SlideShare ist ein Scribd-Unternehmen logo
1 von 24
Downloaden Sie, um offline zu lesen
Cloud Security:
Perception vs. Reality

March 21, 2012




                         #cloudsecurity
Agenda




     Introductions and Internap Overview



     Security Drivers and Concerns - Industry Perspectives



     Security Risk Evaluation – Service Provider vs. On-Premise



     Questions?



                                                                  #cloudsecurity
2
Today’s speakers & moderator
                                             Marek Vesely
             Mark Fitzgerald                 Chief Technology Officer
             Manager,                        Casenet LLC
             Infrastructure & Strategy
             Turbine




                  John Freimuth          Randy Rosenbaum
                  VP, Mgd Hstg &         Partner Executive
                  Cloud                  Alert Logic
                  Internap




 Moderator
                                                   #cloudsecurity
   3
Our intelligent IT
          Infrastructure solutions
          can take your business
          to a higher level.



3,700+ Enterprise Customers   500 Employees   2011 Revenue: $245M   NASDAQ: INAP




                                                                                   #cloudsecurity
4
End user
              to the
    Performance
                                                IT Vendor

                                                                   IT Vendor
                                  IT Vendor




                                                                IT Vendor
                                        IT Vendor


                                                    IT Vendor
                                                                               IT Vendor



                   Platform
                         Flexibility



                                                                                           #cloudsecurity   5
5
Performance
    to the End user
                                           Platform
                                           Flexibility
          IP Connectivity                     Colocation
          •  Enterprise IP                    •  Space, Power, Cooling
          •  TCP Acceleration                 •  Interconnection


          Content Delivery Network            Hosting
          •  Media Delivery, Transparent      •  Managed Hosting
             Caching, Mobile Delivery         •  Dedicated Hosting
          •  Analytics

                                              Cloud
                                              •  Private Cloud
                                              •  Public Cloud
                                              •  Cloud Storage
    We live and breathe a full
    range of intelligent IT
    Infrastructure services



                                                                     #cloudsecurity
6
Poll Question




                    What is your greatest
                    concern about a cloud
                       environment?




                                            #cloudsecurity
7
What is top of mind today for
enterprises regarding
security and cloud services?




                                #cloudsecurity
Panel Question: Business Drivers




                                              VP, IT
                                              Dell SecureWorks
                     What business drivers
                    influence your security
                          decisions?




                                                   #cloudsecurity
9
Panel Question: Cloud Security Concerns




                                           VP, IT
                                           Dell SecureWorks
                 What are your security
                 concerns when using a
                  cloud environment?




                                                #cloudsecurity
10
Panel Question: Levering Cloud Services




                                           VP, IT
                      Given security       Dell SecureWorks

                  requirements, how will
                   you leverage cloud in
                        the future?




                                                #cloudsecurity
11
Poll Question




                  Which methods of
                 attack concerns you
                 most in terms of your
                  customers’ data?




                                         #cloudsecurity
12
Security-­‐as-­‐a-­‐Service	
  solu0ons	
  for	
  
        more	
  than	
  1,500	
  customers	
  
     Threat	
  Manager	
                    Ac-veWatch	
  
     •    Intrusion detection and vulnerability assessment
     •    PCI Approved Scanning Vendor (ASV)
     •    Custom dashboards and reports
     •    24x7 monitoring and review services


          Log	
  Manager	
                    LogReview	
  
     •  Log data collection and aggregation
     •  Identify suspicious activity and automatically issue
        threat alerts
     •  Powerful search and reporting
     •  Daily analysis and review services


                 Web	
  Security	
  Manager	
  
     •  Award-winning web application firewall
     •  Adaptive learning and easy tuning
     •  24x7 monitoring for consistent protection




13
Industry-­‐First	
  Data-­‐Driven	
  Compara0ve	
  Analysis	
  of	
  Threats	
  in	
  
          Hosted	
  and	
  Cloud	
  vs.	
  On-­‐Premise	
  IT	
  Environments	
  

14
Alert Logic provides a rich data set
Threat data from more than 1500 customers



Customers	
  of	
  over	
  
  half	
  the	
  top	
  30	
                  Consistently-­‐
 North	
  American	
                         collected	
  data	
  
 service	
  providers	
                        from	
  both	
  	
  
                                            service	
  provider	
  
                                                    and	
  	
  
                                               on-­‐premise	
  
     On-­‐premise	
  
     enterprise	
                            environments	
  
environments	
  from	
  a	
  
  range	
  of	
  ver-cals	
  




15
Customer Data Set

     •  Analyzed network
        traffic from over 1600
        customers
        –  1300 + Managed
           Hosting/Cloud
           Customers
        –  300 + On-Premise
           Customers




16
                                 Page 16
How threats are identified




17
Security Incident Categories
     INCIDENT	
  TYPE	
               DEFINITION	
                                                                                     EXAMPLES	
  
     Applica-on	
  ALack	
            Exploit	
  aLempts	
  against	
  applica-ons	
  or	
  services	
  that	
  are	
  not	
           Buffer	
  overflow	
  
                                      running	
  over	
  HTTP	
  protocol	
  	
  

     Brute	
  Force	
                 Exploit	
  aLempts	
  enumera-ng	
  a	
  large	
  number	
  of	
  combina-ons,	
                 Password	
  cracking	
  aLempts	
  
                                      typically	
  involving	
  numerous	
  creden-al	
  failures	
  	
  

     Malware/Botnet	
  Ac-vity	
      Malicious	
  soUware	
  installed	
  on	
  a	
  host	
  engaging	
  in	
  unscrupulous	
         Conficker,	
  Zeus	
  botnet	
  	
  
                                      ac-vity,	
  data	
  destruc-on,	
  informa-on	
  gathering	
  or	
  crea-on	
  of	
  
                                      backdoor.	
  Included	
  in	
  this	
  category	
  is	
  botnet	
  ac-vity:	
  post-­‐
                                      compromise	
  ac-vity	
  displaying	
  characteris-cs	
  of	
  command	
  and	
  
                                      control	
  communica-on	
  
     Misconfigura-on	
                 Network/Host/Applica-on	
  configura-on	
  issues	
  that	
  introduce	
                          Weak	
  patch	
  management,	
  
                                      possible	
  security	
  vulnerabili-es,	
  typically	
  a	
  result	
  of	
  inadequate	
        unnecessary	
  services	
  running	
  
                                      hardening	
  	
  

     Reconnaissance	
                 Reconnaissance	
  ac-vity	
  focused	
  on	
  mapping	
  the	
  networks,	
                      Port	
  scans	
  and	
  fingerprin-ng	
  
                                      applica-ons	
  and/or	
  services	
  	
  

     Vulnerability	
  Scan	
          Automated	
  vulnerability	
  discovery	
  in	
  applica-ons,	
  services	
  or	
                Unauthorized	
  Nessus	
  scan	
  
                                      protocol	
  implementa-ons	
  	
                                                                 	
  	
  

     Web	
  Applica-on	
  ALack	
     ALacks	
  targe-ng	
  the	
  presenta-on,	
  logic	
  or	
  database	
  layer	
  of	
  web	
     SQL	
  injec-on	
  
                                      applica-ons	
  




18
Metrics to answer basic questions


      OCCURRENCE	
                            FREQUENCY	
                    THREAT	
  DIVERSITY	
  
 What	
  percentage	
  of	
             How	
  oUen	
  did	
  impacted	
     How	
  many	
  unique	
  threat	
  
 customers	
  were	
  impacted	
        customers	
  experience	
            types	
  did	
  customers	
  
 by	
  each	
  threat	
  type?	
        each	
  threat	
  type?	
            experience?	
  


                                                                             What	
  is	
  the	
  complexity	
  
      What	
  threats	
  are	
  actually	
  experienced	
  in	
  on-­‐
                                                                             of	
  the	
  threat	
  landscape	
  
     premise	
  vs	
  service	
  provider	
  environments,	
  and	
  
                                                                             (and	
  resul-ng	
  security	
  
                             how	
  oUen?	
  
                                                                                         program)?	
  




19
Consistently lower occurrence rates among service
provider customers




20
Why Do We See Differences?
Size and Diversity Increase Attack Surface




21
What does this mean?

     Cloud	
  and	
  Service	
  Provider	
  Managed	
  Environments	
  	
  
     are	
  Not	
  Less	
  Secure	
  


          Good	
  Management	
  Yields	
  Good	
  Security	
  


          Smart	
  Enterprises	
  Should	
  Exploit	
  Differences	
  in	
  	
  
          Risk	
  Profiles	
  


     Web	
  Applica-on	
  Security	
  is	
  a	
  Significant	
  Challenge	
  


22
Use data to make security investment decisions
This is aggregate data; use your own IDS and log data

      Review	
  log	
  data	
  to	
  
      detect	
  brute	
  force	
                                 Consider	
  Web	
  App	
  
          aLempts	
                                             Firewall,	
  network	
  IDS	
  


                                                                                              Use	
  IDS	
  to	
  
                                                                                                detect	
  
                                                                                              suspicious	
  
                                                                                                recon	
  




         Malware	
  protec-on	
                                        Pay	
  aLen-on	
  to	
  
       cri-cal	
  for	
  on-­‐premises	
                                configura-on	
  
            infrastructure	
                                         management,	
  patching	
  

23   Source: Alert Logic State of Cloud Security, Spring 2012
?
     Questions?


     www.internap.com
      #cloudsecurity


                        #cloudsecurity
24

Weitere ähnliche Inhalte

Was ist angesagt?

Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Ingram Micro Cloud
 
Virtela Corp Brochure
Virtela Corp BrochureVirtela Corp Brochure
Virtela Corp Brochuretmcleland
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Intel IT Center
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012Agora Group
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 PraesentationSophan_Pheng
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2JD Sherry
 
B fujitsu uk-and_ireland_cs.en-us
B fujitsu uk-and_ireland_cs.en-usB fujitsu uk-and_ireland_cs.en-us
B fujitsu uk-and_ireland_cs.en-ustewodros13
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Amazon Web Services
 
Security brochure 2012_ibm_v1_a4
Security brochure 2012_ibm_v1_a4Security brochure 2012_ibm_v1_a4
Security brochure 2012_ibm_v1_a4Arrow ECS UK
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAmazon Web Services
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
Egress Switch Datasheet
Egress Switch Datasheet Egress Switch Datasheet
Egress Switch Datasheet yonifine
 
Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the CloudNeil Readshaw
 
Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify PillarEd Wong
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS RealityKVH Co. Ltd.
 

Was ist angesagt? (20)

Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentation
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUG
 
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
 
VSD Infotech
VSD InfotechVSD Infotech
VSD Infotech
 
Virtela Corp Brochure
Virtela Corp BrochureVirtela Corp Brochure
Virtela Corp Brochure
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 Praesentation
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2
 
B fujitsu uk-and_ireland_cs.en-us
B fujitsu uk-and_ireland_cs.en-usB fujitsu uk-and_ireland_cs.en-us
B fujitsu uk-and_ireland_cs.en-us
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro
 
Security brochure 2012_ibm_v1_a4
Security brochure 2012_ibm_v1_a4Security brochure 2012_ibm_v1_a4
Security brochure 2012_ibm_v1_a4
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep security
 
Egress Switch Datasheet
Egress Switch Datasheet Egress Switch Datasheet
Egress Switch Datasheet
 
Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the Cloud
 
Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify Pillar
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS Reality
 

Andere mochten auch

Capire e usare i social network
Capire e usare i social networkCapire e usare i social network
Capire e usare i social networkDavide Giansoldati
 
Guia de-marketing-en-internet-para-tiempos-dificiles
Guia de-marketing-en-internet-para-tiempos-dificilesGuia de-marketing-en-internet-para-tiempos-dificiles
Guia de-marketing-en-internet-para-tiempos-dificilesGrowth Hacking Talent
 
COST: Programa de Cooperación Europea en Ciencia y Tecnología (Dra. Almudena ...
COST: Programa de Cooperación Europea en Ciencia y Tecnología (Dra. Almudena ...COST: Programa de Cooperación Europea en Ciencia y Tecnología (Dra. Almudena ...
COST: Programa de Cooperación Europea en Ciencia y Tecnología (Dra. Almudena ...Vall d'Hebron Institute of Research (VHIR)
 
Vni Neumomadrid (27 Nov 07) MañAna
Vni Neumomadrid (27 Nov 07) MañAnaVni Neumomadrid (27 Nov 07) MañAna
Vni Neumomadrid (27 Nov 07) MañAnajescarra
 
HIRMER Loft
HIRMER LoftHIRMER Loft
HIRMER LoftHirmer
 
PERUMIN 31: Integrated assessment of deep sedimentary structures: exploring g...
PERUMIN 31: Integrated assessment of deep sedimentary structures: exploring g...PERUMIN 31: Integrated assessment of deep sedimentary structures: exploring g...
PERUMIN 31: Integrated assessment of deep sedimentary structures: exploring g...PERUMIN - Convención Minera
 
Trespa ® division locales comerciales
Trespa ® division locales comercialesTrespa ® division locales comerciales
Trespa ® division locales comercialesJOSE LUIS HERRAIZ, S.L
 
Q4 year end-2013 ASSA ABLOY invetors presentation 7 february
Q4 year end-2013 ASSA ABLOY invetors presentation 7 februaryQ4 year end-2013 ASSA ABLOY invetors presentation 7 february
Q4 year end-2013 ASSA ABLOY invetors presentation 7 februaryASSA ABLOY
 
Pronunciamiento confedapa
Pronunciamiento confedapaPronunciamiento confedapa
Pronunciamiento confedapaampaarcoiris
 
Baobaz SES - La semaine sociale 140113
Baobaz SES - La semaine sociale 140113Baobaz SES - La semaine sociale 140113
Baobaz SES - La semaine sociale 140113armstrong
 
Ocio Y Turismo En Mallorca Xm
Ocio Y Turismo En Mallorca Xm
Ocio Y Turismo En Mallorca Xm
Ocio Y Turismo En Mallorca Xm pastoralocclusi7
 
Clase4 ciclovitalfamiliar
Clase4 ciclovitalfamiliarClase4 ciclovitalfamiliar
Clase4 ciclovitalfamiliarmariaignaciapm
 
Noviembre 2014
Noviembre 2014Noviembre 2014
Noviembre 2014moonmentum
 
Comunicacion interactiva almari manrique- m-716
Comunicacion interactiva  almari manrique- m-716Comunicacion interactiva  almari manrique- m-716
Comunicacion interactiva almari manrique- m-716AlmariManrique
 
Preguntas novias y novios Cristianos
Preguntas novias y novios CristianosPreguntas novias y novios Cristianos
Preguntas novias y novios Cristianosjhon escobar segovia
 
Establecimiento de la conexion
Establecimiento de la conexionEstablecimiento de la conexion
Establecimiento de la conexionadjaes
 

Andere mochten auch (20)

Capire e usare i social network
Capire e usare i social networkCapire e usare i social network
Capire e usare i social network
 
Guia de-marketing-en-internet-para-tiempos-dificiles
Guia de-marketing-en-internet-para-tiempos-dificilesGuia de-marketing-en-internet-para-tiempos-dificiles
Guia de-marketing-en-internet-para-tiempos-dificiles
 
COST: Programa de Cooperación Europea en Ciencia y Tecnología (Dra. Almudena ...
COST: Programa de Cooperación Europea en Ciencia y Tecnología (Dra. Almudena ...COST: Programa de Cooperación Europea en Ciencia y Tecnología (Dra. Almudena ...
COST: Programa de Cooperación Europea en Ciencia y Tecnología (Dra. Almudena ...
 
Vni Neumomadrid (27 Nov 07) MañAna
Vni Neumomadrid (27 Nov 07) MañAnaVni Neumomadrid (27 Nov 07) MañAna
Vni Neumomadrid (27 Nov 07) MañAna
 
HIRMER Loft
HIRMER LoftHIRMER Loft
HIRMER Loft
 
PERUMIN 31: Integrated assessment of deep sedimentary structures: exploring g...
PERUMIN 31: Integrated assessment of deep sedimentary structures: exploring g...PERUMIN 31: Integrated assessment of deep sedimentary structures: exploring g...
PERUMIN 31: Integrated assessment of deep sedimentary structures: exploring g...
 
Tipos de empresas
Tipos de empresasTipos de empresas
Tipos de empresas
 
Trespa ® division locales comerciales
Trespa ® division locales comercialesTrespa ® division locales comerciales
Trespa ® division locales comerciales
 
Q4 year end-2013 ASSA ABLOY invetors presentation 7 february
Q4 year end-2013 ASSA ABLOY invetors presentation 7 februaryQ4 year end-2013 ASSA ABLOY invetors presentation 7 february
Q4 year end-2013 ASSA ABLOY invetors presentation 7 february
 
Calor en la noche
Calor en la nocheCalor en la noche
Calor en la noche
 
Hogueras Alicante
Hogueras AlicanteHogueras Alicante
Hogueras Alicante
 
Pronunciamiento confedapa
Pronunciamiento confedapaPronunciamiento confedapa
Pronunciamiento confedapa
 
Baobaz SES - La semaine sociale 140113
Baobaz SES - La semaine sociale 140113Baobaz SES - La semaine sociale 140113
Baobaz SES - La semaine sociale 140113
 
Ocio Y Turismo En Mallorca Xm
Ocio Y Turismo En Mallorca Xm
Ocio Y Turismo En Mallorca Xm
Ocio Y Turismo En Mallorca Xm
 
Clase4 ciclovitalfamiliar
Clase4 ciclovitalfamiliarClase4 ciclovitalfamiliar
Clase4 ciclovitalfamiliar
 
Noviembre 2014
Noviembre 2014Noviembre 2014
Noviembre 2014
 
Comunicacion interactiva almari manrique- m-716
Comunicacion interactiva  almari manrique- m-716Comunicacion interactiva  almari manrique- m-716
Comunicacion interactiva almari manrique- m-716
 
Dictionnaire duweb
Dictionnaire duwebDictionnaire duweb
Dictionnaire duweb
 
Preguntas novias y novios Cristianos
Preguntas novias y novios CristianosPreguntas novias y novios Cristianos
Preguntas novias y novios Cristianos
 
Establecimiento de la conexion
Establecimiento de la conexionEstablecimiento de la conexion
Establecimiento de la conexion
 

Ähnlich wie Cloud Security: Perception Vs. Reality

Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud StrategyInternap
 
MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesDell EMC World
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud ComputingAshish Patel
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMwareOpSource
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloudInterop
 
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Cloudera, Inc.
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudCompTIA UK
 
Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1CloudExpoEurope
 
Nyc lunch and learn 03 15 2012 final
Nyc lunch and learn   03 15 2012 finalNyc lunch and learn   03 15 2012 final
Nyc lunch and learn 03 15 2012 finalInternap
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in CloudLenin Aboagye
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alAlert Logic
 
Lax breakfast forum_developing_your_cloud_strategy_05_10_2012
Lax breakfast forum_developing_your_cloud_strategy_05_10_2012Lax breakfast forum_developing_your_cloud_strategy_05_10_2012
Lax breakfast forum_developing_your_cloud_strategy_05_10_2012Internap
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudAlert Logic
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010   Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010   Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...ptaglephd
 
Cloud conference & expo presentation
Cloud conference & expo presentationCloud conference & expo presentation
Cloud conference & expo presentationTelstra
 
Presentation cloud security the grand challenge
Presentation   cloud security the grand challengePresentation   cloud security the grand challenge
Presentation cloud security the grand challengexKinAnx
 

Ähnlich wie Cloud Security: Perception Vs. Reality (20)

Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud Strategy
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Security
 
MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT Initiatives
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMware
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
 
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the Cloud
 
Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1
 
Nyc lunch and learn 03 15 2012 final
Nyc lunch and learn   03 15 2012 finalNyc lunch and learn   03 15 2012 final
Nyc lunch and learn 03 15 2012 final
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
 
Lax breakfast forum_developing_your_cloud_strategy_05_10_2012
Lax breakfast forum_developing_your_cloud_strategy_05_10_2012Lax breakfast forum_developing_your_cloud_strategy_05_10_2012
Lax breakfast forum_developing_your_cloud_strategy_05_10_2012
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the Cloud
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010   Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010   Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
 
Cloud conference & expo presentation
Cloud conference & expo presentationCloud conference & expo presentation
Cloud conference & expo presentation
 
Presentation cloud security the grand challenge
Presentation   cloud security the grand challengePresentation   cloud security the grand challenge
Presentation cloud security the grand challenge
 

Mehr von Internap

Q3 2016-earnings-slides
Q3 2016-earnings-slidesQ3 2016-earnings-slides
Q3 2016-earnings-slidesInternap
 
4 q15 earnings presentation
4 q15 earnings presentation4 q15 earnings presentation
4 q15 earnings presentationInternap
 
Q3 2015 earnings presentation
Q3 2015 earnings presentationQ3 2015 earnings presentation
Q3 2015 earnings presentationInternap
 
2Q15 Earnings Presentation
2Q15 Earnings Presentation2Q15 Earnings Presentation
2Q15 Earnings PresentationInternap
 
The Definitive Guide to Evaluating Colocation Providers guide to coloc
The Definitive Guide to Evaluating Colocation Providers guide to colocThe Definitive Guide to Evaluating Colocation Providers guide to coloc
The Definitive Guide to Evaluating Colocation Providers guide to colocInternap
 
Considering bare metal as a viable cloud option
Considering bare metal as a viable cloud optionConsidering bare metal as a viable cloud option
Considering bare metal as a viable cloud optionInternap
 
Investor meeting june 8 2015
Investor meeting june 8 2015Investor meeting june 8 2015
Investor meeting june 8 2015Internap
 
1Q15 earnings presentation
1Q15 earnings presentation1Q15 earnings presentation
1Q15 earnings presentationInternap
 
Critical design elements for high power density data centers
Critical design elements for high power density data centersCritical design elements for high power density data centers
Critical design elements for high power density data centersInternap
 
Accelerate Your Website Performance
Accelerate Your Website PerformanceAccelerate Your Website Performance
Accelerate Your Website PerformanceInternap
 
Top 10 data center strategy success
Top 10 data center strategy successTop 10 data center strategy success
Top 10 data center strategy successInternap
 
Internap Q4 2014 Earnings Presentation
Internap Q4 2014 Earnings PresentationInternap Q4 2014 Earnings Presentation
Internap Q4 2014 Earnings PresentationInternap
 
Managed dns webinar 2015 internap
Managed dns webinar 2015 internapManaged dns webinar 2015 internap
Managed dns webinar 2015 internapInternap
 
Data in Motion vs Data at Rest
Data in Motion vs Data at RestData in Motion vs Data at Rest
Data in Motion vs Data at RestInternap
 
Hybrid hosting webcast
Hybrid hosting webcastHybrid hosting webcast
Hybrid hosting webcastInternap
 
Top 10 Data Center Success Criteria
Top 10 Data Center Success CriteriaTop 10 Data Center Success Criteria
Top 10 Data Center Success CriteriaInternap
 
Is Your IT Infrastructure Future-Proof?
Is Your IT Infrastructure Future-Proof? Is Your IT Infrastructure Future-Proof?
Is Your IT Infrastructure Future-Proof? Internap
 
Cloud Roundtable
Cloud RoundtableCloud Roundtable
Cloud RoundtableInternap
 
Webinar: Top 5 Mistakes Your Don't Want to Make When Moving to the Cloud
Webinar: Top 5 Mistakes Your Don't Want to Make When Moving to the CloudWebinar: Top 5 Mistakes Your Don't Want to Make When Moving to the Cloud
Webinar: Top 5 Mistakes Your Don't Want to Make When Moving to the CloudInternap
 
Cloud: CDN Killer?
Cloud: CDN Killer? Cloud: CDN Killer?
Cloud: CDN Killer? Internap
 

Mehr von Internap (20)

Q3 2016-earnings-slides
Q3 2016-earnings-slidesQ3 2016-earnings-slides
Q3 2016-earnings-slides
 
4 q15 earnings presentation
4 q15 earnings presentation4 q15 earnings presentation
4 q15 earnings presentation
 
Q3 2015 earnings presentation
Q3 2015 earnings presentationQ3 2015 earnings presentation
Q3 2015 earnings presentation
 
2Q15 Earnings Presentation
2Q15 Earnings Presentation2Q15 Earnings Presentation
2Q15 Earnings Presentation
 
The Definitive Guide to Evaluating Colocation Providers guide to coloc
The Definitive Guide to Evaluating Colocation Providers guide to colocThe Definitive Guide to Evaluating Colocation Providers guide to coloc
The Definitive Guide to Evaluating Colocation Providers guide to coloc
 
Considering bare metal as a viable cloud option
Considering bare metal as a viable cloud optionConsidering bare metal as a viable cloud option
Considering bare metal as a viable cloud option
 
Investor meeting june 8 2015
Investor meeting june 8 2015Investor meeting june 8 2015
Investor meeting june 8 2015
 
1Q15 earnings presentation
1Q15 earnings presentation1Q15 earnings presentation
1Q15 earnings presentation
 
Critical design elements for high power density data centers
Critical design elements for high power density data centersCritical design elements for high power density data centers
Critical design elements for high power density data centers
 
Accelerate Your Website Performance
Accelerate Your Website PerformanceAccelerate Your Website Performance
Accelerate Your Website Performance
 
Top 10 data center strategy success
Top 10 data center strategy successTop 10 data center strategy success
Top 10 data center strategy success
 
Internap Q4 2014 Earnings Presentation
Internap Q4 2014 Earnings PresentationInternap Q4 2014 Earnings Presentation
Internap Q4 2014 Earnings Presentation
 
Managed dns webinar 2015 internap
Managed dns webinar 2015 internapManaged dns webinar 2015 internap
Managed dns webinar 2015 internap
 
Data in Motion vs Data at Rest
Data in Motion vs Data at RestData in Motion vs Data at Rest
Data in Motion vs Data at Rest
 
Hybrid hosting webcast
Hybrid hosting webcastHybrid hosting webcast
Hybrid hosting webcast
 
Top 10 Data Center Success Criteria
Top 10 Data Center Success CriteriaTop 10 Data Center Success Criteria
Top 10 Data Center Success Criteria
 
Is Your IT Infrastructure Future-Proof?
Is Your IT Infrastructure Future-Proof? Is Your IT Infrastructure Future-Proof?
Is Your IT Infrastructure Future-Proof?
 
Cloud Roundtable
Cloud RoundtableCloud Roundtable
Cloud Roundtable
 
Webinar: Top 5 Mistakes Your Don't Want to Make When Moving to the Cloud
Webinar: Top 5 Mistakes Your Don't Want to Make When Moving to the CloudWebinar: Top 5 Mistakes Your Don't Want to Make When Moving to the Cloud
Webinar: Top 5 Mistakes Your Don't Want to Make When Moving to the Cloud
 
Cloud: CDN Killer?
Cloud: CDN Killer? Cloud: CDN Killer?
Cloud: CDN Killer?
 

Kürzlich hochgeladen

Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 

Kürzlich hochgeladen (20)

20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 

Cloud Security: Perception Vs. Reality

  • 1. Cloud Security: Perception vs. Reality March 21, 2012 #cloudsecurity
  • 2. Agenda Introductions and Internap Overview Security Drivers and Concerns - Industry Perspectives Security Risk Evaluation – Service Provider vs. On-Premise Questions? #cloudsecurity 2
  • 3. Today’s speakers & moderator Marek Vesely Mark Fitzgerald Chief Technology Officer Manager, Casenet LLC Infrastructure & Strategy Turbine John Freimuth Randy Rosenbaum VP, Mgd Hstg & Partner Executive Cloud Alert Logic Internap Moderator #cloudsecurity 3
  • 4. Our intelligent IT Infrastructure solutions can take your business to a higher level. 3,700+ Enterprise Customers 500 Employees 2011 Revenue: $245M NASDAQ: INAP #cloudsecurity 4
  • 5. End user to the Performance IT Vendor IT Vendor IT Vendor IT Vendor IT Vendor IT Vendor IT Vendor Platform Flexibility #cloudsecurity 5 5
  • 6. Performance to the End user Platform Flexibility IP Connectivity Colocation •  Enterprise IP •  Space, Power, Cooling •  TCP Acceleration •  Interconnection Content Delivery Network Hosting •  Media Delivery, Transparent •  Managed Hosting Caching, Mobile Delivery •  Dedicated Hosting •  Analytics Cloud •  Private Cloud •  Public Cloud •  Cloud Storage We live and breathe a full range of intelligent IT Infrastructure services #cloudsecurity 6
  • 7. Poll Question What is your greatest concern about a cloud environment? #cloudsecurity 7
  • 8. What is top of mind today for enterprises regarding security and cloud services? #cloudsecurity
  • 9. Panel Question: Business Drivers VP, IT Dell SecureWorks What business drivers influence your security decisions? #cloudsecurity 9
  • 10. Panel Question: Cloud Security Concerns VP, IT Dell SecureWorks What are your security concerns when using a cloud environment? #cloudsecurity 10
  • 11. Panel Question: Levering Cloud Services VP, IT Given security Dell SecureWorks requirements, how will you leverage cloud in the future? #cloudsecurity 11
  • 12. Poll Question Which methods of attack concerns you most in terms of your customers’ data? #cloudsecurity 12
  • 13. Security-­‐as-­‐a-­‐Service  solu0ons  for   more  than  1,500  customers   Threat  Manager   Ac-veWatch   •  Intrusion detection and vulnerability assessment •  PCI Approved Scanning Vendor (ASV) •  Custom dashboards and reports •  24x7 monitoring and review services Log  Manager   LogReview   •  Log data collection and aggregation •  Identify suspicious activity and automatically issue threat alerts •  Powerful search and reporting •  Daily analysis and review services Web  Security  Manager   •  Award-winning web application firewall •  Adaptive learning and easy tuning •  24x7 monitoring for consistent protection 13
  • 14. Industry-­‐First  Data-­‐Driven  Compara0ve  Analysis  of  Threats  in   Hosted  and  Cloud  vs.  On-­‐Premise  IT  Environments   14
  • 15. Alert Logic provides a rich data set Threat data from more than 1500 customers Customers  of  over   half  the  top  30   Consistently-­‐ North  American   collected  data   service  providers   from  both     service  provider   and     on-­‐premise   On-­‐premise   enterprise   environments   environments  from  a   range  of  ver-cals   15
  • 16. Customer Data Set •  Analyzed network traffic from over 1600 customers –  1300 + Managed Hosting/Cloud Customers –  300 + On-Premise Customers 16 Page 16
  • 17. How threats are identified 17
  • 18. Security Incident Categories INCIDENT  TYPE   DEFINITION   EXAMPLES   Applica-on  ALack   Exploit  aLempts  against  applica-ons  or  services  that  are  not   Buffer  overflow   running  over  HTTP  protocol     Brute  Force   Exploit  aLempts  enumera-ng  a  large  number  of  combina-ons,   Password  cracking  aLempts   typically  involving  numerous  creden-al  failures     Malware/Botnet  Ac-vity   Malicious  soUware  installed  on  a  host  engaging  in  unscrupulous   Conficker,  Zeus  botnet     ac-vity,  data  destruc-on,  informa-on  gathering  or  crea-on  of   backdoor.  Included  in  this  category  is  botnet  ac-vity:  post-­‐ compromise  ac-vity  displaying  characteris-cs  of  command  and   control  communica-on   Misconfigura-on   Network/Host/Applica-on  configura-on  issues  that  introduce   Weak  patch  management,   possible  security  vulnerabili-es,  typically  a  result  of  inadequate   unnecessary  services  running   hardening     Reconnaissance   Reconnaissance  ac-vity  focused  on  mapping  the  networks,   Port  scans  and  fingerprin-ng   applica-ons  and/or  services     Vulnerability  Scan   Automated  vulnerability  discovery  in  applica-ons,  services  or   Unauthorized  Nessus  scan   protocol  implementa-ons         Web  Applica-on  ALack   ALacks  targe-ng  the  presenta-on,  logic  or  database  layer  of  web   SQL  injec-on   applica-ons   18
  • 19. Metrics to answer basic questions OCCURRENCE   FREQUENCY   THREAT  DIVERSITY   What  percentage  of   How  oUen  did  impacted   How  many  unique  threat   customers  were  impacted   customers  experience   types  did  customers   by  each  threat  type?   each  threat  type?   experience?   What  is  the  complexity   What  threats  are  actually  experienced  in  on-­‐ of  the  threat  landscape   premise  vs  service  provider  environments,  and   (and  resul-ng  security   how  oUen?   program)?   19
  • 20. Consistently lower occurrence rates among service provider customers 20
  • 21. Why Do We See Differences? Size and Diversity Increase Attack Surface 21
  • 22. What does this mean? Cloud  and  Service  Provider  Managed  Environments     are  Not  Less  Secure   Good  Management  Yields  Good  Security   Smart  Enterprises  Should  Exploit  Differences  in     Risk  Profiles   Web  Applica-on  Security  is  a  Significant  Challenge   22
  • 23. Use data to make security investment decisions This is aggregate data; use your own IDS and log data Review  log  data  to   detect  brute  force   Consider  Web  App   aLempts   Firewall,  network  IDS   Use  IDS  to   detect   suspicious   recon   Malware  protec-on   Pay  aLen-on  to   cri-cal  for  on-­‐premises   configura-on   infrastructure   management,  patching   23 Source: Alert Logic State of Cloud Security, Spring 2012
  • 24. ? Questions? www.internap.com #cloudsecurity #cloudsecurity 24