Cloud Security: Perception Vs. Reality
3 likes734 views
The document discusses perceptions and realities of cloud security, highlighting concerns and evaluations between service provider and on-premise solutions. It includes insights from industry experts on security drivers and specific threats faced by enterprises using cloud services. Additionally, it emphasizes the effectiveness of managed environments in maintaining security and the importance of data-driven decision-making in security investments.
Cloud Security: Perception Vs. Reality
- 1. Cloud Security: Perception vs. Reality March 21, 2012 #cloudsecurity
- 2. Agenda Introductions and Internap Overview Security Drivers and Concerns - Industry Perspectives Security Risk Evaluation – Service Provider vs. On-Premise Questions? #cloudsecurity 2
- 3. Today’s speakers & moderator Marek Vesely Mark Fitzgerald Chief Technology Officer Manager, Casenet LLC Infrastructure & Strategy Turbine John Freimuth Randy Rosenbaum VP, Mgd Hstg & Partner Executive Cloud Alert Logic Internap Moderator #cloudsecurity 3
- 4. Our intelligent IT Infrastructure solutions can take your business to a higher level. 3,700+ Enterprise Customers 500 Employees 2011 Revenue: $245M NASDAQ: INAP #cloudsecurity 4
- 5. End user to the Performance IT Vendor IT Vendor IT Vendor IT Vendor IT Vendor IT Vendor IT Vendor Platform Flexibility #cloudsecurity 5 5
- 6. Performance to the End user Platform Flexibility IP Connectivity Colocation • Enterprise IP • Space, Power, Cooling • TCP Acceleration • Interconnection Content Delivery Network Hosting • Media Delivery, Transparent • Managed Hosting Caching, Mobile Delivery • Dedicated Hosting • Analytics Cloud • Private Cloud • Public Cloud • Cloud Storage We live and breathe a full range of intelligent IT Infrastructure services #cloudsecurity 6
- 7. Poll Question What is your greatest concern about a cloud environment? #cloudsecurity 7
- 8. What is top of mind today for enterprises regarding security and cloud services? #cloudsecurity
- 9. Panel Question: Business Drivers VP, IT Dell SecureWorks What business drivers influence your security decisions? #cloudsecurity 9
- 10. Panel Question: Cloud Security Concerns VP, IT Dell SecureWorks What are your security concerns when using a cloud environment? #cloudsecurity 10
- 11. Panel Question: Levering Cloud Services VP, IT Given security Dell SecureWorks requirements, how will you leverage cloud in the future? #cloudsecurity 11
- 12. Poll Question Which methods of attack concerns you most in terms of your customers’ data? #cloudsecurity 12
- 13. Security-‐as-‐a-‐Service solu0ons for more than 1,500 customers Threat Manager Ac-veWatch • Intrusion detection and vulnerability assessment • PCI Approved Scanning Vendor (ASV) • Custom dashboards and reports • 24x7 monitoring and review services Log Manager LogReview • Log data collection and aggregation • Identify suspicious activity and automatically issue threat alerts • Powerful search and reporting • Daily analysis and review services Web Security Manager • Award-winning web application firewall • Adaptive learning and easy tuning • 24x7 monitoring for consistent protection 13
- 14. Industry-‐First Data-‐Driven Compara0ve Analysis of Threats in Hosted and Cloud vs. On-‐Premise IT Environments 14
- 15. Alert Logic provides a rich data set Threat data from more than 1500 customers Customers of over half the top 30 Consistently-‐ North American collected data service providers from both service provider and on-‐premise On-‐premise enterprise environments environments from a range of ver-cals 15
- 16. Customer Data Set • Analyzed network traffic from over 1600 customers – 1300 + Managed Hosting/Cloud Customers – 300 + On-Premise Customers 16 Page 16
- 17. How threats are identified 17
- 18. Security Incident Categories INCIDENT TYPE DEFINITION EXAMPLES Applica-on ALack Exploit aLempts against applica-ons or services that are not Buffer overflow running over HTTP protocol Brute Force Exploit aLempts enumera-ng a large number of combina-ons, Password cracking aLempts typically involving numerous creden-al failures Malware/Botnet Ac-vity Malicious soUware installed on a host engaging in unscrupulous Conficker, Zeus botnet ac-vity, data destruc-on, informa-on gathering or crea-on of backdoor. Included in this category is botnet ac-vity: post-‐ compromise ac-vity displaying characteris-cs of command and control communica-on Misconfigura-on Network/Host/Applica-on configura-on issues that introduce Weak patch management, possible security vulnerabili-es, typically a result of inadequate unnecessary services running hardening Reconnaissance Reconnaissance ac-vity focused on mapping the networks, Port scans and fingerprin-ng applica-ons and/or services Vulnerability Scan Automated vulnerability discovery in applica-ons, services or Unauthorized Nessus scan protocol implementa-ons Web Applica-on ALack ALacks targe-ng the presenta-on, logic or database layer of web SQL injec-on applica-ons 18
- 19. Metrics to answer basic questions OCCURRENCE FREQUENCY THREAT DIVERSITY What percentage of How oUen did impacted How many unique threat customers were impacted customers experience types did customers by each threat type? each threat type? experience? What is the complexity What threats are actually experienced in on-‐ of the threat landscape premise vs service provider environments, and (and resul-ng security how oUen? program)? 19
- 20. Consistently lower occurrence rates among service provider customers 20
- 21. Why Do We See Differences? Size and Diversity Increase Attack Surface 21
- 22. What does this mean? Cloud and Service Provider Managed Environments are Not Less Secure Good Management Yields Good Security Smart Enterprises Should Exploit Differences in Risk Profiles Web Applica-on Security is a Significant Challenge 22
- 23. Use data to make security investment decisions This is aggregate data; use your own IDS and log data Review log data to detect brute force Consider Web App aLempts Firewall, network IDS Use IDS to detect suspicious recon Malware protec-on Pay aLen-on to cri-cal for on-‐premises configura-on infrastructure management, patching 23 Source: Alert Logic State of Cloud Security, Spring 2012
- 24. ? Questions? www.internap.com #cloudsecurity #cloudsecurity 24