1. How Adopting the Cloud Can Improve
Your Security.
Martin Lee CISSP CEng
Senior Analyst
Cloud Can Improve Your Security. 1
2. Cloud Advantages – Customer.
Ease of provision - register & use.
Elastic capacity - seamless expansion.
Resource pooling - shared costs across customer base.
Pay-as-you-go billing - easy to budget.
Ubiquitous - same service everywhere.
Cloud Can Improve Your Security. 2
3. Cloud Advantages – Provider.
Defined product offering – all customers use single version.
Easy capacity planning – most customers are alike.
Efficiencies of scale – work becomes easier.
Network efficiencies – rare events become common.
Cloud Can Improve Your Security. 3
4. Predicted Data Growth.
Year.
Source: 2011 IDC Digital Universe Study.
Cloud Can Improve Your Security. 4
5. Data Breach Cost Per Record.
Year.
Source: Cost of a Data Breach, Ponemon Institute.
Cloud Can Improve Your Security. 5
6. Cloud Adoption Barriers – Security.
87% believe cloud will not
impact or will actually improve
their security posture.
Yet, they rate security as their #1 concern.
• Mass malware outbreak at your cloud provider
• Hacker-based data theft from your cloud provider
• Sharing sensitive data insecurely via the cloud
• Rogue use of cloud leading to a data breach
• Data spillage in a multi-hosted environment
Source: State of Cloud Survey, Symantec.
Cloud Can Improve Your Security. 6
7. Who provides better security, you or your cloud provider?
Cloud Can Improve Your Security. 7
8. Strong Incentives to Keep Cloud Operating.
Problems can’t be hidden.
Cloud Can Improve Your Security. 8
9. Predicted Growth in Number of Info. Sec. Staff.
Year.
Source: The 2011 (ISC)2 Global Information Security Workforce Study.
Cloud Can Improve Your Security. 9
10. Shortage of Specialist Staff.
~ 600 000 info sec staff in EMEA.
~ 20.8 million companies in EU.
1 info sec professional for every 35 companies!
Source: Annual Report on EU Small and Medium sized Enterprises 2010/2011. DG Enterprise.
Cloud Can Improve Your Security. 10
13. Growth in Malware Variants.
In 2010
~13,300
Signatures per day
Or 1 every 6.5 seconds!
In 2000
~5
Signatures per day
Cloud Can Improve Your Security. 13
15. Characteristics of Targeted Attacks.
Targeted Non-Targeted
Attack relevant to interests of recipient No regard to recipient
Low copy number High copy number
Bespoke malware Often kit based
Obscure business model Clear financial incentive
The attackers’ aim appears to be covert gathering and transmitting of
commercially or economically valuable information. - CPNI
Cloud Can Improve Your Security. 15
18. Symantec.cloud Targeted Attack Data.
Targeted attacks remain rare.
During 2011:
1 in 50.07 of all customers was sent a targeted attack.
1 in 88.93 of SMEs was sent a targeted attack.
Cloud Can Improve Your Security. 18
19. Frequency of Attack During 2011.
Annual attack frequency.
Cloud Can Improve Your Security. 19
20. Detecting Rare & Sophisticated Malware.
Large number of samples +
detailed analysis = better detection.
Cloud Can Improve Your Security. 20
22. Going Cloud.
Define your requirements.
Define your expectations.
Can the cloud provider fulfill?
How will you know?
What is their track record?
SLA + metrics + track record.
Cloud Can Improve Your Security. 22
23. “We get a more robust solution … than we would be able to host for
ourselves, and at a much more reasonable cost. We don’t have to put any
team member’s time into it, and we don’t have to provide hardware.”
David Wassenar, Vice President, IT, Apprise Software
Cloud Can Improve Your Security. 23