Cloud Security Myths Paul Mazzucco, Chief Security Officer
Discussion Points >Yesterday s standards: today s security myths >Cloud security: an ongoing mandate >Actions to take now
90% of Businesses Breached in Last 10 Years Channels used > Bring Your Own Device (BYOD) 60% allow / 40% formal policy > Bring Your Own Cloud (BYOC) 45% apps / 22% visible to IT > Malicious Hackers 60% financial gain / 25% IP US hits record high of 783 data breaches in 2014
(Almost) Daily Headlines > Data Belonging to 1.1 Million CareFirst Customers Stolen in Cyber Attack (May 2015) > US Regulators Warn of Cyber Threat to Financial System (May 2015) > FBI Warns US Companies of Cyber Terror (April 2015) 4
Multiple Cyber Security Threats Cyber security threats according to risk mitigation priority 10 = Highest Priority to 1 = Lowest Priority Denial of service (DoS) Server side injection Distributed denial of service (DDoS) Viruses, worms and trojans Malware 9.0 8.6 8.2 7.9 7.7 Botnets 6.4 Malicious insiders 5.4 Cross site scripting Web scrapping Phishing and social engineering 3.0 2.8 3.2 0.0 1.0 2.0 3.0 4.0 5.0 6.0 7.0 8.0 9.0 10.0
Cloud Security Myths > Data in the cloud is less secure than data in traditional brick & mortar datacenter > Security can be dealt with after the fact > Using any cloud provider with the right certs guarantees protection > Once it s set up, you can leave it alone 6
Myth 1: Data Less Secure in Cloud F A C T S Cloud providers core expertise Built into the business model, ground up Offer many more layers of security 28% fewer genuine attacks, threats
Myth 2: Deal With it After the Fact Security is infrastructural, planning through execution F A C T S Cloud Environment Network architecture Provisioning Deployment Scaling Needs Impact Security Your industry Your data needs Your business practices Your customers needs
Myth 3: Certs Guarantee Protection F A C T S > Compliance doesn t ensure security Overlap: Yes Same: No > Compliance: state of security at specific moment in time Error between audits Humans vs. automation > Actions Independent audits, SLAs Public vs. private cloud
Myth 4: Certs Guarantee Protection > Certs & audit are a beginning F A C T S Not culmination > Yesterday s technology Perimeter-focused > Today s threats require Multi-layered approach Advanced detection Real-time admin alerts
Actions to Take > Cloud Security Alliance (CSA) Consensus Assessment Initiative Questionnaire CSA Cloud Controls Matrix > Independent audits 3rd party testing of providers infrastructure > Services secured to common standard Transparent and auditable
TierPoint Cloud Built to meet critical security, performance and reliability requirements Full suite of custom-configured virtualization services powered by industry-leading VMware technology Secure Flexible Scalable Cost Efficient PRIVATE MULTI-TENANT RECOVERY HYBRID Dedicated Environment Customized Storage, Computing, Security & other Components Utilize & Colocate Your Own Equipment or Outsource as Fully Managed Secure, Enterprise Architected Service Cost Efficient, Flexible Dedicated Resources Built to Spec for Customer RPOs & RTOs Virtual Resources Upon Demand During a Disaster IP Vaulting, Tape, or Disk Backup Seamless Integration with Colocation Environments Secure, Enterprise Services Cost-efficient Scalable 12
TierPoint History > Built on strong foundation Headquarters: St. Louis, MO Strategic combination of respected, innovative data centers and IT solution providers date back to the 1990 s Servicing 2900+ clients across multiple industries 13
Q&A