Rethink cloud security to get ahead of the risk curve by kurt johnson, vice president of strategy and corporate development courion corporation
0 likes594 views
This document discusses managing access security risks in the cloud. It notes that security is a major concern for organizations moving to the cloud. The top internal and external audit findings relate to identity and access management. The document advocates adopting a risk-driven identity and access management model to ensure the right people have the right access to the right resources. It acknowledges that while security technologies are important, managing risk should be the focus. An architecture for access intelligence is proposed that uses analytics and monitoring to detect threats and risks in real-time and enable contextual remediation.
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice president of strategy and corporate development courion corporation
- 1. Rethink Managing Access Security Risk in the Cloud Dave Fowler Chief Operating Officer Courion Corporation CONFIDENTIAL
- 2. How Secure is my Cloud? CONFIDENTIAL
- 3. Security a Major Concern CONFIDENTIAL
- 4. CONFIDENTIAL
- 5. Top Internal/External Audit Findings Source: 2010 Deloitte Global Security Survey, Financial Services CONFIDENTIAL
- 6. Identity and Access Management Model Have the Right Ensure the To the Right Access Right People Resources Data Policy-Driven Access Information Systems Resources Assets and are doing the Right Things. CONFIDENTIAL
- 7. Security in a Virtual World CONFIDENTIAL
- 8. Security in a Virtual World CONFIDENTIAL
- 9. IAM Technologies Provisioning (Granting Access) Federation (Consolidating 174 million breaches* Identities) Single Sign On (SSO) Authentication/Authorization Privilege Access Management (PAM) Governance (Compliance with policy/regulations) 2009 2010 2011 CONFIDENTIAL
- 10. The Complexity of Securing Information 10s of Thousands of Identities 1000’s of people 1000’s of applications 100’s of millions+ of relationships & resources 100’s of policies & Millions of regulations actions CONFIDENTIAL
- 11. Bad Guys -> Fast… Good Guys -> Slow. Source: Verizon 2012 Data Breach Investigations Report CONFIDENTIAL
- 12. Is the Cloud the Issue? We are often asked whether “the Cloud” factors into many of the breaches we investigate. The easy answer is “No—not really.” It’s more about giving up control of our assets and data (and not controlling the associated risk) than any technology specific to the Cloud. Source: Verizon 2012 Data Breach Investigations Report CONFIDENTIAL
- 13. Need a different approach. CONFIDENTIAL
- 14. Risk Driven Model Risk = Impact X Likelihood What are the most important assets? • Key Applications? • File Shares? • Identity/Security Information? Who has access to them? What kind of access do they have? How do I know if it is at risk? • Real Time Analysis • Policy • Behavior CONFIDENTIAL
- 15. CONFIDENTIAL
- 16. Architecture for IAM Risk Dashboard & Reporting I&A Intelligence Threat Detection Forensics Analyst Workbench Policy/Rules Engine Notification Service Remediation Service Analytics Engine Identity & Access Warehouse ACCESS INTELLIGENCE ENGINE Identity Rights Policy Resources Activity CONFIDENTIAL
- 17. Security is Great BUT Risk Matters CONFIDENTIAL
- 18. Managing Risk: Access Intelligence Risk as a metric for managing Security Analytics and Intelligence to monitor in real time Notification Contextual Remediation CONFIDENTIAL
- 19. Questions? Dave Fowler Chief Operating Officer info@courion.com Courion Corporation CONFIDENTIAL
Editor's Notes
- #5: We’re all familiar with the headlines about data breaches
- #6: Deloitte survey results highlight the need to manage access rights across the enterprise Enforce policy Track user activity Ensure controls are in place
- #7: What is Access Risk Management? By ensuring that the right people have the right access to the right resources and are doing the right things based on policy, organizations can manage access risk By managing access risk, companies can increase security, demonstrate compliance, improve efficiency and minimize risk to the business Access risk management encompasses traditional IAM (password mgmt, user provisioning) and access governance (role management, compliance mgmt, access certification.)
- #11: The challenge organizations face is the volume of identities and access requirements that need to be managed An organization with thousands of employees is going to have tens of thousands of identities (aka multiple identities for each individual) These identities are going to have access to hundreds or thousands of apps in the enterprise (and in the cloud) Organizations will have tens of thousands of file shares that present access challenges All of these identity and access requirements equate to millions of relationships that need to be managed – none of which are static and will change constantly.
- #12: And when the door is open the bad guys are much faster in exploiting it than we tend to be recognizing it.2012 Data Breach Investigations ReportIt’s a busy slide but it shows the direct and inverse correlation betweenThe rapid speed in which the bad guys can compromise our layered defenses and exfiltrate valuable information or compromise key processes ANDThis is measured in minutes and hrsThe glacial speed in which we realize what’s happening and do something about it.This is measure in weeks and months to never.
- #13: There are other ways to get access to information. Case of the stolen information based on breaching the physical building with a tie.But the cloud opens up more assets being managed and accessed by more people in multiple locations. Which opens up more opportunities for information to be compromised either on purpose or accidently.
- #19: How much performance?Deloitte’s Kelly Bissell said nothing will support their custom applications with 47M relationships.We are managing 800M in real time.