![Page 1: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/1.jpg)
The Notorious Nine(Is Your Data Secure in the Cloud?)
![Page 2: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/2.jpg)
http://www.bcsprosoft.com
• Cloud Recap• What’s keeping you up at night (aka – “The
Notorious Nine”)• How Cloud publishers are securing your data• With security in mind, why would you move to
the cloud?• Questions to ask Cloud publishers• Q&A
Agenda
![Page 3: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/3.jpg)
http://www.bcsprosoft.com
• 27+ Years Experience• 1,500 Clients across all 50 States, Canada, and
Mexico• Offices in San Antonio, Houston, Denver,
Honolulu• Award winning partners with
About BCS ProSoft
![Page 4: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/4.jpg)
http://www.bcsprosoft.com
• Cloud computing…– The word "cloud" is used as a metaphor for "the Internet" – Cloud computing is the process of outsourcing IT services – such as
servers, storage and applications – to a shared platform accessed via the Internet.
– End users access cloud based applications through a web browser or a light weight desktop or mobile apps while business software and data are stored on servers at a remote location.
– Services are provided as a utility, most often on a subscription basis – Saves money and energy, as a vendor maintains the infrastructure and
applications that run in the cloud environment instead of the organization.
Definitions
![Page 6: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/6.jpg)
http://www.bcsprosoft.com
Cloud Computing TaxonomyOn Premise IaaS PaaS
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
You m
anage
Managed b
y v
endor
Managed b
y v
endor
You m
anage
You m
anage
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
SaaS
Managed b
y v
endor
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
![Page 7: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/7.jpg)
http://www.bcsprosoft.com
On-Premise
• All resources managed by the end-user organization.
• Everything is private and controlled.
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
You m
anage
![Page 8: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/8.jpg)
http://www.bcsprosoft.com
IaaS - Infrastructure as a Service On Premise IaaS
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
You m
anage
Managed b
y v
endor
You m
anage
• Virtual infrastructure• Virtual desktop• Backup and recovery• Managed cloud
security
![Page 9: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/9.jpg)
http://www.bcsprosoft.com
PaaS - Platform as a Service On Premise IaaS PaaS
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
You m
anage
Managed b
y v
endor
Managed b
y v
endor
You m
anage
You m
anage
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
![Page 10: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/10.jpg)
http://www.bcsprosoft.com
SaaS - Software as a ServiceOn Premise IaaS PaaS
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
You m
anage
Managed b
y v
endor
Managed b
y v
endor
You m
anage
You m
anage
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
SaaS
Managed b
y v
endor
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
![Page 11: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/11.jpg)
http://www.bcsprosoft.com
Tenancy
• Multi-Tenant – Single instance of software runs on a server, serving multiple client organizations (tenants).
• Single Tenant – Physical or virtual machine is exclusively dedicated to a single client, i.e. software is not shared with multiple customers. This is more expensive for a vendor to setup and maintain.
![Page 12: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/12.jpg)
http://www.bcsprosoft.com
What’s Keeping You Up at Night?
![Page 13: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/13.jpg)
http://www.bcsprosoft.com
Cloud Computing Threats in 2013
The Notorious Nine
Cloud Security AllianceCloud Computing Top Threats in 2013
![Page 14: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/14.jpg)
http://www.bcsprosoft.com
1. Data Breaches2. Data Loss3. Account Hijacking4. Insecure APIs5. Denial of Service6. Malicious Insiders7. Abuse of Cloud Services8. Insufficient Due Diligence9. Shared Technology Issues
The Notorious Nine
![Page 15: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/15.jpg)
http://www.bcsprosoft.com
1. Organizations sensitive internal data falls into the hands of competitors
Data Breaches
![Page 16: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/16.jpg)
http://www.bcsprosoft.com
2. The Problem: Permanent loss of data due to malicious attack or accidental deletion
Data Loss
![Page 17: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/17.jpg)
http://www.bcsprosoft.com
3. Unauthorized access gained through phishing, fraud, and exploitation of software vulnerabilities
Account or Service Traffic Hijacking
![Page 18: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/18.jpg)
http://www.bcsprosoft.com
4. Cloud computing providers expose a set of software interfaces (APIs) that customers use to manage and interact with cloud services. Lack of (or inadequate) security opens the possibility of unauthorized access.
Insecure Interfaces and APIs
![Page 19: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/19.jpg)
http://www.bcsprosoft.com
5. Denial-of-Service attacks are meant to prevent users of cloud service from being able to access their data and/or applications by forcing the victim cloud service to consume inordinate amounts of finite system resources.
Denial of Service
![Page 20: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/20.jpg)
http://www.bcsprosoft.com
6. A current or former employee, contractor, etc. with authorized access misuses that access in a manner that negatively affects the confidentiality, integrity, or availability of company data.
Malicious Insiders
![Page 21: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/21.jpg)
http://www.bcsprosoft.com
7. Use of the power of distributed cloud services to perform power intensive tasks, formerly not feasible/possible from a single computer
Abuse of Cloud Services
![Page 22: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/22.jpg)
http://www.bcsprosoft.com
8. Organizations are adopting cloud applications without understanding the risks and/or readiness of the cloud vendor to provide adequate security.
Insufficient Due Diligence
![Page 23: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/23.jpg)
http://www.bcsprosoft.com
9. Poorly designed cloud applications can introduce cross entity vulnerabilities.
Shared Technology Vulnerabilities
![Page 24: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/24.jpg)
http://www.bcsprosoft.com
• Perhaps not!– Is your staff properly trained?– Are your servers really secure? – Do you have adequate backups? – What about natural disasters?
• Your data security is only as good as your system manager and your weakest user!
Is Your Data Safer on Premise?
![Page 25: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/25.jpg)
http://www.bcsprosoft.com
How Cloud Vendors Secure Your Data
![Page 26: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/26.jpg)
http://www.bcsprosoft.com
• American Institute of Certified Public Accountants (AICPA)– SSAE 16 (supersedes SAS 70)
• International Federation of Accountants (IFAC)– ISAE 3402 (Type 1 or Type 2)
• PCI Security Standards Council– PCI DSS
• US Department of Commerce – US-EU Safe Harbor
Comprehensive Security Certifications
![Page 27: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/27.jpg)
http://www.bcsprosoft.com
• 24/7-365 Monitoring• Continuous Monitoring with Intrusion
Detection Systems (IDS)• Separation of Duties• Strong Management of Physical Access• Fully Guarded Premises• Continuous Data Center Performance Audits
Requirements Include
![Page 28: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/28.jpg)
http://www.bcsprosoft.com
Tiered Data CentersTier 1 Tier 2 Tier 3 Tier 4Non-redundant capacity components
X X X
Redundant capacity components
X X
Dual-powered equipment and multiple uplinks
X
All components are fully fault-tolerant including uplinks, storage, chillers, HVAC systems, servers, etc.
Everything is dual-powered
![Page 29: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/29.jpg)
http://www.bcsprosoft.com
• Tier 1: Guaranteeing 99.671% availability• Tier 2: Guaranteeing 99.741% availability• Tier 3: Guaranteeing 99.982% availability• Tier 4: Guaranteeing 99.995% availability
Data Center Availability According to Tiers
![Page 30: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/30.jpg)
http://www.bcsprosoft.com
Why Cloud?
![Page 31: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/31.jpg)
http://www.bcsprosoft.com
• Reduced internal IT infrastructure• Backup & redundancy in the Cloud• Predictable monthly costs• Low/no cost upgrades – always running the latest
version• Anywhere, anytime access, on ANY device, i.e.
everything through a browser• No/limited install of local files & programs
Why Cloud Computing?
![Page 32: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/32.jpg)
http://www.bcsprosoft.com
The Iceberg Analogy
• Apply Fixes, Patches, Upgrade
• Downtime• Performance tuning• Rewrite customizations • Rewrite integrations• Upgrade dependent
applications
• Subscription fee• Training• Configuration
• Ongoing burden on IT• Maintain/upgrade
hardware• Maintain/upgrade
network• Maintain/upgrade
security• Maintain/upgrade
database• Training
Ongoing Costs Ongoing Costs
On-Premises Software Cloud Computing
![Page 33: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/33.jpg)
http://www.bcsprosoft.com
On-Premise Holds the Business Back
Typical IT Budget Allocation
91% Maintenance
Current66% on old
versions
9% Innovation
The Result?VERSION-LOCK
![Page 34: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/34.jpg)
http://www.bcsprosoft.com
1. Improved Business Agility2. Generate an Attractive ROI3. Accelerate Time to Value4. Jump Start Innovation
Programs5. Elasticity and Scale
Top 5 Reasons Business Owners are Turning to the Cloud
![Page 35: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/35.jpg)
http://www.bcsprosoft.com
Choosing a Cloud Provider
![Page 36: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/36.jpg)
http://www.bcsprosoft.com
Security Questions for Potential Cloud Service Providers
• What encryption mechanisms do you use for customers’ data?
• In how many locations do you store customer data?• What safeguards do you employ to ensure that different
customers’ data in a multitenant cloud is kept separate?• How is your data center physically protected?• Which of your employees have access to customers’ data?• How do you authenticate users?• How precisely can you specify the degree of access that
individual users have to data?
![Page 37: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/37.jpg)
http://www.bcsprosoft.com
Security Questions for Potential Cloud Service Providers
• How many and what types of security breaches have you experienced in the last 12 months? If you had any, what were they? What new protections have you put into place?
• What disaster recovery protections do you have in place?• What are your security scenarios? Why should I trust you?• What tracking, reporting, and auditing capabilities do you
offer?• Do you comply with all relevant government and industry
laws and regulations?
![Page 38: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/38.jpg)
http://www.bcsprosoft.com
Security Questions for Potential Cloud Service Providers
• What Security Certifications do you hold? Can you provide me with copies?
• What happens to data when you “delete” it? Is it actually wiped out?
• What happens if we decide we want to discontinue using your services?
• Who owns the rights to the data?
![Page 39: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/39.jpg)
http://www.bcsprosoft.com
• Complete the Questionnaire• I’ll send you more detail: – The Notorious Nine from the Cloud Security
Alliance– What to Look for in a Service Level Agreement
(SLA)
Next Steps?
![Page 40: The Notorious 9: Is Your Data Secure in the Cloud?](https://reader037.vdocuments.site/reader037/viewer/2022103111/54c1cc034a795999728b4574/html5/thumbnails/40.jpg)
http://www.bcsprosoft.com
Clark Haley, CEO BCS/ProSoft, Inc.
Contact Information
Email: [email protected]
Phone: (800) 882-6705
LinkedIn: www.linkedin.com/in/clarkhaley