide secure access to their board of director classified documents and avoid information leaking through an ad-hoc secure java-based web application Friday 26 October 12
  • 22. Case Study: Automotive company • One of the top 5 automotive suppliers in the world with over 120.000 employees • Need to solve security issues connected to the BYOD (Bring Your Own Devices) from employees and top manager, in particular tablets and smartphones • Objective: provide secure access to corporate resources from BYOD through SSL VPNs and ad-hoc portals Friday 26 October 12
  • 23. SecurePass Contest 2012 • Integrate SecurePass and publish a story in a blog or on-line magazine. Good excuse for: • testing SecurePass for free • learn something new • letting your boss or your customers know that you care about security • ... and win something ;-) • http://www.secure-pass.net/contest2012 Friday 26 October 12
  • 24. Q&A Giuseppe Paternò gpaterno@gpaterno.com gpaterno@garl.ch Web sites: www.gpaterno.com www.secure-pass.net Twitter: @gpaterno Friday 26 October 12