SlideShare une entreprise Scribd logo
1  sur  24
Télécharger pour lire hors ligne
Ponemon Institute

   Cloud Security:
Managing Firewall Risks
         November 2011

   Sponsored by Dome9 Security

          Ponemon Institute, LLC
Security is the
    #1 concern of the cloud.




Ponemon Institute, LLC         2
About the study
682 respondents across 17 verticals. All were IT or IT security
practitioners.

The study was commission by Dome9 Security, a cloud
security management service provider. Dome9 provides a
cloud firewall management service for automated and
elastic security.

The study was performed by the Ponemon Institute. The
Ponemon Institute is dedicated to independent research
and education that advances responsible information and
privacy management practices within business and
government. It conducts high quality, empirical studies on
critical issues affecting the management and security of
sensitive information about people and organizations.

                         Ponemon Institute, LLC                   3
Key study findings
          Most organizations’
      cloud servers are vulnerable



         Most IT personnel don’t
          understand the risk


    Securing access to and generating
     reports for cloud servers is a big
                  problem

         Ponemon Institute, LLC
How do you rate your cloud
       security management today?

No Comment                                                   21%

       Poor                                                         25%

        Fair                                                          27%

      Good                                             18%

   Excellent                       9%


               0%     5%      10%          15%        20%     25%     30%

          Excellent    Good        Fair        Poor    No Comment


                           Ponemon Institute, LLC
73% believe the cloud server
firewall is the first place to stop
  attacks and prevent exploits.




  Ponemon Institute, LLC         6
When asked: How vulnerable are you
     from unsecured ports/firewalls?

       24%
                                  32%

                                             Very Vulnerable
9%                                           Vulnerable
                                             Not Vulnerable

              35%                            Unsure




      Only 9% said they were not vulnerable
                    Ponemon Institute, LLC
How likely is this to happen?

60%                            42%
                         43%
40%                19%
                                                 9%            14%
            12%                          22%
20%                                                                       16%
                                                            18%
 0%
                                                                         5%
        Already
                Very likely
       happened                   Likely to
                to happen                               Not likely
                                  happen                             Will never
                                                        to happen
                                                                      happen

      Locked out of cloud server        Ports left open & exposed to hackers


                               Ponemon Institute, LLC
Key study findings
         Most organizations’
     cloud servers are vulnerable



        Most IT personnel don’t
         understand the risk


   Securing access to and generating
    reports for cloud servers is a big
                 problem

        Ponemon Institute, LLC
Cloud server firewall management


54%
                          said IT personnel within their
                          organization have no knowledge (or are not
                          knowledgeable) about the potential risk of open
                          firewall ports in their cloud environment

61% said they do not have a solution deployed… when
asked, ‘why?’
  o   62% said solutions are not scalable
  o   59% said solutions cost too much
  o   57% said solutions are not available
  o   49% said solutions are too complex
  o   43% said solutions are not dependable


                               Ponemon Institute, LLC
Responsibility for
        Cloud Security
Partner Most Responsible               Responsible Within Your Org
Customer   Provider    Both                           41%


                                                20%         17%        15%
    33%          31%                                              5%         2%


           36%




                       Ponemon Institute, LLC
Cloud infrastructure
           is automated…
      its security must be too.




Ponemon Institute, LLC            12
Importance of Automation in
       Cloud Firewall Management
        More important in the cloud                                           40%
      environment because it is elastic

Equally important in both on-premises                                  32%
       and cloud environments

          Less important in the cloud                       8%
                 environment

                                                                 20%
                               Unsure


                                          0% 5% 10% 15% 20% 25% 30% 35% 40%
                                   Ponemon Institute, LLC
Key study findings
          Most organizations’
      cloud servers are vulnerable



         Most IT personnel don’t
          understand the risk


    Securing access to and generating
     reports for cloud servers is a big
                  problem

         Ponemon Institute, LLC
Managing access and generating
  reports on cloud server access
      Cannot manage access or generate reports
36%   efficiently


29%     Manage access through the cloud provider’s
        tools, but cannot generate reports


      Manage access and generate reports directly
14%   from each cloud server, manually


                   Ponemon Institute, LLC
How would you know If your cloud
was hacked because of an open port
        Our system
       would provide
        a warning
           19%                                  We wouldn't
                                                   know
                                                    42%




   The cloud
    provider
  would inform
       us
      39%
                       Ponemon Institute, LLC
Summary of findings
• Only 9% rate their cloud security as Excellent

• 42% said they would not know if their cloud was hacked
  due to an open firewall port.
   o 39% said they thought their cloud provider would tell them.


• 54% said IT has no knowledge of the risk posed by open
  ports on cloud servers.
   o 67% said they are vulnerable, today;
   o 24% said they don’t know if they were vulnerable.


• 79% have difficulty or cannot manage access to their
  cloud servers and generating reports.


                                Ponemon Institute, LLC
About the Sponsor




          D o m e 9 S e c u r i t y L t d. – http://www.dome9.com
Overview of Dome9
 Dome9 is a cloud firewall security management service
 Available for the enterprise and hosting providers, Dome9 provides dynamic security
 policy control for Clouds, Virtual Private Servers (VPS), dedicated servers, and Amazon’s
 EC2 Security Groups, across all major operating systems and service providers.


Dome9 lets you…
 Close all administrative ports on your servers
  without losing access and control.
 Open any port on-demand, any time, for
  anyone, and from anywhere.
 Send secure access invitations to third parties.
 Centralize firewall management for all your
  servers and clouds
Dome9 Central




  Dome9 offers full control over the host OS firewall from a secured web service
                          – accessible from anywhere.
Secure Your CloudTM


  Visit Dome9.com
 to get a copy of the
 Ponemon Study on
Managing Firewalls in
    the Cloud, and
get a free, 14-day trial
 of Dome9 Security.
Thanks for your time.




           D o m e 9 S e c u r i t y L t d. – http://www.dome9.com
Demographic information
•   863 total respondents with 682 in final                             •   Respondents spanned 17 industries:
    sample                                                                   –     18% Financial Services
                                                                             –     12% Public Sector
                                                                             –     11% Health & Pharma
•   All respondents were bona fide                                           –     8% Services
    credentials in IT or IT security                                         –     8% Industrial
     o   Median 10 years in IT and 4.5 years in current position             –     7% Retail
                                                                             –     6% Hospitality
•   All respondents are based in the U.S., but
    have employees based in:                                            •   Organizational size:
     o   75% Canada                                                          –     5% had more than 100,000 employees
     o   68% Europe                                                          –     35% had more than 5,001 employees
     o   41% Middle East                                                     –     25% had 1,001-5,000 employees
     o   58% Asia-Pacific                                                    –     35% had fewer than 1,000 employees
     o   43% Latin America



                    Role in Organization                                                        Reports to
                                                                                                                        CIO
                          4% 2%                                                    4%        3% 3%
                                                       Vice President
                                    15%                                      4%                                         CISO
                                                                                        8%
                                                       Director
              38%
                                                                                                                        CSO
                                             22%       Manager
                                                                                  20%                       58%
                                                       Supervisor                                                       CRO
                              19%
                                                       Technician
                                                                                                                        CFO
                                                       Staff



                                                         Ponemon Institute, LLC
Cloud types and providers
 Types of cloud environments             Major cloud service providers the
the organization presently uses            organization presently uses
             68%                                  47%45%49%
70%                                     50%
60%                50%                                     38%
                                        40%
50%                                                           30%28%
40%    31%                              30%                         24%
30%
                                        20%
20%
10%                      2%             10%
 0%
                                          0%




                                                          Google
                                                  Azure




                                                                                                              Other
                                                                             Rackspace


                                                                                                  Terremark
                                                                   AWS EC2


                                                                                         GoGrid
                         Ponemon Institute, LLC

Contenu connexe

Tendances

Cloud Computing White Paper
Cloud Computing White PaperCloud Computing White Paper
Cloud Computing White PaperChris O'Neal
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...GFI Software
 
Are Your Cyber Defenses Strong Enough?
Are Your Cyber Defenses Strong Enough?Are Your Cyber Defenses Strong Enough?
Are Your Cyber Defenses Strong Enough?Cygilant
 
Social Media: Embracing the Opportunities, Averting the Risks
Social Media: Embracing the Opportunities, Averting the RisksSocial Media: Embracing the Opportunities, Averting the Risks
Social Media: Embracing the Opportunities, Averting the RisksRussell Herder
 
11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)Jeremiah Grossman
 
Advanced Applications & Networks
Advanced Applications & NetworksAdvanced Applications & Networks
Advanced Applications & NetworksPrakash Nagpal
 

Tendances (7)

Cloud Computing White Paper
Cloud Computing White PaperCloud Computing White Paper
Cloud Computing White Paper
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
 
Are Your Cyber Defenses Strong Enough?
Are Your Cyber Defenses Strong Enough?Are Your Cyber Defenses Strong Enough?
Are Your Cyber Defenses Strong Enough?
 
Social Media: Embracing the Opportunities, Averting the Risks
Social Media: Embracing the Opportunities, Averting the RisksSocial Media: Embracing the Opportunities, Averting the Risks
Social Media: Embracing the Opportunities, Averting the Risks
 
11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)
 
Advanced Applications & Networks
Advanced Applications & NetworksAdvanced Applications & Networks
Advanced Applications & Networks
 

Similaire à Ponemon survey cloud security webcast

The Cloud and Mobility Pivot - How MSPs can retool for the next 5 years
The Cloud and Mobility Pivot - How MSPs can retool for the next 5 yearsThe Cloud and Mobility Pivot - How MSPs can retool for the next 5 years
The Cloud and Mobility Pivot - How MSPs can retool for the next 5 yearsJay McBain
 
Data growth-protection-trends-research-results
Data growth-protection-trends-research-resultsData growth-protection-trends-research-results
Data growth-protection-trends-research-resultsAccenture
 
Box & okta in cloud
Box & okta in cloudBox & okta in cloud
Box & okta in cloudAccenture
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramLancope, Inc.
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinarAlgoSec
 
2012 global cloud_security_survey_executive_summary
2012 global cloud_security_survey_executive_summary2012 global cloud_security_survey_executive_summary
2012 global cloud_security_survey_executive_summaryКомсс Файквэе
 
Symantec 2010 Disaster Recovery Study
Symantec 2010 Disaster Recovery StudySymantec 2010 Disaster Recovery Study
Symantec 2010 Disaster Recovery StudySymantec
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18Symantec
 
Compliance standards interoperability - Zoltan Precsenyi
Compliance standards interoperability - Zoltan PrecsenyiCompliance standards interoperability - Zoltan Precsenyi
Compliance standards interoperability - Zoltan Precsenyie-Democracy Conference
 
Future of cloud computing 2011
Future of cloud computing 2011Future of cloud computing 2011
Future of cloud computing 2011Michael Skok
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Why businesses are moving to the Cloud?
Why businesses are moving to the Cloud?Why businesses are moving to the Cloud?
Why businesses are moving to the Cloud?Ospero
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...Andris Soroka
 
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...cVidya Networks
 
Building a Meaningful Customer Experience on a Global Scale
Building a Meaningful Customer Experience on a Global ScaleBuilding a Meaningful Customer Experience on a Global Scale
Building a Meaningful Customer Experience on a Global ScaleRoman Nedielka
 
Proofpoint Outbound/DLP Survey Results
Proofpoint Outbound/DLP Survey ResultsProofpoint Outbound/DLP Survey Results
Proofpoint Outbound/DLP Survey Resultsshapetech
 
Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?Security Innovation
 

Similaire à Ponemon survey cloud security webcast (20)

The Cloud and Mobility Pivot - How MSPs can retool for the next 5 years
The Cloud and Mobility Pivot - How MSPs can retool for the next 5 yearsThe Cloud and Mobility Pivot - How MSPs can retool for the next 5 years
The Cloud and Mobility Pivot - How MSPs can retool for the next 5 years
 
Data growth-protection-trends-research-results
Data growth-protection-trends-research-resultsData growth-protection-trends-research-results
Data growth-protection-trends-research-results
 
We present Bugscout
We present BugscoutWe present Bugscout
We present Bugscout
 
Box & okta in cloud
Box & okta in cloudBox & okta in cloud
Box & okta in cloud
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response Program
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinar
 
2012 global cloud_security_survey_executive_summary
2012 global cloud_security_survey_executive_summary2012 global cloud_security_survey_executive_summary
2012 global cloud_security_survey_executive_summary
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computing
 
Symantec 2010 Disaster Recovery Study
Symantec 2010 Disaster Recovery StudySymantec 2010 Disaster Recovery Study
Symantec 2010 Disaster Recovery Study
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18
 
Compliance standards interoperability - Zoltan Precsenyi
Compliance standards interoperability - Zoltan PrecsenyiCompliance standards interoperability - Zoltan Precsenyi
Compliance standards interoperability - Zoltan Precsenyi
 
Future of cloud computing 2011
Future of cloud computing 2011Future of cloud computing 2011
Future of cloud computing 2011
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Why businesses are moving to the Cloud?
Why businesses are moving to the Cloud?Why businesses are moving to the Cloud?
Why businesses are moving to the Cloud?
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
 
The software-security-risk-report
The software-security-risk-reportThe software-security-risk-report
The software-security-risk-report
 
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
 
Building a Meaningful Customer Experience on a Global Scale
Building a Meaningful Customer Experience on a Global ScaleBuilding a Meaningful Customer Experience on a Global Scale
Building a Meaningful Customer Experience on a Global Scale
 
Proofpoint Outbound/DLP Survey Results
Proofpoint Outbound/DLP Survey ResultsProofpoint Outbound/DLP Survey Results
Proofpoint Outbound/DLP Survey Results
 
Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?
 

Dernier

UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 

Dernier (20)

UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 

Ponemon survey cloud security webcast

  • 1. Ponemon Institute Cloud Security: Managing Firewall Risks November 2011 Sponsored by Dome9 Security Ponemon Institute, LLC
  • 2. Security is the #1 concern of the cloud. Ponemon Institute, LLC 2
  • 3. About the study 682 respondents across 17 verticals. All were IT or IT security practitioners. The study was commission by Dome9 Security, a cloud security management service provider. Dome9 provides a cloud firewall management service for automated and elastic security. The study was performed by the Ponemon Institute. The Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. It conducts high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. Ponemon Institute, LLC 3
  • 4. Key study findings Most organizations’ cloud servers are vulnerable Most IT personnel don’t understand the risk Securing access to and generating reports for cloud servers is a big problem Ponemon Institute, LLC
  • 5. How do you rate your cloud security management today? No Comment 21% Poor 25% Fair 27% Good 18% Excellent 9% 0% 5% 10% 15% 20% 25% 30% Excellent Good Fair Poor No Comment Ponemon Institute, LLC
  • 6. 73% believe the cloud server firewall is the first place to stop attacks and prevent exploits. Ponemon Institute, LLC 6
  • 7. When asked: How vulnerable are you from unsecured ports/firewalls? 24% 32% Very Vulnerable 9% Vulnerable Not Vulnerable 35% Unsure Only 9% said they were not vulnerable Ponemon Institute, LLC
  • 8. How likely is this to happen? 60% 42% 43% 40% 19% 9% 14% 12% 22% 20% 16% 18% 0% 5% Already Very likely happened Likely to to happen Not likely happen Will never to happen happen Locked out of cloud server Ports left open & exposed to hackers Ponemon Institute, LLC
  • 9. Key study findings Most organizations’ cloud servers are vulnerable Most IT personnel don’t understand the risk Securing access to and generating reports for cloud servers is a big problem Ponemon Institute, LLC
  • 10. Cloud server firewall management 54% said IT personnel within their organization have no knowledge (or are not knowledgeable) about the potential risk of open firewall ports in their cloud environment 61% said they do not have a solution deployed… when asked, ‘why?’ o 62% said solutions are not scalable o 59% said solutions cost too much o 57% said solutions are not available o 49% said solutions are too complex o 43% said solutions are not dependable Ponemon Institute, LLC
  • 11. Responsibility for Cloud Security Partner Most Responsible Responsible Within Your Org Customer Provider Both 41% 20% 17% 15% 33% 31% 5% 2% 36% Ponemon Institute, LLC
  • 12. Cloud infrastructure is automated… its security must be too. Ponemon Institute, LLC 12
  • 13. Importance of Automation in Cloud Firewall Management More important in the cloud 40% environment because it is elastic Equally important in both on-premises 32% and cloud environments Less important in the cloud 8% environment 20% Unsure 0% 5% 10% 15% 20% 25% 30% 35% 40% Ponemon Institute, LLC
  • 14. Key study findings Most organizations’ cloud servers are vulnerable Most IT personnel don’t understand the risk Securing access to and generating reports for cloud servers is a big problem Ponemon Institute, LLC
  • 15. Managing access and generating reports on cloud server access Cannot manage access or generate reports 36% efficiently 29% Manage access through the cloud provider’s tools, but cannot generate reports Manage access and generate reports directly 14% from each cloud server, manually Ponemon Institute, LLC
  • 16. How would you know If your cloud was hacked because of an open port Our system would provide a warning 19% We wouldn't know 42% The cloud provider would inform us 39% Ponemon Institute, LLC
  • 17. Summary of findings • Only 9% rate their cloud security as Excellent • 42% said they would not know if their cloud was hacked due to an open firewall port. o 39% said they thought their cloud provider would tell them. • 54% said IT has no knowledge of the risk posed by open ports on cloud servers. o 67% said they are vulnerable, today; o 24% said they don’t know if they were vulnerable. • 79% have difficulty or cannot manage access to their cloud servers and generating reports. Ponemon Institute, LLC
  • 18. About the Sponsor D o m e 9 S e c u r i t y L t d. – http://www.dome9.com
  • 19. Overview of Dome9 Dome9 is a cloud firewall security management service Available for the enterprise and hosting providers, Dome9 provides dynamic security policy control for Clouds, Virtual Private Servers (VPS), dedicated servers, and Amazon’s EC2 Security Groups, across all major operating systems and service providers. Dome9 lets you…  Close all administrative ports on your servers without losing access and control.  Open any port on-demand, any time, for anyone, and from anywhere.  Send secure access invitations to third parties.  Centralize firewall management for all your servers and clouds
  • 20. Dome9 Central Dome9 offers full control over the host OS firewall from a secured web service – accessible from anywhere.
  • 21. Secure Your CloudTM Visit Dome9.com to get a copy of the Ponemon Study on Managing Firewalls in the Cloud, and get a free, 14-day trial of Dome9 Security.
  • 22. Thanks for your time. D o m e 9 S e c u r i t y L t d. – http://www.dome9.com
  • 23. Demographic information • 863 total respondents with 682 in final • Respondents spanned 17 industries: sample – 18% Financial Services – 12% Public Sector – 11% Health & Pharma • All respondents were bona fide – 8% Services credentials in IT or IT security – 8% Industrial o Median 10 years in IT and 4.5 years in current position – 7% Retail – 6% Hospitality • All respondents are based in the U.S., but have employees based in: • Organizational size: o 75% Canada – 5% had more than 100,000 employees o 68% Europe – 35% had more than 5,001 employees o 41% Middle East – 25% had 1,001-5,000 employees o 58% Asia-Pacific – 35% had fewer than 1,000 employees o 43% Latin America Role in Organization Reports to CIO 4% 2% 4% 3% 3% Vice President 15% 4% CISO 8% Director 38% CSO 22% Manager 20% 58% Supervisor CRO 19% Technician CFO Staff Ponemon Institute, LLC
  • 24. Cloud types and providers Types of cloud environments Major cloud service providers the the organization presently uses organization presently uses 68% 47%45%49% 70% 50% 60% 50% 38% 40% 50% 30%28% 40% 31% 30% 24% 30% 20% 20% 10% 2% 10% 0% 0% Google Azure Other Rackspace Terremark AWS EC2 GoGrid Ponemon Institute, LLC