The document discusses the security benefits of cloud computing for the oil and gas industry. It notes that cloud providers have more rigorous security measures like vetted staff, physical security, and expertise in mitigating threats. Moving critical systems and data to the cloud can distribute it across multiple systems to reduce risk and allow companies to scale resources easily. The presentation examines security risks currently facing the oil and gas industry from cyber attacks and argues that cloud computing provides stronger protection through the cloud providers' focus on security.
Breaking down the cyber security framework closing critical it security gaps
EUCI O&G Cloud Security - Eric Jeffery Final
1. Security Benefits of Cloud Computing
Presenter: Eric Jeffery, Solutions Engineer, Vidyo, Inc.
2. 2| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Agenda
• My Background
• Risks and Security Threats
• Status of the Oil & Gas (O&G) Industry
• What is Cloud Computing
• Security Benefits of Cloud Computing
• Moving to “The Cloud”
3. 3| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
My Background
4. 4| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Eric Jeffery Background
• Bachelors Degree in Economics
• >20 Years IT Experience
• Manager at Software Etc.
• IT Contractor
• Systems and Network Administrator
• IT Network Security Analyst
• Network Engineer and Capacity Planning Lead
• Sr. Manager Professional Services
• Solutions Engineer
5. 5| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Risks and Security Threats
6. 6| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Methods that Create Threats and Risks
• In Person Physical Penetration
• Network Intrusion Over the Wire
• Malware, Spyware, Virus, Trojan
• Bots, DoS, DDos
• Phishing
• Pretexting
• IP Spoofing
• Baiting
• Dumpster diving
• Shoulder surfing
TIM HAÏDAR | EDITOR IN CHIEF | OIL & GAS IQ | 2015
7. 7| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Internal Security Threats
Verizon 2015 Data Breach Investigations Report
8. 8| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Status of Oil & Gas Cyber Security
9. 9| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Headlines:
• U.S. Oil and Gas at Greater Risk for Cyber Attacks – June,
2013 – Fox Business
• Russia attacks U.S. oil and gas companies in massive hack
– July, 2014 – CNN Money
• Oil and Gas Industry Preparing for Cyber Attacks –
January, 2015 – iNews
• NatGas, Oil Industry in 'Crosshairs' of Malicious Cyber
Attacks – June, 2015 – Natural Gas Intel Daily
• Oil, Gas firms face cyber attack threats – June, 2014 –
Trade Arabia
10. 10| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
O&G Industry Security Statistices
• Data out of the US show that between April 2013 and 2014, threat
actors hit 53 per cent of energy companies1.
• Cyber attacks are costing the energy sector in the UK some $700
million a year1.
• The Shamoon virus took Saudi Aramco, the world’s largest oil
producing company out of action for almost two weeks1.
• Recent analysis from Frost & Sullivan shows that the security of
critical facilities remains the topmost priority for the global oil and gas
industry. – Security Week, June 2013
• BP’s CEO, Bob Dudley, revealed in 2013 that BP suffered on average
50,000 cyber attacks every day, from both domestic and foreign
offenders.
1 TIM HAÏDAR | EDITOR IN CHIEF | OIL & GAS IQ | 2015
11. 11| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Industry Rankings for Cyber Espionage Attacks
Verizon 2015 Data Breach Investigations Report
12. 12| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Security Threats to O&G Firms
• Internal
• External
• Structured
• Unstructured
Verizon 2015 Data Breach Investigations Report
13. 13| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
O&G Biggest Fear from Cyber Attack(s)
TIM HAÏDAR | EDITOR IN CHIEF | OIL & GAS IQ | 2015
14. 14| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Major O&G Cyber Security Attacks 2010-2014
TIM HAÏDAR | EDITOR IN CHIEF | OIL & GAS IQ | 2015
15. 15| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
What is Cloud Computing?
16. 16| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
What is Cloud Computing?
18. 18| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Security Benefits of Cloud Computing
19. 19| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Top Level Cloud Computing Benefits
• Vetted staff
• Data distribution
• Physical security benefits
• Staffing levels
• Expertise
• Evolving requirements
• Scaling of technical resources
• Legal Considerations
• Experience with forensic analysis
20. 20| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Functional Advantages of Cloud Computing
• Vetted Staff
– Rigorous background screening
– Former military and law enforcement
– 3rd party staff also vetted
• Data Distribution
– Multiple systems, Geographic Disparity
– Threats have no physical access to data
– Increased capability for HA/BC/DR
21. 21| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Functional Advantages of Cloud Computing
• Physical Security
– Redundant power, multiple uplinks
– 24x7 guards, camera’s, logs, badge requirement, escorts, etc.
• Staffing Levels
– Educated with ongoing training
– Extra staff
– Extreme depth of skill
22. 22| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Functional Advantages of Cloud Computing
• Expertise
– Deep Level Experts
– Process Engineering
– Project Management
– Change Management
– Release Management
• Adapt to New Requirements and Regulations
– HIPAA 1996, 2003
– SOX 2002
– SSAE16 (SAS70) 2013/2014
23. 23| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Functional Advantages of Cloud Computing
• Scaling Technical Resources
– Rapid resource deployment
– Ease of upgrade
• Legal Considerations
– Liability Shift?
– Jurisdiction (National/International)
– Data Ownership, Responsibility
• Experience staff dealing with forensic analysis
– Rapidly identify cause/impact of breach
24. 24| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Reasons that Cloud Delivers More Security
• Experience
• Focus
• Staffing
• Up to Date Technology
• Stay current with regulations compliance standards
• Partnerships with largest and best suited vendors in industry
25. 25| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Cloud Computing Risk Mitigation
• Moves the “Honey Pot”
• Reduces physical access risk
• Distributes data physically and logically
• Economies of scale
– Network
– Physical Security Implementations
– Technology
• Ensures proper data destruction
26. 26| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Key Mitigation Methods
: Probable benefits
from Cloud providers
Verizon 2015 Data Breach Investigations Report
27. 27| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Moving to The Cloud
28. 28| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
What to Consider When Moving to the Cloud
• Tenancy: Privacy, Identity, and Access
• Location
• Compliance
• Data Integrity
• Availability
• International Geography Considerations
• Information Protection
• Legal Jurisdiction
29. 29| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Why Move to Cloud Computing?
• Well established
• Multiple layers of security
• Experienced staff
• Energy companies are behind
• Economies of scale
30. 30| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Getting Started
• Understand “Why”
• Validate plan with corporate goals
• Determine which applications are applicable
– Irreplaceable expertise in IT
– Intellectual property
– What’s the budget
– Legal implications
• Find a partner
– Data Center
– Application Management
31. 31| Vidyo Inc. Proprietary, Confidential & Patent Pending Information |9/1/2015
Thank You
Questions or Comments?
Eric Jeffery
Solutions Engineer, Vidyo, Inc.
ejeffery@vidyo.com
719-641-8114
https://www.linkedin.com/in/ericrjeffery