Preventing Good People From Doing Bad Things 

Best Practices for Cloud Security 

  

Brian AndersonChief Marketing Officer

& Author of “Preventing Good People From Doing Bad Things”

2

Public, Private and Hybrid Cloud Computing Security

• For infrastructure, end points, data and applications

• Across physical, virtual, public, private and hybrid cloud environments

• Empower IT governance to strengthen security, improve productivity, drive compliance and reduce expense

Vision

Securing the Perimeter WithinConsistent policy-driven, role-based access control, fine grained privilege delegation, logging, monitoring and reporting Server & Desktop Physical & 

Virtualization Windows, Linux, Unix

NetworkDevice Security

Data Security& Leak Prevention

Governance, Risk& Compliance

3

The Problem is Broad and Deep

• The threat from attacks is a statistical certainty and businesses of every type and size are vulnerable.

• Organizations are experiencing multiple breaches: 59 percent had two or more breaches in the past 12 months.

• Only 11 percent of companies know the source of all network security breaches.

4

Privileges are Misused in Different Ways

Insider attacks cost an average $2.7 Million per attack1

Desktop configuration errors cost companies $120/yr/pc2 

Virtual sprawl and malware are ever-present realities

Source: 1 Computer Security Institute and FBI Survey.Source: 2 IDC Report: The Relationship between IT Labor Costs and Best Practices for Identity and Access Management with Active

5

• 48% of all data breaches were caused by insiders (+26%)1

• 48% involved privilege misuse (+26%) 1

• 98% of all data breaches came from servers1

Insider vs Outsider Threats“Organizations continue to struggle with excessive user privilege as it remains 

the primary attack point for data breaches and unauthorized transactions.” ~ Mark Diodati, Burton/Gartner Group

External ThreatAnti-Virus

Firewalls

E-mail Security

Web Security

Internal Threat

Data Security &Leak Prevention

PrivilegedIdentityManagement

Intrusion Detection& Prevention

Source: 1 “2010 Data Breach Investigations Report“ by Verizon with US Secret Service

BeyondTrust

6

Social Engineering

Malware

Password Attacks

File Infections

MaliciousUsers

End Point Vulnerabilities in a SAAS World

7

Requirements:

Anti-Virus Patch Management Privilege Elevation End Point DLP

Best Practice For Cloud Security

Employ a Full Suite of EndPoint Security Tools

8

Cloud Computing Reality – Public, Hybrid or Private• Increasing scale – from thousands to tens of thousands servers

• Increasing complexity makes configuration and change management challenging – Complex directory structures are a major pain point

• Reliability is critical to realizing operational improvement

Impact of Virtualization and Cloud Computing

9

Requirements: Account for All Privileged Users

Manage Provisioning/De-Provisioning Privileged Credentials

Implement a “Least Privilege” based Control System

Monitor and Reconcile Privileged Activity

Maintain a High Quality Audit Repository

Automate Compliance Reporting

Best Practice For Cloud Security

Full Life-Cycle Control of Privileged Users

10

Impact of Virtualization and Cloud Computing

Customer Requirements For Enterprise Grade Cloud Security• Scalable, enterprise grade fabric• Seamless integrations with on-premise and

cloud directories• Allow admins to manage policies not

infrastructure • Dynamically react to changes in virtual

environment• Quantifiable performance metrics of how its

performing

11

Policy Files

11

How Least Privilege Works

Submit Host (pbrun)

Master Host (pbmasterd)

Request a Privileged Task Rejected

Log Host(pblogd)

Event LogsI/O logs

Accepted

Privileged Task

Privileged User

Run Host(pblocald)

1

2

2

34

Task Delegation / Privilege Escalation

12

Policy Files

12

Fully Cloud Based Least Privilege

Submit Host (pbrun)

Master Host (pbmasterd)

Request a Privileged Task Rejected

Log Host(pblogd)

Event LogsI/O logs

Accepted

Privileged TaskPrivileged User

Run Host(pblocald)

1

2

2

3

4

On- Premise

Hosted

13

Policy Files

13

Cloud Hosted Least Privilege

Submit Host (pbrun)

Master Host (pbmasterd)

Request a Privileged Task Rejected

Log Host(pblogd)

Event LogsI/O logs

Accepted

Privileged TaskPrivileged User

Run Host(pblocald)

1

2

2

3

4

On- Premise

Hosted

Thank You

818.575.4000www.beyondtrust.com.

 

 

 

 

Connect with us...