Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015

Cloud Security MythsPaul Mazzucco, Chief Security Officer

Copyright© 2015 TierPoint, LLC. All rights reserved.

>Yesterday’s standards:today’s security myths

>Cloud security: anongoing mandate

>Actions to take now

Discussion Points


Channels used …

90% of BusinessesBreached in Last 10 Years

> Bring Your Own Device (BYOD) 60% allow / 40% formal policy

> Bring Your Own Cloud (BYOC) 45% apps / 22% visible to IT

> Malicious Hackers 60% financial gain / 25% IP

US hits record high of 783data breaches in 2014


(Almost) Daily Headlines

> Data Belonging to 1.1 MillionCareFirst Customers Stolen inCyber Attack (May 2015)

> US Regulators Warn of CyberThreat to Financial System(May 2015)

4

> FBI Warns USCompanies of CyberTerror (April 2015)


Cyber security threats according to risk mitigation priority10 = Highest Priority to 1 = Lowest Priority

2.8

3.0

3.2

5.4

6.4

7.7

7.9

8.2

8.6

9.0

0.0 1.0 2.0 3.0 4.0 5.0 6.0 7.0 8.0 9.0 10.0

Phishing and social engineering

Web scrapping

Cross site scripting

Malicious insiders

Botnets

Malware

Viruses, worms and trojans

Distributed denial of service (DDoS)

Server side injection

Denial of service (DoS)

Multiple Cyber Security Threats


Cloud Security Myths

> Data in the cloud is lesssecure than data in traditionalbrick & mortar datacenter

> Security can be dealt withafter the fact

> Using any cloud provider withthe right certs guaranteesprotection

> Once it’s set up, you canleave it alone

6


Cloud providers’ coreexpertise

Built into the businessmodel, ground up

Offer many morelayers of security

28% fewer genuineattacks, threats

FACTS

Myth 1:Data is Less Secure in Cloud


Myth 2:Deal With it After the Fact

CloudEnvironment

• Network architecture• Provisioning• Deployment• Scaling

NeedsImpactSecurity

• Your industry• Your data needs• Your business practices• Your customers’ needs

Security is infrastructural, planning through execution

FACTS


> Compliance doesn’t ensure security Overlap: Yes Same: No

> Compliance: state of security at specificmoment in time Error between audits Humans vs. automation

> Actions Independent audits, SLAs Public vs. private cloud

Myth 3:Certs Guarantee Protection

FACTS


> Certs & audit are a beginning Not culmination

> Yesterday’s technology Perimeter-focused

> Today’s threats require Multi-layered approach

Advanced detection

Real-time admin alerts

Myth 4:Set it and Forget It

FACTS


Actions to Take

> Cloud Security Alliance (CSA) Consensus Assessment

Initiative Questionnaire

CSA Cloud Controls Matrix

> Independent audits 3rd party testing of providers’

infrastructure

> Services secured to commonstandard Transparent and auditable


TierPoint Cloud

12

• Secure• Flexible• Scalable• Cost Efficient

PRIVATE

• Dedicated Environment

• Customized Storage,Computing, Security &other Components

• Utilize & ColocateYour Own Equipmentor Outsource asFully Managed

MULTI-TENANT

• Secure, EnterpriseArchitected Service

• Cost Efficient, Flexible

• Dedicated Resources

RECOVERY

• Built to Spec forCustomer RPOs& RTOs

• Virtual ResourcesUpon Demand Duringa Disaster

• IP Vaulting, Tape,or Disk Backup

HYBRID

• Seamless Integrationwith ColocationEnvironments

• Secure, EnterpriseServices

• Cost-efficient

• Scalable

Built to meet critical security, performance andreliability requirements

Full suite of custom-configured virtualization servicespowered by industry-leading VMware technology

Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015

Technology

Transcript of Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015