SlideShare ist ein Scribd-Unternehmen logo

The Cloud Beckons, But is it Safe?

NTEN
NTEN
Technologie
1 von 54
Downloaden Sie, um offline zu lesen
The Cloud Beckons, But is it Safe? April 2012
The Cloud Beckons, But is it Safe? #12NTCCSec Laura Quinn Michael Enos
Evaluate This Session! Each entry is a chance to win an NTEN engraved iPad! or Online at www.nten.org/ntc/eval
Introductions Laura Quinn Executive Director Idealware Michael Enos Chief Technology Officer, Second Harvest Food Bank of Santa Clara and San Mateo Counties What are you hoping to get out of this session?
What is The Cloud?
The Lure of the Cloud Low cost of entry Easy remote access No complex infrastructure But what about security?
How Do YOU Feel About Cloud Security?
Why the Concern?
Cloud Security in the News
Under Siege To be on the Internet is to be vulnerable to attack. If you’re on the Internet, you’re in The Cloud
But We Do Lots of Things on the Internet We shop online We bank online We post crazy things on Facebook Why is the cloud different? It’s not.
How Secure is Your On-Site Data? Do any of these sound familiar? • No one patches computers or is responsible for network security • You haven’t really thought about passwords or permissions • No disaster recovery plans • Staff hasn’t had any security training
Myth “We’re a tiny nonprofit. We’re safe because no one would target us for cyber attack.”
Fact Many data security breaches are crimes of opportunity. Organizations don’t always consider the sensitivity of their data until it’s exposed.
Myth “Our data is safer not in the cloud”
A Cloud Data Center
Is This Your Server Closet?
What Does Security Mean?
The Three Pillars of Information Security
Confidentiality Information is available only to authorized parties.
Integrity Information isn’t modified inappropriately, and that you can track who made what change.
Availability Assurance that data is accessible when needed by authorized parties.
Also: Physical Possession Whoever has the data could, for instance, turn it over to the government
How Does This Apply to the Cloud?
Cloud Security The use of the term “Cloud” is cloudy! Three general types of clouds: – Software-as-a-Service – Hosted Private Cloud – Co-located Private Cloud All three have different security models
Software as a Service The vendor owns and manages all aspects of the environment. For instance:
Hosted Private Cloud The vendor owns and manages the equipment only, but all software is managed by the client. The equipment is on the vendors network. For instance:
Co-located Private Cloud The vendor provides the physical environment only in a data center, the client maintains the hardware and the software. For instance:
What Does Security Mean For You?
Rules for Absolute Safety Turn off your Internet connection. Allow no one access to your data and systems. But let’s be realistic…
Know What You’re Protecting What kinds of data are you storing, and how sensitive are they? Think about its value on the open market.
Red Flags You need extremely tight security to store: • Donor’s credit card numbers. • Scanned images of checks. • Donor’s bank account information.
What’s Your Exposure? Consider the impact of exposure of your confidential information, both in monetary terms and reputation.
What’s The Impact of an Outage? How much staff time could you lose from a short term or prolonged outage?
Testing Your On-Site Security Have you recently performed a: • Check on whether your systems have been recently patched? • Systems penetration test ? • Employee training on security procedures? • Backup/recovery test? If not, you’d likely increase your security by moving to the cloud.
A Multi-Level Security Model
Multi-Level Security is the Ideal
Physical Security • Guarded facilities • Protection of your hardware and devices • Power redundancy • Co-location (redundant facilities)
Network Security • Intrusion prevention • Intrusion detection • Firewalled systems • Network proactive anti-virus protection
Transmission Security Is data encrypted in transit? Is the network secure?
Access Controls • Ensuring the right people have access to the right data • Physical access to the server • Training on appropriate passwords and security measures
Data Protection • Data encryption • Solid backup and restore policies • Ability to purge deleted data • Ability to prevent government entities from getting your data with a subpoena
What to Look For in a Vendor
Description of Security Mechanisms Documentation of all the facets of security, and the staff can talk about it intelligently. Proves information security is on the “front burner”
Uptime Do they provide any guarantee of uptime? Any historic uptime figures? Uptime figures are typically in 9s-- 99%, 99.9% or 99.99% Your connection to the internet may well be the weakest link.
Regulatory Compliance: HIPAA Does the vendor support organizations that need to be compliant with HIPAA (the Health Insurance Portability and Accountability Act)?
Regulatory Compliance: SAS70 and SSAE16 Audit for security standards, hardware, and processes. Statement on Accounting Standards 70 (SAS70) Statement of Standards for Attestation Engagements 16 (SSAE16)
Regulatory Compliance: PCI DSS Compliance If you’re storing credit card numbers, your vendor needs to be compliant with PCI DSS (Payment Card Industry Payment Data Security Standard)
In Summary
Understand the Value of Your Data What is it worth to you? To others? What measures are appropriate to protect it?
Your Data Is No Safer Than You Make It Any computer attached to the internet is vulnerable unless you protect it. The cloud isn’t, in of itself, more or less secure
But Many Vendors Make Your Data Really Safe Choose vendors who show they’re serious about data protection (not all vendors are created equal). Consider a vendor’s regulatory compliance.
Questions?

Empfohlen

Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - Idealware
Idealware
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
Legal Services National Technology Assistance Project (LSNTAP)
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin Rowney
Symantec
 
Cloud & Sécurité
Cloud & SécuritéCloud & Sécurité
Cloud & Sécurité
Technofutur TIC
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomware
marketingunitrends
 
Symantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to Maturity
Symantec
 
Source Code Security the Symantec Way
Source Code Security the Symantec WaySource Code Security the Symantec Way
Source Code Security the Symantec Way
Symantec
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your Data
Procore Technologies
 

Empfohlen

Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - Idealware
Idealware
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
Legal Services National Technology Assistance Project (LSNTAP)
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin Rowney
Symantec
 
Cloud & Sécurité
Cloud & SécuritéCloud & Sécurité
Cloud & Sécurité
Technofutur TIC
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomware
marketingunitrends
 
Symantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to Maturity
Symantec
 
Source Code Security the Symantec Way
Source Code Security the Symantec WaySource Code Security the Symantec Way
Source Code Security the Symantec Way
Symantec
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your Data
Procore Technologies
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your Cloud
thinkASG
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
Veriato
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?
marketingunitrends
 
IT Security for Nonprofits
IT Security for NonprofitsIT Security for Nonprofits
IT Security for Nonprofits
Community IT Innovators
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
Christophe Foulon, CISSP
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
ConSanFrancisco123
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the Cloud
SafeNet
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary
Intel IT Center
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
Trend Micro
 
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
Stanton Viaduc
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
Spanning Cloud Apps
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.
martin_lee1969
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Michael Noel
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
Wolfgang Kandek
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
centralohioissa
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
GovCloud Network
 
Gavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune SystemGavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune System
centralohioissa
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Shawn Tuma
 
Ready, Fire, Aim
Ready, Fire, AimReady, Fire, Aim
Ready, Fire, Aim
NTEN
 
Be a Design Superhero: Save the World
Be a Design Superhero: Save the WorldBe a Design Superhero: Save the World
Be a Design Superhero: Save the World
NTEN
 

Weitere ähnliche Inhalte

Was ist angesagt?

Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
Veriato
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
ConSanFrancisco123
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
Trend Micro
 
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
Stanton Viaduc
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Michael Noel
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
centralohioissa
 

Was ist angesagt? (20)

White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your Cloud
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?
 
IT Security for Nonprofits
IT Security for NonprofitsIT Security for Nonprofits
IT Security for Nonprofits
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the Cloud
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Gavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune SystemGavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune System
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
 

Andere mochten auch

Ready, Fire, Aim
Ready, Fire, AimReady, Fire, Aim
Ready, Fire, Aim
NTEN
 
Be a Design Superhero: Save the World
Be a Design Superhero: Save the WorldBe a Design Superhero: Save the World
Be a Design Superhero: Save the World
NTEN
 
Do it Yourself Cloud Databases. Is it Really Possible? (Hint: Yes)
Do it Yourself Cloud Databases. Is it Really Possible? (Hint: Yes)Do it Yourself Cloud Databases. Is it Really Possible? (Hint: Yes)
Do it Yourself Cloud Databases. Is it Really Possible? (Hint: Yes)
NTEN
 
You Don't Have to be Big to be Strong 2
You Don't Have to be Big to be Strong 2You Don't Have to be Big to be Strong 2
You Don't Have to be Big to be Strong 2
NTEN
 
Money (It's What We Want)
Money (It's What We Want)Money (It's What We Want)
Money (It's What We Want)
NTEN
 
Better Nonprofit Websites: 52 Tweaks in 52 Weeks
Better Nonprofit Websites: 52 Tweaks in 52 WeeksBetter Nonprofit Websites: 52 Tweaks in 52 Weeks
Better Nonprofit Websites: 52 Tweaks in 52 Weeks
NTEN
 
Designing Online Engagement to Collaborate with Your Community
Designing Online Engagement to Collaborate with Your CommunityDesigning Online Engagement to Collaborate with Your Community
Designing Online Engagement to Collaborate with Your Community
NTEN
 
Managing Risk in IT
Managing Risk in ITManaging Risk in IT
Managing Risk in IT
NTEN
 

Andere mochten auch (8)

Ready, Fire, Aim
Ready, Fire, AimReady, Fire, Aim
Ready, Fire, Aim
 
Be a Design Superhero: Save the World
Be a Design Superhero: Save the WorldBe a Design Superhero: Save the World
Be a Design Superhero: Save the World
 
Do it Yourself Cloud Databases. Is it Really Possible? (Hint: Yes)
Do it Yourself Cloud Databases. Is it Really Possible? (Hint: Yes)Do it Yourself Cloud Databases. Is it Really Possible? (Hint: Yes)
Do it Yourself Cloud Databases. Is it Really Possible? (Hint: Yes)
 
You Don't Have to be Big to be Strong 2
You Don't Have to be Big to be Strong 2You Don't Have to be Big to be Strong 2
You Don't Have to be Big to be Strong 2
 
Money (It's What We Want)
Money (It's What We Want)Money (It's What We Want)
Money (It's What We Want)
 
Better Nonprofit Websites: 52 Tweaks in 52 Weeks
Better Nonprofit Websites: 52 Tweaks in 52 WeeksBetter Nonprofit Websites: 52 Tweaks in 52 Weeks
Better Nonprofit Websites: 52 Tweaks in 52 Weeks
 
Designing Online Engagement to Collaborate with Your Community
Designing Online Engagement to Collaborate with Your CommunityDesigning Online Engagement to Collaborate with Your Community
Designing Online Engagement to Collaborate with Your Community
 
Managing Risk in IT
Managing Risk in ITManaging Risk in IT
Managing Risk in IT
 

Ähnlich wie The Cloud Beckons, But is it Safe?

Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
Darren Argyle
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
Valencell, Inc.
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
Careerera
 
Assuring Reliable and Secure IT Services
Assuring Reliable and Secure IT ServicesAssuring Reliable and Secure IT Services
Assuring Reliable and Secure IT Services
tsaiblake
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
Amazon Web Services
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
Michele Chubirka
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Michele Chubirka
 

Ähnlich wie The Cloud Beckons, But is it Safe? (20)

Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Assuring Reliable and Secure IT Services
Assuring Reliable and Secure IT ServicesAssuring Reliable and Secure IT Services
Assuring Reliable and Secure IT Services
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security Demistyified
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfTop Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
 
Security Transformation
Security TransformationSecurity Transformation
Security Transformation
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
To cloud or not to cloud
To cloud or not to cloudTo cloud or not to cloud
To cloud or not to cloud
 
To Cloud or Not To Cloud
To Cloud or Not To CloudTo Cloud or Not To Cloud
To Cloud or Not To Cloud
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
 
Cyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyCyber Security and GDPR Made Easy
Cyber Security and GDPR Made Easy
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
Security and the cloud
Security and the cloudSecurity and the cloud
Security and the cloud
 
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security EssentialWhy Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
 

Mehr von NTEN

Community Organizing Tools from the Experts Webinar
Community Organizing Tools from the Experts WebinarCommunity Organizing Tools from the Experts Webinar
Community Organizing Tools from the Experts Webinar
NTEN
 
2012 State of Nonprofit Data Report
2012 State of Nonprofit Data Report2012 State of Nonprofit Data Report
2012 State of Nonprofit Data Report
NTEN
 
Ready, Fire, Aim
Ready, Fire, AimReady, Fire, Aim
Ready, Fire, Aim
NTEN
 
But What Do You Actually Do?: Communicating Your Nonprofit's Work in Ways You...
But What Do You Actually Do?: Communicating Your Nonprofit's Work in Ways You...But What Do You Actually Do?: Communicating Your Nonprofit's Work in Ways You...
But What Do You Actually Do?: Communicating Your Nonprofit's Work in Ways You...
NTEN
 
The Story of Stuff: How an Environmental Campaigner to New Media Mogul
The Story of Stuff: How an Environmental Campaigner to New Media MogulThe Story of Stuff: How an Environmental Campaigner to New Media Mogul
The Story of Stuff: How an Environmental Campaigner to New Media Mogul
NTEN
 
Practical Problem Solving Using Mobile Technology
Practical Problem Solving Using Mobile TechnologyPractical Problem Solving Using Mobile Technology
Practical Problem Solving Using Mobile Technology
NTEN
 
Zen and Art of Workflow Development
Zen and Art of Workflow DevelopmentZen and Art of Workflow Development
Zen and Art of Workflow Development
NTEN
 
12 nt cviz
12 nt cviz12 nt cviz
12 nt cviz
NTEN
 
Tips and Tools for Technology Planning
Tips and Tools for Technology PlanningTips and Tools for Technology Planning
Tips and Tools for Technology Planning
NTEN
 
Technology Governance: Smart, Sexy and Simple in Seven Steps
Technology Governance: Smart, Sexy and Simple in Seven StepsTechnology Governance: Smart, Sexy and Simple in Seven Steps
Technology Governance: Smart, Sexy and Simple in Seven Steps
NTEN
 
Social Network Fundraising: Facts, Myths, and Strategies that Work
Social Network Fundraising: Facts, Myths, and Strategies that WorkSocial Network Fundraising: Facts, Myths, and Strategies that Work
Social Network Fundraising: Facts, Myths, and Strategies that Work
NTEN
 
Maturing Your Organization's Social Culture... by Creating a Policy?
Maturing Your Organization's Social Culture... by Creating a Policy?Maturing Your Organization's Social Culture... by Creating a Policy?
Maturing Your Organization's Social Culture... by Creating a Policy?
NTEN
 
Nonprofit Cultural Revolution: Changing Your Organization's Technology Culture
Nonprofit Cultural Revolution: Changing Your Organization's Technology CultureNonprofit Cultural Revolution: Changing Your Organization's Technology Culture
Nonprofit Cultural Revolution: Changing Your Organization's Technology Culture
NTEN
 

Mehr von NTEN (20)

17NTC Overall Speaker Timelines
17NTC Overall Speaker Timelines17NTC Overall Speaker Timelines
17NTC Overall Speaker Timelines
 
17NTC Speaker Orientation Call
17NTC Speaker Orientation Call17NTC Speaker Orientation Call
17NTC Speaker Orientation Call
 
Call for 17NTC Session Proposals
Call for 17NTC Session ProposalsCall for 17NTC Session Proposals
Call for 17NTC Session Proposals
 
2015 Leading Change Summit: Making the Most of LCS
2015 Leading Change Summit: Making the Most of LCS2015 Leading Change Summit: Making the Most of LCS
2015 Leading Change Summit: Making the Most of LCS
 
Community Organizing Tools from the Experts Webinar
Community Organizing Tools from the Experts WebinarCommunity Organizing Tools from the Experts Webinar
Community Organizing Tools from the Experts Webinar
 
2013 Nonprofit Engagement Data Management Study: A Graphic Report
2013 Nonprofit Engagement Data Management Study: A Graphic Report2013 Nonprofit Engagement Data Management Study: A Graphic Report
2013 Nonprofit Engagement Data Management Study: A Graphic Report
 
2012 State of Nonprofit Data Report
2012 State of Nonprofit Data Report2012 State of Nonprofit Data Report
2012 State of Nonprofit Data Report
 
Smart Technology Investment for Nonprofits
Smart Technology Investment for NonprofitsSmart Technology Investment for Nonprofits
Smart Technology Investment for Nonprofits
 
Social Media for Social Good - NCVS Pre-Con Workshp
Social Media for Social Good - NCVS Pre-Con WorkshpSocial Media for Social Good - NCVS Pre-Con Workshp
Social Media for Social Good - NCVS Pre-Con Workshp
 
Ready, Fire, Aim
Ready, Fire, AimReady, Fire, Aim
Ready, Fire, Aim
 
But What Do You Actually Do?: Communicating Your Nonprofit's Work in Ways You...
But What Do You Actually Do?: Communicating Your Nonprofit's Work in Ways You...But What Do You Actually Do?: Communicating Your Nonprofit's Work in Ways You...
But What Do You Actually Do?: Communicating Your Nonprofit's Work in Ways You...
 
The Story of Stuff: How an Environmental Campaigner to New Media Mogul
The Story of Stuff: How an Environmental Campaigner to New Media MogulThe Story of Stuff: How an Environmental Campaigner to New Media Mogul
The Story of Stuff: How an Environmental Campaigner to New Media Mogul
 
Practical Problem Solving Using Mobile Technology
Practical Problem Solving Using Mobile TechnologyPractical Problem Solving Using Mobile Technology
Practical Problem Solving Using Mobile Technology
 
Zen and Art of Workflow Development
Zen and Art of Workflow DevelopmentZen and Art of Workflow Development
Zen and Art of Workflow Development
 
12 nt cviz
12 nt cviz12 nt cviz
12 nt cviz
 
Tips and Tools for Technology Planning
Tips and Tools for Technology PlanningTips and Tools for Technology Planning
Tips and Tools for Technology Planning
 
Technology Governance: Smart, Sexy and Simple in Seven Steps
Technology Governance: Smart, Sexy and Simple in Seven StepsTechnology Governance: Smart, Sexy and Simple in Seven Steps
Technology Governance: Smart, Sexy and Simple in Seven Steps
 
Social Network Fundraising: Facts, Myths, and Strategies that Work
Social Network Fundraising: Facts, Myths, and Strategies that WorkSocial Network Fundraising: Facts, Myths, and Strategies that Work
Social Network Fundraising: Facts, Myths, and Strategies that Work
 
Maturing Your Organization's Social Culture... by Creating a Policy?
Maturing Your Organization's Social Culture... by Creating a Policy?Maturing Your Organization's Social Culture... by Creating a Policy?
Maturing Your Organization's Social Culture... by Creating a Policy?
 
Nonprofit Cultural Revolution: Changing Your Organization's Technology Culture
Nonprofit Cultural Revolution: Changing Your Organization's Technology CultureNonprofit Cultural Revolution: Changing Your Organization's Technology Culture
Nonprofit Cultural Revolution: Changing Your Organization's Technology Culture
 

Kürzlich hochgeladen

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Kürzlich hochgeladen (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

The Cloud Beckons, But is it Safe?

  • 1. The Cloud Beckons, But is it Safe? April 2012
  • 2. The Cloud Beckons, But is it Safe? #12NTCCSec Laura Quinn Michael Enos
  • 3. Evaluate This Session! Each entry is a chance to win an NTEN engraved iPad! or Online at www.nten.org/ntc/eval
  • 4. Introductions Laura Quinn Executive Director Idealware Michael Enos Chief Technology Officer, Second Harvest Food Bank of Santa Clara and San Mateo Counties What are you hoping to get out of this session?
  • 5.
  • 6. What is The Cloud?
  • 7. The Lure of the Cloud Low cost of entry Easy remote access No complex infrastructure But what about security?
  • 8. How Do YOU Feel About Cloud Security?
  • 10. Cloud Security in the News
  • 11. Under Siege To be on the Internet is to be vulnerable to attack. If you’re on the Internet, you’re in The Cloud
  • 12. But We Do Lots of Things on the Internet We shop online We bank online We post crazy things on Facebook Why is the cloud different? It’s not.
  • 13. How Secure is Your On-Site Data? Do any of these sound familiar? • No one patches computers or is responsible for network security • You haven’t really thought about passwords or permissions • No disaster recovery plans • Staff hasn’t had any security training
  • 14. Myth “We’re a tiny nonprofit. We’re safe because no one would target us for cyber attack.”
  • 15. Fact Many data security breaches are crimes of opportunity. Organizations don’t always consider the sensitivity of their data until it’s exposed.
  • 16. Myth “Our data is safer not in the cloud”
  • 17. A Cloud Data Center
  • 18. Is This Your Server Closet?
  • 20. The Three Pillars of Information Security
  • 21. Confidentiality Information is available only to authorized parties.
  • 22. Integrity Information isn’t modified inappropriately, and that you can track who made what change.
  • 23. Availability Assurance that data is accessible when needed by authorized parties.
  • 24. Also: Physical Possession Whoever has the data could, for instance, turn it over to the government
  • 25. How Does This Apply to the Cloud?
  • 26. Cloud Security The use of the term “Cloud” is cloudy! Three general types of clouds: – Software-as-a-Service – Hosted Private Cloud – Co-located Private Cloud All three have different security models
  • 27. Software as a Service The vendor owns and manages all aspects of the environment. For instance:
  • 28. Hosted Private Cloud The vendor owns and manages the equipment only, but all software is managed by the client. The equipment is on the vendors network. For instance:
  • 29. Co-located Private Cloud The vendor provides the physical environment only in a data center, the client maintains the hardware and the software. For instance:
  • 30. What Does Security Mean For You?
  • 31. Rules for Absolute Safety Turn off your Internet connection. Allow no one access to your data and systems. But let’s be realistic…
  • 32. Know What You’re Protecting What kinds of data are you storing, and how sensitive are they? Think about its value on the open market.
  • 33. Red Flags You need extremely tight security to store: • Donor’s credit card numbers. • Scanned images of checks. • Donor’s bank account information.
  • 34. What’s Your Exposure? Consider the impact of exposure of your confidential information, both in monetary terms and reputation.
  • 35. What’s The Impact of an Outage? How much staff time could you lose from a short term or prolonged outage?
  • 36. Testing Your On-Site Security Have you recently performed a: • Check on whether your systems have been recently patched? • Systems penetration test ? • Employee training on security procedures? • Backup/recovery test? If not, you’d likely increase your security by moving to the cloud.
  • 39. Physical Security • Guarded facilities • Protection of your hardware and devices • Power redundancy • Co-location (redundant facilities)
  • 40. Network Security • Intrusion prevention • Intrusion detection • Firewalled systems • Network proactive anti-virus protection
  • 41. Transmission Security Is data encrypted in transit? Is the network secure?
  • 42. Access Controls • Ensuring the right people have access to the right data • Physical access to the server • Training on appropriate passwords and security measures
  • 43. Data Protection • Data encryption • Solid backup and restore policies • Ability to purge deleted data • Ability to prevent government entities from getting your data with a subpoena
  • 44. What to Look For in a Vendor
  • 45. Description of Security Mechanisms Documentation of all the facets of security, and the staff can talk about it intelligently. Proves information security is on the “front burner”
  • 46. Uptime Do they provide any guarantee of uptime? Any historic uptime figures? Uptime figures are typically in 9s-- 99%, 99.9% or 99.99% Your connection to the internet may well be the weakest link.
  • 47. Regulatory Compliance: HIPAA Does the vendor support organizations that need to be compliant with HIPAA (the Health Insurance Portability and Accountability Act)?
  • 48. Regulatory Compliance: SAS70 and SSAE16 Audit for security standards, hardware, and processes. Statement on Accounting Standards 70 (SAS70) Statement of Standards for Attestation Engagements 16 (SSAE16)
  • 49. Regulatory Compliance: PCI DSS Compliance If you’re storing credit card numbers, your vendor needs to be compliant with PCI DSS (Payment Card Industry Payment Data Security Standard)
  • 51. Understand the Value of Your Data What is it worth to you? To others? What measures are appropriate to protect it?
  • 52. Your Data Is No Safer Than You Make It Any computer attached to the internet is vulnerable unless you protect it. The cloud isn’t, in of itself, more or less secure
  • 53. But Many Vendors Make Your Data Really Safe Choose vendors who show they’re serious about data protection (not all vendors are created equal). Consider a vendor’s regulatory compliance.