SlideShare uma empresa Scribd logo

Cloud Security - Idealware

I
Idealware

Vendors are lured by visions of long-term residual subscription income, while customers dream of IT services and software without significant upfront costs. Sounds like techno Shangri-La, but what of security? Pessimists warn us away from the Cloud on the grounds that we should maintain control over the security of our property. Those bullish on the Cloud argue often delusionaly that your data is safer in the Cloud than on your own hard drives. Make no mistake: the Internet is the lion's den, and the Cloud sits squarely in it. This session will discuss the security realities of traditional IT software and infrastructure, and contrast them with those of Cloud-based resources.

Tecnologia
1 de 54
The Cloud Beckons, But is it Safe? April 2012
The Cloud Beckons, But is it Safe? #12NTCCSec Laura Quinn Michael Enos
Evaluate This Session! Each entry is a chance to win an NTEN engraved iPad! or Online at www.nten.org/ntc/eval
Introductions Laura Quinn Executive Director Idealware Michael Enos Chief Technology Officer, Second Harvest Food Bank of Santa Clara and San Mateo Counties What are you hoping to get out of this session?
What is The Cloud?
The Lure of the Cloud Low cost of entry Easy remote access No complex infrastructure But what about security?
How Do YOU Feel About Cloud Security?
Why the Concern?
Cloud Security in the News
Under Siege To be on the Internet is to be vulnerable to attack. If you’re on the Internet, you’re in The Cloud
But We Do Lots of Things on the Internet We shop online We bank online We post crazy things on Facebook Why is the cloud different? It’s not.
How Secure is Your On-Site Data? Do any of these sound familiar? • No one patches computers or is responsible for network security • You haven’t really thought about passwords or permissions • No disaster recovery plans • Staff hasn’t had any security training
Myth “We’re a tiny nonprofit. We’re safe because no one would target us for cyber attack.”
Fact Many data security breaches are crimes of opportunity. Organizations don’t always consider the sensitivity of their data until it’s exposed.
Myth “Our data is safer not in the cloud”
A Cloud Data Center
Is This Your Server Closet?
What Does Security Mean?
The Three Pillars of Information Security
Confidentiality Information is available only to authorized parties.
Integrity Information isn’t modified inappropriately, and that you can track who made what change.
Availability Assurance that data is accessible when needed by authorized parties.
Also: Physical Possession Whoever has the data could, for instance, turn it over to the government
How Does This Apply to the Cloud?
Cloud Security The use of the term “Cloud” is cloudy! Three general types of clouds: – Software-as-a-Service – Hosted Private Cloud – Co-located Private Cloud All three have different security models
Software as a Service The vendor owns and manages all aspects of the environment. For instance:
Hosted Private Cloud The vendor owns and manages the equipment only, but all software is managed by the client. The equipment is on the vendors network. For instance:
Co-located Private Cloud The vendor provides the physical environment only in a data center, the client maintains the hardware and the software. For instance:
What Does Security Mean For You?
Rules for Absolute Safety Turn off your Internet connection. Allow no one access to your data and systems. But let’s be realistic…
Know What You’re Protecting What kinds of data are you storing, and how sensitive are they? Think about its value on the open market.
Red Flags You need extremely tight security to store: • Donor’s credit card numbers. • Scanned images of checks. • Donor’s bank account information.
What’s Your Exposure? Consider the impact of exposure of your confidential information, both in monetary terms and reputation.
What’s The Impact of an Outage? How much staff time could you lose from a short term or prolonged outage?
Testing Your On-Site Security Have you recently performed a: • Check on whether your systems have been recently patched? • Systems penetration test ? • Employee training on security procedures? • Backup/recovery test? If not, you’d likely increase your security by moving to the cloud.
A Multi-Level Security Model
Multi-Level Security is the Ideal
Physical Security • Guarded facilities • Protection of your hardware and devices • Power redundancy • Co-location (redundant facilities)
Network Security • Intrusion prevention • Intrusion detection • Firewalled systems • Network proactive anti-virus protection
Transmission Security Is data encrypted in transit? Is the network secure?
Access Controls • Ensuring the right people have access to the right data • Physical access to the server • Training on appropriate passwords and security measures
Data Protection • Data encryption • Solid backup and restore policies • Ability to purge deleted data • Ability to prevent government entities from getting your data with a subpoena
What to Look For in a Vendor
Description of Security Mechanisms Documentation of all the facets of security, and the staff can talk about it intelligently. Proves information security is on the “front burner”
Uptime Do they provide any guarantee of uptime? Any historic uptime figures? Uptime figures are typically in 9s-- 99%, 99.9% or 99.99% Your connection to the internet may well be the weakest link.
Regulatory Compliance: HIPAA Does the vendor support organizations that need to be compliant with HIPAA (the Health Insurance Portability and Accountability Act)?
Regulatory Compliance: SAS70 and SSAE16 Audit for security standards, hardware, and processes. Statement on Accounting Standards 70 (SAS70) Statement of Standards for Attestation Engagements 16 (SSAE16)
Regulatory Compliance: PCI DSS Compliance If you’re storing credit card numbers, your vendor needs to be compliant with PCI DSS (Payment Card Industry Payment Data Security Standard)
In Summary
Understand the Value of Your Data What is it worth to you? To others? What measures are appropriate to protect it?
Your Data Is No Safer Than You Make It Any computer attached to the internet is vulnerable unless you protect it. The cloud isn’t, in of itself, more or less secure
But Many Vendors Make Your Data Really Safe Choose vendors who show they’re serious about data protection (not all vendors are created equal). Consider a vendor’s regulatory compliance.
Questions?

Recomendados

The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?NTEN
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?Legal Services National Technology Assistance Project (LSNTAP)
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin RowneySymantec
 
Symantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec
 
Cloud & Sécurité
Cloud & SécuritéCloud & Sécurité
Cloud & SécuritéTechnofutur TIC
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomwaremarketingunitrends
 
Source Code Security the Symantec Way
Source Code Security the Symantec WaySource Code Security the Symantec Way
Source Code Security the Symantec WaySymantec
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataProcore Technologies
 

Recomendados

The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?NTEN
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?Legal Services National Technology Assistance Project (LSNTAP)
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin RowneySymantec
 
Symantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec Data Loss Prevention- From Adoption to Maturity
Symantec Data Loss Prevention- From Adoption to MaturitySymantec
 
Cloud & Sécurité
Cloud & SécuritéCloud & Sécurité
Cloud & SécuritéTechnofutur TIC
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomwaremarketingunitrends
 
Source Code Security the Symantec Way
Source Code Security the Symantec WaySource Code Security the Symantec Way
Source Code Security the Symantec WaySymantec
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataProcore Technologies
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your CloudthinkASG
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilienceChristophe Foulon, CISSP
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?marketingunitrends
 
IT Security for Nonprofits
IT Security for NonprofitsIT Security for Nonprofits
IT Security for NonprofitsCommunity IT Innovators
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentConSanFrancisco123
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]Stanton Viaduc
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Intel IT Center
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013Wolfgang Kandek
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.martin_lee1969
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
Gavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune SystemGavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune Systemcentralohioissa
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 
Backups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for NonprofitsBackups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for NonprofitsCommunity IT Innovators
 
Darim's Synagogue Data Series, Part 3
Darim's Synagogue Data Series, Part 3Darim's Synagogue Data Series, Part 3
Darim's Synagogue Data Series, Part 3Idealware
 
From Digital Divide to Digital Inclusion: Technology as an Equalizing Force-I...
From Digital Divide to Digital Inclusion: Technology as an Equalizing Force-I...From Digital Divide to Digital Inclusion: Technology as an Equalizing Force-I...
From Digital Divide to Digital Inclusion: Technology as an Equalizing Force-I...Idealware
 

Mais conteúdo relacionado

Mais procurados

White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your CloudthinkASG
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?marketingunitrends
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentConSanFrancisco123
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]Stanton Viaduc
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Intel IT Center
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013Wolfgang Kandek
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.martin_lee1969
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
Gavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune SystemGavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune Systemcentralohioissa
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 
Backups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for NonprofitsBackups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for NonprofitsCommunity IT Innovators
 

Mais procurados (20)

White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your Cloud
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?
 
IT Security for Nonprofits
IT Security for NonprofitsIT Security for Nonprofits
IT Security for Nonprofits
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the Cloud
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
 
Gavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune SystemGavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune System
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
 
Backups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for NonprofitsBackups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for Nonprofits
 

Destaque

Darim's Synagogue Data Series, Part 3
Darim's Synagogue Data Series, Part 3Darim's Synagogue Data Series, Part 3
Darim's Synagogue Data Series, Part 3Idealware
 
From Digital Divide to Digital Inclusion: Technology as an Equalizing Force-I...
From Digital Divide to Digital Inclusion: Technology as an Equalizing Force-I...From Digital Divide to Digital Inclusion: Technology as an Equalizing Force-I...
From Digital Divide to Digital Inclusion: Technology as an Equalizing Force-I...Idealware
 
Service Beyond Geography: Using Technology to Serve People Remotely-Idealware
Service Beyond Geography: Using Technology to Serve People Remotely-IdealwareService Beyond Geography: Using Technology to Serve People Remotely-Idealware
Service Beyond Geography: Using Technology to Serve People Remotely-IdealwareIdealware
 
Maturing Your Organization's Social Culture: Creating Effective Policies-Idea...
Maturing Your Organization's Social Culture: Creating Effective Policies-Idea...Maturing Your Organization's Social Culture: Creating Effective Policies-Idea...
Maturing Your Organization's Social Culture: Creating Effective Policies-Idea...Idealware
 
Measuring Your Mission: Using Data to Track Organizational Health and Success...
Measuring Your Mission: Using Data to Track Organizational Health and Success...Measuring Your Mission: Using Data to Track Organizational Health and Success...
Measuring Your Mission: Using Data to Track Organizational Health and Success...Idealware
 
More Than Apps - Idealware
More Than Apps - IdealwareMore Than Apps - Idealware
More Than Apps - IdealwareIdealware
 
Creating a Social Media Policy - Idealware and Darim Online
Creating a Social Media Policy - Idealware and Darim OnlineCreating a Social Media Policy - Idealware and Darim Online
Creating a Social Media Policy - Idealware and Darim OnlineIdealware
 
Innovation in Service Delivery - Idealware and MAP for Nonprofits
Innovation in Service Delivery - Idealware and MAP for NonprofitsInnovation in Service Delivery - Idealware and MAP for Nonprofits
Innovation in Service Delivery - Idealware and MAP for NonprofitsIdealware
 

Destaque (8)

Darim's Synagogue Data Series, Part 3
Darim's Synagogue Data Series, Part 3Darim's Synagogue Data Series, Part 3
Darim's Synagogue Data Series, Part 3
 
From Digital Divide to Digital Inclusion: Technology as an Equalizing Force-I...
From Digital Divide to Digital Inclusion: Technology as an Equalizing Force-I...From Digital Divide to Digital Inclusion: Technology as an Equalizing Force-I...
From Digital Divide to Digital Inclusion: Technology as an Equalizing Force-I...
 
Service Beyond Geography: Using Technology to Serve People Remotely-Idealware
Service Beyond Geography: Using Technology to Serve People Remotely-IdealwareService Beyond Geography: Using Technology to Serve People Remotely-Idealware
Service Beyond Geography: Using Technology to Serve People Remotely-Idealware
 
Maturing Your Organization's Social Culture: Creating Effective Policies-Idea...
Maturing Your Organization's Social Culture: Creating Effective Policies-Idea...Maturing Your Organization's Social Culture: Creating Effective Policies-Idea...
Maturing Your Organization's Social Culture: Creating Effective Policies-Idea...
 
Measuring Your Mission: Using Data to Track Organizational Health and Success...
Measuring Your Mission: Using Data to Track Organizational Health and Success...Measuring Your Mission: Using Data to Track Organizational Health and Success...
Measuring Your Mission: Using Data to Track Organizational Health and Success...
 
More Than Apps - Idealware
More Than Apps - IdealwareMore Than Apps - Idealware
More Than Apps - Idealware
 
Creating a Social Media Policy - Idealware and Darim Online
Creating a Social Media Policy - Idealware and Darim OnlineCreating a Social Media Policy - Idealware and Darim Online
Creating a Social Media Policy - Idealware and Darim Online
 
Innovation in Service Delivery - Idealware and MAP for Nonprofits
Innovation in Service Delivery - Idealware and MAP for NonprofitsInnovation in Service Delivery - Idealware and MAP for Nonprofits
Innovation in Service Delivery - Idealware and MAP for Nonprofits
 

Semelhante a Cloud Security - Idealware

Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfYounesChafi1
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
Assuring Reliable and Secure IT Services
Assuring Reliable and Secure IT ServicesAssuring Reliable and Secure IT Services
Assuring Reliable and Secure IT Servicestsaiblake
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security DemistyifiedMicrosoft UK
 
Security Transformation
Security TransformationSecurity Transformation
Security TransformationFaisal Yahya
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions ErnestStaats
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfTop Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfForgeahead Solutions
 
To Cloud or Not To Cloud
To Cloud or Not To CloudTo Cloud or Not To Cloud
To Cloud or Not To CloudMichael Yung
 
Cyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyCyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyChristoanSmit
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security EssentialWhy Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security EssentialDana Gardner
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...Amazon Web Services
 
Security and the cloud
Security and the cloudSecurity and the cloud
Security and the cloudFREVVO
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint SecurityBen Rothke
 

Semelhante a Cloud Security - Idealware (20)

Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Assuring Reliable and Secure IT Services
Assuring Reliable and Secure IT ServicesAssuring Reliable and Secure IT Services
Assuring Reliable and Secure IT Services
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security Demistyified
 
Security Transformation
Security TransformationSecurity Transformation
Security Transformation
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfTop Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
 
To cloud or not to cloud
To cloud or not to cloudTo cloud or not to cloud
To cloud or not to cloud
 
To Cloud or Not To Cloud
To Cloud or Not To CloudTo Cloud or Not To Cloud
To Cloud or Not To Cloud
 
Cyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyCyber Security and GDPR Made Easy
Cyber Security and GDPR Made Easy
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security EssentialWhy Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
 
Security and the cloud
Security and the cloudSecurity and the cloud
Security and the cloud
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
 

Último

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Último (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Cloud Security - Idealware

  • 1. The Cloud Beckons, But is it Safe? April 2012
  • 2. The Cloud Beckons, But is it Safe? #12NTCCSec Laura Quinn Michael Enos
  • 3. Evaluate This Session! Each entry is a chance to win an NTEN engraved iPad! or Online at www.nten.org/ntc/eval
  • 4. Introductions Laura Quinn Executive Director Idealware Michael Enos Chief Technology Officer, Second Harvest Food Bank of Santa Clara and San Mateo Counties What are you hoping to get out of this session?
  • 5.
  • 6. What is The Cloud?
  • 7. The Lure of the Cloud Low cost of entry Easy remote access No complex infrastructure But what about security?
  • 8. How Do YOU Feel About Cloud Security?
  • 10. Cloud Security in the News
  • 11. Under Siege To be on the Internet is to be vulnerable to attack. If you’re on the Internet, you’re in The Cloud
  • 12. But We Do Lots of Things on the Internet We shop online We bank online We post crazy things on Facebook Why is the cloud different? It’s not.
  • 13. How Secure is Your On-Site Data? Do any of these sound familiar? • No one patches computers or is responsible for network security • You haven’t really thought about passwords or permissions • No disaster recovery plans • Staff hasn’t had any security training
  • 14. Myth “We’re a tiny nonprofit. We’re safe because no one would target us for cyber attack.”
  • 15. Fact Many data security breaches are crimes of opportunity. Organizations don’t always consider the sensitivity of their data until it’s exposed.
  • 16. Myth “Our data is safer not in the cloud”
  • 17. A Cloud Data Center
  • 18. Is This Your Server Closet?
  • 20. The Three Pillars of Information Security
  • 21. Confidentiality Information is available only to authorized parties.
  • 22. Integrity Information isn’t modified inappropriately, and that you can track who made what change.
  • 23. Availability Assurance that data is accessible when needed by authorized parties.
  • 24. Also: Physical Possession Whoever has the data could, for instance, turn it over to the government
  • 25. How Does This Apply to the Cloud?
  • 26. Cloud Security The use of the term “Cloud” is cloudy! Three general types of clouds: – Software-as-a-Service – Hosted Private Cloud – Co-located Private Cloud All three have different security models
  • 27. Software as a Service The vendor owns and manages all aspects of the environment. For instance:
  • 28. Hosted Private Cloud The vendor owns and manages the equipment only, but all software is managed by the client. The equipment is on the vendors network. For instance:
  • 29. Co-located Private Cloud The vendor provides the physical environment only in a data center, the client maintains the hardware and the software. For instance:
  • 30. What Does Security Mean For You?
  • 31. Rules for Absolute Safety Turn off your Internet connection. Allow no one access to your data and systems. But let’s be realistic…
  • 32. Know What You’re Protecting What kinds of data are you storing, and how sensitive are they? Think about its value on the open market.
  • 33. Red Flags You need extremely tight security to store: • Donor’s credit card numbers. • Scanned images of checks. • Donor’s bank account information.
  • 34. What’s Your Exposure? Consider the impact of exposure of your confidential information, both in monetary terms and reputation.
  • 35. What’s The Impact of an Outage? How much staff time could you lose from a short term or prolonged outage?
  • 36. Testing Your On-Site Security Have you recently performed a: • Check on whether your systems have been recently patched? • Systems penetration test ? • Employee training on security procedures? • Backup/recovery test? If not, you’d likely increase your security by moving to the cloud.
  • 39. Physical Security • Guarded facilities • Protection of your hardware and devices • Power redundancy • Co-location (redundant facilities)
  • 40. Network Security • Intrusion prevention • Intrusion detection • Firewalled systems • Network proactive anti-virus protection
  • 41. Transmission Security Is data encrypted in transit? Is the network secure?
  • 42. Access Controls • Ensuring the right people have access to the right data • Physical access to the server • Training on appropriate passwords and security measures
  • 43. Data Protection • Data encryption • Solid backup and restore policies • Ability to purge deleted data • Ability to prevent government entities from getting your data with a subpoena
  • 44. What to Look For in a Vendor
  • 45. Description of Security Mechanisms Documentation of all the facets of security, and the staff can talk about it intelligently. Proves information security is on the “front burner”
  • 46. Uptime Do they provide any guarantee of uptime? Any historic uptime figures? Uptime figures are typically in 9s-- 99%, 99.9% or 99.99% Your connection to the internet may well be the weakest link.
  • 47. Regulatory Compliance: HIPAA Does the vendor support organizations that need to be compliant with HIPAA (the Health Insurance Portability and Accountability Act)?
  • 48. Regulatory Compliance: SAS70 and SSAE16 Audit for security standards, hardware, and processes. Statement on Accounting Standards 70 (SAS70) Statement of Standards for Attestation Engagements 16 (SSAE16)
  • 49. Regulatory Compliance: PCI DSS Compliance If you’re storing credit card numbers, your vendor needs to be compliant with PCI DSS (Payment Card Industry Payment Data Security Standard)
  • 51. Understand the Value of Your Data What is it worth to you? To others? What measures are appropriate to protect it?
  • 52. Your Data Is No Safer Than You Make It Any computer attached to the internet is vulnerable unless you protect it. The cloud isn’t, in of itself, more or less secure
  • 53. But Many Vendors Make Your Data Really Safe Choose vendors who show they’re serious about data protection (not all vendors are created equal). Consider a vendor’s regulatory compliance.

Notas do Editor

  1. Those were examples that illustrate that the Internet itself is a dangerous place. Yet who would give up their Internet connection?
  2. If you shop and bank online, and share personal info via social media, you already use the cloud. You probably trust your bank and online merchants like Amazon because you believe they have the capability and the incentive to protect your information. You probably also realize that “free” social media vendors make money by selling information about you.
  3. Here are some vulnerabilities that apply to all systems connected to the Internet, including systems in the cloud.Reputable cloud vendors significant resources and teams of computer and security specialists devoted to maintaining the security of the data they handle. They can be far better positioned to protect your data than you are.
  4. People target systems for attack when that they know have valuable information, like account numbers, social security numbers and the like. Things that nonprofits don’t typically have.Hackers after fame are more likely to attack big ACME Bancorp, International, than a community food bank’s systems.This means your risk of attack is lower than that of some big company, but it doesn’t mean you’re safe.
  5. Cyber crime is often the computer equivalent of trying front doors until you find an unlocked house. IMPORTANT: Payment information SHOULD NOT be stored on your systems. If you have donor’s credit card data for recurring payments, move to a reputable payment processing vendor. Then delete this information. Thieves can’t steal data that you don’t have.
  6. People target systems for attack when that they know have valuable information, like account numbers, social security numbers and the like. Things that nonprofits don’t typically have.Hackers after fame are more likely to attack big ACME Bancorp, International, than a community food bank’s systems.This means your risk of attack is lower than that of some big company, but it doesn’t mean you’re safe.
  7. Reputable cloud vendors significant resources and teams of computer and security specialists devoted to maintaining the security of the data they handle. They can be far better positioned to protect your data than you are.
  8. If you have no full time IT and your server lives in a broom closet, your data is not likely secure.
  9. Information security boils down to these three areas, plus privacy.
  10. You know whether there is integrety. Like going in to change your salary because everyone has access, no accountablity. No universal login
  11. One of the most common. DNS attack. Systems are reliable.
  12. If you avoid automobiles, you’ll never be in a car accident. But you won’t get very far, either.Avoiding the Internet will cut your information security risk, but your productivity will be set back a few decades.There are ways to maximize information security, but you can’t entirely eliminate risk.
  13. This kind of “discovery” exercise is important. You may find that the data you think you have differs from what you actually. Maybe you have sensitive data that you’re not aware of. Secret Service level security might not be warranted, but its nice to know what protection is appropriate.How old is your server? Is it near the end of its life? What would you do if it crashed tomorrow?Can someone just walk up to your server? Do they need to log in? Is the admin password “letmein”?
  14. Don’t keep financial information related to donors on your system. Thieves can’t steal data you don’t have, and there’s no reason for you to take on the risk of handling such sensitive information. Better to outsource to a payment vendor who can guarantee the security of this information.
  15. Might the exposure of donor data hurt your ability to raise money in the future? What if that “anonymous” major donor was outted?What would be the financial impact if you couldn’t access key systems (wasted staff hours, missed fundraising opportunities, etc)?
  16. Might the exposure of donor data hurt your ability to raise money in the future? What if that “anonymous” major donor was outted?What would be the financial impact if you couldn’t access key systems (wasted staff hours, missed fundraising opportunities, etc)?
  17. If data and systems are in house, what are you doing to protect them? Could a cloud vendor do a better job than you can?Systems penetration – reverse engineer passwords, social engineering, known vulnerabilitiesinformation handling/protection procedures? Policies for changing passwords, what you do with old users
  18. The greater the depth of security measures, the longer a potential attacker will be delayed. This is important
  19. Computer intrusion detection and prevention systems alert you to possible systems breaches and try to thwart them. Look for abnormal patterns. Prevention – alerting someone. More harm than good for small orgs – so many false postives. Data center has “intrusion guy”Firewalls attempt to block entry to your systems by malicious people and information. Let’s in an out things in a circuit. HTTP is generally open, but there are rules to help with attacksAnti-virus software helps prevent malware from installing on your systems, and attempts to clean exisiting infections.
  20. Websites use security certificates to encrypt data while in transit *and* verify to you that the URL belongs to the organization you think it belongs to. FTP or secure FTP. PGP. VPN= encrypted tunnel between two trusted partners.https rather than http indicates that the site you’re using has a certificate and is encrypting the data you send. Newer browser allow you to click on icon near the URL (a picture of a lock in the case of Chrome) to show information on the encryption used and the site’s owner.
  21. Stolen data is of little use if it’s encryptedUnderstand what is recoverable from backups, and how. Disaster recovery backups do not necessarily mean that you’ll be able to restore data you accidentally overwrite.Business continuity/disaster recovery
  22. Designed to protect private health related data, but HIPAA compliance can speak well of how other sensitive data is handled.
  23. Designed to protect private health related data, but HIPAA compliance can speak well of how other sensitive data is handled.
  24. These audits are performed by CPA firms and verify that a vendor has procedures in place that allow it to meet standards for handling sensitive data and for meeting regulatory requirements like HIPAA.SSAE16 is the newer audit standard and is slowly replacing SAS70. SSAE16 is more internationalized than SAS70
  25. Provides guidance on how debit and credit card information should be handled. Especially relevant for payment processing vendors that handle online donations.
  26. Provides guidance on how debit and credit card information should be handled. Especially relevant for payment processing vendors that handle online donations.
  27. Provides guidance on how debit and credit card information should be handled. Especially relevant for payment processing vendors that handle online donations.