This document discusses managing access security risks in the cloud. It notes that security is a major concern for organizations moving to the cloud. The top internal and external audit findings relate to identity and access management. The document advocates adopting a risk-driven identity and access management model to ensure the right people have the right access to the right resources. It acknowledges that while security technologies are important, managing risk should be the focus. An architecture for access intelligence is proposed that uses analytics and monitoring to detect threats and risks in real-time and enable contextual remediation.
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Semelhante a Rethink cloud security to get ahead of the risk curve by kurt johnson, vice president of strategy and corporate development courion corporation
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USIBM Danmark
Semelhante a Rethink cloud security to get ahead of the risk curve by kurt johnson, vice president of strategy and corporate development courion corporation (20)
5. Top Internal/External Audit Findings
Source: 2010 Deloitte Global Security Survey, Financial Services
CONFIDENTIAL
6. Identity and Access Management Model
Have the Right
Ensure the To the Right
Access
Right People Resources
Data
Policy-Driven Access Information
Systems
Resources
Assets
and are doing the Right Things.
CONFIDENTIAL
9. IAM Technologies
Provisioning (Granting Access)
Federation (Consolidating
174 million breaches*
Identities)
Single Sign On (SSO)
Authentication/Authorization
Privilege Access Management
(PAM)
Governance (Compliance with
policy/regulations)
2009 2010 2011
CONFIDENTIAL
10. The Complexity of Securing Information
10s of Thousands of
Identities
1000’s of people 1000’s of applications
100’s of millions+
of relationships & resources
100’s of policies & Millions of
regulations actions
CONFIDENTIAL
11. Bad Guys -> Fast…
Good Guys -> Slow.
Source: Verizon 2012 Data Breach Investigations Report
CONFIDENTIAL
12. Is the Cloud the Issue?
We are often asked whether “the Cloud”
factors into many of the breaches we
investigate. The easy answer is “No—not
really.” It’s more about giving up control of
our assets and data (and not controlling
the associated risk) than any technology
specific to the Cloud.
Source: Verizon 2012 Data Breach Investigations Report
CONFIDENTIAL
14. Risk Driven Model
Risk = Impact X Likelihood
What are the most important assets?
• Key Applications?
• File Shares?
• Identity/Security Information?
Who has access to them?
What kind of access do they have?
How do I know if it is at risk?
• Real Time Analysis
• Policy
• Behavior
CONFIDENTIAL
18. Managing Risk: Access Intelligence
Risk as a metric for managing Security
Analytics and Intelligence to monitor in real time
Notification
Contextual Remediation
CONFIDENTIAL
We’re all familiar with the headlines about data breaches
Deloitte survey results highlight the need to manage access rights across the enterprise Enforce policy Track user activity Ensure controls are in place
What is Access Risk Management? By ensuring that the right people have the right access to the right resources and are doing the right things based on policy, organizations can manage access risk By managing access risk, companies can increase security, demonstrate compliance, improve efficiency and minimize risk to the business Access risk management encompasses traditional IAM (password mgmt, user provisioning) and access governance (role management, compliance mgmt, access certification.)
The challenge organizations face is the volume of identities and access requirements that need to be managed An organization with thousands of employees is going to have tens of thousands of identities (aka multiple identities for each individual) These identities are going to have access to hundreds or thousands of apps in the enterprise (and in the cloud) Organizations will have tens of thousands of file shares that present access challenges All of these identity and access requirements equate to millions of relationships that need to be managed – none of which are static and will change constantly.
And when the door is open the bad guys are much faster in exploiting it than we tend to be recognizing it.2012 Data Breach Investigations ReportIt’s a busy slide but it shows the direct and inverse correlation betweenThe rapid speed in which the bad guys can compromise our layered defenses and exfiltrate valuable information or compromise key processes ANDThis is measured in minutes and hrsThe glacial speed in which we realize what’s happening and do something about it.This is measure in weeks and months to never.
There are other ways to get access to information. Case of the stolen information based on breaching the physical building with a tie.But the cloud opens up more assets being managed and accessed by more people in multiple locations. Which opens up more opportunities for information to be compromised either on purpose or accidently.
How much performance?Deloitte’s Kelly Bissell said nothing will support their custom applications with 47M relationships.We are managing 800M in real time.