SlideShare une entreprise Scribd logo
1  sur  28
Télécharger pour lire hors ligne
Cloud	
  Compu)ng	
  Security	
  

            Ely	
  Kahn	
  
           April	
  2011	
  



                                    1	
  
Execu)ve	
  Summary	
  
•  What	
  is	
  Cloud	
  Security?	
  
     –  Cloud	
  security	
  refers	
  to	
  the	
  policies,	
  technologies,	
  and	
  controls	
  deployed	
  to	
  
          protect	
  data,	
  applica)ons,	
  and	
  the	
  associated	
  infrastructure	
  of	
  cloud	
  
          compu)ng	
  (includes	
  public	
  and	
  private	
  clouds)	
  
     –  Cloud	
  security	
  is	
  not	
  focused	
  on	
  security	
  products	
  that	
  leverage	
  the	
  cloud	
  to	
  
          deliver	
  security	
  services	
  to	
  a	
  customer	
  (although	
  this	
  is	
  also	
  an	
  interes/ng	
  
          area)	
  
     	
  
•  Why	
  is	
  Cloud	
  Security	
  an	
  aErac)ve	
  investment	
  area?	
  
     –  Rapid	
  growth	
  of	
  cloud	
  compu)ng	
  
     –  Security	
  as	
  a	
  key	
  concern	
  why	
  cloud	
  compu)ng	
  is	
  not	
  growing	
  even	
  faster	
  
     –  Acquisi)on-­‐hungry	
  cloud	
  infrastructure	
  providers	
  and	
  informa)on	
  security	
  
        providers	
  looking	
  to	
  differen)ate	
  themselves	
  
     –  An	
  ac)ve	
  start-­‐up	
  community	
  in	
  this	
  space	
  
     –  Data	
  protec)on	
  for	
  the	
  cloud	
  as	
  aErac)ve	
  investment	
  area	
  moving	
  forward	
  
     –  High	
  Cloud	
  Security,	
  CipherCloud,	
  and	
  Navajo	
  Systems	
  as	
  prime	
  examples	
  

                                                                                                                          2	
  
There	
  are	
  4	
  main	
  types	
  of	
  risks	
  that	
  cloud	
  security	
  
companies	
  focus	
  on	
  

        Virtualiza)on	
            Preven)ng	
  cyber	
  aEacks	
  on	
  the	
  hypervisor	
  and	
  virtual	
  
           Security	
              machines	
  



                                   Providing	
  cloud	
  customers	
  with	
  deeper	
  insights	
  on	
  where	
  
       Cloud	
  Security	
  
                                   their	
  data	
  is	
  stored	
  and	
  what	
  security	
  rules,	
  policies,	
  and	
  
        Governance	
  
                                   configura)ons	
  are	
  being	
  applied	
  to	
  them	
  



    Iden)ty	
  and	
  Access	
     Secure	
  and	
  federated	
  access	
  to	
  mul)ple	
  public	
  and/or	
  
       Management	
                private	
  clouds	
  



                                   Iden)fying	
  sensi)ve	
  data	
  and	
  encryp)ng	
  it	
  or	
  pu[ng	
  in	
  
      Data	
  Protec)on	
          place	
  other	
  protec)ve	
  measures	
  to	
  ensure	
  its	
  security	
  

                                                                                                                          3	
  
There	
  are	
  a	
  variety	
  of	
  established	
  players	
  across	
  
these	
  four	
  func)ons	
  

        Virtualiza)on	
  
           Security	
  



       Cloud	
  Security	
  
        Governance	
  



    Iden)ty	
  and	
  Access	
  
       Management	
  




      Data	
  Protec)on	
  

                                                                             4	
  
A	
  wide	
  variety	
  of	
  VCs	
  are	
  inves)ng	
  in	
  cloud	
  
security	
  
    Company	
                    Descrip3on	
                        Founded	
     Round	
     Amt	
      Date	
               Par3cipa3ng	
  VCs	
  
Symplified	
       IAM/CSG.	
  Audi)ng	
  and	
                         2006	
         B	
      $9M	
      2011	
   Granite	
  Ventures,	
  	
  Allegis	
  
                  federated	
  SSO.	
  	
  	
                                                                      Capital,	
  Quest	
  Sodware	
  
Nimbula	
         CSG.	
  Helps	
  securely	
  transi)on	
             2008	
         B	
      $15M	
     2010	
   Accel	
  Partners,	
  Sequoia	
  Capital	
  
                  data	
  centers	
  to	
  private	
  clouds	
  
Hytrust	
         CSG.	
  	
  Enables	
  accountability,	
             2007	
         B	
      $10.5      2010	
   Granite	
  Ventures,	
  Cisco	
  
                  visibility	
  and	
  control	
                                                M	
                Systems,	
  Trident	
  Capital,	
  Epic	
  
                                                                                                                   Ventures	
  
SecureAuth	
      IAM.	
  SSO	
  and	
  mul)factor	
  auth	
           2005	
       N/A	
      $3M	
      2010	
   Angel	
  investors	
  
Appirio	
  	
     CSG.	
  Unifies	
  security	
  policies	
             2006	
         C	
      $10M	
     2009	
   Granite	
  Ventures,	
  Sequoia	
  
                  across	
  cloud	
  applica)ons	
                                                                 Capital	
  
Reflex	
           CSG.	
  Integrates	
  security,	
                    2008	
         A	
      $8.5       2009	
   RFA	
  Management	
  Co.	
  
Systems	
         compliance	
  ,and	
  management	
                                            M	
  
Cloudswitch	
     CSG/DP.	
  Move	
  applica)ons	
                     2008	
         B	
      $8M	
      2009	
   Atlas	
  Venture,	
  Commonwealth	
  
                  securely	
  to	
  the	
  cloud	
  via	
  VPN	
                                                   Capital	
  Ventures,	
  Matrix	
  
                                                                                                                   Partners	
  
Conformity	
      IAM.	
  Audi)ng	
  and	
  federated	
                2007	
         A	
      $3M	
      2009	
   Guggenheim	
  Venture	
  Partners	
  
                  SSO.	
  	
  	
  
Perspecsys	
      DP.	
  	
  Sensi)ve	
  data	
  not	
                 2006	
         A	
       N/A	
     2007	
   Growthworks	
  (Canadian)	
  
                  transmiEed	
  to	
  the	
  cloud	
  

                                                                                                                                                             5	
  
Acquirers	
  include	
  both	
  tradi)onal	
  infosec	
  
companies	
  and	
  cloud	
  infrastructure	
  providers	
  	
  

    Company	
                                         Descrip3on	
                                          Acquirer	
         Date	
      Price	
  

  ArcSight	
         CSG.	
  Global	
  provider	
  of	
  security	
  and	
  compliance	
                        HP	
           2010	
      $1.5B	
  
                     management	
  
  Arcot	
            IAM.	
  The	
  industry’s	
  largest	
  cloud-­‐based	
  authen)ca)on	
                    CA	
           2010	
     $200M	
  
                     system	
  
  TriCipher	
        IAM.	
  	
  Mul)factor	
  authen)ca)on	
                                               VMware	
           2010	
     ~$200M	
  

  Altor	
            VS.	
  A	
  hypervisor-­‐based	
  virtual	
  firewall	
  to	
  protect	
  cloud	
        Juniper	
         2010	
      $95M	
  
  Networks	
         applica)ons	
  
  3Tera	
            CSG.	
  Helps	
  companies	
  build	
  private	
  clouds	
  quickly	
  and	
               CA	
           2010	
      $18M	
  
                     securely	
  
  Roha3	
            IAM.	
  Helps	
  companies	
  control	
  who	
  has	
  access	
  to	
  data	
            Cisco	
          2009	
       N/A	
  
  Networks	
         using	
  context	
  informa)on	
  
  Third	
            CSG/VS.	
  	
  Firewalls,	
  IDS,	
  and	
  security	
  policy	
                     Trend	
  Micro	
     2009	
       N/A	
  
  Brigade	
          enforcement	
  for	
  virtualized	
  environments	
  
  Blue	
  Lane	
     VS.	
  Removes	
  malicious	
  content	
  from	
  network	
  traffic	
                   VMware	
           2008	
      $15M	
  
                     before	
  it	
  reaches	
  your	
  virtual	
  servers	
  


                                                                                                                                                       6	
  
The	
  growing	
  importance	
  of	
  cloud	
  security	
  
concerns…	
  	
  




                                                              7	
  
…	
  will	
  lead	
  to	
  increased	
  cloud	
  security	
  spending	
  

Cloud	
  Compu3ng	
  Market	
  Size	
                           Cloud	
  Security	
  Market	
  Size	
  

                                                            •  Cloud	
  Security	
  will	
  grow	
  to	
  
                                                               a	
  $1.5B	
  market	
  by	
  2015	
  
                                                            •  Cloud	
  Security	
  will	
  capture	
  
                                                               5%	
  of	
  IT	
  security	
  technology	
  
                                                               spending	
  
                                                                –  Source:	
  	
  Forrester	
  


  Note:	
  	
  Gartner	
  recently	
  es)mated	
  
  cloud	
  spending	
  to	
  be	
  3.5x	
  the	
  IDC	
  
  es)mate	
  by	
  2014	
  


                                                                                                         8	
     8	
  
Most	
  of	
  the	
  investments	
  and	
  acquisi)ons	
  to	
  date	
  
have	
  been	
  focused	
  on	
  CSG	
  and	
  IAM…	
  
•  Iden)fied	
  Cloud	
  Security	
  Investments	
  
    –    6	
  addressed	
  Cloud	
  Security	
  Governance	
  func)ons	
  
    –    3	
  addressed	
  Iden)ty	
  and	
  Access	
  Management	
  func)ons	
  
    –    2	
  addressed	
  Data	
  Protec)on	
  
    –    0	
  addressed	
  Virtualiza)on	
  Security	
  


•  Iden)fied	
  Cloud	
  Security	
  Acquisi)ons	
  
    –    3	
  addressed	
  Cloud	
  Security	
  Governance	
  func)ons	
  
    –    3	
  addressed	
  Iden)ty	
  and	
  Access	
  Management	
  func)ons	
  
    –    3	
  addressed	
  Virtualiza)on	
  Security	
  func)ons	
  
    –    0	
  addressed	
  Data	
  Protec)on	
  




                                                                                    9	
  
…	
  but	
  moving	
  forward,	
  data	
  protec)on	
  will	
  be	
  the	
  
big	
  play	
  
                                       High	
              Strength	
  of	
  Compe33on	
              Low	
  

        High	
  
         Security	
  Effec3veness	
  




                                                                                             DP	
  
                                                                         CSG	
  


                                                  VS	
  

                                                             IAM	
  




        Low	
  

                                                                                                                10	
  
Cloud	
  Security	
  Investment	
  Thesis	
  
•  Cloud	
  Data	
  Protec.on	
  companies	
  will	
  be	
  a6rac.ve	
  investments	
  
   for	
  VCs	
  moving	
  forward	
  
•  Things	
  to	
  look	
  for	
  in	
  Cloud	
  Data	
  Protec)on	
  companies:	
  
     –  Novel	
  encryp)on/tokeniza)on	
  approaches	
  that	
  are	
  “defensible”	
  from	
  
        compe)tors	
  
     –  Keys	
  should	
  be	
  stored	
  at	
  a	
  trusted	
  third	
  party	
  or	
  at	
  the	
  client	
  side	
  (not	
  
        with	
  the	
  cloud	
  provider)	
  
     –  Strong	
  knowledge	
  of	
  cloud	
  provider	
  architectures	
  
     –  A	
  focus	
  on	
  low	
  latency,	
  high	
  customer	
  service,	
  and	
  ease	
  of	
  use	
  
     –  Experience	
  in	
  enterprise	
  sales	
  
     –  Entrepreneurs	
  with	
  a	
  proven	
  track	
  record	
  in	
  informa)on	
  security	
  
•  Poten)al	
  exit	
  to	
  tradi)onal	
  informa)on	
  security	
  provider,	
  cloud	
  
   provider,	
  or	
  cloud	
  infrastructure	
  provider	
  most	
  likely	
  
•  Examples	
  of	
  high	
  poten)al	
  start-­‐ups	
  are	
  described	
  on	
  the	
  
   following	
  slides	
  
                                                                                                                                  11	
  
High	
  Cloud	
  Security	
  is	
  a	
  stealth-­‐mode	
  start-­‐up	
  
that	
  is	
  recommended	
  for	
  investment	
  
•  Leadership	
  
     –  Founded	
  by	
  25-­‐plus-­‐year	
  Silicon	
  Valley	
  veterans	
  (IBM/ISS,	
  Veritas,	
  Hytrust,	
  etc.)	
  	
  
     –  Special)es	
  in	
  security,	
  storage,	
  encryp)on,	
  and	
  opera)ng-­‐system	
  kernel	
  internals	
  	
  
     –  The	
  founders	
  have	
  assembled	
  a	
  team	
  of	
  senior	
  engineers,	
  each	
  with	
  over	
  20	
  years	
  of	
  
        experience	
  
•  Technology	
  	
  
     –  The	
  solu)on	
  safely	
  encapsulates	
  any	
  server's	
  VM	
  image	
  so	
  it	
  is	
  protected	
  from	
  
        unauthorized	
  exposure	
  throughout	
  its	
  lifecycle.	
  	
  
     –  This	
  protec)on	
  applies	
  inside	
  the	
  data	
  center	
  as	
  well	
  as	
  when	
  the	
  VM	
  is	
  being	
  run	
  on	
  a	
  
        remote	
  host	
  or	
  in	
  the	
  Cloud.	
  	
  
     –  With	
  High	
  Cloud	
  if	
  a	
  VM	
  were	
  lost	
  or	
  stolen,	
  an	
  unauthorized	
  user	
  could	
  not	
  run	
  it	
  or	
  
        dissect	
  it	
  to	
  expose	
  sensi)ve	
  data;	
  only	
  authen)cated	
  and	
  authorized	
  users	
  can	
  
        execute	
  the	
  VM,	
  with	
  an	
  audit	
  trail	
  of	
  its	
  use.	
  	
  
     –  Is	
  independent	
  of	
  and	
  works	
  with	
  all	
  VMs	
  and	
  applica)ons	
  
     –  Technology	
  is	
  Patent	
  Pending	
  
•  Current	
  Status	
  
     –  Currently	
  in	
  stealth	
  mode	
  
     –  Shipping	
  beta	
  product	
  in	
  April	
  2011;	
  currently	
  looking	
  to	
  raise	
  capital	
  (~$4M)	
  
     –  www.highcloudsecurity.com	
  

                                                                                                                                               12	
  
CipherCloud	
  is	
  a	
  bootstrapped	
  startup	
  that	
  is	
  
recommended	
  for	
  investment	
  
•  CipherCloud	
  provides	
  customers	
  with	
  a	
  web-­‐proxy	
  gateway	
  that	
  
   transparently	
  encrypts	
  sensi)ve	
  data	
  before	
  it’s	
  sent	
  to	
  SaaS/PaaS	
  
   applica)ons	
  in	
  the	
  cloud.	
  	
  Encryp)on	
  key	
  remains	
  only	
  with	
  
   customers.	
  	
  
•  Named	
  Finalist	
  for	
  "Most	
  Innova)ve	
  Company	
  at	
  RSA®	
  Conference	
  
   2011	
  
•  Salesforce.com’s	
  AppExchange	
  -­‐	
  partner	
  ecosystem	
  member	
  	
  
•  Beta	
  is	
  out	
  now;	
  final	
  release	
  expected	
  in	
  March	
  
•  Looking	
  for	
  funding	
  in	
  the	
  Q3	
  )meframe;	
  hoping	
  to	
  raise	
  about	
  $5M	
  
•  Patent-­‐pending	
  encryp)on/tokeniza)on	
  approach	
  
•  Hired	
  ex-­‐Salesforce	
  employees	
  to	
  gain	
  inside	
  knowledge	
  of	
  the	
  
   applica)on	
  
•  Founded	
  in	
  2010	
  by	
  Pravin	
  Kothari,	
  who	
  is	
  a	
  serial	
  entrepreneur;	
  was	
  
   previously	
  co-­‐founder	
  of	
  ArcSight	
  	
  ($1.5B	
  exit)	
  	
  

                                                                                                         13	
  
Navajo	
  Systems	
  is	
  a	
  seed-­‐stage	
  Israeli	
  start-­‐up	
  
recommended	
  for	
  investment	
  
•  Founded	
  in	
  2009	
  by	
  a	
  US-­‐educated	
  Israeli	
  entrepreneur	
  
•  Received	
  unnamed	
  amount	
  of	
  seed	
  funding	
  from	
  Jerusalem	
  
   Venture	
  Partners	
  in	
  2009	
  
•  Named	
  Finalist	
  for	
  "Most	
  Innova)ve	
  Company	
  at	
  RSA®	
  
   Conference	
  2010	
  
•  Member	
  of	
  IBM	
  cloud	
  partner	
  ecosystem	
  
•  Virtual	
  Private	
  SaaS	
  (VPS)	
  can	
  be	
  implemented	
  as	
  an	
  appliance	
  
   installed	
  on	
  the	
  corporate	
  network	
  or	
  as	
  a	
  service	
  hosted	
  by	
  
   Navajo	
  Systems	
  or	
  a	
  third-­‐party	
  service	
  provider	
  
•  Encrypts/decrypts	
  sensi)ve	
  data	
  via	
  a	
  web	
  proxy	
  and	
  encryp)on	
  
   does	
  not	
  affect	
  performance	
  within	
  the	
  applica)on	
  
•  Has	
  solu)ons	
  for	
  various	
  SaaS	
  providers	
  including	
  Google,	
  
   Salesforce,	
  Oracle,	
  etc.	
  

                                                                                             14	
  
APPENDIX	
  


               15	
  
Interviewed	
  Companies	
  




                               16	
  
Cloud	
  compu)ng	
  (public	
  or	
  private)	
  is	
  comprised	
  
of	
  	
  	
  a	
  stack	
  of	
  technologies	
  	
  
                                                                                                                                    Cloud	
                                                                             Public	
  
Applica3ons	
                                                                                                                       Provisioning	
                                                                      Cloud	
  
                                               Enterprise	
  SaaS	
  (external	
  and	
  internal)	
  

App	
                           Tightly	
  integrate	
  with	
  enterprise	
  applica)on	
  layer,	
  oden	
  




                                                                                                                                        installa)ons	
  (whether	
  for	
  private	
  or	
  public	
  usage).	
  	
  
Middleware	
                                                augmen)ng	
  it	
  




                                                                                                                                            Automate	
  the	
  crea)on	
  of	
  datacenter	
  cloud	
  
Dev/Test	
  Tools	
     Used	
  to	
  help	
  develop	
  and	
  debug	
  cloud	
  applica)ons	
  –	
  namely,	
  a	
  
                                                  development	
  environment	
  


VM	
                       This	
  suite	
  of	
  applica)ons	
  provide	
  value-­‐add	
  on	
  top	
  of	
  public	
                                                                                                   Amazon	
  
Management	
               cloud	
  providers	
  (e.g.	
  Amazon)	
  with	
  extended	
  management	
                                                                                                                    Google	
  
                               dashboards	
  as	
  well	
  as	
  hypervisor	
  console	
  extensions	
                                                                                                                  Rackspace	
  
                                                                                                                                                                                                                        Terremark	
  
                                                                                                                                                                                                                         GoGrid	
  
Storage	
  and	
        Provided	
  as	
  a	
  part	
  of	
  a	
  storage-­‐centric	
  public	
  cloud	
  service	
  or	
  as	
  
Data	
                               components	
  to	
  building	
  your	
  private	
  cloud	
  

Hypervisor	
               A	
  virtualiza)on	
  technique	
  which	
  allows	
  mul)ple	
  opera)ng	
  
                        systems,	
  termed	
  guests,	
  to	
  run	
  concurrently	
  on	
  a	
  host	
  computer	
  

                           Provides	
  common	
  services	
  for	
  efficient	
  execu)on	
  of	
  various	
  
OS	
  
                                                  applica)on	
  sodware	
  



         Source:	
  	
  h7p://jameskaskade.com/?p=388	
  March	
  2009	
                                                                                                                                                                17	
  
There	
  are	
  security	
  issues	
  at	
  each	
  layer	
  of	
  the	
  stack	
  
but	
  some	
  are	
  more	
  interes)ng	
  than	
  others	
  
                                                                                                                            Cloud	
                                                        Public	
  
Applica3ons	
                                                                                                               Provisioning	
                                                 Cloud	
  
                                                  Standard	
  applica)on	
  security	
  issues	
  

App	
  
                                               Iden)ty	
  and	
  access	
  management	
  needs	
  




                                                                                                                                                                                           Physical	
  security	
  of	
  hardware,	
  lack	
  of	
  standards,	
  
Middleware	
  




                                                                                                                                Security	
  issues	
  connected	
  to	
  configura)on	
  
Dev/Test	
  Tools	
                                        Code-­‐scanning	
  tools	
  




                                                                                                                                                                                                              privacy	
  laws,	
  etc.	
  
                                                                                                                                                  management	
  
VM	
                      Provides	
  security-­‐related	
  info	
  for	
  configura)on	
  management,	
  
Management	
  
                                                  monitoring,	
  and	
  audi)ng	
  



Storage	
  and	
                            Provides	
  back-­‐up	
  and	
  disaster	
  recovery	
  
Data	
  


Hypervisor	
            An	
  en)rely	
  new	
  layer	
  of	
  very	
  sensi)ve	
  sodware	
  to	
  protect	
  (e.g.,	
  
                               “VM	
  hopping”);	
  added	
  patch	
  management	
  complexity	
  

                        Not	
  unique	
  to	
  cloud	
  compu)ng;	
  rootkits,	
  buffer	
  overflows,	
  privilege	
  
OS	
                    escala)on,	
  etc.;	
  addressed	
  through	
  patches,	
  firewalls,	
  IPS	
  




                                                                                                                                                                                                                                                                     18	
  
Cloud	
  Security	
  Market	
  Opportunity	
  equals	
  Cloud	
  
   Risk	
  Severity	
  )mes	
  Strength	
  of	
  Compe))on	
  
   Cloud	
  Risk	
                                                                      Discussion	
                                                                          Severity	
     Compe33     Opportu
                                                                                                                                                                                                on	
       nity	
  
Isola3on	
             This	
  risk	
  category	
  covers	
  the	
  failure	
  of	
  mechanisms	
  separa)ng	
  storage,	
  memory,	
  rou)ng	
                                   2	
           3	
          6	
  
Failure	
              and	
  even	
  reputa)on	
  between	
  different	
  tenants.	
  However	
  it	
  should	
  be	
  considered	
  that	
  
                       aEacks	
  against	
  hypervisors	
  are	
  s)ll	
  less	
  numerous	
  and	
  more	
  difficult	
  than	
  aEacks	
  on	
  
                       tradi)onal	
  OSs	
  	
  
Incomplete	
           When	
  a	
  request	
  to	
  delete	
  a	
  cloud	
  resource	
  is	
  made,	
  this	
  may	
  not	
  result	
  in	
  true	
  wiping	
  of	
              2	
           3	
          6	
  
Data	
  Dele3on	
      the	
  data.	
  	
  In	
  the	
  case	
  of	
  mul)ple	
  tenancies	
  this	
  represents	
  a	
  higher	
  risk	
  to	
  the	
  customer	
  
                       than	
  with	
  dedicated	
  hardware.	
  	
  
Mgmt.	
                Customer	
  management	
  interfaces	
  of	
  a	
  public	
  CP	
  are	
  accessible	
  through	
  the	
  Internet	
  and	
                                3	
           2	
          6	
  
Interface	
            mediate	
  access	
  to	
  larger	
  sets	
  of	
  resources	
  and	
  therefore	
  pose	
  an	
  increased	
  risk,	
  especially	
  
                       when	
  combined	
  with	
  web	
  browser	
  vulnerabili)es.	
  
Data	
                 It	
  may	
  be	
  difficult	
  for	
  the	
  cloud	
  customer	
  to	
  check	
  the	
  data	
  handling	
  prac)ces	
  of	
  the	
                         2	
           2	
          4	
  
Protec3on	
            cloud	
  provider	
  and	
  thus	
  to	
  be	
  sure	
  that	
  the	
  data	
  is	
  handled	
  in	
  a	
  lawful	
  way.	
  	
  This	
  problem	
  
                       is	
  exacerbated	
  in	
  cases	
  of	
  mul)ple	
  transfers	
  of	
  data,	
  e.g.,	
  between	
  federated	
  clouds.	
  
Compliance	
           Investment	
  in	
  achieving	
  cer)fica)on	
  (e.g.,	
  industry	
  standard	
  or	
  regulatory	
  requirements)	
                                       1	
           2	
          2	
  
Risks	
                may	
  be	
  put	
  at	
  risk	
  by	
  migra)on	
  to	
  the	
  cloud	
  	
  
Loss	
  of	
           In	
  using	
  cloud	
  infrastructures,	
  the	
  client	
  necessarily	
  cedes	
  control	
  to	
  the	
  Cloud	
  Provider	
                           2	
           1	
          2	
  
Governance	
           (CP)	
  on	
  a	
  number	
  of	
  issues	
  which	
  may	
  affect	
  security.	
  	
  Also,	
  SLAs	
  may	
  not	
  offer	
  a	
  
                       commitment	
  to	
  provide	
  such	
  services	
  	
  	
  
Malicious	
            While	
  usually	
  less	
  likely,	
  the	
  damage	
  which	
  may	
  be	
  caused	
  by	
  malicious	
  insiders	
  is	
  oden	
                        1	
           1	
          1	
  
Insider	
              far	
  greater.	
  	
  Cloud	
  architectures	
  necessitate	
  certain	
  roles	
  which	
  are	
  extremely	
  high-­‐risk.	
  	
  


   Source:	
  	
  European	
  Network	
  and	
  Informa/on	
  Security	
  Agency	
  Report	
  on	
  Cloud	
  Compu/ng	
  Benefits,	
  Risks,	
  and	
  
   Recommenda/ons	
  for	
  Informa/on	
  Security.	
  	
  November	
  2009.	
  
                                                                                                                                                                                                            19	
  
There	
  are	
  other	
  informa)on	
  security	
  trends	
  and	
  	
  
start-­‐ups	
  that	
  are	
  noteworthy	
  but	
  not	
  covered	
  here	
  
•  Use	
  of	
  Web	
  2.0	
  technologies	
  in	
  the	
  workplace	
  
     –  Socialware:	
  	
  Middleware	
  to	
  monitor	
  social	
  media	
  usage	
  
•  Leveraging	
  virtualiza)on	
  technologies	
  to	
  beEer	
  protect	
  
   desktops	
  
     –  Invincea:	
  	
  Sandboxing	
  the	
  browser	
  
•  Informa)on	
  security	
  for	
  the	
  internet	
  of	
  things	
  
     –  Mocana:	
  	
  Smart	
  Grid,	
  embedded	
  devices,	
  etc.	
  
•  Leveraging	
  massive	
  amounts	
  of	
  web	
  data	
  and	
  improved	
  
   processing	
  power	
  to	
  beEer	
  protect	
  enterprises	
  
     –  Endgame	
  Systems:	
  	
  Building	
  IP	
  trust	
  scores	
  
     –  CloudFlare:	
  	
  Advanced	
  protec)on	
  for	
  SMB	
  



                                                                                         20	
  
Post-­‐PC	
  devices	
  (including	
  smartphones)	
  are	
  
now	
  surpassing	
  PC	
  devices	
  




                                                                21	
  
The	
  consumeriza)on	
  of	
  IT	
  is	
  introducing	
  new	
  	
  	
  
security	
  issues	
  
•  56%	
  of	
  enterprises	
  allow	
  personally	
  owned	
  smartphones	
  to	
  
   access	
  company	
  resources	
  
•  A	
  recent	
  study	
  showed	
  that	
  10%	
  of	
  Android	
  applica)on	
  
   analyzed	
  contained	
  three	
  or	
  more	
  dangerous	
  security	
  
   permissions	
  
•  Enterprise	
  device	
  management	
  is	
  burdened	
  by	
  a	
  high	
  diversity	
  
   of	
  devices	
  (Blackberry,	
  Android,	
  iPhone,	
  Windows,	
  Palm)	
  and	
  
   a	
  rela)vely	
  immature	
  device	
  management	
  vendor	
  community	
  
•  Legal	
  requirements	
  for	
  data	
  ownership	
  and	
  privacy	
  
   boundaries	
  on	
  personally	
  owned	
  devices	
  are	
  s)ll	
  unclear	
  
•  On	
  the	
  other	
  hand,	
  mobile	
  opera)ng	
  systems	
  are	
  more	
  
   stripped	
  down	
  than	
  PCs,	
  apps	
  run	
  in	
  sandboxes,	
  and	
  apps	
  
   must	
  be	
  signed	
  for	
  use	
  on	
  smartphones	
  (all	
  good	
  for	
  security)	
  

Sources:	
  	
  Forrester.	
  	
  “Security	
  in	
  the	
  Post-­‐PC	
  Era:	
  	
  Controlled	
  Chaos.	
  	
  October	
  14,	
  2010.	
     22	
  
Smartphones	
  are	
  now	
  capable	
  of	
  enabling	
  strong	
  
authen)ca)on	
  processes	
  
•  Smartphones	
  now	
  have	
  enough	
  compu)ng	
  speed	
  and	
  
   memory	
  capacity	
  to	
  handle	
  PKI	
  without	
  much	
  burden	
  
•  Cer)ficate	
  issuance	
  and	
  management	
  is	
  more	
  affordable	
  
•  SIM	
  cards	
  are	
  now	
  capable	
  of	
  cryptoprocessing	
  (e.g.,	
  private	
  
   key	
  on	
  the	
  chip)	
  
•  Foreign	
  examples	
  of	
  using	
  smartphone-­‐based	
  authen)ca)on	
  
   for	
  banking	
  (authen)ca)on)	
  and	
  government	
  services	
  (digital	
  
   signatures)	
  	
  




                                                                                         23	
  
Stolen	
  devices	
  and	
  mobile	
  spyware	
  are	
  the	
  highest	
  
risks	
  for	
  smartphones	
  




Source:	
  	
  Forrester.	
  	
  “Security	
  in	
  the	
  Post-­‐PC	
  Era:	
  	
  Controlled	
  Chaos.	
  	
  October	
  14,	
  2010.	
     24	
  
There	
  are	
  three	
  primary	
  types	
  of	
  smartphone	
  	
  
security	
  start-­‐ups	
  that	
  are	
  of	
  interest	
  
•  This	
  investment	
  thesis	
  focuses	
  on	
  three	
  areas	
  of	
  Smartphone	
  
   Security:	
  
     –  Mobile	
  Device	
  Management	
  (MDM):	
  Sodware	
  that	
  monitors,	
  
        manages	
  and	
  supports	
  mobile	
  devices	
  deployed	
  across	
  an	
  enterprise;	
  
        typically	
  includes	
  data	
  and	
  configura)on	
  se[ngs,	
  encryp)on	
  and	
  wipe	
  
        for	
  all	
  types	
  of	
  mobile	
  devices	
  
     –  Smartphone	
  Malware	
  Protec3on	
  (SMP):	
  	
  Ant-­‐virus/an)-­‐spyware	
  
        protec)on	
  for	
  smartphones	
  
     –  Smartphone	
  Authen3ca3on	
  (SA):	
  	
  U)lizing	
  the	
  smartphone	
  hardware	
  
        and/or	
  sodware	
  for	
  mul)factor	
  authen)ca)on	
  
•  Taken	
  together,	
  these	
  three	
  areas	
  will	
  comprise	
  a	
  1	
  –	
  2	
  billion	
  
   dollar	
  market	
  in	
  the	
  coming	
  years	
  



                                                                                                     25	
  
Recent	
  Smartphone	
  Security	
  Investments	
  (by	
  type)	
  

   Company	
           Type	
         Founded	
     Round	
     Date	
     Amount	
                           Investors	
  

  SurIDx	
            MDM	
             2006	
         A	
      2009	
     $1.695M	
     N/A	
  

  Boxtone	
           MDM	
             2005	
         B	
      2010	
      $7.5M	
      Lazard	
  Technology	
  Partners	
  

  Mobileiron	
        MDM	
             2007	
         C	
      2010	
      $16M	
       Sequoia	
  Capital,	
  Norwest	
  Venture	
  
                                                                                         Partners,	
  Storm	
  Ventures	
  
  Zenprise	
          MDM	
             2003	
       N/A	
      2010	
       $9M	
       Rembrandt	
  Venture	
  Partners,	
  Igni)on	
  
                                                                                         Partners,	
  Bay	
  Partners,	
  Mayfield	
  Fund,	
  	
  
                                                                                         Shasta	
  Ventures	
  
  Fat	
  Skunk	
       SMP	
            2010	
       Seed	
     2010	
       N/A	
       N/A	
  

  Lookout	
           MDM,	
            2009	
         B	
      2010	
      $11M	
       Khosla	
  Ventures,	
  Trilogy	
  Equity	
  
                      SMP	
                                                              Partnership,	
  Accel	
  Management	
  
  Sipera	
            MDM,	
            2003	
       N/A	
      2010	
     $10.2M	
      S3	
  Ventures,	
  Sequoia	
  Capital,	
  Aus)n	
  
  Systems	
           SMP	
                                                              Ventures,	
  Duchossois	
  Technology	
  	
  
                                                                                         Partners,	
  Star	
  Ventures	
  
  FireID	
               SA	
           2005	
         A	
      2010	
      $6.4M	
      4Di	
  Capital	
  (South	
  African)	
  

  Koolspan	
             SA	
           2003	
         C	
      2008	
      $7.1M	
      New	
  York	
  Angels,	
  Rose	
  Tech	
  Ventures,	
  
                                                                                         Security	
  Growth	
  Partners	
  
  Mocana	
            MDM,	
            2008	
         C	
      2008	
       $7M	
       Shasta	
  Ventures,	
  Southern	
  Cross	
  
                     SMP,	
  SA	
                                                        Venture	
  Partners,	
  Bob	
  Pasker	
               26	
  
Recent	
  Smartphone	
  Security	
  Exits	
  (by	
  type)	
  
        Company	
            Date	
  	
              Type	
           Amount	
          Acquirer	
  
Trust	
  Digital	
      2010	
              MDM	
               N/A	
              McAfee	
  
sMobile	
               2010	
              MDM,	
  SMP	
       $70M	
             Juniper	
  
Droid	
  Security	
     2010	
              SMP	
               $9.4M	
            AVG	
  
tenCube	
               2010	
              MDM	
               N/A	
              McAfee	
  
InterNoded	
            2009	
              MDM	
               N/A	
              Tangoe	
  
Verisign	
              2010	
              SA	
                1.28B	
            Symantec	
  
Mobile	
  Armor	
       2010	
              MDM	
               N/A	
              Trend	
  Micro	
  




                                                                                                        27	
  
Duo	
  Security	
  is	
  a	
  bootstrapped	
  smartphone	
  security	
  
 start-­‐up	
  that	
  is	
  recommended	
  for	
  investment	
  
•  Leadership	
  
    –  Dug	
  Song	
  is	
  the	
  well-­‐respected	
  founder	
  of	
  Arbor	
  Networks,	
  which	
  had	
  a	
  
       large	
  exit	
  in	
  2010	
  
•  Technology	
  
    –  SaaS-­‐based	
  Mul)-­‐Factor	
  Authen)ca)on	
  (MFA)	
  service	
  
    –  Focus	
  on	
  cost	
  effec)veness	
  and	
  customer	
  interface,	
  which	
  they	
  believe	
  
       are	
  the	
  main	
  factors	
  that	
  have	
  prevent	
  MFA	
  from	
  being	
  adopted	
  
•  Current	
  Status	
  
    –  Was	
  opera)ng	
  in	
  stealth	
  mode	
  un)l	
  December	
  2010	
  
    –  Product	
  is	
  in	
  beta	
  stage	
  
    –  hEp://www.duosecurity.com/	
  




                                                                                                                 28	
  

Contenu connexe

Tendances

Laser Pioneer Secures Network End-to-End to Protect Assets
Laser Pioneer Secures Network End-to-End to Protect AssetsLaser Pioneer Secures Network End-to-End to Protect Assets
Laser Pioneer Secures Network End-to-End to Protect AssetsCisco Security
 
Rob kloots auditoutsourcedit
Rob kloots auditoutsourceditRob kloots auditoutsourcedit
Rob kloots auditoutsourceditRobert Kloots
 
Brighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud SecurityBrighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud Securityguestc416cd26
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14L S Subramanian
 
2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdf2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdfYounesChafi1
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesNJVC, LLC
 
Cloud Expo 2010 Cloud Computing in DoD
Cloud Expo 2010 Cloud Computing in DoDCloud Expo 2010 Cloud Computing in DoD
Cloud Expo 2010 Cloud Computing in DoDGovCloud Network
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2JD Sherry
 
Security Concerns in Cloud Computing
Security Concerns in Cloud ComputingSecurity Concerns in Cloud Computing
Security Concerns in Cloud Computingijtsrd
 
Security as a Service Model for Cloud Environment
Security as   a Service Model   for   Cloud   EnvironmentSecurity as   a Service Model   for   Cloud   Environment
Security as a Service Model for Cloud EnvironmentKaashivInfoTech Company
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceUNIT4 IT Solutions
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsASBIS SK
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Ingram Micro Cloud
 

Tendances (20)

Cloud Security
Cloud Security Cloud Security
Cloud Security
 
Laser Pioneer Secures Network End-to-End to Protect Assets
Laser Pioneer Secures Network End-to-End to Protect AssetsLaser Pioneer Secures Network End-to-End to Protect Assets
Laser Pioneer Secures Network End-to-End to Protect Assets
 
Intercloud_Fabric
Intercloud_FabricIntercloud_Fabric
Intercloud_Fabric
 
Rob kloots auditoutsourcedit
Rob kloots auditoutsourceditRob kloots auditoutsourcedit
Rob kloots auditoutsourcedit
 
Ccsw
CcswCcsw
Ccsw
 
Brighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud SecurityBrighttalk Challenges In Cloud Security
Brighttalk Challenges In Cloud Security
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14
 
2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdf2022 Q1 Webinar Securite du Cloud public (1).pdf
2022 Q1 Webinar Securite du Cloud public (1).pdf
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
 
2010 grail research_cloud_computing
2010 grail research_cloud_computing2010 grail research_cloud_computing
2010 grail research_cloud_computing
 
Cloud Expo 2010 Cloud Computing in DoD
Cloud Expo 2010 Cloud Computing in DoDCloud Expo 2010 Cloud Computing in DoD
Cloud Expo 2010 Cloud Computing in DoD
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2
 
VSD Istanbul 2018
VSD Istanbul 2018VSD Istanbul 2018
VSD Istanbul 2018
 
Security Concerns in Cloud Computing
Security Concerns in Cloud ComputingSecurity Concerns in Cloud Computing
Security Concerns in Cloud Computing
 
Security as a Service Model for Cloud Environment
Security as   a Service Model   for   Cloud   EnvironmentSecurity as   a Service Model   for   Cloud   Environment
Security as a Service Model for Cloud Environment
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
 
Value Journal - September 2020
Value Journal - September 2020Value Journal - September 2020
Value Journal - September 2020
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security Solutions
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
 
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
 

Similaire à Cloud security ely kahn

Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloudpatmisasi
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012Amazon Web Services
 
Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010graywilliams
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloudInterop
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...csandit
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
 
10 security concerns cloud computing
10 security concerns cloud computing10 security concerns cloud computing
10 security concerns cloud computingHossam Zein
 
Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the  private cloud? [WHITEPAPER]Are you ready for the  private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]KVH Co. Ltd.
 
Are your insurance processes cloud compatible?
Are your insurance processes cloud compatible?Are your insurance processes cloud compatible?
Are your insurance processes cloud compatible?Cognizant
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMwareOpSource
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud ComputingAshish Patel
 
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudTaiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudnooralmousa
 

Similaire à Cloud security ely kahn (20)

Virtual Instruments Presentation
Virtual Instruments PresentationVirtual Instruments Presentation
Virtual Instruments Presentation
 
Slides 530 a2
Slides 530 a2Slides 530 a2
Slides 530 a2
 
Cloud computing for SMBs
Cloud computing for SMBsCloud computing for SMBs
Cloud computing for SMBs
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
 
Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
10 security concerns cloud computing
10 security concerns cloud computing10 security concerns cloud computing
10 security concerns cloud computing
 
Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the  private cloud? [WHITEPAPER]Are you ready for the  private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]
 
Are your insurance processes cloud compatible?
Are your insurance processes cloud compatible?Are your insurance processes cloud compatible?
Are your insurance processes cloud compatible?
 
Ad4502189193
Ad4502189193Ad4502189193
Ad4502189193
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMware
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudTaiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloud
 
Sukhbir jasuja digital_trends_11
Sukhbir jasuja digital_trends_11Sukhbir jasuja digital_trends_11
Sukhbir jasuja digital_trends_11
 

Dernier

Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 

Dernier (20)

Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 

Cloud security ely kahn

  • 1. Cloud  Compu)ng  Security   Ely  Kahn   April  2011   1  
  • 2. Execu)ve  Summary   •  What  is  Cloud  Security?   –  Cloud  security  refers  to  the  policies,  technologies,  and  controls  deployed  to   protect  data,  applica)ons,  and  the  associated  infrastructure  of  cloud   compu)ng  (includes  public  and  private  clouds)   –  Cloud  security  is  not  focused  on  security  products  that  leverage  the  cloud  to   deliver  security  services  to  a  customer  (although  this  is  also  an  interes/ng   area)     •  Why  is  Cloud  Security  an  aErac)ve  investment  area?   –  Rapid  growth  of  cloud  compu)ng   –  Security  as  a  key  concern  why  cloud  compu)ng  is  not  growing  even  faster   –  Acquisi)on-­‐hungry  cloud  infrastructure  providers  and  informa)on  security   providers  looking  to  differen)ate  themselves   –  An  ac)ve  start-­‐up  community  in  this  space   –  Data  protec)on  for  the  cloud  as  aErac)ve  investment  area  moving  forward   –  High  Cloud  Security,  CipherCloud,  and  Navajo  Systems  as  prime  examples   2  
  • 3. There  are  4  main  types  of  risks  that  cloud  security   companies  focus  on   Virtualiza)on   Preven)ng  cyber  aEacks  on  the  hypervisor  and  virtual   Security   machines   Providing  cloud  customers  with  deeper  insights  on  where   Cloud  Security   their  data  is  stored  and  what  security  rules,  policies,  and   Governance   configura)ons  are  being  applied  to  them   Iden)ty  and  Access   Secure  and  federated  access  to  mul)ple  public  and/or   Management   private  clouds   Iden)fying  sensi)ve  data  and  encryp)ng  it  or  pu[ng  in   Data  Protec)on   place  other  protec)ve  measures  to  ensure  its  security   3  
  • 4. There  are  a  variety  of  established  players  across   these  four  func)ons   Virtualiza)on   Security   Cloud  Security   Governance   Iden)ty  and  Access   Management   Data  Protec)on   4  
  • 5. A  wide  variety  of  VCs  are  inves)ng  in  cloud   security   Company   Descrip3on   Founded   Round   Amt   Date   Par3cipa3ng  VCs   Symplified   IAM/CSG.  Audi)ng  and   2006   B   $9M   2011   Granite  Ventures,    Allegis   federated  SSO.       Capital,  Quest  Sodware   Nimbula   CSG.  Helps  securely  transi)on   2008   B   $15M   2010   Accel  Partners,  Sequoia  Capital   data  centers  to  private  clouds   Hytrust   CSG.    Enables  accountability,   2007   B   $10.5 2010   Granite  Ventures,  Cisco   visibility  and  control   M   Systems,  Trident  Capital,  Epic   Ventures   SecureAuth   IAM.  SSO  and  mul)factor  auth   2005   N/A   $3M   2010   Angel  investors   Appirio     CSG.  Unifies  security  policies   2006   C   $10M   2009   Granite  Ventures,  Sequoia   across  cloud  applica)ons   Capital   Reflex   CSG.  Integrates  security,   2008   A   $8.5 2009   RFA  Management  Co.   Systems   compliance  ,and  management   M   Cloudswitch   CSG/DP.  Move  applica)ons   2008   B   $8M   2009   Atlas  Venture,  Commonwealth   securely  to  the  cloud  via  VPN   Capital  Ventures,  Matrix   Partners   Conformity   IAM.  Audi)ng  and  federated   2007   A   $3M   2009   Guggenheim  Venture  Partners   SSO.       Perspecsys   DP.    Sensi)ve  data  not   2006   A   N/A   2007   Growthworks  (Canadian)   transmiEed  to  the  cloud   5  
  • 6. Acquirers  include  both  tradi)onal  infosec   companies  and  cloud  infrastructure  providers     Company   Descrip3on   Acquirer   Date   Price   ArcSight   CSG.  Global  provider  of  security  and  compliance   HP   2010   $1.5B   management   Arcot   IAM.  The  industry’s  largest  cloud-­‐based  authen)ca)on   CA   2010   $200M   system   TriCipher   IAM.    Mul)factor  authen)ca)on   VMware   2010   ~$200M   Altor   VS.  A  hypervisor-­‐based  virtual  firewall  to  protect  cloud   Juniper   2010   $95M   Networks   applica)ons   3Tera   CSG.  Helps  companies  build  private  clouds  quickly  and   CA   2010   $18M   securely   Roha3   IAM.  Helps  companies  control  who  has  access  to  data   Cisco   2009   N/A   Networks   using  context  informa)on   Third   CSG/VS.    Firewalls,  IDS,  and  security  policy   Trend  Micro   2009   N/A   Brigade   enforcement  for  virtualized  environments   Blue  Lane   VS.  Removes  malicious  content  from  network  traffic   VMware   2008   $15M   before  it  reaches  your  virtual  servers   6  
  • 7. The  growing  importance  of  cloud  security   concerns…     7  
  • 8. …  will  lead  to  increased  cloud  security  spending   Cloud  Compu3ng  Market  Size   Cloud  Security  Market  Size   •  Cloud  Security  will  grow  to   a  $1.5B  market  by  2015   •  Cloud  Security  will  capture   5%  of  IT  security  technology   spending   –  Source:    Forrester   Note:    Gartner  recently  es)mated   cloud  spending  to  be  3.5x  the  IDC   es)mate  by  2014   8   8  
  • 9. Most  of  the  investments  and  acquisi)ons  to  date   have  been  focused  on  CSG  and  IAM…   •  Iden)fied  Cloud  Security  Investments   –  6  addressed  Cloud  Security  Governance  func)ons   –  3  addressed  Iden)ty  and  Access  Management  func)ons   –  2  addressed  Data  Protec)on   –  0  addressed  Virtualiza)on  Security   •  Iden)fied  Cloud  Security  Acquisi)ons   –  3  addressed  Cloud  Security  Governance  func)ons   –  3  addressed  Iden)ty  and  Access  Management  func)ons   –  3  addressed  Virtualiza)on  Security  func)ons   –  0  addressed  Data  Protec)on   9  
  • 10. …  but  moving  forward,  data  protec)on  will  be  the   big  play   High   Strength  of  Compe33on   Low   High   Security  Effec3veness   DP   CSG   VS   IAM   Low   10  
  • 11. Cloud  Security  Investment  Thesis   •  Cloud  Data  Protec.on  companies  will  be  a6rac.ve  investments   for  VCs  moving  forward   •  Things  to  look  for  in  Cloud  Data  Protec)on  companies:   –  Novel  encryp)on/tokeniza)on  approaches  that  are  “defensible”  from   compe)tors   –  Keys  should  be  stored  at  a  trusted  third  party  or  at  the  client  side  (not   with  the  cloud  provider)   –  Strong  knowledge  of  cloud  provider  architectures   –  A  focus  on  low  latency,  high  customer  service,  and  ease  of  use   –  Experience  in  enterprise  sales   –  Entrepreneurs  with  a  proven  track  record  in  informa)on  security   •  Poten)al  exit  to  tradi)onal  informa)on  security  provider,  cloud   provider,  or  cloud  infrastructure  provider  most  likely   •  Examples  of  high  poten)al  start-­‐ups  are  described  on  the   following  slides   11  
  • 12. High  Cloud  Security  is  a  stealth-­‐mode  start-­‐up   that  is  recommended  for  investment   •  Leadership   –  Founded  by  25-­‐plus-­‐year  Silicon  Valley  veterans  (IBM/ISS,  Veritas,  Hytrust,  etc.)     –  Special)es  in  security,  storage,  encryp)on,  and  opera)ng-­‐system  kernel  internals     –  The  founders  have  assembled  a  team  of  senior  engineers,  each  with  over  20  years  of   experience   •  Technology     –  The  solu)on  safely  encapsulates  any  server's  VM  image  so  it  is  protected  from   unauthorized  exposure  throughout  its  lifecycle.     –  This  protec)on  applies  inside  the  data  center  as  well  as  when  the  VM  is  being  run  on  a   remote  host  or  in  the  Cloud.     –  With  High  Cloud  if  a  VM  were  lost  or  stolen,  an  unauthorized  user  could  not  run  it  or   dissect  it  to  expose  sensi)ve  data;  only  authen)cated  and  authorized  users  can   execute  the  VM,  with  an  audit  trail  of  its  use.     –  Is  independent  of  and  works  with  all  VMs  and  applica)ons   –  Technology  is  Patent  Pending   •  Current  Status   –  Currently  in  stealth  mode   –  Shipping  beta  product  in  April  2011;  currently  looking  to  raise  capital  (~$4M)   –  www.highcloudsecurity.com   12  
  • 13. CipherCloud  is  a  bootstrapped  startup  that  is   recommended  for  investment   •  CipherCloud  provides  customers  with  a  web-­‐proxy  gateway  that   transparently  encrypts  sensi)ve  data  before  it’s  sent  to  SaaS/PaaS   applica)ons  in  the  cloud.    Encryp)on  key  remains  only  with   customers.     •  Named  Finalist  for  "Most  Innova)ve  Company  at  RSA®  Conference   2011   •  Salesforce.com’s  AppExchange  -­‐  partner  ecosystem  member     •  Beta  is  out  now;  final  release  expected  in  March   •  Looking  for  funding  in  the  Q3  )meframe;  hoping  to  raise  about  $5M   •  Patent-­‐pending  encryp)on/tokeniza)on  approach   •  Hired  ex-­‐Salesforce  employees  to  gain  inside  knowledge  of  the   applica)on   •  Founded  in  2010  by  Pravin  Kothari,  who  is  a  serial  entrepreneur;  was   previously  co-­‐founder  of  ArcSight    ($1.5B  exit)     13  
  • 14. Navajo  Systems  is  a  seed-­‐stage  Israeli  start-­‐up   recommended  for  investment   •  Founded  in  2009  by  a  US-­‐educated  Israeli  entrepreneur   •  Received  unnamed  amount  of  seed  funding  from  Jerusalem   Venture  Partners  in  2009   •  Named  Finalist  for  "Most  Innova)ve  Company  at  RSA®   Conference  2010   •  Member  of  IBM  cloud  partner  ecosystem   •  Virtual  Private  SaaS  (VPS)  can  be  implemented  as  an  appliance   installed  on  the  corporate  network  or  as  a  service  hosted  by   Navajo  Systems  or  a  third-­‐party  service  provider   •  Encrypts/decrypts  sensi)ve  data  via  a  web  proxy  and  encryp)on   does  not  affect  performance  within  the  applica)on   •  Has  solu)ons  for  various  SaaS  providers  including  Google,   Salesforce,  Oracle,  etc.   14  
  • 15. APPENDIX   15  
  • 17. Cloud  compu)ng  (public  or  private)  is  comprised   of      a  stack  of  technologies     Cloud   Public   Applica3ons   Provisioning   Cloud   Enterprise  SaaS  (external  and  internal)   App   Tightly  integrate  with  enterprise  applica)on  layer,  oden   installa)ons  (whether  for  private  or  public  usage).     Middleware   augmen)ng  it   Automate  the  crea)on  of  datacenter  cloud   Dev/Test  Tools   Used  to  help  develop  and  debug  cloud  applica)ons  –  namely,  a   development  environment   VM   This  suite  of  applica)ons  provide  value-­‐add  on  top  of  public   Amazon   Management   cloud  providers  (e.g.  Amazon)  with  extended  management   Google   dashboards  as  well  as  hypervisor  console  extensions   Rackspace   Terremark   GoGrid   Storage  and   Provided  as  a  part  of  a  storage-­‐centric  public  cloud  service  or  as   Data   components  to  building  your  private  cloud   Hypervisor   A  virtualiza)on  technique  which  allows  mul)ple  opera)ng   systems,  termed  guests,  to  run  concurrently  on  a  host  computer   Provides  common  services  for  efficient  execu)on  of  various   OS   applica)on  sodware   Source:    h7p://jameskaskade.com/?p=388  March  2009   17  
  • 18. There  are  security  issues  at  each  layer  of  the  stack   but  some  are  more  interes)ng  than  others   Cloud   Public   Applica3ons   Provisioning   Cloud   Standard  applica)on  security  issues   App   Iden)ty  and  access  management  needs   Physical  security  of  hardware,  lack  of  standards,   Middleware   Security  issues  connected  to  configura)on   Dev/Test  Tools   Code-­‐scanning  tools   privacy  laws,  etc.   management   VM   Provides  security-­‐related  info  for  configura)on  management,   Management   monitoring,  and  audi)ng   Storage  and   Provides  back-­‐up  and  disaster  recovery   Data   Hypervisor   An  en)rely  new  layer  of  very  sensi)ve  sodware  to  protect  (e.g.,   “VM  hopping”);  added  patch  management  complexity   Not  unique  to  cloud  compu)ng;  rootkits,  buffer  overflows,  privilege   OS   escala)on,  etc.;  addressed  through  patches,  firewalls,  IPS   18  
  • 19. Cloud  Security  Market  Opportunity  equals  Cloud   Risk  Severity  )mes  Strength  of  Compe))on   Cloud  Risk   Discussion   Severity   Compe33 Opportu on   nity   Isola3on   This  risk  category  covers  the  failure  of  mechanisms  separa)ng  storage,  memory,  rou)ng   2   3   6   Failure   and  even  reputa)on  between  different  tenants.  However  it  should  be  considered  that   aEacks  against  hypervisors  are  s)ll  less  numerous  and  more  difficult  than  aEacks  on   tradi)onal  OSs     Incomplete   When  a  request  to  delete  a  cloud  resource  is  made,  this  may  not  result  in  true  wiping  of   2   3   6   Data  Dele3on   the  data.    In  the  case  of  mul)ple  tenancies  this  represents  a  higher  risk  to  the  customer   than  with  dedicated  hardware.     Mgmt.   Customer  management  interfaces  of  a  public  CP  are  accessible  through  the  Internet  and   3   2   6   Interface   mediate  access  to  larger  sets  of  resources  and  therefore  pose  an  increased  risk,  especially   when  combined  with  web  browser  vulnerabili)es.   Data   It  may  be  difficult  for  the  cloud  customer  to  check  the  data  handling  prac)ces  of  the   2   2   4   Protec3on   cloud  provider  and  thus  to  be  sure  that  the  data  is  handled  in  a  lawful  way.    This  problem   is  exacerbated  in  cases  of  mul)ple  transfers  of  data,  e.g.,  between  federated  clouds.   Compliance   Investment  in  achieving  cer)fica)on  (e.g.,  industry  standard  or  regulatory  requirements)   1   2   2   Risks   may  be  put  at  risk  by  migra)on  to  the  cloud     Loss  of   In  using  cloud  infrastructures,  the  client  necessarily  cedes  control  to  the  Cloud  Provider   2   1   2   Governance   (CP)  on  a  number  of  issues  which  may  affect  security.    Also,  SLAs  may  not  offer  a   commitment  to  provide  such  services       Malicious   While  usually  less  likely,  the  damage  which  may  be  caused  by  malicious  insiders  is  oden   1   1   1   Insider   far  greater.    Cloud  architectures  necessitate  certain  roles  which  are  extremely  high-­‐risk.     Source:    European  Network  and  Informa/on  Security  Agency  Report  on  Cloud  Compu/ng  Benefits,  Risks,  and   Recommenda/ons  for  Informa/on  Security.    November  2009.   19  
  • 20. There  are  other  informa)on  security  trends  and     start-­‐ups  that  are  noteworthy  but  not  covered  here   •  Use  of  Web  2.0  technologies  in  the  workplace   –  Socialware:    Middleware  to  monitor  social  media  usage   •  Leveraging  virtualiza)on  technologies  to  beEer  protect   desktops   –  Invincea:    Sandboxing  the  browser   •  Informa)on  security  for  the  internet  of  things   –  Mocana:    Smart  Grid,  embedded  devices,  etc.   •  Leveraging  massive  amounts  of  web  data  and  improved   processing  power  to  beEer  protect  enterprises   –  Endgame  Systems:    Building  IP  trust  scores   –  CloudFlare:    Advanced  protec)on  for  SMB   20  
  • 21. Post-­‐PC  devices  (including  smartphones)  are   now  surpassing  PC  devices   21  
  • 22. The  consumeriza)on  of  IT  is  introducing  new       security  issues   •  56%  of  enterprises  allow  personally  owned  smartphones  to   access  company  resources   •  A  recent  study  showed  that  10%  of  Android  applica)on   analyzed  contained  three  or  more  dangerous  security   permissions   •  Enterprise  device  management  is  burdened  by  a  high  diversity   of  devices  (Blackberry,  Android,  iPhone,  Windows,  Palm)  and   a  rela)vely  immature  device  management  vendor  community   •  Legal  requirements  for  data  ownership  and  privacy   boundaries  on  personally  owned  devices  are  s)ll  unclear   •  On  the  other  hand,  mobile  opera)ng  systems  are  more   stripped  down  than  PCs,  apps  run  in  sandboxes,  and  apps   must  be  signed  for  use  on  smartphones  (all  good  for  security)   Sources:    Forrester.    “Security  in  the  Post-­‐PC  Era:    Controlled  Chaos.    October  14,  2010.   22  
  • 23. Smartphones  are  now  capable  of  enabling  strong   authen)ca)on  processes   •  Smartphones  now  have  enough  compu)ng  speed  and   memory  capacity  to  handle  PKI  without  much  burden   •  Cer)ficate  issuance  and  management  is  more  affordable   •  SIM  cards  are  now  capable  of  cryptoprocessing  (e.g.,  private   key  on  the  chip)   •  Foreign  examples  of  using  smartphone-­‐based  authen)ca)on   for  banking  (authen)ca)on)  and  government  services  (digital   signatures)     23  
  • 24. Stolen  devices  and  mobile  spyware  are  the  highest   risks  for  smartphones   Source:    Forrester.    “Security  in  the  Post-­‐PC  Era:    Controlled  Chaos.    October  14,  2010.   24  
  • 25. There  are  three  primary  types  of  smartphone     security  start-­‐ups  that  are  of  interest   •  This  investment  thesis  focuses  on  three  areas  of  Smartphone   Security:   –  Mobile  Device  Management  (MDM):  Sodware  that  monitors,   manages  and  supports  mobile  devices  deployed  across  an  enterprise;   typically  includes  data  and  configura)on  se[ngs,  encryp)on  and  wipe   for  all  types  of  mobile  devices   –  Smartphone  Malware  Protec3on  (SMP):    Ant-­‐virus/an)-­‐spyware   protec)on  for  smartphones   –  Smartphone  Authen3ca3on  (SA):    U)lizing  the  smartphone  hardware   and/or  sodware  for  mul)factor  authen)ca)on   •  Taken  together,  these  three  areas  will  comprise  a  1  –  2  billion   dollar  market  in  the  coming  years   25  
  • 26. Recent  Smartphone  Security  Investments  (by  type)   Company   Type   Founded   Round   Date   Amount   Investors   SurIDx   MDM   2006   A   2009   $1.695M   N/A   Boxtone   MDM   2005   B   2010   $7.5M   Lazard  Technology  Partners   Mobileiron   MDM   2007   C   2010   $16M   Sequoia  Capital,  Norwest  Venture   Partners,  Storm  Ventures   Zenprise   MDM   2003   N/A   2010   $9M   Rembrandt  Venture  Partners,  Igni)on   Partners,  Bay  Partners,  Mayfield  Fund,     Shasta  Ventures   Fat  Skunk   SMP   2010   Seed   2010   N/A   N/A   Lookout   MDM,   2009   B   2010   $11M   Khosla  Ventures,  Trilogy  Equity   SMP   Partnership,  Accel  Management   Sipera   MDM,   2003   N/A   2010   $10.2M   S3  Ventures,  Sequoia  Capital,  Aus)n   Systems   SMP   Ventures,  Duchossois  Technology     Partners,  Star  Ventures   FireID   SA   2005   A   2010   $6.4M   4Di  Capital  (South  African)   Koolspan   SA   2003   C   2008   $7.1M   New  York  Angels,  Rose  Tech  Ventures,   Security  Growth  Partners   Mocana   MDM,   2008   C   2008   $7M   Shasta  Ventures,  Southern  Cross   SMP,  SA   Venture  Partners,  Bob  Pasker   26  
  • 27. Recent  Smartphone  Security  Exits  (by  type)   Company   Date     Type   Amount   Acquirer   Trust  Digital   2010   MDM   N/A   McAfee   sMobile   2010   MDM,  SMP   $70M   Juniper   Droid  Security   2010   SMP   $9.4M   AVG   tenCube   2010   MDM   N/A   McAfee   InterNoded   2009   MDM   N/A   Tangoe   Verisign   2010   SA   1.28B   Symantec   Mobile  Armor   2010   MDM   N/A   Trend  Micro   27  
  • 28. Duo  Security  is  a  bootstrapped  smartphone  security   start-­‐up  that  is  recommended  for  investment   •  Leadership   –  Dug  Song  is  the  well-­‐respected  founder  of  Arbor  Networks,  which  had  a   large  exit  in  2010   •  Technology   –  SaaS-­‐based  Mul)-­‐Factor  Authen)ca)on  (MFA)  service   –  Focus  on  cost  effec)veness  and  customer  interface,  which  they  believe   are  the  main  factors  that  have  prevent  MFA  from  being  adopted   •  Current  Status   –  Was  opera)ng  in  stealth  mode  un)l  December  2010   –  Product  is  in  beta  stage   –  hEp://www.duosecurity.com/   28