Panel: Virtual World with Virtual Risks. Can it be Cloudy and Clearly Secure?
-
Upload
safenet -
Category
Technology
-
view
221 -
download
3
description
Transcript of Panel: Virtual World with Virtual Risks. Can it be Cloudy and Clearly Secure?
Insert Your Name
Insert Your Title
Insert Date
Virtual World with Virtual Risks. Can it be Cloudy and Clearly Secure?
Jason Hart – VP, Authentication and Cloud Visionary, SafeNet - Moderator
Panellists:
Gargi Mitra Keeling, Group Product Manager, Networking and Security, VMware
Jofre Palau, Principal Product Manager, Security, Vodafone
Patrick McBride , VP Marketing, Xceedium
Leonor Martins, Principal Solutions Specialist, Virtualization & Cloud, SafeNet
PANEL SESSION
Introductions
Jason Hart – Moderator. VP, Authentication and Cloud, SafeNet
Panellists: Gargi Mitra Keeling, Group Product Manager, Networking and
Security, VMware Jofre Palau, Principal Product Manager, Security, Vodafone Patrick McBride , VP Marketing, Xceedium Leonor Martins, Principal Solutions Specialist, Virtualization &
Cloud, SafeNet
Agenda
Meeting Format Introduction and Welcome 3 questions for the panel discussion 3 polling questions for the audience
Quick analysis of results
Summary Q & A
With the adoption of cloud and migration to the
virtual data center, do you believe customers are
aware of the virtual risks?
What do you see as the cause of the hesitancy
remaining in customers?
Do customers realise they are in the cloud/hybrid
cloud ie. SFDC, Dropbox etc?
Question 1
Today’s issues
Data breaches are rampant
Data is moving everywhere
The approach to protecting data must change
State of Data Security
2012: 855 data breach
incidents 174 million
records affected Second-worst
year ever
*Based on a SafeNet Survey of 800+ security professionals.
Source: 2012 Verizon Data Breach Investigations Report
What are your main concerns or reasons for hesitation to move into the cloud?
Compliance Loss of control Ownership
Polling Question 1
State of Data Security
Security professionals believe they will suffer a breach.
*Based on a SafeNet Survey of 800 security professionals.
State of Data Security
Organizations continue to rely on the same technologies.
*Based on a SafeNet Survey of 800 security professionals.
State of Data Security
Doubt in security industry’s ability to detect and prevent breaches.
*Based on a SafeNet Survey of 800 security professionals.
State of Data Security
Recognition that if perimeters failed, high value data would not be safe.
*Based on a SafeNet Survey of 800 security professionals.
A new prescription for the “Secure Breach” era
Introspection
• Its time to try something new…
Acceptance
• You can’t prevent a perimeter breach…
Understanding
• Know your enemies and what they are after…
Action
• Protect What Matters…THE DATA!
What are your beliefs on a new security paradigm, ie. no perimeter existing and securing the actual data, instead of the vector which no longer exists?
• Breach acceptance and securing the data in view of:
• 800 IT professionals surveyed globally • Survey shows they are continuing to secure the
perimeter and not the data, although they are expecting a breach
Question 2 and discussion points
Verizon’s annual Data Breach Investigations Report (DBIR) published last week
Quoted from the report:
“Not one breach in this sample happened to data that was ‘in transit’. In fact, two-thirds of breaches involved data ‘at rest’ (in databases and on file servers), and the rest was being processed when compromised.”
Question 2 discussion points
Verizon’s annual Data Breach Investigations Report (DBIR) published last week, 80% of data-breaches could have been eliminated just by using strong-authentication.
Quoted from the report:
“So, it really comes as no surprise that authentication based attacks (guessing, cracking, or reusing valid credentials) factored into about four of every five breaches involving hacking in our 2012 dataset. …
Question 2 discussion points
• Many threats are invisible:• insider threats and passwords have been
compromised for a considerable time and the data exposed, without the organisation being aware
Quoted from the Verizon report: “... 66% of the breaches in our 2013 report took months or even years to discover (62% months, 4% years).”
• What is your view on Killing the Data?
Question 2 discussion cont...
Polling question 2
Where/why do you think your data breach would occur?• Data center/Virtual data center• Unapproved hardware• Weak credentials• Phishing attacks• Insider threat/disgruntled employees
18
Should it be mandatory for a cloud provider to make 2 Factor Authentication an option?
• Cloud alliance sets standards. Should this be a standard?
• Should it be clients choice to enable 2FA?
Question 3 and discussion points
Polling question 3
If you had the option to enable 2 Factor AUT for a cloud application, would you use it?
20
Summary
Where encryption can be deployed
The implications of each of those places
The types of threats associated with those
locations
The importance of Key Management
Protect the target, not the perimeter
Controlling access to resources: authentication
At the core: key management, key vaulting, root of trust
In the data center: databases, applications, mainframes, and storage
Into the cloud: virtual servers, applications and storage
The Importance of Key Management
Your data is only as secure as your keys
Keys (and data) may have a life of many decades
Disaster recovery support is essential
Policy driven with role management
Key rotation/Rekeying
Secure destruction
Auditing
System recover
If your data is now encrypted, then losing the keys would be a significant and unrecoverable disaster!
Who We Are
Trusted to protect the world’s most sensitive data for the world’s most trusted brands.
We protect the most money that moves in the world, $1 trillion daily.
We protect the most digital identities in the world.
We protect the most classified information in the world.
FOUNDED
1983
REVENUE
~330m
EMPLOYEES
+1,400In 25 countries
OWNERSHIP
Private
GLOBAL FOOTPRINT
+25,000Customers in100 countries
ACCREDITED
Products certifiedto the highest security standard
Follow SafeNet on Social Media
[Blog] http://data-protection.safenet-inc.com @safenetinc http://www.linkedin.com/company/safenet http://youtube.com/safenetinc http://facebook.com/safenetinc https://plus.google.com/+safenet http://pinterest.com/safenetinc/ http://www.safenet-inc.com/rss.aspx http://www.slideshare.net/SafeNet http://www.govloop.com/group/safenetgov http://www.brighttalk.com/channel/2037 http://community.spiceworks.com/pages/safenetinc
25
Thank you for attending
Any questions?