SlideShare une entreprise Scribd logo

SEE the Cloud: Hans Rattink - Is uw security net zo secure als de cloud zelf?

TOPdesk
TOPdesk

De stap naar de cloud levert sommige organisaties een boel kopzorgen: is de cloud wel te vertrouwen qua privacy en security? Maar die vraag is net zo makkelijk om te draaien: hoe verantwoord is het om níet naar de cloud te gaan? Zelf voor security zorgen is niet gratis en al helemaal niet zonder risico. De juiste inschatting van (mogelijke) kosten maakt dit eigenlijk een economisch vraagstuk. Voor Hans Rattink is het vertrouwen van de cloud geen issue meer, zolang je maar de juiste stappen zet. In deze presentatie deelt hij zijn successen en de aanpak waarmee hij die bereikte. En hij maakt u bewust van de no-brainers in het uitgebreide aanbod van cloud services.

Business
1  sur  36
Télécharger pour lire hors ligne
Classification: //SecureWorks/Public Use:
Classification: //SecureWorks/Public Use: #SEETHECLOUD Is uw security net zo secure als de cloud zelf? Hans Rattink, Secureworks
#SEETHECLOUD Hans Rattink Security Architect, Secureworks
Classification: //SecureWorks/Public Use: 4 About me • Hans Rattink • Senior Security Architect @ SecureWorks.com • Region: Central EU • Active in IT for over 17 years, Security over 12 years • hrattink@secureworks.com
Classification: //SecureWorks/Public Use: 5 Is the cloud secure? What are my responsibilities? What should I do next?
Classification: //SecureWorks/Public Use: 6 State of the art Data Centres Foundation of Cloud Service Providers Ref.: https://www.datapipe.com/blog/2017/11/14/touring-equinixs-state-of-the-art-dc12-data-center/
Classification: //SecureWorks/Public Use: 7 Can it get any better? https://aws.amazon.com/compliance/
Classification: //SecureWorks/Public Use: 8 Through 2020, public cloud infrastructure as a service (IaaS) workloads will suffer at least 60% fewer security incidents than those in traditional data centres. https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/ - Gartner, Inc.
Classification: //SecureWorks/Public Use: 9 Are we good?
Classification: //SecureWorks/Public Use: 10 Are we?
Classification: //SecureWorks/Public Use: 11 By 2020, 95 percent of cloud security failures will be the customer’s fault Gartner, Clouds Are Secure: Are You Using Them Securely?, 21 July 2016 - Gartner, Inc.
Classification: //SecureWorks/Public Use: 12 What did we see this year so far?
Classification: //SecureWorks/Public Use: 13 • A third-party vendor working with Verizon left the data of as many as 14 million US customers exposed • The data was contained on a misconfigured Amazon S3 data repository owned and operated by telephonic software and data firm NICE Systems, a third-party vendor for Verizon, according to a July 12 blog post • “This massive data leak could have been avoided by using specific data-centric security tools, which can ensure appropriate configuration of cloud services, deny unauthorized access, and encrypt sensitive data at rest.” https://www.scmagazine.com/misconfigured-server-leaves-14-million-verizon-customer-records-exposed/article/674590/ Verizon – July 2017
Classification: //SecureWorks/Public Use: 15 • The perpetrators may have had access to the server back to October or November 2016 • Deloitte acknowledged that an attacker “accessed data from an email platform.”. Which Deloitte used to store also usernames, passwords, IP addresses, architectural diagrams, health information, and sensitive security and design details. • The adversary accessed the Azure cloud service by compromising an administrator's account with unrestricted access to content. The account did not have “two-step” verification set up. • To make matters worse, it appears that no one at Deloitte noticed suspicious account activity for months https://www.scmagazine.com/no-accounting-for-this-deloittes-email-server-reportedly-breached/article/695503/ Deloitte – September 2017
Classification: //SecureWorks/Public Use: 16 • The BBC has discovered a security flaw in the office collaboration tool Huddle that led to private documents being exposed to unauthorised parties • On Wednesday (8th Nov.), a BBC correspondent logged in to Huddle to access a shared diary that his team kept on the platform. He was instead logged in to a KPMG account, with a directory of private documents and invoices, and an address book. • According to Huddle, if two people arrived on the same login server within 20 milliseconds of one another, they would both be issued the same authorisation code. • Huddle has now changed its system so that every time it is invoked, it generates a new authorisation code. This ensures no two people are ever simultaneously issued the same code. http://www.bbc.com/news/technology-41969061 Huddle – November 2017
Classification: //SecureWorks/Public Use: 17http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks
Classification: //SecureWorks/Public Use: 18http://breachlevelindex.com/
Classification: //SecureWorks/Public Use: 19 Results from 1 year Data Breach Notification law • 5,500 notifications of data breaches • 4,000 notifications investigated • 100’s of organisations been warned • 10’s of organisations involved in deeper investigations Numbers from the Dutch Authority Personal Data (AP) Source: https://autoriteitpersoonsgegevens.nl/nl/nieuws/overzicht- meldingen-datalekken-eerste-kwartaal-2017#subtopic-5247 GDPR Fines for data breaches can have a maximum of 4% of the yearly gross turnover or €20 Million  whatever is largest
Classification: //SecureWorks/Public Use: 20 What are my responsibilities?
Classification: //SecureWorks/Public Use: 21 Cloud models Cloud Consumer Cloud Provider Infrastructure as a Service Software as a Service Platform as a Service
Classification: //SecureWorks/Public Use: 22 Key responsibilities for Cloud models
Classification: //SecureWorks/Public Use: 23 Clarify and document your responsibilities Vendor management is key • Know where your responsibilities end and the provider’s begin • Patching, encryption, software licenses, data retention • Make sure there is documented responsibility for each layer in the Cloud stack • Agree the responsibilities with the Cloud provider and ensure contracts are in place reflecting responsibilities • Ensure as a Cloud Consumer you have the ability to assess/audit the Cloud Provider’s security and privacy controls
Classification: //SecureWorks/Public Use: 24 What should I do?
Classification: //SecureWorks/Public Use: 25 By 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures. https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/ - Gartner, Inc.
Classification: //SecureWorks/Public Use: 26 1 Assess and Plan • Security Maturity Assessment • Identify security gaps • Understand risks to (personal) data • Develop risk based Security Programme that includes best practices Increase visibility2 • Implement (threat intel based) Security analytics • Use a 24x7 SOC for incident analysis • Apply a Vulnerability Scanning & Management program • Improve Security Awareness 3 Implement controls • Implement governance controls • Add controls for detection and protection • Create runbooks and incident response plans Test, operate & manageTarget • Govern Security Programme • Test security controls, programme and employees • Evaluate and improve Security roadmap
Classification: //SecureWorks/Public Use: 27 Build your security program Cloud Security Strategy • Holistic view of implications of cloud computing • Full evaluation of threats and risks • Identification and implementation of mitigating controls against assets and cloud providers • Understand their security control framework • What information do they provide you, what is documented? • What options do they give you to ensure security? Check your cloud provider • Where is your data now and in the future? • Are you monitoring the security controls in place? • What happens to your data if your cloud provider ceases service? • Are you GDPR compliant and prepared for a security breach? Understand the implications • What are your responsibilities in keeping the data secure? • Do you know what services you use and who has access to your critical data in the cloud? • Can you successfully respond to security incidents? Assess your existing controls
Classification: //SecureWorks/Public Use: 28 Increase visibility Security monitoring results
Classification: //SecureWorks/Public Use: 29 Implement controls Cloud Security Configuration Management https://cloud.secureworks.com/
Classification: //SecureWorks/Public Use: 30 About SecureWorks
Classification: //SecureWorks/Public Use: 31 Intelligence-driven information security solutions… 2,400+ employees Recognized as an industry leader ~4,500 clients across 61 countries 18Years of threat intelligence data 240B Security events processed daily 2B+ Threat indicators 300+Expert security analysts 700+IR engagements last year
Classification: //SecureWorks/Public Use: 32 Acknowledged leader
Classification: //SecureWorks/Public Use: 33 Secureworks Cloud Portfolio ✓ Security Design and Architecture ✓ Cloud Strategy Development and Assessment ✓ Managed Vulnerability Scanning ✓ Managed Web Application Scanning ✓ Monitored Firewall ✓ Vulnerability Assessment ✓ Advanced Penetration Tests ✓ Web App Security Assessment ✓ Penetration Tests ✓ Remote Red Team ✓ API Assessments ✓ Cloud Vendor Assessment ✓ Cloud Strategy Assessment ✓ Security Framework Assessments ✓ Vulnerability Scanning ✓ PCI, HIPAA, GLBA, FISMA, EI3PA ✓ Penetration Testing ✓ Emergency Incident Response ✓ Incident Management Retainer Strategize and Architect Secure Applications and Data Test Your Cloud Security Assess Your Deployment Meet Compliance Respond to a Breach ✓ Monitored Web Application Firewall ✓ Monitored Elastic Server Groups ✓ Advanced Endpoint Threat Detection - Red Cloak Multiple cloud platforms supported Amazon Web Services supported Cloud Security & Risk Consulting Cloud Managed Security Services & SaaS Cloud Incident Response
Classification: //SecureWorks/Public Use: 34 Is the cloud secure?  What are my responsibilities  What should I do next?
Classification: //SecureWorks/Public Use: 35 Questions? • hrattink@secureworks.com • @hrattink • https://www.linkedin.com/in/hrattink/ Hans Rattink, CISSP CISM Senior Security Architect SecureWorks | Central Europe Phone: +31 6 250 93 872 hrattink@SecureWorks.com
Classification: //SecureWorks/Public Use: Thanks for your time! #SEETHECLOUD
Classification: //SecureWorks/Public Use: 37 Colophon Author: Hans Rattink Modified: November 2017 Revision history 0.4: Initial version for See2017

Recommandé

SEE the Cloud: Marco Gianotten - De toekomst draait om emphatie, niet om cloud
SEE the Cloud: Marco Gianotten - De toekomst draait om emphatie, niet om cloudSEE the Cloud: Marco Gianotten - De toekomst draait om emphatie, niet om cloud
SEE the Cloud: Marco Gianotten - De toekomst draait om emphatie, niet om cloudTOPdesk
 
Improving Cash Flow
Improving Cash FlowImproving Cash Flow
Improving Cash Flowtutor2u
 
SEE the Cloud: Alan Nance - The urgent rise of digital platforms
SEE the Cloud: Alan Nance - The urgent rise of digital platformsSEE the Cloud: Alan Nance - The urgent rise of digital platforms
SEE the Cloud: Alan Nance - The urgent rise of digital platformsTOPdesk
 
SEE the Cloud: Hans Timmerman - De cloud daalt neer op aarde
SEE the Cloud: Hans Timmerman - De cloud daalt neer op aardeSEE the Cloud: Hans Timmerman - De cloud daalt neer op aarde
SEE the Cloud: Hans Timmerman - De cloud daalt neer op aardeTOPdesk
 
Workshop: Throw it over the fence
Workshop: Throw it over the fenceWorkshop: Throw it over the fence
Workshop: Throw it over the fenceTOPdesk
 
The secret ingredient to building a great service culture
The secret ingredient to building a great service cultureThe secret ingredient to building a great service culture
The secret ingredient to building a great service cultureTOPdesk
 
Workshop: Measuring customer satisfaction
Workshop: Measuring customer satisfactionWorkshop: Measuring customer satisfaction
Workshop: Measuring customer satisfactionTOPdesk
 
TOPdesk Service Excellence Maturity Model
TOPdesk Service Excellence Maturity ModelTOPdesk Service Excellence Maturity Model
TOPdesk Service Excellence Maturity ModelTOPdesk
 

Recommandé

SEE the Cloud: Marco Gianotten - De toekomst draait om emphatie, niet om cloud
SEE the Cloud: Marco Gianotten - De toekomst draait om emphatie, niet om cloudSEE the Cloud: Marco Gianotten - De toekomst draait om emphatie, niet om cloud
SEE the Cloud: Marco Gianotten - De toekomst draait om emphatie, niet om cloudTOPdesk
 
Improving Cash Flow
Improving Cash FlowImproving Cash Flow
Improving Cash Flowtutor2u
 
SEE the Cloud: Alan Nance - The urgent rise of digital platforms
SEE the Cloud: Alan Nance - The urgent rise of digital platformsSEE the Cloud: Alan Nance - The urgent rise of digital platforms
SEE the Cloud: Alan Nance - The urgent rise of digital platformsTOPdesk
 
SEE the Cloud: Hans Timmerman - De cloud daalt neer op aarde
SEE the Cloud: Hans Timmerman - De cloud daalt neer op aardeSEE the Cloud: Hans Timmerman - De cloud daalt neer op aarde
SEE the Cloud: Hans Timmerman - De cloud daalt neer op aardeTOPdesk
 
Workshop: Throw it over the fence
Workshop: Throw it over the fenceWorkshop: Throw it over the fence
Workshop: Throw it over the fenceTOPdesk
 
The secret ingredient to building a great service culture
The secret ingredient to building a great service cultureThe secret ingredient to building a great service culture
The secret ingredient to building a great service cultureTOPdesk
 
Workshop: Measuring customer satisfaction
Workshop: Measuring customer satisfactionWorkshop: Measuring customer satisfaction
Workshop: Measuring customer satisfactionTOPdesk
 
TOPdesk Service Excellence Maturity Model
TOPdesk Service Excellence Maturity ModelTOPdesk Service Excellence Maturity Model
TOPdesk Service Excellence Maturity ModelTOPdesk
 
Sharing knowledge is a super power
Sharing knowledge is a super powerSharing knowledge is a super power
Sharing knowledge is a super powerTOPdesk
 
TOPdesk Service Excellence Maturity Model
TOPdesk Service Excellence Maturity ModelTOPdesk Service Excellence Maturity Model
TOPdesk Service Excellence Maturity ModelTOPdesk
 
Improving uptake
Improving uptakeImproving uptake
Improving uptakeTOPdesk
 
AI and the value of people
AI and the value of peopleAI and the value of people
AI and the value of peopleTOPdesk
 
Shared Service Management: Ny medarbejder ombord - TOPdesk on Tour Denmark 2019
Shared Service Management: Ny medarbejder ombord - TOPdesk on Tour Denmark 2019Shared Service Management: Ny medarbejder ombord - TOPdesk on Tour Denmark 2019
Shared Service Management: Ny medarbejder ombord - TOPdesk on Tour Denmark 2019TOPdesk
 
The secret ingredients to a great service culture - TOPdesk on Tour Denmark 2019
The secret ingredients to a great service culture - TOPdesk on Tour Denmark 2019The secret ingredients to a great service culture - TOPdesk on Tour Denmark 2019
The secret ingredients to a great service culture - TOPdesk on Tour Denmark 2019TOPdesk
 
Tips & tricks - TOPdesk on Tour Denmark 2019
Tips & tricks - TOPdesk on Tour Denmark 2019Tips & tricks - TOPdesk on Tour Denmark 2019
Tips & tricks - TOPdesk on Tour Denmark 2019TOPdesk
 
Mature service management with A.I. - TOPdesk on Tour Denmark 2019
Mature service management with A.I. - TOPdesk on Tour Denmark 2019Mature service management with A.I. - TOPdesk on Tour Denmark 2019
Mature service management with A.I. - TOPdesk on Tour Denmark 2019TOPdesk
 
Professionelle services - TOPdesk on Tour Denmark 2019
Professionelle services - TOPdesk on Tour Denmark 2019Professionelle services - TOPdesk on Tour Denmark 2019
Professionelle services - TOPdesk on Tour Denmark 2019TOPdesk
 
Kast det bare over hegnet! - TOPdesk on Tour Denmark 2019
Kast det bare over hegnet! - TOPdesk on Tour Denmark 2019Kast det bare over hegnet! - TOPdesk on Tour Denmark 2019
Kast det bare over hegnet! - TOPdesk on Tour Denmark 2019TOPdesk
 
Kundecase: Odsherred Kommune - TOPdesk on Tour Denmark 2019
Kundecase: Odsherred Kommune - TOPdesk on Tour Denmark 2019Kundecase: Odsherred Kommune - TOPdesk on Tour Denmark 2019
Kundecase: Odsherred Kommune - TOPdesk on Tour Denmark 2019TOPdesk
 
TOPdesk, TOPdesk, TOPdesk.. - TOPdesk on Tour Denmark 2019
TOPdesk, TOPdesk, TOPdesk.. - TOPdesk on Tour Denmark 2019TOPdesk, TOPdesk, TOPdesk.. - TOPdesk on Tour Denmark 2019
TOPdesk, TOPdesk, TOPdesk.. - TOPdesk on Tour Denmark 2019TOPdesk
 
TOPdesk on Tour 2019: How-to 3: Service Automation met TOPdesk en Solution Pa...
TOPdesk on Tour 2019: How-to 3: Service Automation met TOPdesk en Solution Pa...TOPdesk on Tour 2019: How-to 3: Service Automation met TOPdesk en Solution Pa...
TOPdesk on Tour 2019: How-to 3: Service Automation met TOPdesk en Solution Pa...TOPdesk
 
TOPdesk voor FM
TOPdesk voor FMTOPdesk voor FM
TOPdesk voor FMTOPdesk
 
TOPdesk voor Burgerondersteuning
TOPdesk voor BurgerondersteuningTOPdesk voor Burgerondersteuning
TOPdesk voor BurgerondersteuningTOPdesk
 
TOPdesk on Tour 2019: Betrokken medewerkers, blije klanten
TOPdesk on Tour 2019: Betrokken medewerkers, blije klantenTOPdesk on Tour 2019: Betrokken medewerkers, blije klanten
TOPdesk on Tour 2019: Betrokken medewerkers, blije klantenTOPdesk
 
TOPdesk on Tour 2019:: How-to 4: Soepel en transparant samenwerken met uw par...
TOPdesk on Tour 2019:: How-to 4: Soepel en transparant samenwerken met uw par...TOPdesk on Tour 2019:: How-to 4: Soepel en transparant samenwerken met uw par...
TOPdesk on Tour 2019:: How-to 4: Soepel en transparant samenwerken met uw par...TOPdesk
 
TOPdesk on Tour 2019: Outsourcing in services draait om het juiste begrip van...
TOPdesk on Tour 2019: Outsourcing in services draait om het juiste begrip van...TOPdesk on Tour 2019: Outsourcing in services draait om het juiste begrip van...
TOPdesk on Tour 2019: Outsourcing in services draait om het juiste begrip van...TOPdesk
 
TOPdesk on Tour: De noodzaak voor Automation en AI in services
TOPdesk on Tour: De noodzaak voor Automation en AI in servicesTOPdesk on Tour: De noodzaak voor Automation en AI in services
TOPdesk on Tour: De noodzaak voor Automation en AI in servicesTOPdesk
 
TOPdesk on Tour 2019: How-to 2: Kennisbeheer en Agile
TOPdesk on Tour 2019: How-to 2: Kennisbeheer en AgileTOPdesk on Tour 2019: How-to 2: Kennisbeheer en Agile
TOPdesk on Tour 2019: How-to 2: Kennisbeheer en AgileTOPdesk
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environmentelijahj01012
 

Contenu connexe

Plus de TOPdesk

Sharing knowledge is a super power
Sharing knowledge is a super powerSharing knowledge is a super power
Sharing knowledge is a super powerTOPdesk
 
TOPdesk Service Excellence Maturity Model
TOPdesk Service Excellence Maturity ModelTOPdesk Service Excellence Maturity Model
TOPdesk Service Excellence Maturity ModelTOPdesk
 
Improving uptake
Improving uptakeImproving uptake
Improving uptakeTOPdesk
 
AI and the value of people
AI and the value of peopleAI and the value of people
AI and the value of peopleTOPdesk
 
Shared Service Management: Ny medarbejder ombord - TOPdesk on Tour Denmark 2019
Shared Service Management: Ny medarbejder ombord - TOPdesk on Tour Denmark 2019Shared Service Management: Ny medarbejder ombord - TOPdesk on Tour Denmark 2019
Shared Service Management: Ny medarbejder ombord - TOPdesk on Tour Denmark 2019TOPdesk
 
The secret ingredients to a great service culture - TOPdesk on Tour Denmark 2019
The secret ingredients to a great service culture - TOPdesk on Tour Denmark 2019The secret ingredients to a great service culture - TOPdesk on Tour Denmark 2019
The secret ingredients to a great service culture - TOPdesk on Tour Denmark 2019TOPdesk
 
Tips & tricks - TOPdesk on Tour Denmark 2019
Tips & tricks - TOPdesk on Tour Denmark 2019Tips & tricks - TOPdesk on Tour Denmark 2019
Tips & tricks - TOPdesk on Tour Denmark 2019TOPdesk
 
Mature service management with A.I. - TOPdesk on Tour Denmark 2019
Mature service management with A.I. - TOPdesk on Tour Denmark 2019Mature service management with A.I. - TOPdesk on Tour Denmark 2019
Mature service management with A.I. - TOPdesk on Tour Denmark 2019TOPdesk
 
Professionelle services - TOPdesk on Tour Denmark 2019
Professionelle services - TOPdesk on Tour Denmark 2019Professionelle services - TOPdesk on Tour Denmark 2019
Professionelle services - TOPdesk on Tour Denmark 2019TOPdesk
 
Kast det bare over hegnet! - TOPdesk on Tour Denmark 2019
Kast det bare over hegnet! - TOPdesk on Tour Denmark 2019Kast det bare over hegnet! - TOPdesk on Tour Denmark 2019
Kast det bare over hegnet! - TOPdesk on Tour Denmark 2019TOPdesk
 
Kundecase: Odsherred Kommune - TOPdesk on Tour Denmark 2019
Kundecase: Odsherred Kommune - TOPdesk on Tour Denmark 2019Kundecase: Odsherred Kommune - TOPdesk on Tour Denmark 2019
Kundecase: Odsherred Kommune - TOPdesk on Tour Denmark 2019TOPdesk
 
TOPdesk, TOPdesk, TOPdesk.. - TOPdesk on Tour Denmark 2019
TOPdesk, TOPdesk, TOPdesk.. - TOPdesk on Tour Denmark 2019TOPdesk, TOPdesk, TOPdesk.. - TOPdesk on Tour Denmark 2019
TOPdesk, TOPdesk, TOPdesk.. - TOPdesk on Tour Denmark 2019TOPdesk
 
TOPdesk on Tour 2019: How-to 3: Service Automation met TOPdesk en Solution Pa...
TOPdesk on Tour 2019: How-to 3: Service Automation met TOPdesk en Solution Pa...TOPdesk on Tour 2019: How-to 3: Service Automation met TOPdesk en Solution Pa...
TOPdesk on Tour 2019: How-to 3: Service Automation met TOPdesk en Solution Pa...TOPdesk
 
TOPdesk voor FM
TOPdesk voor FMTOPdesk voor FM
TOPdesk voor FMTOPdesk
 
TOPdesk voor Burgerondersteuning
TOPdesk voor BurgerondersteuningTOPdesk voor Burgerondersteuning
TOPdesk voor BurgerondersteuningTOPdesk
 
TOPdesk on Tour 2019: Betrokken medewerkers, blije klanten
TOPdesk on Tour 2019: Betrokken medewerkers, blije klantenTOPdesk on Tour 2019: Betrokken medewerkers, blije klanten
TOPdesk on Tour 2019: Betrokken medewerkers, blije klantenTOPdesk
 
TOPdesk on Tour 2019:: How-to 4: Soepel en transparant samenwerken met uw par...
TOPdesk on Tour 2019:: How-to 4: Soepel en transparant samenwerken met uw par...TOPdesk on Tour 2019:: How-to 4: Soepel en transparant samenwerken met uw par...
TOPdesk on Tour 2019:: How-to 4: Soepel en transparant samenwerken met uw par...TOPdesk
 
TOPdesk on Tour 2019: Outsourcing in services draait om het juiste begrip van...
TOPdesk on Tour 2019: Outsourcing in services draait om het juiste begrip van...TOPdesk on Tour 2019: Outsourcing in services draait om het juiste begrip van...
TOPdesk on Tour 2019: Outsourcing in services draait om het juiste begrip van...TOPdesk
 
TOPdesk on Tour: De noodzaak voor Automation en AI in services
TOPdesk on Tour: De noodzaak voor Automation en AI in servicesTOPdesk on Tour: De noodzaak voor Automation en AI in services
TOPdesk on Tour: De noodzaak voor Automation en AI in servicesTOPdesk
 
TOPdesk on Tour 2019: How-to 2: Kennisbeheer en Agile
TOPdesk on Tour 2019: How-to 2: Kennisbeheer en AgileTOPdesk on Tour 2019: How-to 2: Kennisbeheer en Agile
TOPdesk on Tour 2019: How-to 2: Kennisbeheer en AgileTOPdesk
 

Plus de TOPdesk (20)

Sharing knowledge is a super power
Sharing knowledge is a super powerSharing knowledge is a super power
Sharing knowledge is a super power
 
TOPdesk Service Excellence Maturity Model
TOPdesk Service Excellence Maturity ModelTOPdesk Service Excellence Maturity Model
TOPdesk Service Excellence Maturity Model
 
Improving uptake
Improving uptakeImproving uptake
Improving uptake
 
AI and the value of people
AI and the value of peopleAI and the value of people
AI and the value of people
 
Shared Service Management: Ny medarbejder ombord - TOPdesk on Tour Denmark 2019
Shared Service Management: Ny medarbejder ombord - TOPdesk on Tour Denmark 2019Shared Service Management: Ny medarbejder ombord - TOPdesk on Tour Denmark 2019
Shared Service Management: Ny medarbejder ombord - TOPdesk on Tour Denmark 2019
 
The secret ingredients to a great service culture - TOPdesk on Tour Denmark 2019
The secret ingredients to a great service culture - TOPdesk on Tour Denmark 2019The secret ingredients to a great service culture - TOPdesk on Tour Denmark 2019
The secret ingredients to a great service culture - TOPdesk on Tour Denmark 2019
 
Tips & tricks - TOPdesk on Tour Denmark 2019
Tips & tricks - TOPdesk on Tour Denmark 2019Tips & tricks - TOPdesk on Tour Denmark 2019
Tips & tricks - TOPdesk on Tour Denmark 2019
 
Mature service management with A.I. - TOPdesk on Tour Denmark 2019
Mature service management with A.I. - TOPdesk on Tour Denmark 2019Mature service management with A.I. - TOPdesk on Tour Denmark 2019
Mature service management with A.I. - TOPdesk on Tour Denmark 2019
 
Professionelle services - TOPdesk on Tour Denmark 2019
Professionelle services - TOPdesk on Tour Denmark 2019Professionelle services - TOPdesk on Tour Denmark 2019
Professionelle services - TOPdesk on Tour Denmark 2019
 
Kast det bare over hegnet! - TOPdesk on Tour Denmark 2019
Kast det bare over hegnet! - TOPdesk on Tour Denmark 2019Kast det bare over hegnet! - TOPdesk on Tour Denmark 2019
Kast det bare over hegnet! - TOPdesk on Tour Denmark 2019
 
Kundecase: Odsherred Kommune - TOPdesk on Tour Denmark 2019
Kundecase: Odsherred Kommune - TOPdesk on Tour Denmark 2019Kundecase: Odsherred Kommune - TOPdesk on Tour Denmark 2019
Kundecase: Odsherred Kommune - TOPdesk on Tour Denmark 2019
 
TOPdesk, TOPdesk, TOPdesk.. - TOPdesk on Tour Denmark 2019
TOPdesk, TOPdesk, TOPdesk.. - TOPdesk on Tour Denmark 2019TOPdesk, TOPdesk, TOPdesk.. - TOPdesk on Tour Denmark 2019
TOPdesk, TOPdesk, TOPdesk.. - TOPdesk on Tour Denmark 2019
 
TOPdesk on Tour 2019: How-to 3: Service Automation met TOPdesk en Solution Pa...
TOPdesk on Tour 2019: How-to 3: Service Automation met TOPdesk en Solution Pa...TOPdesk on Tour 2019: How-to 3: Service Automation met TOPdesk en Solution Pa...
TOPdesk on Tour 2019: How-to 3: Service Automation met TOPdesk en Solution Pa...
 
TOPdesk voor FM
TOPdesk voor FMTOPdesk voor FM
TOPdesk voor FM
 
TOPdesk voor Burgerondersteuning
TOPdesk voor BurgerondersteuningTOPdesk voor Burgerondersteuning
TOPdesk voor Burgerondersteuning
 
TOPdesk on Tour 2019: Betrokken medewerkers, blije klanten
TOPdesk on Tour 2019: Betrokken medewerkers, blije klantenTOPdesk on Tour 2019: Betrokken medewerkers, blije klanten
TOPdesk on Tour 2019: Betrokken medewerkers, blije klanten
 
TOPdesk on Tour 2019:: How-to 4: Soepel en transparant samenwerken met uw par...
TOPdesk on Tour 2019:: How-to 4: Soepel en transparant samenwerken met uw par...TOPdesk on Tour 2019:: How-to 4: Soepel en transparant samenwerken met uw par...
TOPdesk on Tour 2019:: How-to 4: Soepel en transparant samenwerken met uw par...
 
TOPdesk on Tour 2019: Outsourcing in services draait om het juiste begrip van...
TOPdesk on Tour 2019: Outsourcing in services draait om het juiste begrip van...TOPdesk on Tour 2019: Outsourcing in services draait om het juiste begrip van...
TOPdesk on Tour 2019: Outsourcing in services draait om het juiste begrip van...
 
TOPdesk on Tour: De noodzaak voor Automation en AI in services
TOPdesk on Tour: De noodzaak voor Automation en AI in servicesTOPdesk on Tour: De noodzaak voor Automation en AI in services
TOPdesk on Tour: De noodzaak voor Automation en AI in services
 
TOPdesk on Tour 2019: How-to 2: Kennisbeheer en Agile
TOPdesk on Tour 2019: How-to 2: Kennisbeheer en AgileTOPdesk on Tour 2019: How-to 2: Kennisbeheer en Agile
TOPdesk on Tour 2019: How-to 2: Kennisbeheer en Agile
 

Dernier

8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environmentelijahj01012
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchirictsugar
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Peter Ward
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 

Dernier (20)

8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environment
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchir
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 

SEE the Cloud: Hans Rattink - Is uw security net zo secure als de cloud zelf?

  • 2. Classification: //SecureWorks/Public Use: #SEETHECLOUD Is uw security net zo secure als de cloud zelf? Hans Rattink, Secureworks
  • 4. Classification: //SecureWorks/Public Use: 4 About me • Hans Rattink • Senior Security Architect @ SecureWorks.com • Region: Central EU • Active in IT for over 17 years, Security over 12 years • hrattink@secureworks.com
  • 5. Classification: //SecureWorks/Public Use: 5 Is the cloud secure? What are my responsibilities? What should I do next?
  • 6. Classification: //SecureWorks/Public Use: 6 State of the art Data Centres Foundation of Cloud Service Providers Ref.: https://www.datapipe.com/blog/2017/11/14/touring-equinixs-state-of-the-art-dc12-data-center/
  • 7. Classification: //SecureWorks/Public Use: 7 Can it get any better? https://aws.amazon.com/compliance/
  • 8. Classification: //SecureWorks/Public Use: 8 Through 2020, public cloud infrastructure as a service (IaaS) workloads will suffer at least 60% fewer security incidents than those in traditional data centres. https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/ - Gartner, Inc.
  • 11. Classification: //SecureWorks/Public Use: 11 By 2020, 95 percent of cloud security failures will be the customer’s fault Gartner, Clouds Are Secure: Are You Using Them Securely?, 21 July 2016 - Gartner, Inc.
  • 13. Classification: //SecureWorks/Public Use: 13 • A third-party vendor working with Verizon left the data of as many as 14 million US customers exposed • The data was contained on a misconfigured Amazon S3 data repository owned and operated by telephonic software and data firm NICE Systems, a third-party vendor for Verizon, according to a July 12 blog post • “This massive data leak could have been avoided by using specific data-centric security tools, which can ensure appropriate configuration of cloud services, deny unauthorized access, and encrypt sensitive data at rest.” https://www.scmagazine.com/misconfigured-server-leaves-14-million-verizon-customer-records-exposed/article/674590/ Verizon – July 2017
  • 14. Classification: //SecureWorks/Public Use: 15 • The perpetrators may have had access to the server back to October or November 2016 • Deloitte acknowledged that an attacker “accessed data from an email platform.”. Which Deloitte used to store also usernames, passwords, IP addresses, architectural diagrams, health information, and sensitive security and design details. • The adversary accessed the Azure cloud service by compromising an administrator's account with unrestricted access to content. The account did not have “two-step” verification set up. • To make matters worse, it appears that no one at Deloitte noticed suspicious account activity for months https://www.scmagazine.com/no-accounting-for-this-deloittes-email-server-reportedly-breached/article/695503/ Deloitte – September 2017
  • 15. Classification: //SecureWorks/Public Use: 16 • The BBC has discovered a security flaw in the office collaboration tool Huddle that led to private documents being exposed to unauthorised parties • On Wednesday (8th Nov.), a BBC correspondent logged in to Huddle to access a shared diary that his team kept on the platform. He was instead logged in to a KPMG account, with a directory of private documents and invoices, and an address book. • According to Huddle, if two people arrived on the same login server within 20 milliseconds of one another, they would both be issued the same authorisation code. • Huddle has now changed its system so that every time it is invoked, it generates a new authorisation code. This ensures no two people are ever simultaneously issued the same code. http://www.bbc.com/news/technology-41969061 Huddle – November 2017
  • 18. Classification: //SecureWorks/Public Use: 19 Results from 1 year Data Breach Notification law • 5,500 notifications of data breaches • 4,000 notifications investigated • 100’s of organisations been warned • 10’s of organisations involved in deeper investigations Numbers from the Dutch Authority Personal Data (AP) Source: https://autoriteitpersoonsgegevens.nl/nl/nieuws/overzicht- meldingen-datalekken-eerste-kwartaal-2017#subtopic-5247 GDPR Fines for data breaches can have a maximum of 4% of the yearly gross turnover or €20 Million  whatever is largest
  • 20. Classification: //SecureWorks/Public Use: 21 Cloud models Cloud Consumer Cloud Provider Infrastructure as a Service Software as a Service Platform as a Service
  • 21. Classification: //SecureWorks/Public Use: 22 Key responsibilities for Cloud models
  • 22. Classification: //SecureWorks/Public Use: 23 Clarify and document your responsibilities Vendor management is key • Know where your responsibilities end and the provider’s begin • Patching, encryption, software licenses, data retention • Make sure there is documented responsibility for each layer in the Cloud stack • Agree the responsibilities with the Cloud provider and ensure contracts are in place reflecting responsibilities • Ensure as a Cloud Consumer you have the ability to assess/audit the Cloud Provider’s security and privacy controls
  • 24. Classification: //SecureWorks/Public Use: 25 By 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures. https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/ - Gartner, Inc.
  • 25. Classification: //SecureWorks/Public Use: 26 1 Assess and Plan • Security Maturity Assessment • Identify security gaps • Understand risks to (personal) data • Develop risk based Security Programme that includes best practices Increase visibility2 • Implement (threat intel based) Security analytics • Use a 24x7 SOC for incident analysis • Apply a Vulnerability Scanning & Management program • Improve Security Awareness 3 Implement controls • Implement governance controls • Add controls for detection and protection • Create runbooks and incident response plans Test, operate & manageTarget • Govern Security Programme • Test security controls, programme and employees • Evaluate and improve Security roadmap
  • 26. Classification: //SecureWorks/Public Use: 27 Build your security program Cloud Security Strategy • Holistic view of implications of cloud computing • Full evaluation of threats and risks • Identification and implementation of mitigating controls against assets and cloud providers • Understand their security control framework • What information do they provide you, what is documented? • What options do they give you to ensure security? Check your cloud provider • Where is your data now and in the future? • Are you monitoring the security controls in place? • What happens to your data if your cloud provider ceases service? • Are you GDPR compliant and prepared for a security breach? Understand the implications • What are your responsibilities in keeping the data secure? • Do you know what services you use and who has access to your critical data in the cloud? • Can you successfully respond to security incidents? Assess your existing controls
  • 27. Classification: //SecureWorks/Public Use: 28 Increase visibility Security monitoring results
  • 28. Classification: //SecureWorks/Public Use: 29 Implement controls Cloud Security Configuration Management https://cloud.secureworks.com/
  • 30. Classification: //SecureWorks/Public Use: 31 Intelligence-driven information security solutions… 2,400+ employees Recognized as an industry leader ~4,500 clients across 61 countries 18Years of threat intelligence data 240B Security events processed daily 2B+ Threat indicators 300+Expert security analysts 700+IR engagements last year
  • 32. Classification: //SecureWorks/Public Use: 33 Secureworks Cloud Portfolio ✓ Security Design and Architecture ✓ Cloud Strategy Development and Assessment ✓ Managed Vulnerability Scanning ✓ Managed Web Application Scanning ✓ Monitored Firewall ✓ Vulnerability Assessment ✓ Advanced Penetration Tests ✓ Web App Security Assessment ✓ Penetration Tests ✓ Remote Red Team ✓ API Assessments ✓ Cloud Vendor Assessment ✓ Cloud Strategy Assessment ✓ Security Framework Assessments ✓ Vulnerability Scanning ✓ PCI, HIPAA, GLBA, FISMA, EI3PA ✓ Penetration Testing ✓ Emergency Incident Response ✓ Incident Management Retainer Strategize and Architect Secure Applications and Data Test Your Cloud Security Assess Your Deployment Meet Compliance Respond to a Breach ✓ Monitored Web Application Firewall ✓ Monitored Elastic Server Groups ✓ Advanced Endpoint Threat Detection - Red Cloak Multiple cloud platforms supported Amazon Web Services supported Cloud Security & Risk Consulting Cloud Managed Security Services & SaaS Cloud Incident Response
  • 33. Classification: //SecureWorks/Public Use: 34 Is the cloud secure?  What are my responsibilities  What should I do next?
  • 34. Classification: //SecureWorks/Public Use: 35 Questions? • hrattink@secureworks.com • @hrattink • https://www.linkedin.com/in/hrattink/ Hans Rattink, CISSP CISM Senior Security Architect SecureWorks | Central Europe Phone: +31 6 250 93 872 hrattink@SecureWorks.com
  • 36. Classification: //SecureWorks/Public Use: 37 Colophon Author: Hans Rattink Modified: November 2017 Revision history 0.4: Initial version for See2017