SlideShare uma empresa Scribd logo

Managing Cloud Security Risks

Transferir como PPTX, PDF
Dome9 Security
Dome9 Security

The document summarizes the findings of a study conducted by Ponemon Institute on cloud security and firewall risks. The key findings are: 1) Most organizations' cloud servers are vulnerable, as 54% of IT personnel have little knowledge of open firewall port risks and 67% said they are vulnerable today. 2) Securing access to cloud servers and generating security reports is difficult, as 79% struggle to manage access and reporting. 3) Cloud security is widely seen as important but poorly managed currently, with only 9% rating their security as excellent and 42% unaware if their cloud was hacked due to open ports.

Tecnologia
1 de 24
Ponemon Institute Cloud Security: Managing Firewall Risks November 2011 Sponsored by Dome9 Security Ponemon Institute, LLC
Security is the #1 concern of the cloud. Ponemon Institute, LLC 2
About the study 682 respondents across 17 verticals. All were IT or IT security practitioners. The study was commission by Dome9 Security, a cloud security management service provider. Dome9 provides a cloud firewall management service for automated and elastic security. The study was performed by the Ponemon Institute. The Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. It conducts high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. Ponemon Institute, LLC 3
Key study findings Most organizations’ cloud servers are vulnerable Most IT personnel don’t understand the risk Securing access to and generating reports for cloud servers is a big problem Ponemon Institute, LLC
How do you rate your cloud security management today? No Comment 21% Poor 25% Fair 27% Good 18% Excellent 9% 0% 5% 10% 15% 20% 25% 30% Excellent Good Fair Poor No Comment Ponemon Institute, LLC
73% believe the cloud server firewall is the first place to stop attacks and prevent exploits. Ponemon Institute, LLC 6
When asked: How vulnerable are you from unsecured ports/firewalls? 24% 32% Very Vulnerable 9% Vulnerable Not Vulnerable 35% Unsure Only 9% said they were not vulnerable Ponemon Institute, LLC
How likely is this to happen? 60% 42% 43% 40% 19% 9% 14% 12% 22% 20% 16% 18% 0% 5% Already Very likely happened Likely to to happen Not likely happen Will never to happen happen Locked out of cloud server Ports left open & exposed to hackers Ponemon Institute, LLC
Key study findings Most organizations’ cloud servers are vulnerable Most IT personnel don’t understand the risk Securing access to and generating reports for cloud servers is a big problem Ponemon Institute, LLC
Cloud server firewall management 54% said IT personnel within their organization have no knowledge (or are not knowledgeable) about the potential risk of open firewall ports in their cloud environment 61% said they do not have a solution deployed… when asked, ‘why?’ o 62% said solutions are not scalable o 59% said solutions cost too much o 57% said solutions are not available o 49% said solutions are too complex o 43% said solutions are not dependable Ponemon Institute, LLC
Responsibility for Cloud Security Partner Most Responsible Responsible Within Your Org Customer Provider Both 41% 20% 17% 15% 33% 31% 5% 2% 36% Ponemon Institute, LLC
Cloud infrastructure is automated… its security must be too. Ponemon Institute, LLC 12
Importance of Automation in Cloud Firewall Management More important in the cloud 40% environment because it is elastic Equally important in both on-premises 32% and cloud environments Less important in the cloud 8% environment 20% Unsure 0% 5% 10% 15% 20% 25% 30% 35% 40% Ponemon Institute, LLC
Key study findings Most organizations’ cloud servers are vulnerable Most IT personnel don’t understand the risk Securing access to and generating reports for cloud servers is a big problem Ponemon Institute, LLC
Managing access and generating reports on cloud server access Cannot manage access or generate reports 36% efficiently 29% Manage access through the cloud provider’s tools, but cannot generate reports Manage access and generate reports directly 14% from each cloud server, manually Ponemon Institute, LLC
How would you know If your cloud was hacked because of an open port Our system would provide a warning 19% We wouldn't know 42% The cloud provider would inform us 39% Ponemon Institute, LLC
Summary of findings • Only 9% rate their cloud security as Excellent • 42% said they would not know if their cloud was hacked due to an open firewall port. o 39% said they thought their cloud provider would tell them. • 54% said IT has no knowledge of the risk posed by open ports on cloud servers. o 67% said they are vulnerable, today; o 24% said they don’t know if they were vulnerable. • 79% have difficulty or cannot manage access to their cloud servers and generating reports. Ponemon Institute, LLC
About the Sponsor D o m e 9 S e c u r i t y L t d. – http://www.dome9.com
Overview of Dome9 Dome9 is a cloud firewall security management service Available for the enterprise and hosting providers, Dome9 provides dynamic security policy control for Clouds, Virtual Private Servers (VPS), dedicated servers, and Amazon’s EC2 Security Groups, across all major operating systems and service providers. Dome9 lets you…  Close all administrative ports on your servers without losing access and control.  Open any port on-demand, any time, for anyone, and from anywhere.  Send secure access invitations to third parties.  Centralize firewall management for all your servers and clouds
Dome9 Central Dome9 offers full control over the host OS firewall from a secured web service – accessible from anywhere.
Secure Your CloudTM Visit Dome9.com to get a copy of the Ponemon Study on Managing Firewalls in the Cloud, and get a free, 14-day trial of Dome9 Security.
Thanks for your time. D o m e 9 S e c u r i t y L t d. – http://www.dome9.com
Demographic information • 863 total respondents with 682 in final • Respondents spanned 17 industries: sample – 18% Financial Services – 12% Public Sector – 11% Health & Pharma • All respondents were bona fide – 8% Services credentials in IT or IT security – 8% Industrial o Median 10 years in IT and 4.5 years in current position – 7% Retail – 6% Hospitality • All respondents are based in the U.S., but have employees based in: • Organizational size: o 75% Canada – 5% had more than 100,000 employees o 68% Europe – 35% had more than 5,001 employees o 41% Middle East – 25% had 1,001-5,000 employees o 58% Asia-Pacific – 35% had fewer than 1,000 employees o 43% Latin America Role in Organization Reports to CIO 4% 2% 4% 3% 3% Vice President 15% 4% CISO 8% Director 38% CSO 22% Manager 20% 58% Supervisor CRO 19% Technician CFO Staff Ponemon Institute, LLC
Cloud types and providers Types of cloud environments Major cloud service providers the the organization presently uses organization presently uses 68% 47%45%49% 70% 50% 60% 50% 38% 40% 50% 30%28% 40% 31% 30% 24% 30% 20% 20% 10% 2% 10% 0% 0% Google Azure Other Rackspace Terremark AWS EC2 GoGrid Ponemon Institute, LLC

Recomendados

Ponemon cloud security study
Ponemon cloud security studyPonemon cloud security study
Ponemon cloud security studyDome9 Security
 
State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteState of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteJeremiah Grossman
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskLumension
 
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityWhat You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityCloudPassage
 
Progressive Times - May 2012
Progressive Times - May 2012Progressive Times - May 2012
Progressive Times - May 2012Progressive InfoTech
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Eoin Keary
 
Symantec 2011 Information Retention and eDiscovery Survey Global Key Findings
Symantec 2011 Information Retention and eDiscovery Survey Global Key FindingsSymantec 2011 Information Retention and eDiscovery Survey Global Key Findings
Symantec 2011 Information Retention and eDiscovery Survey Global Key FindingsSymantec
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012Lumension
 

Recomendados

Ponemon cloud security study
Ponemon cloud security studyPonemon cloud security study
Ponemon cloud security studyDome9 Security
 
State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteState of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteJeremiah Grossman
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskLumension
 
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityWhat You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityCloudPassage
 
Progressive Times - May 2012
Progressive Times - May 2012Progressive Times - May 2012
Progressive Times - May 2012Progressive InfoTech
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Eoin Keary
 
Symantec 2011 Information Retention and eDiscovery Survey Global Key Findings
Symantec 2011 Information Retention and eDiscovery Survey Global Key FindingsSymantec 2011 Information Retention and eDiscovery Survey Global Key Findings
Symantec 2011 Information Retention and eDiscovery Survey Global Key FindingsSymantec
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012Lumension
 
Cloud Computing White Paper
Cloud Computing White PaperCloud Computing White Paper
Cloud Computing White PaperChris O'Neal
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...GFI Software
 
Are Your Cyber Defenses Strong Enough?
Are Your Cyber Defenses Strong Enough?Are Your Cyber Defenses Strong Enough?
Are Your Cyber Defenses Strong Enough?Cygilant
 
Social Media: Embracing the Opportunities, Averting the Risks
Social Media: Embracing the Opportunities, Averting the RisksSocial Media: Embracing the Opportunities, Averting the Risks
Social Media: Embracing the Opportunities, Averting the RisksRussell Herder
 
11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)Jeremiah Grossman
 
Advanced Applications & Networks
Advanced Applications & NetworksAdvanced Applications & Networks
Advanced Applications & NetworksPrakash Nagpal
 
The Cloud and Mobility Pivot - How MSPs can retool for the next 5 years
The Cloud and Mobility Pivot - How MSPs can retool for the next 5 yearsThe Cloud and Mobility Pivot - How MSPs can retool for the next 5 years
The Cloud and Mobility Pivot - How MSPs can retool for the next 5 yearsJay McBain
 
Data growth-protection-trends-research-results
Data growth-protection-trends-research-resultsData growth-protection-trends-research-results
Data growth-protection-trends-research-resultsAccenture
 
We present Bugscout
We present BugscoutWe present Bugscout
We present BugscoutJorge Martínez Taboada
 
Box & okta in cloud
Box & okta in cloudBox & okta in cloud
Box & okta in cloudAccenture
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramLancope, Inc.
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinarAlgoSec
 
2012 global cloud_security_survey_executive_summary
2012 global cloud_security_survey_executive_summary2012 global cloud_security_survey_executive_summary
2012 global cloud_security_survey_executive_summaryКомсс Файквэе
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computingHardik Kakadiya
 
Symantec 2010 Disaster Recovery Study
Symantec 2010 Disaster Recovery StudySymantec 2010 Disaster Recovery Study
Symantec 2010 Disaster Recovery StudySymantec
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18Symantec
 
Compliance standards interoperability - Zoltan Precsenyi
Compliance standards interoperability - Zoltan PrecsenyiCompliance standards interoperability - Zoltan Precsenyi
Compliance standards interoperability - Zoltan Precsenyie-Democracy Conference
 
Future of cloud computing 2011
Future of cloud computing 2011Future of cloud computing 2011
Future of cloud computing 2011Michael Skok
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Why businesses are moving to the Cloud?
Why businesses are moving to the Cloud?Why businesses are moving to the Cloud?
Why businesses are moving to the Cloud?Ospero
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...Andris Soroka
 

Mais conteúdo relacionado

Mais procurados

Cloud Computing White Paper
Cloud Computing White PaperCloud Computing White Paper
Cloud Computing White PaperChris O'Neal
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...GFI Software
 
Are Your Cyber Defenses Strong Enough?
Are Your Cyber Defenses Strong Enough?Are Your Cyber Defenses Strong Enough?
Are Your Cyber Defenses Strong Enough?Cygilant
 
Social Media: Embracing the Opportunities, Averting the Risks
Social Media: Embracing the Opportunities, Averting the RisksSocial Media: Embracing the Opportunities, Averting the Risks
Social Media: Embracing the Opportunities, Averting the RisksRussell Herder
 
11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)Jeremiah Grossman
 
Advanced Applications & Networks
Advanced Applications & NetworksAdvanced Applications & Networks
Advanced Applications & NetworksPrakash Nagpal
 

Mais procurados (7)

Cloud Computing White Paper
Cloud Computing White PaperCloud Computing White Paper
Cloud Computing White Paper
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
 
Are Your Cyber Defenses Strong Enough?
Are Your Cyber Defenses Strong Enough?Are Your Cyber Defenses Strong Enough?
Are Your Cyber Defenses Strong Enough?
 
Social Media: Embracing the Opportunities, Averting the Risks
Social Media: Embracing the Opportunities, Averting the RisksSocial Media: Embracing the Opportunities, Averting the Risks
Social Media: Embracing the Opportunities, Averting the Risks
 
11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)
 
Advanced Applications & Networks
Advanced Applications & NetworksAdvanced Applications & Networks
Advanced Applications & Networks
 

Semelhante a Managing Cloud Security Risks

The Cloud and Mobility Pivot - How MSPs can retool for the next 5 years
The Cloud and Mobility Pivot - How MSPs can retool for the next 5 yearsThe Cloud and Mobility Pivot - How MSPs can retool for the next 5 years
The Cloud and Mobility Pivot - How MSPs can retool for the next 5 yearsJay McBain
 
Data growth-protection-trends-research-results
Data growth-protection-trends-research-resultsData growth-protection-trends-research-results
Data growth-protection-trends-research-resultsAccenture
 
Box & okta in cloud
Box & okta in cloudBox & okta in cloud
Box & okta in cloudAccenture
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramLancope, Inc.
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinarAlgoSec
 
2012 global cloud_security_survey_executive_summary
2012 global cloud_security_survey_executive_summary2012 global cloud_security_survey_executive_summary
2012 global cloud_security_survey_executive_summaryКомсс Файквэе
 
Symantec 2010 Disaster Recovery Study
Symantec 2010 Disaster Recovery StudySymantec 2010 Disaster Recovery Study
Symantec 2010 Disaster Recovery StudySymantec
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18Symantec
 
Compliance standards interoperability - Zoltan Precsenyi
Compliance standards interoperability - Zoltan PrecsenyiCompliance standards interoperability - Zoltan Precsenyi
Compliance standards interoperability - Zoltan Precsenyie-Democracy Conference
 
Future of cloud computing 2011
Future of cloud computing 2011Future of cloud computing 2011
Future of cloud computing 2011Michael Skok
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Why businesses are moving to the Cloud?
Why businesses are moving to the Cloud?Why businesses are moving to the Cloud?
Why businesses are moving to the Cloud?Ospero
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...Andris Soroka
 
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...cVidya Networks
 
Building a Meaningful Customer Experience on a Global Scale
Building a Meaningful Customer Experience on a Global ScaleBuilding a Meaningful Customer Experience on a Global Scale
Building a Meaningful Customer Experience on a Global ScaleRoman Nedielka
 
Proofpoint Outbound/DLP Survey Results
Proofpoint Outbound/DLP Survey ResultsProofpoint Outbound/DLP Survey Results
Proofpoint Outbound/DLP Survey Resultsshapetech
 
Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?Security Innovation
 

Semelhante a Managing Cloud Security Risks (20)

The Cloud and Mobility Pivot - How MSPs can retool for the next 5 years
The Cloud and Mobility Pivot - How MSPs can retool for the next 5 yearsThe Cloud and Mobility Pivot - How MSPs can retool for the next 5 years
The Cloud and Mobility Pivot - How MSPs can retool for the next 5 years
 
Data growth-protection-trends-research-results
Data growth-protection-trends-research-resultsData growth-protection-trends-research-results
Data growth-protection-trends-research-results
 
We present Bugscout
We present BugscoutWe present Bugscout
We present Bugscout
 
Box & okta in cloud
Box & okta in cloudBox & okta in cloud
Box & okta in cloud
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response Program
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinar
 
2012 global cloud_security_survey_executive_summary
2012 global cloud_security_survey_executive_summary2012 global cloud_security_survey_executive_summary
2012 global cloud_security_survey_executive_summary
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computing
 
Symantec 2010 Disaster Recovery Study
Symantec 2010 Disaster Recovery StudySymantec 2010 Disaster Recovery Study
Symantec 2010 Disaster Recovery Study
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18
 
Compliance standards interoperability - Zoltan Precsenyi
Compliance standards interoperability - Zoltan PrecsenyiCompliance standards interoperability - Zoltan Precsenyi
Compliance standards interoperability - Zoltan Precsenyi
 
Future of cloud computing 2011
Future of cloud computing 2011Future of cloud computing 2011
Future of cloud computing 2011
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Why businesses are moving to the Cloud?
Why businesses are moving to the Cloud?Why businesses are moving to the Cloud?
Why businesses are moving to the Cloud?
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
 
The software-security-risk-report
The software-security-risk-reportThe software-security-risk-report
The software-security-risk-report
 
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
 
Building a Meaningful Customer Experience on a Global Scale
Building a Meaningful Customer Experience on a Global ScaleBuilding a Meaningful Customer Experience on a Global Scale
Building a Meaningful Customer Experience on a Global Scale
 
Proofpoint Outbound/DLP Survey Results
Proofpoint Outbound/DLP Survey ResultsProofpoint Outbound/DLP Survey Results
Proofpoint Outbound/DLP Survey Results
 
Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?
 

Último

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 

Último (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 

Managing Cloud Security Risks

  • 1. Ponemon Institute Cloud Security: Managing Firewall Risks November 2011 Sponsored by Dome9 Security Ponemon Institute, LLC
  • 2. Security is the #1 concern of the cloud. Ponemon Institute, LLC 2
  • 3. About the study 682 respondents across 17 verticals. All were IT or IT security practitioners. The study was commission by Dome9 Security, a cloud security management service provider. Dome9 provides a cloud firewall management service for automated and elastic security. The study was performed by the Ponemon Institute. The Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. It conducts high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. Ponemon Institute, LLC 3
  • 4. Key study findings Most organizations’ cloud servers are vulnerable Most IT personnel don’t understand the risk Securing access to and generating reports for cloud servers is a big problem Ponemon Institute, LLC
  • 5. How do you rate your cloud security management today? No Comment 21% Poor 25% Fair 27% Good 18% Excellent 9% 0% 5% 10% 15% 20% 25% 30% Excellent Good Fair Poor No Comment Ponemon Institute, LLC
  • 6. 73% believe the cloud server firewall is the first place to stop attacks and prevent exploits. Ponemon Institute, LLC 6
  • 7. When asked: How vulnerable are you from unsecured ports/firewalls? 24% 32% Very Vulnerable 9% Vulnerable Not Vulnerable 35% Unsure Only 9% said they were not vulnerable Ponemon Institute, LLC
  • 8. How likely is this to happen? 60% 42% 43% 40% 19% 9% 14% 12% 22% 20% 16% 18% 0% 5% Already Very likely happened Likely to to happen Not likely happen Will never to happen happen Locked out of cloud server Ports left open & exposed to hackers Ponemon Institute, LLC
  • 9. Key study findings Most organizations’ cloud servers are vulnerable Most IT personnel don’t understand the risk Securing access to and generating reports for cloud servers is a big problem Ponemon Institute, LLC
  • 10. Cloud server firewall management 54% said IT personnel within their organization have no knowledge (or are not knowledgeable) about the potential risk of open firewall ports in their cloud environment 61% said they do not have a solution deployed… when asked, ‘why?’ o 62% said solutions are not scalable o 59% said solutions cost too much o 57% said solutions are not available o 49% said solutions are too complex o 43% said solutions are not dependable Ponemon Institute, LLC
  • 11. Responsibility for Cloud Security Partner Most Responsible Responsible Within Your Org Customer Provider Both 41% 20% 17% 15% 33% 31% 5% 2% 36% Ponemon Institute, LLC
  • 12. Cloud infrastructure is automated… its security must be too. Ponemon Institute, LLC 12
  • 13. Importance of Automation in Cloud Firewall Management More important in the cloud 40% environment because it is elastic Equally important in both on-premises 32% and cloud environments Less important in the cloud 8% environment 20% Unsure 0% 5% 10% 15% 20% 25% 30% 35% 40% Ponemon Institute, LLC
  • 14. Key study findings Most organizations’ cloud servers are vulnerable Most IT personnel don’t understand the risk Securing access to and generating reports for cloud servers is a big problem Ponemon Institute, LLC
  • 15. Managing access and generating reports on cloud server access Cannot manage access or generate reports 36% efficiently 29% Manage access through the cloud provider’s tools, but cannot generate reports Manage access and generate reports directly 14% from each cloud server, manually Ponemon Institute, LLC
  • 16. How would you know If your cloud was hacked because of an open port Our system would provide a warning 19% We wouldn't know 42% The cloud provider would inform us 39% Ponemon Institute, LLC
  • 17. Summary of findings • Only 9% rate their cloud security as Excellent • 42% said they would not know if their cloud was hacked due to an open firewall port. o 39% said they thought their cloud provider would tell them. • 54% said IT has no knowledge of the risk posed by open ports on cloud servers. o 67% said they are vulnerable, today; o 24% said they don’t know if they were vulnerable. • 79% have difficulty or cannot manage access to their cloud servers and generating reports. Ponemon Institute, LLC
  • 18. About the Sponsor D o m e 9 S e c u r i t y L t d. – http://www.dome9.com
  • 19. Overview of Dome9 Dome9 is a cloud firewall security management service Available for the enterprise and hosting providers, Dome9 provides dynamic security policy control for Clouds, Virtual Private Servers (VPS), dedicated servers, and Amazon’s EC2 Security Groups, across all major operating systems and service providers. Dome9 lets you…  Close all administrative ports on your servers without losing access and control.  Open any port on-demand, any time, for anyone, and from anywhere.  Send secure access invitations to third parties.  Centralize firewall management for all your servers and clouds
  • 20. Dome9 Central Dome9 offers full control over the host OS firewall from a secured web service – accessible from anywhere.
  • 21. Secure Your CloudTM Visit Dome9.com to get a copy of the Ponemon Study on Managing Firewalls in the Cloud, and get a free, 14-day trial of Dome9 Security.
  • 22. Thanks for your time. D o m e 9 S e c u r i t y L t d. – http://www.dome9.com
  • 23. Demographic information • 863 total respondents with 682 in final • Respondents spanned 17 industries: sample – 18% Financial Services – 12% Public Sector – 11% Health & Pharma • All respondents were bona fide – 8% Services credentials in IT or IT security – 8% Industrial o Median 10 years in IT and 4.5 years in current position – 7% Retail – 6% Hospitality • All respondents are based in the U.S., but have employees based in: • Organizational size: o 75% Canada – 5% had more than 100,000 employees o 68% Europe – 35% had more than 5,001 employees o 41% Middle East – 25% had 1,001-5,000 employees o 58% Asia-Pacific – 35% had fewer than 1,000 employees o 43% Latin America Role in Organization Reports to CIO 4% 2% 4% 3% 3% Vice President 15% 4% CISO 8% Director 38% CSO 22% Manager 20% 58% Supervisor CRO 19% Technician CFO Staff Ponemon Institute, LLC
  • 24. Cloud types and providers Types of cloud environments Major cloud service providers the the organization presently uses organization presently uses 68% 47%45%49% 70% 50% 60% 50% 38% 40% 50% 30%28% 40% 31% 30% 24% 30% 20% 20% 10% 2% 10% 0% 0% Google Azure Other Rackspace Terremark AWS EC2 GoGrid Ponemon Institute, LLC