the practitioners guide to cloud security
DESCRIPTION
Dome9 Co-founder & CEO Zohar Alon presents on the Practitioners Guide to Cloud Security at Cloud Expo Europe - January, 2013.TRANSCRIPT
![Page 1: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/1.jpg)
Dome9 – Secure Your Cloud™Dome9 – Secure Your Cloud™
CloudExpo Europe – London, January 2013
The Practitioners Guide to Cloud Security
London, January 2013
Zohar Alon@zoharalonCo-Founder & CEO
![Page 2: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/2.jpg)
Dome9 – Secure Your Cloud™
Me, and my company
Zohar Alon – Co-Founder & CEOCreator of Check Point’s Provider-1 & SP product linesOver 20 years of security & IT experience.
Cloud Server Security Management Automate and centralize security across an unlimited
number of cloud, dedicated, and virtual private servers
![Page 3: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/3.jpg)
Dome9 – Secure Your Cloud™
What’s this?
![Page 4: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/4.jpg)
Dome9 – Secure Your Cloud™
1 day and 86,000 attempts later…
![Page 5: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/5.jpg)
Dome9 – Secure Your Cloud™
There are more than 30 millionCloud, VPS & Dedicated Servers
Most of these servers are vulnerable to attack
– Admins leave ports open to connect to their servers– Hackers use these same open ports to gain access
Most of these servers’ security is unmanageable
– Sprawled across multiple private & public clouds– Operating systems are a virtual buffet
Most of the ‘available’ security doesn’t work– Service providers lack expertise & focus to build it– Security vendors have business models that don’t fit
and/or technology that doesn’t migrate and scale
![Page 6: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/6.jpg)
Dome9 – Secure Your Cloud™
Who’s responsible for security?
![Page 7: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/7.jpg)
Dome9 – Secure Your Cloud™
The Practitioners Guide
• Most don’t know who’s responsible for cloud security– 42% say they wouldn’t know if
their cloud was hacked– 39% think their provider would
tell them
• Security is everybody’s responsibility– accept and share it!
• Security is your responsibility– Deal with it!
Part 1 – Responsibility
31%
36%
33%
Customer Provider Both
Who’s Responsible?
Ponemon Cloud Security Research Study
![Page 8: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/8.jpg)
Dome9 – Secure Your Cloud™
The Practitioners Guide
• If Anyone can login consider Multi-Factor authentication to harden access
• Simple mobile app integration, w/ QR code support & SMS backup
Part 2 – Authentication
![Page 9: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/9.jpg)
Dome9 – Secure Your Cloud™
![Page 10: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/10.jpg)
Dome9 – Secure Your Cloud™
![Page 11: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/11.jpg)
Dome9 – Secure Your Cloud™
The Practitioners Guide
• WAF: Web Application Firewall– Protects Web services, sites and applications– Monitor the requests to the web layer– Brute-force Login, Span Bots, SQL injections, etc.
• Easy to enable – No Install!– Provides added security layer w/o overhead
• Every Web App Will Use one– CloudFlare, Incapsula or Akamai – Bonus I – site is faster– Bonus II – DDOS mitigation capabilities
Part 3 - WAF
![Page 12: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/12.jpg)
Dome9 – Secure Your Cloud™
The Practitioners Guide
• You saw how many insights we get from the logs. You need to store and analyze them.
• We use several vendors for this – each for a different use-case:– Splunk & SplunkStorm– SumoLogic– Loggly – LogEntries
Part 4 – Log
![Page 13: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/13.jpg)
Dome9 – Secure Your Cloud™
The Practitioners Guide
• Take Control on your security policies– You do much more when it comes to the office firewall
• Close All (admin) Ports – Open Dynamically– Open them only for whom, and for as long as is needed.
• Don’t rely on static scopes– Too much management overhead and risk.
• Aggregate & Centralize firewall management– Across regions, providers and applications
• At Dome9, we eat our own dog food– On Amazon, Verison’s Terrermark and Rackspace
Part 5 – Firewall
![Page 14: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/14.jpg)
Dome9 – Secure Your Cloud™
What happened here?
![Page 15: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/15.jpg)
Dome9 – Secure Your Cloud™
Dome9: How it WorksAutomated Cloud Server Security
Manage OS firewall (via Agent) and virtual firewall (via API) across all cloud servers
Enable on-demand, time-based secure access leases per server, source & time Automatically close server
access when lease expires
Stop attackers from targeting open admin ports via brute force attacks and exploits
![Page 16: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/16.jpg)
Dome9 – Secure Your Cloud™
Multi-Cloud Management
Time-Based Controls
1-Click Secure Access
Dome9 Central Simplified Security Management
![Page 17: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/17.jpg)
Dome9 – Secure Your Cloud™
Wrap Up
① Take Responsibility
② Harden Authentication
③ Use a Web Application Firewall
④ Log, Log, Log, Log, Log… and Analyze
⑤ Lockdown and Automate the Server Firewalls… with Dome9!
![Page 18: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/18.jpg)
Dome9 – Secure Your Cloud™
Q&A
![Page 20: The Practitioners Guide to Cloud Security](https://reader035.vdocuments.mx/reader035/viewer/2022081413/547e9103b4af9fea158b5618/html5/thumbnails/20.jpg)
Dome9 – Secure Your Cloud™
References and Links
• Firewall Management Service:– http://www.dome9.com/– https://secure.dome9.com/account/register?code=ecommerc
e
• MyDigipass 2 Factor Authentication Service:– https://www.mydigipass.com/
• Log Management Services:– Splunk Storm Service - https://www.splunkstorm.com/– Loggly - http://loggly.com/– LogEntries - https://logentries.com/
• WAF Services:– CloudFlare - https://www.cloudflare.com/– Incapsula - http://www.incapsula.com/
• Cloud Security Study:http://www.dome9.com/wp-content/uploads/2011/11/Ponemon-Cloud-Security-Study.pdf