Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015
-
Upload
tierpoint -
Category
Technology
-
view
75 -
download
0
Transcript of Tierpoint_Beware of These Four Cloud Security Myths_Oct 2015
Cloud Security MythsPaul Mazzucco, Chief Security Officer
Copyright© 2015 TierPoint, LLC. All rights reserved.
>Yesterday’s standards:today’s security myths
>Cloud security: anongoing mandate
>Actions to take now
Discussion Points
Copyright© 2015 TierPoint, LLC. All rights reserved.
Channels used …
90% of BusinessesBreached in Last 10 Years
> Bring Your Own Device (BYOD) 60% allow / 40% formal policy
> Bring Your Own Cloud (BYOC) 45% apps / 22% visible to IT
> Malicious Hackers 60% financial gain / 25% IP
US hits record high of 783data breaches in 2014
Copyright© 2015 TierPoint, LLC. All rights reserved.
(Almost) Daily Headlines
> Data Belonging to 1.1 MillionCareFirst Customers Stolen inCyber Attack (May 2015)
> US Regulators Warn of CyberThreat to Financial System(May 2015)
4
> FBI Warns USCompanies of CyberTerror (April 2015)
Copyright© 2015 TierPoint, LLC. All rights reserved.
Cyber security threats according to risk mitigation priority10 = Highest Priority to 1 = Lowest Priority
2.8
3.0
3.2
5.4
6.4
7.7
7.9
8.2
8.6
9.0
0.0 1.0 2.0 3.0 4.0 5.0 6.0 7.0 8.0 9.0 10.0
Phishing and social engineering
Web scrapping
Cross site scripting
Malicious insiders
Botnets
Malware
Viruses, worms and trojans
Distributed denial of service (DDoS)
Server side injection
Denial of service (DoS)
Multiple Cyber Security Threats
Copyright© 2015 TierPoint, LLC. All rights reserved.
Cloud Security Myths
> Data in the cloud is lesssecure than data in traditionalbrick & mortar datacenter
> Security can be dealt withafter the fact
> Using any cloud provider withthe right certs guaranteesprotection
> Once it’s set up, you canleave it alone
6
Copyright© 2015 TierPoint, LLC. All rights reserved.
Cloud providers’ coreexpertise
Built into the businessmodel, ground up
Offer many morelayers of security
28% fewer genuineattacks, threats
FACTS
Myth 1:Data is Less Secure in Cloud
Copyright© 2015 TierPoint, LLC. All rights reserved.
Myth 2:Deal With it After the Fact
CloudEnvironment
• Network architecture• Provisioning• Deployment• Scaling
NeedsImpactSecurity
• Your industry• Your data needs• Your business practices• Your customers’ needs
Security is infrastructural, planning through execution
FACTS
Copyright© 2015 TierPoint, LLC. All rights reserved.
> Compliance doesn’t ensure security Overlap: Yes Same: No
> Compliance: state of security at specificmoment in time Error between audits Humans vs. automation
> Actions Independent audits, SLAs Public vs. private cloud
Myth 3:Certs Guarantee Protection
FACTS
Copyright© 2015 TierPoint, LLC. All rights reserved.
> Certs & audit are a beginning Not culmination
> Yesterday’s technology Perimeter-focused
> Today’s threats require Multi-layered approach
Advanced detection
Real-time admin alerts
Myth 4:Set it and Forget It
FACTS
Copyright© 2015 TierPoint, LLC. All rights reserved.
Actions to Take
> Cloud Security Alliance (CSA) Consensus Assessment
Initiative Questionnaire
CSA Cloud Controls Matrix
> Independent audits 3rd party testing of providers’
infrastructure
> Services secured to commonstandard Transparent and auditable
Copyright© 2015 TierPoint, LLC. All rights reserved.
TierPoint Cloud
12
• Secure• Flexible• Scalable• Cost Efficient
PRIVATE
• Dedicated Environment
• Customized Storage,Computing, Security &other Components
• Utilize & ColocateYour Own Equipmentor Outsource asFully Managed
MULTI-TENANT
• Secure, EnterpriseArchitected Service
• Cost Efficient, Flexible
• Dedicated Resources
RECOVERY
• Built to Spec forCustomer RPOs& RTOs
• Virtual ResourcesUpon Demand Duringa Disaster
• IP Vaulting, Tape,or Disk Backup
HYBRID
• Seamless Integrationwith ColocationEnvironments
• Secure, EnterpriseServices
• Cost-efficient
• Scalable
Built to meet critical security, performance andreliability requirements
Full suite of custom-configured virtualization servicespowered by industry-leading VMware technology