The document summarizes the findings of a study conducted by Ponemon Institute on cloud security and firewall risks. The key findings are:
1) Most organizations' cloud servers are vulnerable, as 54% of IT personnel have little knowledge of open firewall port risks and 67% said they are vulnerable today.
2) Securing access to cloud servers and generating security reports is difficult, as 79% struggle to manage access and reporting.
3) Cloud security is widely seen as important but poorly managed currently, with only 9% rating their security as excellent and 42% unaware if their cloud was hacked due to open ports.
1. Ponemon Institute
Cloud Security:
Managing Firewall Risks
November 2011
Sponsored by Dome9 Security
Ponemon Institute, LLC
2. Security is the
#1 concern of the cloud.
Ponemon Institute, LLC 2
3. About the study
682 respondents across 17 verticals. All were IT or IT security
practitioners.
The study was commission by Dome9 Security, a cloud
security management service provider. Dome9 provides a
cloud firewall management service for automated and
elastic security.
The study was performed by the Ponemon Institute. The
Ponemon Institute is dedicated to independent research
and education that advances responsible information and
privacy management practices within business and
government. It conducts high quality, empirical studies on
critical issues affecting the management and security of
sensitive information about people and organizations.
Ponemon Institute, LLC 3
4. Key study findings
Most organizations’
cloud servers are vulnerable
Most IT personnel don’t
understand the risk
Securing access to and generating
reports for cloud servers is a big
problem
Ponemon Institute, LLC
5. How do you rate your cloud
security management today?
No Comment 21%
Poor 25%
Fair 27%
Good 18%
Excellent 9%
0% 5% 10% 15% 20% 25% 30%
Excellent Good Fair Poor No Comment
Ponemon Institute, LLC
6. 73% believe the cloud server
firewall is the first place to stop
attacks and prevent exploits.
Ponemon Institute, LLC 6
7. When asked: How vulnerable are you
from unsecured ports/firewalls?
24%
32%
Very Vulnerable
9% Vulnerable
Not Vulnerable
35% Unsure
Only 9% said they were not vulnerable
Ponemon Institute, LLC
8. How likely is this to happen?
60% 42%
43%
40% 19%
9% 14%
12% 22%
20% 16%
18%
0%
5%
Already
Very likely
happened Likely to
to happen Not likely
happen Will never
to happen
happen
Locked out of cloud server Ports left open & exposed to hackers
Ponemon Institute, LLC
9. Key study findings
Most organizations’
cloud servers are vulnerable
Most IT personnel don’t
understand the risk
Securing access to and generating
reports for cloud servers is a big
problem
Ponemon Institute, LLC
10. Cloud server firewall management
54%
said IT personnel within their
organization have no knowledge (or are not
knowledgeable) about the potential risk of open
firewall ports in their cloud environment
61% said they do not have a solution deployed… when
asked, ‘why?’
o 62% said solutions are not scalable
o 59% said solutions cost too much
o 57% said solutions are not available
o 49% said solutions are too complex
o 43% said solutions are not dependable
Ponemon Institute, LLC
11. Responsibility for
Cloud Security
Partner Most Responsible Responsible Within Your Org
Customer Provider Both 41%
20% 17% 15%
33% 31% 5% 2%
36%
Ponemon Institute, LLC
12. Cloud infrastructure
is automated…
its security must be too.
Ponemon Institute, LLC 12
13. Importance of Automation in
Cloud Firewall Management
More important in the cloud 40%
environment because it is elastic
Equally important in both on-premises 32%
and cloud environments
Less important in the cloud 8%
environment
20%
Unsure
0% 5% 10% 15% 20% 25% 30% 35% 40%
Ponemon Institute, LLC
14. Key study findings
Most organizations’
cloud servers are vulnerable
Most IT personnel don’t
understand the risk
Securing access to and generating
reports for cloud servers is a big
problem
Ponemon Institute, LLC
15. Managing access and generating
reports on cloud server access
Cannot manage access or generate reports
36% efficiently
29% Manage access through the cloud provider’s
tools, but cannot generate reports
Manage access and generate reports directly
14% from each cloud server, manually
Ponemon Institute, LLC
16. How would you know If your cloud
was hacked because of an open port
Our system
would provide
a warning
19% We wouldn't
know
42%
The cloud
provider
would inform
us
39%
Ponemon Institute, LLC
17. Summary of findings
• Only 9% rate their cloud security as Excellent
• 42% said they would not know if their cloud was hacked
due to an open firewall port.
o 39% said they thought their cloud provider would tell them.
• 54% said IT has no knowledge of the risk posed by open
ports on cloud servers.
o 67% said they are vulnerable, today;
o 24% said they don’t know if they were vulnerable.
• 79% have difficulty or cannot manage access to their
cloud servers and generating reports.
Ponemon Institute, LLC
18. About the Sponsor
D o m e 9 S e c u r i t y L t d. – http://www.dome9.com
19. Overview of Dome9
Dome9 is a cloud firewall security management service
Available for the enterprise and hosting providers, Dome9 provides dynamic security
policy control for Clouds, Virtual Private Servers (VPS), dedicated servers, and Amazon’s
EC2 Security Groups, across all major operating systems and service providers.
Dome9 lets you…
Close all administrative ports on your servers
without losing access and control.
Open any port on-demand, any time, for
anyone, and from anywhere.
Send secure access invitations to third parties.
Centralize firewall management for all your
servers and clouds
20. Dome9 Central
Dome9 offers full control over the host OS firewall from a secured web service
– accessible from anywhere.
21. Secure Your CloudTM
Visit Dome9.com
to get a copy of the
Ponemon Study on
Managing Firewalls in
the Cloud, and
get a free, 14-day trial
of Dome9 Security.
22. Thanks for your time.
D o m e 9 S e c u r i t y L t d. – http://www.dome9.com
23. Demographic information
• 863 total respondents with 682 in final • Respondents spanned 17 industries:
sample – 18% Financial Services
– 12% Public Sector
– 11% Health & Pharma
• All respondents were bona fide – 8% Services
credentials in IT or IT security – 8% Industrial
o Median 10 years in IT and 4.5 years in current position – 7% Retail
– 6% Hospitality
• All respondents are based in the U.S., but
have employees based in: • Organizational size:
o 75% Canada – 5% had more than 100,000 employees
o 68% Europe – 35% had more than 5,001 employees
o 41% Middle East – 25% had 1,001-5,000 employees
o 58% Asia-Pacific – 35% had fewer than 1,000 employees
o 43% Latin America
Role in Organization Reports to
CIO
4% 2% 4% 3% 3%
Vice President
15% 4% CISO
8%
Director
38%
CSO
22% Manager
20% 58%
Supervisor CRO
19%
Technician
CFO
Staff
Ponemon Institute, LLC
24. Cloud types and providers
Types of cloud environments Major cloud service providers the
the organization presently uses organization presently uses
68% 47%45%49%
70% 50%
60% 50% 38%
40%
50% 30%28%
40% 31% 30% 24%
30%
20%
20%
10% 2% 10%
0%
0%
Google
Azure
Other
Rackspace
Terremark
AWS EC2
GoGrid
Ponemon Institute, LLC