Add to collection(s) Add to saved
  1. Business

- Cloud Security Alliance

advertisement 
Preventing Good People
From Doing Bad Things
Best Practices for Cloud Security
Brian Anderson
Chief Marketing Officer
& Author of “Preventing Good People From Doing Bad Things”
Vision
Securing the Perimeter Within
Consistent policy-driven, role-based access
control, fine grained privilege delegation,
logging, monitoring and reporting
•
For infrastructure, end points, data
and applications
•
Across physical, virtual, public, private
and hybrid cloud environments
•
Empower IT governance to strengthen
security, improve productivity, drive
compliance and reduce expense
Public, Private and Hybrid
Cloud Computing Security
Server & Desktop Physical &
Virtualization Windows, Linux,
Unix
Network
Device Security
Data Security
& Leak Prevention
Governance, Risk
& Compliance
1
The Problem is Broad and Deep
• The threat from attacks is a statistical
certainty and businesses of every type
and size are vulnerable.
• Organizations are experiencing multiple
breaches: 59 percent had two or more
breaches in the past 12 months.
• Only 11 percent of companies know the
source of all network security breaches.
2
Privileges are Misused in Different Ways
Insider attacks cost an average
$2.7 Million per attack1
Desktop configuration errors
cost companies $120/yr/pc2
Virtual sprawl and malware are
ever-present realities
Source: 1 Computer Security Institute and FBI Survey.
Source: 2 IDC Report: The Relationship between IT Labor Costs and Best Practices for Identity and Access Management with Active
3
Insider vs Outsider Threats
“Organizations continue to struggle with excessive user privilege as it remains
the primary attack point for data breaches and unauthorized transactions.”
• 48% of all data breaches
were caused by insiders
(+26%)1
~ Mark Diodati, Burton/Gartner Group
Privileged
Identity
Management
• 48% involved privilege
misuse (+26%) 1
• 98% of all data breaches
came from servers1
Anti-Virus
Firewalls
Data Security &
Leak Prevention
Web
Security
E-mail Security
BeyondTrust
Intrusion Detection
& Prevention
External Threat
Source: 1 “2010 Data Breach Investigations Report“ by Verizon with US Secret Service
Internal Threat
4
End Point Vulnerabilities in a SAAS World
5
Best Practice For Cloud Security
Employ a Full Suite of EndPoint Security Tools
Requirements:
 Anti-Virus
 Patch Management
 Privilege Elevation
 End Point DLP
6
Impact of Virtualization and Cloud Computing
Cloud Computing Reality – Public, Hybrid or Private
• Increasing scale – from thousands to tens of thousands servers
• Increasing complexity makes configuration and change management
challenging
– Complex directory structures are a major pain point
• Reliability is critical to realizing operational improvement
7
Best Practice For Cloud Security
Full Life-Cycle Control of Privileged Users
Requirements:
 Account for All Privileged Users
 Manage Provisioning/De-Provisioning Privileged
Credentials
 Implement a “Least Privilege” based Control
System
 Monitor and Reconcile Privileged Activity
 Maintain a High Quality Audit Repository
 Automate Compliance Reporting
8
Impact of Virtualization and Cloud Computing
Customer Requirements For Enterprise
Grade Cloud Security
• Scalable, enterprise grade fabric
• Seamless integrations with on-premise and
cloud directories
• Allow admins to manage policies not
infrastructure
• Dynamically react to changes in virtual
environment
• Quantifiable performance metrics of how its
performing
9
How Least Privilege Works
Task Delegation / Privilege Escalation
Master Host
(pbmasterd)
Log Host
(pblogd)
Policy Files
1
2
Request a Privileged Task
Rejected
Event Logs
I/O logs
Submit Host
(pbrun)
2
Accepted
Privileged Task
4
3
Privileged User
Run Host
(pblocald)
110
0
Fully Cloud Based Least Privilege
Master Host
(pbmasterd)
Log Host
(pblogd)
Policy Files
1
2
Request a Privileged Task
Rejected
Event Logs
I/O logs
2
Accepted
4
Run Host
(pblocald)
Hosted
3
On- Premise
Privileged User
Submit Host
(pbrun)
Privileged Task
111
1
Cloud Hosted Least Privilege
Master Host
(pbmasterd)
Log Host
(pblogd)
Policy Files
1
2
Request a Privileged Task
Rejected
Event Logs
I/O logs
2
Accepted
4
Hosted
On- Premise
Submit Host
(pbrun)
Privileged Task
3
Privileged User
Run Host
(pblocald)
112
2
Thank You
Connect with us...
818.575.4000
www.beyondtrust.com.
Related documents
Slide - People
Slide - People
download/Silicon Valley ISSA meeting May 19
download/Silicon Valley ISSA meeting May 19
Cloud Computing - Lutheran Services in America
Cloud Computing - Lutheran Services in America
Community Initiative - RCCG Cornerstone Worship Center
Community Initiative - RCCG Cornerstone Worship Center
JOUR PP Reporter`s Privilege
JOUR PP Reporter`s Privilege
Lisa Neal-Graves, Director Technology Insights, Intel
Lisa Neal-Graves, Director Technology Insights, Intel
Cisco Video Strategy - Distributed Computing Industry Association
Cisco Video Strategy - Distributed Computing Industry Association
Document
Document
User Behavior Monitoring
User Behavior Monitoring
Standards for individuals with privileged access
Standards for individuals with privileged access
Chad Froomkin (CyberArk) - The New Cyber Battleground
Chad Froomkin (CyberArk) - The New Cyber Battleground
cyberark-privileged-access-management-solutions
cyberark-privileged-access-management-solutions
Download
advertisement