SlideShare uma empresa Scribd logo

Securing the Cloud

Transferir como PPS, PDF
Icomm Technologies
Icomm Technologies

Moving your data from your own personal safe, to a safety deposit box in a bank. Access to you safety-deposit box is controlled by the bank, not you. In most cases all you need to supply is the right name and the right “password”

Negócios
1 de 18
Securing the Cloud Authentication Perspective
Moving to the Cloud is like........ Moving your data from your own personal safe, to a safety deposit box in a bank. Access to you safety-deposit box is controlled by the bank, not you. In most cases all you need to supply is the right name and the right “password”
The Cloud • Is a very public place • Everyone knows where your front door is • Everyone knows what your username is • Just one password away from access! In “The Cloud”, all access is Remote Access (remote from the application at least)
It is not Rocket science • I know that Dell use Salesforce CRM • (source: Salesforce.com) • I know that Michael Dell is CEO • (source: Wikipedia) • I know the format of Dell emails is firstname.lastname@dell.com • (source: my inbox) • Just one password away from access ?????
Passwords and “The Cloud” • Passwords in public places are not safe • How many different strong passwords can a user safely remember ? • NOT ENOUGH! • Recent straw poll users accessed at least 20 different password protected services!
Strong Passwords ??? Analysis of the 32 million passwords exposed in Jan 2010 in the breach of social media application developer RockYou - who's applications can be used on Facebook and Myspace -revealed the top 10 most commonly used passwords were: 1st :123456 6th :princess 1st :123456 6th :princess 2nd :12345 7th :rockyou 2nd :12345 7th :rockyou 3rd :123456789 8th :1234567 3rd :123456789 8th :1234567 4th :password 9th :12345678 4th :password 9th :12345678 5th :iloveyou 10th :abc123 5th :iloveyou 10th :abc123 (source: www.cxo.eu.com) Don’t forget for many attacks the strength of the password is no defence
Password Reuse • Password Reuse is inevitable • Cloud breaches (PSN, Sega, Facebook etc) have knock-on impacts • Your corporate data may only be as secure as the least secure Cloud service being used by your employees • Can we rely on people separating their corporate and social identities • No!
“…Sega explained that it had reset all passwords and urged customers to change their log-on details on other services and websites where they used the same credentials…” (Source: http://www.bbc.co.uk/news/technology-13829690)
Authentication and the Cloud • Using Cloud services can mean • You delegate authentication policies to the Cloud provider • You create multiple control points for user access • If you use multiple Cloud services • If you use a mix of Cloud and non-Cloud services • Forgetting to remove access from ex-employees is a common cause of loss of commercial data. • You rely on username/password
Authentication and the Cloud • The need for strong authentication for (eg VPN) remote access is well understood. • Customers purchase Remote Access solutions and an Authentication solution. • The same authentication solution is ideally used across all remote access services.
Approach • Separate Authentication from the Cloud Service • Use a single Authentication service for all services • Cloud and non-Cloud • Keep control over you access policies • Apply appropriate authentication • If I have access rights to data because I am an employee of an organisation, then that organisation should control my access
New Authentication Model • Not a new idea, but now becoming possible Check Credentials Request Access User-name Credentials Redirect Traditional Traditional Approach Approach Create/Delete Accounts Enterprise Enterprise User-name Credentials Configure Service Federated Federated Approach Approach Enterprise Enterprise “If anyone wants to access my data, send them to me!”
“Phone Home” Model • Enterprise owns the identity • Single point of control • Cloud Applications Cloud services do not store credentials • Cloud services do not set authentication policies • Multi-factor where required • Risk-based authentication • User needs one set of credentials Core Authentication Platform VPN Access Intranet
The “phone home model” is like.. When a user wants to access your safety deposit box, the bank sends them to you. The person confirms their identity to YOU in the manner you decide. You tell the bank that they can access the data
Swivel and Office 365 ADFS ADFS Proxy Proxy Internet Internet Active Active Directory Directory filter ADFS Request Response System can be configured so users already on the LAN need not authenticate again to Office 365. Developments will allow the same for other SAML-based cloud services. ADFS ADFS Server Server
Swivel and Office 365
Swivel and Office 365 (Demo) Forms Based Authentication Customisable Additional Credential only required if user as a PINsafe account (optional) Some users could have 2FA Mandatory
Questions

Recomendados

A Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsA Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsGabriella Davis
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnPeter Selch Dahl
 
Windows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanWindows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanDavid J Rosenthal
 
Certificates and Web of Trust
Certificates and Web of TrustCertificates and Web of Trust
Certificates and Web of TrustYousof Alsatom
 
Implementing and Managing Office 365 - Jacksonville IT Pro Camp 2017
Implementing and Managing Office 365 - Jacksonville IT Pro Camp 2017Implementing and Managing Office 365 - Jacksonville IT Pro Camp 2017
Implementing and Managing Office 365 - Jacksonville IT Pro Camp 2017Ben Stegink
 
The Power of Social Login
The Power of Social LoginThe Power of Social Login
The Power of Social LoginMichele Leroux Bustamante
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudJohn Kinsella
 
12 steps to_cloud_security
12 steps to_cloud_security12 steps to_cloud_security
12 steps to_cloud_securityWisecube AI
 

Recomendados

A Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsA Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsGabriella Davis
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnPeter Selch Dahl
 
Windows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanWindows Azure Active Directory - from Atidan
Windows Azure Active Directory - from AtidanDavid J Rosenthal
 
Certificates and Web of Trust
Certificates and Web of TrustCertificates and Web of Trust
Certificates and Web of TrustYousof Alsatom
 
Implementing and Managing Office 365 - Jacksonville IT Pro Camp 2017
Implementing and Managing Office 365 - Jacksonville IT Pro Camp 2017Implementing and Managing Office 365 - Jacksonville IT Pro Camp 2017
Implementing and Managing Office 365 - Jacksonville IT Pro Camp 2017Ben Stegink
 
The Power of Social Login
The Power of Social LoginThe Power of Social Login
The Power of Social LoginMichele Leroux Bustamante
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudJohn Kinsella
 
12 steps to_cloud_security
12 steps to_cloud_security12 steps to_cloud_security
12 steps to_cloud_securityWisecube AI
 
Cloud Computing and Virtualisation
Cloud Computing and VirtualisationCloud Computing and Virtualisation
Cloud Computing and Virtualisationanupriti
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Mark Williams
 
Authentication cloud
Authentication cloudAuthentication cloud
Authentication cloudvidhya dharmarajan
 
Authentication in cloud computing
Authentication in cloud computingAuthentication in cloud computing
Authentication in cloud computingvidhya dharmarajan
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityGlobalSign
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...Michael Noel
 
Black opspki 2
Black opspki 2Black opspki 2
Black opspki 2Dan Kaminsky
 
AzureAAD
AzureAADAzureAAD
AzureAADTonyHotko
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
 
Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloudZIONSECURITY
 
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01Shivananda Rai
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionSachintha Gunasena
 
Andy Malone - Keynote: the cloud one small step for man one giant leap for it
Andy Malone - Keynote: the cloud one small step for man one giant leap for itAndy Malone - Keynote: the cloud one small step for man one giant leap for it
Andy Malone - Keynote: the cloud one small step for man one giant leap for itNordic Infrastructure Conference
 
The cloud is as secure as you want it to be
The cloud is as secure as you want it to beThe cloud is as secure as you want it to be
The cloud is as secure as you want it to beDebashis Banerjee
 
What is the significance of cybersecurity in cloud.pptx
What is the significance of cybersecurity in cloud.pptxWhat is the significance of cybersecurity in cloud.pptx
What is the significance of cybersecurity in cloud.pptxinfosec train
 
How to implement cloud computing security
How to implement cloud computing securityHow to implement cloud computing security
How to implement cloud computing securityRandall Spence
 
Best Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyBest Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyTentacle Cloud
 
Security Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudSecurity Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudNeelkamal Gaharwar
 
Cloud Security Issues and Challenge.pptx
Cloud Security Issues and Challenge.pptxCloud Security Issues and Challenge.pptx
Cloud Security Issues and Challenge.pptxinfosec train
 
The truth behind cyber attacks
The truth behind cyber attacks The truth behind cyber attacks
The truth behind cyber attacks Icomm Technologies
 
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
10 Key Action to Reduce IT Infrastructure and Operation Cost StuctureIcomm Technologies
 

Mais conteúdo relacionado

Semelhante a Securing the Cloud

Cloud Computing and Virtualisation
Cloud Computing and VirtualisationCloud Computing and Virtualisation
Cloud Computing and Virtualisationanupriti
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Mark Williams
 
Authentication in cloud computing
Authentication in cloud computingAuthentication in cloud computing
Authentication in cloud computingvidhya dharmarajan
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityGlobalSign
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...Michael Noel
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
 
Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloudZIONSECURITY
 
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01Shivananda Rai
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionSachintha Gunasena
 
Andy Malone - Keynote: the cloud one small step for man one giant leap for it
Andy Malone - Keynote: the cloud one small step for man one giant leap for itAndy Malone - Keynote: the cloud one small step for man one giant leap for it
Andy Malone - Keynote: the cloud one small step for man one giant leap for itNordic Infrastructure Conference
 
The cloud is as secure as you want it to be
The cloud is as secure as you want it to beThe cloud is as secure as you want it to be
The cloud is as secure as you want it to beDebashis Banerjee
 
What is the significance of cybersecurity in cloud.pptx
What is the significance of cybersecurity in cloud.pptxWhat is the significance of cybersecurity in cloud.pptx
What is the significance of cybersecurity in cloud.pptxinfosec train
 
How to implement cloud computing security
How to implement cloud computing securityHow to implement cloud computing security
How to implement cloud computing securityRandall Spence
 
Best Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyBest Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyTentacle Cloud
 
Security Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudSecurity Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudNeelkamal Gaharwar
 
Cloud Security Issues and Challenge.pptx
Cloud Security Issues and Challenge.pptxCloud Security Issues and Challenge.pptx
Cloud Security Issues and Challenge.pptxinfosec train
 

Semelhante a Securing the Cloud (20)

Cloud Computing and Virtualisation
Cloud Computing and VirtualisationCloud Computing and Virtualisation
Cloud Computing and Virtualisation
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?
 
Authentication cloud
Authentication cloudAuthentication cloud
Authentication cloud
 
Authentication in cloud computing
Authentication in cloud computingAuthentication in cloud computing
Authentication in cloud computing
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
 
Black opspki 2
Black opspki 2Black opspki 2
Black opspki 2
 
AzureAAD
AzureAADAzureAAD
AzureAAD
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
 
Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloud
 
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
 
Andy Malone - Keynote: the cloud one small step for man one giant leap for it
Andy Malone - Keynote: the cloud one small step for man one giant leap for itAndy Malone - Keynote: the cloud one small step for man one giant leap for it
Andy Malone - Keynote: the cloud one small step for man one giant leap for it
 
The cloud is as secure as you want it to be
The cloud is as secure as you want it to beThe cloud is as secure as you want it to be
The cloud is as secure as you want it to be
 
What is the significance of cybersecurity in cloud.pptx
What is the significance of cybersecurity in cloud.pptxWhat is the significance of cybersecurity in cloud.pptx
What is the significance of cybersecurity in cloud.pptx
 
How to implement cloud computing security
How to implement cloud computing securityHow to implement cloud computing security
How to implement cloud computing security
 
Best Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyBest Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data Effectively
 
Security Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudSecurity Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloud
 
Cloud Security Issues and Challenge.pptx
Cloud Security Issues and Challenge.pptxCloud Security Issues and Challenge.pptx
Cloud Security Issues and Challenge.pptx
 

Mais de Icomm Technologies

The truth behind cyber attacks
The truth behind cyber attacks The truth behind cyber attacks
The truth behind cyber attacks Icomm Technologies
 
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
10 Key Action to Reduce IT Infrastructure and Operation Cost StuctureIcomm Technologies
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceIcomm Technologies
 
Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveIcomm Technologies
 
The only authentication platform you’ll ever need.
The only authentication platform you’ll ever need.The only authentication platform you’ll ever need.
The only authentication platform you’ll ever need.Icomm Technologies
 
Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365Icomm Technologies
 
Top 10 Trends in Telecommuting
Top 10 Trends in TelecommutingTop 10 Trends in Telecommuting
Top 10 Trends in TelecommutingIcomm Technologies
 
Controlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksControlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksIcomm Technologies
 
Tackling consumerization of it
Tackling consumerization of it Tackling consumerization of it
Tackling consumerization of it Icomm Technologies
 
Office 365-technical-overview-deck
Office 365-technical-overview-deckOffice 365-technical-overview-deck
Office 365-technical-overview-deckIcomm Technologies
 
Icomm virtualisation-support-white-paper
Icomm virtualisation-support-white-paperIcomm virtualisation-support-white-paper
Icomm virtualisation-support-white-paperIcomm Technologies
 
Efficiently protect-virtual-machines
Efficiently protect-virtual-machinesEfficiently protect-virtual-machines
Efficiently protect-virtual-machinesIcomm Technologies
 
Cloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devicesCloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devicesIcomm Technologies
 

Mais de Icomm Technologies (20)

The truth behind cyber attacks
The truth behind cyber attacks The truth behind cyber attacks
The truth behind cyber attacks
 
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
 
Anatomy of a cyber-attack
Anatomy of a cyber-attackAnatomy of a cyber-attack
Anatomy of a cyber-attack
 
Disaster Recovery
Disaster RecoveryDisaster Recovery
Disaster Recovery
 
Disaster Recovery
Disaster RecoveryDisaster Recovery
Disaster Recovery
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work force
 
Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to Solve
 
The only authentication platform you’ll ever need.
The only authentication platform you’ll ever need.The only authentication platform you’ll ever need.
The only authentication platform you’ll ever need.
 
Swivel Secure and Office 365
Swivel Secure and Office 365Swivel Secure and Office 365
Swivel Secure and Office 365
 
Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365
 
Top 10 Trends in Telecommuting
Top 10 Trends in TelecommutingTop 10 Trends in Telecommuting
Top 10 Trends in Telecommuting
 
Controlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksControlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate Networks
 
IT Security Trends in 2012
IT Security Trends in 2012IT Security Trends in 2012
IT Security Trends in 2012
 
Tackling consumerization of it
Tackling consumerization of it Tackling consumerization of it
Tackling consumerization of it
 
Office 365-technical-overview-deck
Office 365-technical-overview-deckOffice 365-technical-overview-deck
Office 365-technical-overview-deck
 
Icomm virtualisation-support-white-paper
Icomm virtualisation-support-white-paperIcomm virtualisation-support-white-paper
Icomm virtualisation-support-white-paper
 
Icomm cloud-backup-overview
Icomm cloud-backup-overviewIcomm cloud-backup-overview
Icomm cloud-backup-overview
 
Icomm agentless-architecture
Icomm agentless-architectureIcomm agentless-architecture
Icomm agentless-architecture
 
Efficiently protect-virtual-machines
Efficiently protect-virtual-machinesEfficiently protect-virtual-machines
Efficiently protect-virtual-machines
 
Cloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devicesCloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devices
 

Último

Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptxnandhinijagan9867
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...lizamodels9
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon investment
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...daisycvs
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...amitlee9823
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Sheetaleventcompany
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...amitlee9823
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentationuneakwhite
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLJAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLkapoorjyoti4444
 

Último (20)

Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLJAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 

Securing the Cloud

  • 2. Moving to the Cloud is like........ Moving your data from your own personal safe, to a safety deposit box in a bank. Access to you safety-deposit box is controlled by the bank, not you. In most cases all you need to supply is the right name and the right “password”
  • 3. The Cloud • Is a very public place • Everyone knows where your front door is • Everyone knows what your username is • Just one password away from access! In “The Cloud”, all access is Remote Access (remote from the application at least)
  • 4. It is not Rocket science • I know that Dell use Salesforce CRM • (source: Salesforce.com) • I know that Michael Dell is CEO • (source: Wikipedia) • I know the format of Dell emails is firstname.lastname@dell.com • (source: my inbox) • Just one password away from access ?????
  • 5. Passwords and “The Cloud” • Passwords in public places are not safe • How many different strong passwords can a user safely remember ? • NOT ENOUGH! • Recent straw poll users accessed at least 20 different password protected services!
  • 6. Strong Passwords ??? Analysis of the 32 million passwords exposed in Jan 2010 in the breach of social media application developer RockYou - who's applications can be used on Facebook and Myspace -revealed the top 10 most commonly used passwords were: 1st :123456 6th :princess 1st :123456 6th :princess 2nd :12345 7th :rockyou 2nd :12345 7th :rockyou 3rd :123456789 8th :1234567 3rd :123456789 8th :1234567 4th :password 9th :12345678 4th :password 9th :12345678 5th :iloveyou 10th :abc123 5th :iloveyou 10th :abc123 (source: www.cxo.eu.com) Don’t forget for many attacks the strength of the password is no defence
  • 7. Password Reuse • Password Reuse is inevitable • Cloud breaches (PSN, Sega, Facebook etc) have knock-on impacts • Your corporate data may only be as secure as the least secure Cloud service being used by your employees • Can we rely on people separating their corporate and social identities • No!
  • 8. “…Sega explained that it had reset all passwords and urged customers to change their log-on details on other services and websites where they used the same credentials…” (Source: http://www.bbc.co.uk/news/technology-13829690)
  • 9. Authentication and the Cloud • Using Cloud services can mean • You delegate authentication policies to the Cloud provider • You create multiple control points for user access • If you use multiple Cloud services • If you use a mix of Cloud and non-Cloud services • Forgetting to remove access from ex-employees is a common cause of loss of commercial data. • You rely on username/password
  • 10. Authentication and the Cloud • The need for strong authentication for (eg VPN) remote access is well understood. • Customers purchase Remote Access solutions and an Authentication solution. • The same authentication solution is ideally used across all remote access services.
  • 11. Approach • Separate Authentication from the Cloud Service • Use a single Authentication service for all services • Cloud and non-Cloud • Keep control over you access policies • Apply appropriate authentication • If I have access rights to data because I am an employee of an organisation, then that organisation should control my access
  • 12. New Authentication Model • Not a new idea, but now becoming possible Check Credentials Request Access User-name Credentials Redirect Traditional Traditional Approach Approach Create/Delete Accounts Enterprise Enterprise User-name Credentials Configure Service Federated Federated Approach Approach Enterprise Enterprise “If anyone wants to access my data, send them to me!”
  • 13. “Phone Home” Model • Enterprise owns the identity • Single point of control • Cloud Applications Cloud services do not store credentials • Cloud services do not set authentication policies • Multi-factor where required • Risk-based authentication • User needs one set of credentials Core Authentication Platform VPN Access Intranet
  • 14. The “phone home model” is like.. When a user wants to access your safety deposit box, the bank sends them to you. The person confirms their identity to YOU in the manner you decide. You tell the bank that they can access the data
  • 15. Swivel and Office 365 ADFS ADFS Proxy Proxy Internet Internet Active Active Directory Directory filter ADFS Request Response System can be configured so users already on the LAN need not authenticate again to Office 365. Developments will allow the same for other SAML-based cloud services. ADFS ADFS Server Server
  • 17. Swivel and Office 365 (Demo) Forms Based Authentication Customisable Additional Credential only required if user as a PINsafe account (optional) Some users could have 2FA Mandatory

Notas do Editor

  1. The cloud is a public place. Everyone’s experience of cloud applications is pretty much the same. If I know how to access my account, chances are I know how to access yours.
  2. The cloud is a public place. Everyone’s experience of cloud applications is pretty much the same. If I know how to access my account, chances are I know how to access yours.
  3. Just an example. But all three facts are true. Whether Dell use email address for salesforce and whether Micheal Dell has an account or not is not clear. But the principle is the same, as we just one password away from Dells entire CRM data ? Of course this is another element of the public nature of the cloud. Cloud applications such as facebook, twitter, etc mean there is much more information available about people “in the cloud”
  4. Of course we all use the cloud in some way, if not in our corporate life then in our personal life. Password reuse becomes inevitable
  5. Weakness of passwords is well documented. But the point is that these passwords were obtained from a cloud service
  6. So if you use cloud services for your corporate data Chances are your corporate users will also reuse credentials Therefore their credentials are potentially only as safe as the weakest link in the chain
  7. The SEGA breach was perhaps the first acknowledgement from a cloud service provider that the fact that they lost your credentials not only affected you SEGA data but many other potential accounts as well. When you trust a cloud service with your username and password, you are not only trusting them with your data in relation to that service but possibly others as well.
  8. `A key issue is that using cloud services means you delegate the service and access control to the cloud provider as well as the service itself. You are trusting the cloud service with more than just the service. This creates multiple control points It means authentication policy is defined by the cloud provider.
  9. `A key issue is that using cloud services means you delegate the service and access control to the cloud provider as well as the service itself. You are trusting the cloud service with more than just the service. This creates multiple control points It means authentication policy is defined by the cloud provider.
  10. Reclaim or retain control over access.
  11. “Traditionally authentication was done at the back-end” Within the DMZ. User submits credentials and are checked “behind the scenes”. New standards are enabling new models. Whereby authentication is done “in front” The standards are not new in themsleves but what is new is that fact that service providers are implementing them. Which means vendors like ourselves can build solutions around them. Federation is another overloaded term. But I want to highlight a specific meaning
  12. This federation model means that to access data that you have rights to because you are an employee of a company then the service must verify your identity and rights with that company, This means cloud service is not longer responsible for Authentication Storing Credentials And same credential and authentication service can be used for internal and cloud access
  13. The cloud is a public place. Everyone’s experience of cloud applications is pretty much the same. If I know how to access my account, chances are I know how to access yours.