surviving the lion’s den… the lions den - igtcloud... · igtcloud meetup. about information...
TRANSCRIPT
![Page 1: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/1.jpg)
Pitching cloud servicesto security folks
Moshe Ferber, CCSK Onlinecloudsec.com
Surviving the Lion’s den…
IGTcloud Meetup
![Page 2: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/2.jpg)
About
Information security professional for over 20 years Working on cloud strategy with the world largest software vendors Founded Cloud7, Managed Security Services provider (currently2bsecure cloud services)
Partner at Clarisite – Your customer’s eye view Partner at FortyCloud –Make your public cloud private Member of the board at Macshava Tova –Narrowing societal gaps Certified CCSK instructor for the Cloud Security Alliance. Co-Chairman of the Board, Cloud Security Alliance, Israeli Chapter
![Page 3: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/3.jpg)
Cloud Computing
How the CIO see it?
![Page 4: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/4.jpg)
Cloud Computing
How the End-user see it?
![Page 5: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/5.jpg)
Cloud Computing
How the CFO see it?
![Page 6: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/6.jpg)
Cloud Computing
And how the CISO see it?
![Page 7: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/7.jpg)
Mistakes Cloud provider do #1
![Page 8: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/8.jpg)
Mistakes Cloud provider do #2
![Page 9: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/9.jpg)
Mistakes Cloud provider do #3
![Page 10: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/10.jpg)
Mistakes Cloud provider do #4
![Page 11: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/11.jpg)
What else ciso’s don’t like
![Page 12: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/12.jpg)
AgilityAgility
What do you say… And how the CISO understand it
![Page 13: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/13.jpg)
ScalabilityScalability
What do you say… And how the CISO understand it
![Page 14: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/14.jpg)
ComplianceCompliance
What you say? How the CISO understand it
![Page 15: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/15.jpg)
ManageabilityManageability
What do you say… And how the CISO understand it
![Page 16: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/16.jpg)
ReliabilityReliability
What do you say… And how the CISO understand it
![Page 17: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/17.jpg)
So what is the ciso looking for?
![Page 18: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/18.jpg)
So, how do we create trust?
1.Transparency
2.Competency
![Page 19: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/19.jpg)
Transparency
![Page 20: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/20.jpg)
Transparency #1 takeout
Security in the cloud is a sharedresponsibility
Source: Trend Micro Blog
![Page 21: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/21.jpg)
Transparency #2 Security Policy
Security Policy is mandatory, it should contain allaspects of how you protect your customers data.
![Page 22: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/22.jpg)
Transparency #3 Audits
Don’t run away from security audits
![Page 23: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/23.jpg)
Competency
Skill Design Governance
![Page 24: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/24.jpg)
Skill
• Make sure your sales / pre-salesunderstand cloud security.
• Understand the standards andregulation relevant to your sector.
![Page 25: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/25.jpg)
Skill #2
• Make your security building blocktangible to the customers.
Monitoring andIncident management
Application Security
Data Security
Infrastructure Security
Data Center Security
![Page 26: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/26.jpg)
Understand Cloud threats & Risks
Threat RISK
LosingMoney
Theft UnsecureDoor
AttackVector
![Page 27: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/27.jpg)
Cloud Attack vectors
Cloudattack
vectors
Provideradministration
Managementconsole
Multitenancy &
virtualization
Automation&
API
Chain ofsupply
Side channelattack
Insecureinstances
![Page 28: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/28.jpg)
Understanding controls
Preventive
• Firewall(SecurityGroups)
• Authentication• Anti Virus• Guards
Detective
• IDS• System
monitoring• Motion
detector
Corrective
• Upgrades &Patches
• Vulnerabilityscanning
Compensatory
• DRP & Backup• Firewall logs• Reviews• Audit &
reconciliation
![Page 29: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/29.jpg)
Design
Threat Security Service
Spoofing Authentication
Tampering Digital Signature, Hash
Repudiation Audit Logging
InformationDisclosure
Encryption
Denial of Service Availability
Elevation ofprivilege
Authorization
• Integrate security to yoursoftware lifecycle.
• Account for cloud specificthreats.
• Think about separation oftenants.
• Explore encryption at all layers.• Think about 3rd party access.
![Page 30: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/30.jpg)
Governance
• Most security companies simplydon’t know how to do ongoingoperational security.
• If you are guarding banks data,you need Banks operationalcapabilities.
![Page 31: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/31.jpg)
Questions?
![Page 32: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/32.jpg)
To wrap things up
Speak your customers lingo
Use good building blocks
Don’t hesitate to betransparent on your securitycontrols.
Cloud Security is very much about yourcustomers market sector.
Be proactive in your security, thinkahead of your customers.
![Page 33: Surviving the Lion’s den… the lions den - IGTcloud... · IGTcloud Meetup. About Information security professional for over 20 years Working on cloud strategy with the world largest](https://reader033.vdocuments.site/reader033/viewer/2022060315/5f0bce737e708231d4324e8a/html5/thumbnails/33.jpg)
Moshe Ferber
www.onlinecloudsec.com
http://il.linkedin.com/in/MosheFerber
KEEP IN TOUCH
Cloud Security Course Schedule can be find at:http://www.onlinecloudsec.com/course-schedule