1 / 23

Secure Cloud and BYOD Strategies

Secure Cloud and BYOD Strategies. Gaining Control O ver Trust. A New World. Own Nothing. Some Misconceptions. It’s my Cloud providers responsibility to provide a secure environment.

beata
Télécharger la présentation

Secure Cloud and BYOD Strategies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Cloud and BYOD Strategies Gaining Control Over Trust

  2. A New World Own Nothing.

  3. Some Misconceptions It’s my Cloud providers responsibility to provide a secure environment. “You are responsible for properly configuring and using the Service Offerings and taking your own steps to maintain appropriate security, protection” Customer Agreement “When you go to the cloud, you have to consider that application is going to be going to a somewhat hostile environment.” Dennis Hurst, founding member of CSA and security specialist Hewlett-Packard Co.

  4. The Onus Is On YOU! • “When data is transferred to a cloud, the responsibility for protecting and securing the data typically remains with the collector or custodian of that data.” • Guidance v3.0 “Ultimately, you can outsource responsibility but you can't outsource accountability” ENISA Cloud Computing: Benefits, risks and recommendations for information security

  5. Establishing TRUST?

  6. Establishing Trust Encryption SSH keys API & symmetric keys Digital certificates

  7. When TRUST breaks down 2012 2011 2013 • Stolen Private Keys • Digitally sign code • Stuxnet • Zeus – Kaspersky compromised • Duqu • W32/Agent.DTIW • Mediyes • Troj/BredoZp – Adobe compromised • Sony compromise • Bit9 compromise • User Error • Poorly managed keys • Yahoo • Foxconn - Wii U keys • TurkTrust • McAfee • Microsoft • Fraudulent Certificates • CA Compromise • Verisign • Comodo • StartSSL • DigiNotar • DigiCert • Technology Advances • Weak Crypto • BEAST – SSL 3 • FLAME – MD5 • Lucky 13 – (D)TLS • SSH daemon backdoors

  8. Trust is The New Target “PKI is under attack” Scott Charney, Microsoft

  9. Real World Data Demographics: 2,300 Global 2000 organizations U.S, Germany, UK, Australia, France Cost of Failed Trust: Threats & Attacks, Feb 2013, Underwritten by Venafi – download @ www.venafi.com/Ponemon

  10. Real World Data 1 in 5 organizations expect to fall prey to attacks due to weak or legacy cryptography Cost of Failed Trust: Threats & Attacks, Feb 2013, Underwritten by Venafi – download @ www.venafi.com/ponemon

  11. Emerging Threats #1 Most Alarming Key & Certificate Management Threat SSH Critical for establishing trust and control in the cloud Cost of Failed Trust: Threats & Attacks, Feb 2013, Underwritten by Venafi – download @ www.venafi.com/ponemon

  12. Gain Control Over TRUST

  13. Control Over Trust Challenges

  14. Solving the Problem? 59% Getting key and certificate management right first, solves security, operations, and compliance problems of using encryption Cost of Failed Trust: Threats & Attacks, Feb 2013, Underwritten by Venafi – download @ www.venafi.com/ponemon

  15. A Rather Large Problem! 17,807 Average number of server keys and certificates in a Global 2000 organization Cost of Failed Trust: Threats & Attacks, Feb 2013, Underwritten by Venafi – download @ www.venafi.com/ponemon

  16. Gaining Control Over Trust Server Certs Module Symmetric Key Module SSH Key Module User Certs Module Provisioning Monitoring Enrollment Discovery Central Policy Control

  17. Journey to Control Trust DISCOVERASSETS CONNECT PEOPLE REPORT ANDAUDIT ENFORCEPOLICY AUTOMATE ANALYZE FOR INSIGHT

  18. First, Assess Risk and Gain Visibility

  19. How Do You Measure Up?

  20. Gain Control Over Trust Gain knowledge Streamline your trust asset management Bring under control Own Nothing. Control Everything. Eliminate failed audits Reduce operational cost Put controls in place

  21. Gained Control Over Trust Learn More: www.venafi.com/about/case-studies/

  22. Any Key. Any Cert. Anywhere.™ Take the Enterprise risk assessment to understand your risks www.venafi.com/venafi-assessor/ Read Key & Certificate Management Best Practices www.venafi.com/best-practices/

More Related