• No results found

Cloud Data Security. Sol Cates

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Cloud Data Security. Sol Cates"

Copied!
28
0
0

Loading.... (view fulltext now)

Download now ( 28 Page )

Full text

(1)

Cloud Data Security

Sol Cates CSO @solcates [email protected]

(2)

Agenda

The Cloud

Securing your data, in someone else’s house

Explore IT’s Dirty Little Secret

Why is Data so Vulnerable?

A bit about Vormetric

Q and A

(3)

Where’s the Perimeter

IT is Being Challenged To Embrace The Cloud

Public Cloud Growth is 5X that of the IT industry as a whole.

“By 2018 …

25% of corporate data traffic will bypass traditional

perimeter security defenses - up from 4% today.”

Gartner November 2013

(4)

Cloud Heightens The Need to Protect Data

Private, Public, and Hybrid Cloud

(5)

Data is Increasingly More Difficult to Protect

Data Centers Physical Virtual Outsourced Big Data Sources Nodes Results Clouds

Private, Public, Hybrid Multiple vendors

Physical Servers

Local offices and retail locations Labs

Trial

Analysis Research PHI Credit

Cards Plans

Customer

Stats Contracts Records Call

Finance

Files CustomerRecords Source Code HR

(6)

2015 Vormetric Insider Threat Report

Healthcare

Retail Financial Services Other Enterprise

Polling by Harris

2015 VORMETRIC

INSIDER THREAT REPORT

818

IT DECISION

MAKERS

US, UK, Germany, Japan, ASEAN

100%

Enterprises: $200M + US

$100M + UK, Germany, Japan, ASEAN

(7)

EVOLVING THREATS

INSIDER THREATS HAVE CHANGED

IN THE PAST

COMPANY EMPLOYEES WITH

KNOWLEDGE-REQUIRED ACCESS

TRADITIONAL

INSIDERS

COMPROMISE

OF INSIDER

ACCOUNTS

POROUS PERIMETERS

TODAY WE MUST ADD

IT PERSONNEL, CONTRACTORS SERVICE PROVIDER EMPLOYEES

HACKERS ACTIVELY TARGET INSIDER ACCOUNTS WITH ACCESS TO DATA – REGARDLESS OF LOCATION

BIG DATA CLOUD/SAAS

(8)

93% 55%

54% 50%

Organizations feel vulnerable to insiders

Preventing Breach Top Business Priority Plan to increase

spending next year

Privileged users most dangerous insider

Sensitive Data at Risk

Organizations feel more vulnerable than ever

Slide No: 8 Copyright 2015 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

2015  Vormetric  Insider  Threat  Report  –  Global  Edi<on    

DATA BREACH

(9)

Why start protecting your data?

Data is exploding

Volume

Variety Velocity

Reasons for encryption multiplying

Regulations – PCI, HIPPA, Breach Disclosure Contractual Obligation

Risk Reduction Breaches

(10)

New Frontier, Pioneers, and Challenges

Many types of clouds

IaaS, SaaS, PaaS, BPaaS, etc…

Many Providers

Some large fish, and lots of little fish

What’s their security philosophy?

A great resource is CSA’s STAR program and Cloud Controls

Matrix(CCM) - https://cloudsecurityalliance.org

Who’s responsible for the data?

99.99% the customer owns the data, but who is tasked with protecting it?

(11)

Understanding Cloud Architectures

IaaS

PaaS

SaaS

Infrastructure as a Service Platform as a Service Software as a Service APIs

Core Connectivity & Delivery

Abstraction Hardware

Facilities

APIs

Core Connectivity & Delivery Abstraction Hardware Facilities Integration Middleware APIs

Core Connectivity & Delivery Abstraction Hardware Facilities Integration Middleware Presentation

Modality Presentation Platform

APIs

Applications

Data Metadata Content

In fr as tr u ct u re a s a S er vic e ( Ia as ) P la tfo rm a s a S er vic e ( P aa S ) In fr as tr u ct u re a s a S er vic e ( Ia as )

Source: Cloud Security Alliance

(12)

Encryption has moved

From a Tax to a Business Enabler

Cloud is an Business Enabler

Security Remains the #1 Concern as data moves outside the perimeter Cost of encryption no

longer a tax on the

business, now viewed as an enabler of costs savings and competitive advantage

12 Copyright 2014 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

Q. What are the top cloud computing-related security problems that affect your organization? Please describe up to three. N=94.

Top Security Concerns With Cloud Computing

March 2014 41% 35% 32% 26% 18% 15% 11% 10% 4%

Data Privacy and Security Access and Control Auditing and Compliance Control of Data Security Models/ Toolsets Contractual/ Legal Issues Internal Issues Network Connection Security Geographical Coverage

(13)

TOP IT SPENDING PRIORITIES

COMPLIANCE IS LAST FOR THE FIRST TIME

50%

PREVENTING A DATA BREACH INCIDENT

44%

PROTECTION OF CRITICAL IP

41%

PROTECTION OF FINANCES AND OTHER ASSETS

32%

FULFILLING REQUIREMENTS FROM CUSTOMERS, PARTNERS AND PROSPECTS

32%

FULFILLING COMPLIANCE REQUIREMENTS AND PASSING AUDITS

DATA BREACH

(14)

Top Ten Security Challenges for Big Data &

Cloud Environments

1.  Secure computations in distributed programming frameworks

2.  Security best practices for non-relational data stores

3.  Secure data storage and transactions logs

4.  End-point input validation/filtering

5.  Real-time security/compliance monitoring

6.  Scalable and composible privacy-preserving data mining and analytics

7.  Cryptographically enforced access control and secure communication

8.  Granular access control

9.  Granular audits

(15)

Security for Big Data & Cloud Environments

Should provide protection for big data repositories

and the data contained in them.

Security strategies for big data include:

Sensitive data discovery and classification

Data access and change controls

Real-time data activity monitoring and auditing Data protection (such as masking or encryption) Data loss prevention

Vulnerability management Compliance management

(16)

IT’s Dirty Little Secret

Copyright 2014 Vormetric, Inc. All rights reserved. Slide No: 16

(17)

Information Technology’s Dirty Little Secret

(18)

Information Technology’s Dirty Little Secret

Slide No: 18

Years super users have been managing

our servers, their configurations, and data.

Super users have 100% access to all data

in the systems they manage.

It only takes 1 compromised/rogue user to

cause havoc.

(19)

Establishing Some Terms

Privileged User

Employees who use data and systems as part of their jobs

Executives who have more access than they should

Administrators who are the governors of the systems

Super User

Account that leverages the ring-0 privilege Examples: root, administrator, SYSTEM

Ring-0

The kernel process who has complete access to all resources

(20)

What is the issue?

Superusers control the system, packages, patches,

and data permissions

The nature of the superuser is that they have full

access to data accessible by the system.

If a superuser is compromised or goes rogue, the

impact can be severe, as they can destroy, steal,

and manipulate.

(21)

Traditional Controls for Super Users

Monitoring

OS Level auditing, keystroke logging, etc…

Privileged Account Management

Checkout account with single usage password

Policy based elevation

Tools that allow a user to elevate to the superuser on a per command basis. sudo, powerbroker, etc…

They are good for saying who can do what as root. But does not control what root can do.

None of these controls stop the superuser…

Just how one becomes the superuser

(22)

Vormetric

Copyright 2014 Vormetric, Inc. All rights reserved. Slide No: 22

(23)

World-Class Brands Rely on the

Vormetric Data Security Platform

23

Cloud Service Providers Trust Vormetric Global Customers

Over 1,700 customers 17 of the Fortune 30

Most Security Conscious Brands Largest financial institutions

Largest retail companies Major manufacturers Government agencies Cloud Service Providers OEM Partners

IBM

Symantec

With Vormetric, people have no idea it’s even running. Vormetric Encryption also saved us at least nine months of application rewrite effort, and its installation was one of the easiest we’ve ever experienced.

Karl Mudra, CIO Delta Dental of Missouri

Cloud Managed Services

(24)

Vormetric Data Security Platform

Solves inefficiencies of point product solutions

24 Best Encryption Best Security & Compliance Virtualized Environments

(25)

Vormetric Data Security Platform

Solves inefficiencies of point product solutions

Vormetric Transparent Encryption

Big Data

Vormetric Application Encryption

and Tokenization with Dynamic Data Masking

Structured

Databases Unstructured Files •  File and Volume Level Encryption

•  Access Control •  Audit Logs

Applications

Big Data •  Field Level Data Encryption

•  Field Preserving Tokenization with Dynamic Data Masking

Vormetric Key Management

•  KMIP Compliant

•  Oracle and SQL Server TDE •  Certificate Storage

Vormetric Security Intelligence

•  Intel Security ESM •  FireEye TAP

Vormetric Data Security Manager

•  Key and Policy Manager

•  Splunk •  HP ArcSight •  IBM QRadar •  LogRhythm

PaaS, IaaS, SaaS

Vormetric Cloud Encryption Gateway

•  S3 and Box

•  Encryption, Control, Audit Trails

(26)

VPN Link

Enterprise Data Center Environment Policies & Logs Vormetric Data Security Manager Keys Virtual or Physical Servers

Customer is always the custodian of policies and keys

VM   DSM  

VM  

Controlling and Securing Data in the Cloud

DSM in the cloud or on the customer premise

•  Enforce separation of provider and enterprise responsibilities •  Extensible to multiple cloud providers and traditional servers •  Pay as you grow, deploy licenses on demand

(27)

Vormetric Cloud Partners

Vormetric Cloud Partners •  Proven deployments

•  Bring your own license available for any IaaS Cloud offering •  Integrated service offerings may

be available Cloud Managed

(28)

Questions?

Sol Cates CSO @solcates [email protected]

References

Download now ( PDF - 28 Page - 3.95 MB )

Related documents