1 / 14

Vision

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People From Doing Bad Things”. Vision. Public, Private and Hybrid Cloud Computing Security. Securing the Perimeter Within

glen
Download Presentation

Vision

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Preventing Good People From Doing Bad Things Best Practices for Cloud SecurityBrian AndersonChief Marketing Officer & Author of “Preventing Good People From Doing Bad Things”

  2. Vision Public, Private and Hybrid Cloud Computing Security Securing the Perimeter Within Consistent policy-driven, role-based access control, fine grained privilege delegation, logging, monitoring and reporting • For infrastructure, end points, data and applications • Across physical, virtual, public, private and hybrid cloud environments • Empower IT governance to strengthen security, improve productivity, drive compliance and reduce expense Server & Desktop Physical & Virtualization Windows, Linux, Unix Network Device Security Data Security & Leak Prevention Governance, Risk & Compliance

  3. The Problem is Broad and Deep • The threat from attacks is a statistical certainty and businesses of every type and size are vulnerable. • Organizationsare experiencing multiple breaches: 59 percent had two or more breaches in the past 12 months. • Only 11 percent of companies know the source of all network security breaches.

  4. Privileges are Misused in Different Ways Insider attacks cost an average $2.7 Million per attack1 Desktop configuration errors cost companies $120/yr/pc2 Virtual sprawl and malware are ever-present realities Source: 1 Computer Security Institute and FBI Survey. Source: 2IDC Report: The Relationship between IT Labor Costs and Best Practices for Identity and Access Management with Active

  5. Insider vs Outsider Threats “Organizations continue to struggle with excessive user privilege as it remains the primary attack point for data breaches and unauthorized transactions.” ~ Mark Diodati, Burton/Gartner Group Privileged Identity Management • 48% of all data breaches were caused by insiders (+26%)1 • 48% involved privilege misuse (+26%) 1 • 98% of all data breaches came from servers1 Data Security & Leak Prevention Web Security E-mail Security BeyondTrust Intrusion Detection & Prevention Firewalls Anti-Virus External Threat Internal Threat • Source: 1“2010 Data Breach Investigations Report“ by Verizon with US Secret Service

  6. End Point Vulnerabilities in a SAAS World

  7. Best Practice For Cloud Security Employ a Full Suite of EndPoint Security Tools Requirements: • Anti-Virus • Patch Management • Privilege Elevation • End Point DLP

  8. Impact of Virtualization and Cloud Computing Cloud Computing Reality – Public, Hybrid or Private • Increasing scale – from thousands to tens of thousands servers • Increasing complexity makes configuration and change management challenging • Complex directory structures are a major pain point • Reliability is critical to realizing operational improvement

  9. Best Practice For Cloud Security Full Life-Cycle Control of Privileged Users Requirements: • Account for All Privileged Users • Manage Provisioning/De-Provisioning Privileged Credentials • Implement a “Least Privilege” based Control System • Monitor and Reconcile Privileged Activity • Maintain a High Quality Audit Repository • Automate Compliance Reporting

  10. Impact of Virtualization and Cloud Computing • Customer Requirements For Enterprise Grade Cloud Security • Scalable,enterprise grade fabric • Seamless integrations with on-premise and cloud directories • Allow admins to manage policies not infrastructure • Dynamically react to changes in virtual environment • Quantifiable performance metrics of how its performing

  11. How Least Privilege Works Task Delegation / Privilege Escalation Master Host (pbmasterd) Log Host (pblogd) Policy Files 1 2 Request a Privileged Task Rejected Event Logs I/O logs Submit Host (pbrun) 2 Accepted Privileged Task 4 3 Run Host (pblocald) Privileged User

  12. Fully Cloud Based Least Privilege Master Host (pbmasterd) Log Host (pblogd) Policy Files 1 2 Request a Privileged Task Rejected Event Logs I/O logs 2 Accepted 4 Run Host (pblocald) Hosted On- Premise 3 Privileged User Privileged Task Submit Host (pbrun)

  13. Cloud Hosted Least Privilege Master Host (pbmasterd) Log Host (pblogd) Policy Files 1 2 Request a Privileged Task Rejected Event Logs I/O logs 2 Accepted 4 Hosted On- Premise Privileged User 3 Privileged Task Submit Host (pbrun) Run Host (pblocald)

  14. Thank You 818.575.4000 Connect with us... www.beyondtrust.com.

More Related