SlideShare una empresa de Scribd logo

SPR203 : Cloud Security is a Shared Responsibility

Mark Nunnikhoven
Mark Nunnikhoven

Presented at the first re:Invent conference in 2012. This slide deck was written by Allan MacPhee and presented by Dave Asprey & Mark Nunnikhoven (me). This was the first time we--the Trend Micro team--had worked with AWS to ensure that all AWS users were aware of the shared responsibility model and what is required for strong security in the cloud.

Tecnología
1 de 18
Descargar para leer sin conexión
Cloud Security is a Shared Responsibility Allan MacPhee, Trend Micro November 28, 2012
Agenda • Security and the cloud • Who is responsible for cloud security? • How is security in the cloud different? • Trend Micro securing your journey to the cloud • Best practices & recommendations
Cloud customer adoption survey … Source: Ponemon – Security of cloud computing providers 10 / 11 concerns raised were related to security Data protection was the #1 concern
What customers tell us … • Data sovereignty – Concerns over ownership of data • Who owns the data? customer, provider, government? • Data privacy concerns > other tenants, attacks against my data … – Will my data leave the country? – If I terminate a cloud server, do copies of my data still exist in the cloud? – US Patriot Act • Could USA law enforcement gain access to my systems and data?
What customers tell us … • Multi-tenancy Concerns – Risk of configuration errors leading to data exposure – How can I protect my cloud servers from attack? – Will I even know my cloud servers are being attacked? • Compliance – How can I use the cloud and still meet internal and external compliance requirements? – Who is responsible for cloud security?
Who is responsible for cloud security? Source: Ponemon – Security of cloud computing providers
So what is your CSP responsible for? • CSP responsibilities 1. Physical security 2. Personnel security 3. Infrastructure security 4. Operational security • Certification of the service offering x SAS 70/SSAE 16 Type 1 SOC 1 SSAE 16 Type 2 SOC 1 PCI DSS Service Provider certification
Why AWS is a good choice … Certifications  Publishes a Service Organization Controls 1 (SOC1), Type 2 report  Registered with CSA Security, Trust & Assurance Registry (STAR)  Level 1 validated service provider under the PCI DSS Service – EC2,VPC, dedicated instances and GovCloud offerings – Advanced authentication services: MFA, IAM roles, roles for EC2 – Allows penetration tests per PCI DSS v2.0 requirements
As a customer, what are my responsibilities? • Protect instances from being compromised – Security principles don’t change Cloud Servers require protection Data confidentiality The Need Preferred Security Control Block OS & App vulnerability exploits Patching & vulnerability shielding Block malicious software Anti-malware Control server communication Firewall & Web Reputation Services Detect suspicious network traffic IDS/IPS Deep Packet Inspection Detect unauthorized system changes Integrity Monitoring Encryption • How security works in the cloud is drastically different!
Instance Location Challenge: • Understanding where servers are running • How to verify that it is a server you own and trust is attempting to access sensitive data Security requirement: • Awareness that servers are running in the cloud for starters! • Confirm the identity & location of servers running in the cloud • Detect and block access from rogue servers • Apply the appropriate security controls based upon location
Scale & Automation Challenge: • Cloud applications dynamically scale up & down as capacity requirements change Security requirement: • Automate protection of new instances w/o requiring administrative actions • Gracefully deal with instances that have been terminated, avoid “orphaned servers” • Integrate and support cloud management tools such as RightScale, Chef, Puppet, et.
Cloud Compatibility Challenge: • Supporting large scale, distributed and even distinct cloud environments or vendors Security requirement: • Security that is intelligent and flexible to deal with – Multiple environments & AWS regions /AZ’s – Non-persistent IP addresses & host names – Firewall routing, VPCs, private/public IP’s, ELBs, etc. – Storage options: ephemeral, EBS, AWS storage gateways, S3, RDS
Trend Micro Global 500 Penetration Trend Micro protects 100%of the top 10 automotivecompanies. Trend Micro protects 96%of the top 50 global corporations. Trend Micro protects 100%of the top 10 telecom companies. Trend Micro protects 80%of the top 10 banks. Trend Micro protects 90%of the top 10 oil companies. In calculating the above data, the percentage useof Trend Micro products include usage by parent companies and/or usage by any of their subsidiaries of any Trend Micro product or service. Source: http://money.cnn.com/magazines/fortune/global500/2011/index.html • 48 of the top 50 Global Corporations • 10 of the top 10 Automotive companies • 10 of the top 10 Telecom companies • 8 of the top 10 Banks • 9 of the top 10 Oil companies Trust Trend Micro security solutions* 12/6/2012 13
Securing the cloud with Trend Micro 12/6/2012 14Confidential | Copyright 2012 Trend Micro Inc. Optimized for AWS • AWS Inventory synchronization • Multi-tenant support • AWS cloud encryption • RightScale, Chef, Puppet automation scripts • Location awareness • Support compliance requirements (PCI, HIPAA)
Deep Security Demo
Best Practices & Recommendations
Be proactive & create a cloud plan • Interview LOB’s to understand their needs and expectations • Identify services / application cloud candidates • Plan for the worst case • Think of security as an enabler • Don’t say No, say how?
Thank You Questions?

Recomendados

Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5Alain Charpentier
 
Advanced Security Automation Made Simple
Advanced Security Automation Made SimpleAdvanced Security Automation Made Simple
Advanced Security Automation Made SimpleMark Nunnikhoven
 
AWS re:Invent 2017 re:View
AWS re:Invent 2017 re:ViewAWS re:Invent 2017 re:View
AWS re:Invent 2017 re:ViewMark Nunnikhoven
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldMark Nunnikhoven
 
Defending your workloads with aws waf and deep security
Defending your workloads with aws waf and deep securityDefending your workloads with aws waf and deep security
Defending your workloads with aws waf and deep securityMark Nunnikhoven
 
AWS re:Invent 2015 re:Cap
AWS re:Invent 2015 re:CapAWS re:Invent 2015 re:Cap
AWS re:Invent 2015 re:CapMark Nunnikhoven
 
Whodunit, The Mechanics of Attack Attribution
Whodunit, The Mechanics of Attack AttributionWhodunit, The Mechanics of Attack Attribution
Whodunit, The Mechanics of Attack AttributionMark Nunnikhoven
 
Power Struggle: Balancing Relationships & Responsibility in the Cloud
Power Struggle: Balancing Relationships & Responsibility in the CloudPower Struggle: Balancing Relationships & Responsibility in the Cloud
Power Struggle: Balancing Relationships & Responsibility in the CloudMark Nunnikhoven
 

Recomendados

Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5Alain Charpentier
 
Advanced Security Automation Made Simple
Advanced Security Automation Made SimpleAdvanced Security Automation Made Simple
Advanced Security Automation Made SimpleMark Nunnikhoven
 
AWS re:Invent 2017 re:View
AWS re:Invent 2017 re:ViewAWS re:Invent 2017 re:View
AWS re:Invent 2017 re:ViewMark Nunnikhoven
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldMark Nunnikhoven
 
Defending your workloads with aws waf and deep security
Defending your workloads with aws waf and deep securityDefending your workloads with aws waf and deep security
Defending your workloads with aws waf and deep securityMark Nunnikhoven
 
AWS re:Invent 2015 re:Cap
AWS re:Invent 2015 re:CapAWS re:Invent 2015 re:Cap
AWS re:Invent 2015 re:CapMark Nunnikhoven
 
Whodunit, The Mechanics of Attack Attribution
Whodunit, The Mechanics of Attack AttributionWhodunit, The Mechanics of Attack Attribution
Whodunit, The Mechanics of Attack AttributionMark Nunnikhoven
 
Power Struggle: Balancing Relationships & Responsibility in the Cloud
Power Struggle: Balancing Relationships & Responsibility in the CloudPower Struggle: Balancing Relationships & Responsibility in the Cloud
Power Struggle: Balancing Relationships & Responsibility in the CloudMark Nunnikhoven
 
Security OF The Cloud
Security OF The CloudSecurity OF The Cloud
Security OF The CloudMark Nunnikhoven
 
Shared Responsibility In Action
Shared Responsibility In ActionShared Responsibility In Action
Shared Responsibility In ActionMark Nunnikhoven
 
Infrastructure as (Secure) Code
Infrastructure as (Secure) CodeInfrastructure as (Secure) Code
Infrastructure as (Secure) CodeMark Nunnikhoven
 
Updating Security Operations For The Cloud
Updating Security Operations For The CloudUpdating Security Operations For The Cloud
Updating Security Operations For The CloudMark Nunnikhoven
 
Shared Responsibility In Action
Shared Responsibility In ActionShared Responsibility In Action
Shared Responsibility In ActionMark Nunnikhoven
 
The Most Common Failure With Today's Defences
The Most Common Failure With Today's DefencesThe Most Common Failure With Today's Defences
The Most Common Failure With Today's DefencesMark Nunnikhoven
 
Is That Normal? Behaviour Modelling On The Cheap
Is That Normal? Behaviour Modelling On The CheapIs That Normal? Behaviour Modelling On The Cheap
Is That Normal? Behaviour Modelling On The CheapMark Nunnikhoven
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Más contenido relacionado

Más de Mark Nunnikhoven

Shared Responsibility In Action
Shared Responsibility In ActionShared Responsibility In Action
Shared Responsibility In ActionMark Nunnikhoven
 
Infrastructure as (Secure) Code
Infrastructure as (Secure) CodeInfrastructure as (Secure) Code
Infrastructure as (Secure) CodeMark Nunnikhoven
 
Updating Security Operations For The Cloud
Updating Security Operations For The CloudUpdating Security Operations For The Cloud
Updating Security Operations For The CloudMark Nunnikhoven
 
Shared Responsibility In Action
Shared Responsibility In ActionShared Responsibility In Action
Shared Responsibility In ActionMark Nunnikhoven
 
The Most Common Failure With Today's Defences
The Most Common Failure With Today's DefencesThe Most Common Failure With Today's Defences
The Most Common Failure With Today's DefencesMark Nunnikhoven
 
Is That Normal? Behaviour Modelling On The Cheap
Is That Normal? Behaviour Modelling On The CheapIs That Normal? Behaviour Modelling On The Cheap
Is That Normal? Behaviour Modelling On The CheapMark Nunnikhoven
 

Más de Mark Nunnikhoven (7)

Security OF The Cloud
Security OF The CloudSecurity OF The Cloud
Security OF The Cloud
 
Shared Responsibility In Action
Shared Responsibility In ActionShared Responsibility In Action
Shared Responsibility In Action
 
Infrastructure as (Secure) Code
Infrastructure as (Secure) CodeInfrastructure as (Secure) Code
Infrastructure as (Secure) Code
 
Updating Security Operations For The Cloud
Updating Security Operations For The CloudUpdating Security Operations For The Cloud
Updating Security Operations For The Cloud
 
Shared Responsibility In Action
Shared Responsibility In ActionShared Responsibility In Action
Shared Responsibility In Action
 
The Most Common Failure With Today's Defences
The Most Common Failure With Today's DefencesThe Most Common Failure With Today's Defences
The Most Common Failure With Today's Defences
 
Is That Normal? Behaviour Modelling On The Cheap
Is That Normal? Behaviour Modelling On The CheapIs That Normal? Behaviour Modelling On The Cheap
Is That Normal? Behaviour Modelling On The Cheap
 

Último

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Último (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

SPR203 : Cloud Security is a Shared Responsibility

  • 1. Cloud Security is a Shared Responsibility Allan MacPhee, Trend Micro November 28, 2012
  • 2. Agenda • Security and the cloud • Who is responsible for cloud security? • How is security in the cloud different? • Trend Micro securing your journey to the cloud • Best practices & recommendations
  • 3. Cloud customer adoption survey … Source: Ponemon – Security of cloud computing providers 10 / 11 concerns raised were related to security Data protection was the #1 concern
  • 4. What customers tell us … • Data sovereignty – Concerns over ownership of data • Who owns the data? customer, provider, government? • Data privacy concerns > other tenants, attacks against my data … – Will my data leave the country? – If I terminate a cloud server, do copies of my data still exist in the cloud? – US Patriot Act • Could USA law enforcement gain access to my systems and data?
  • 5. What customers tell us … • Multi-tenancy Concerns – Risk of configuration errors leading to data exposure – How can I protect my cloud servers from attack? – Will I even know my cloud servers are being attacked? • Compliance – How can I use the cloud and still meet internal and external compliance requirements? – Who is responsible for cloud security?
  • 6. Who is responsible for cloud security? Source: Ponemon – Security of cloud computing providers
  • 7. So what is your CSP responsible for? • CSP responsibilities 1. Physical security 2. Personnel security 3. Infrastructure security 4. Operational security • Certification of the service offering x SAS 70/SSAE 16 Type 1 SOC 1 SSAE 16 Type 2 SOC 1 PCI DSS Service Provider certification
  • 8. Why AWS is a good choice … Certifications  Publishes a Service Organization Controls 1 (SOC1), Type 2 report  Registered with CSA Security, Trust & Assurance Registry (STAR)  Level 1 validated service provider under the PCI DSS Service – EC2,VPC, dedicated instances and GovCloud offerings – Advanced authentication services: MFA, IAM roles, roles for EC2 – Allows penetration tests per PCI DSS v2.0 requirements
  • 9. As a customer, what are my responsibilities? • Protect instances from being compromised – Security principles don’t change Cloud Servers require protection Data confidentiality The Need Preferred Security Control Block OS & App vulnerability exploits Patching & vulnerability shielding Block malicious software Anti-malware Control server communication Firewall & Web Reputation Services Detect suspicious network traffic IDS/IPS Deep Packet Inspection Detect unauthorized system changes Integrity Monitoring Encryption • How security works in the cloud is drastically different!
  • 10. Instance Location Challenge: • Understanding where servers are running • How to verify that it is a server you own and trust is attempting to access sensitive data Security requirement: • Awareness that servers are running in the cloud for starters! • Confirm the identity & location of servers running in the cloud • Detect and block access from rogue servers • Apply the appropriate security controls based upon location
  • 11. Scale & Automation Challenge: • Cloud applications dynamically scale up & down as capacity requirements change Security requirement: • Automate protection of new instances w/o requiring administrative actions • Gracefully deal with instances that have been terminated, avoid “orphaned servers” • Integrate and support cloud management tools such as RightScale, Chef, Puppet, et.
  • 12. Cloud Compatibility Challenge: • Supporting large scale, distributed and even distinct cloud environments or vendors Security requirement: • Security that is intelligent and flexible to deal with – Multiple environments & AWS regions /AZ’s – Non-persistent IP addresses & host names – Firewall routing, VPCs, private/public IP’s, ELBs, etc. – Storage options: ephemeral, EBS, AWS storage gateways, S3, RDS
  • 13. Trend Micro Global 500 Penetration Trend Micro protects 100%of the top 10 automotivecompanies. Trend Micro protects 96%of the top 50 global corporations. Trend Micro protects 100%of the top 10 telecom companies. Trend Micro protects 80%of the top 10 banks. Trend Micro protects 90%of the top 10 oil companies. In calculating the above data, the percentage useof Trend Micro products include usage by parent companies and/or usage by any of their subsidiaries of any Trend Micro product or service. Source: http://money.cnn.com/magazines/fortune/global500/2011/index.html • 48 of the top 50 Global Corporations • 10 of the top 10 Automotive companies • 10 of the top 10 Telecom companies • 8 of the top 10 Banks • 9 of the top 10 Oil companies Trust Trend Micro security solutions* 12/6/2012 13
  • 14. Securing the cloud with Trend Micro 12/6/2012 14Confidential | Copyright 2012 Trend Micro Inc. Optimized for AWS • AWS Inventory synchronization • Multi-tenant support • AWS cloud encryption • RightScale, Chef, Puppet automation scripts • Location awareness • Support compliance requirements (PCI, HIPAA)
  • 16. Best Practices & Recommendations
  • 17. Be proactive & create a cloud plan • Interview LOB’s to understand their needs and expectations • Identify services / application cloud candidates • Plan for the worst case • Think of security as an enabler • Don’t say No, say how?