3 Some Misconceptions It’s my Cloud providers responsibility to provide a secure environment. “You are responsible for properly configuring and using the Service Offerings and taking your own steps to maintain appropriate security, protection” Customer Agreement “When you go to the cloud, you have to consider that application is going to be going to a somewhat hostile environment.” Dennis Hurst, founding member of CSA and security specialist Hewlett-Packard Co.
4 The Onus Is On YOU! “When data is transferred to a cloud, the responsibility for protecting and securing the data typically remains with the collector or custodian of that data.” Guidance v3.0 “Ultimately, you can outsource responsibility but you can't outsource accountability” ENISA Cloud Computing: Benefits, risks and recommendations for information security
6 Establishing Trust Encryption Digital certificates API & symmetric keys SSH keys
7 When TRUST breaks down 2011 2012 2013 Stolen Private Keys Digitally sign code Stuxnet Zeus – Kaspersky compromised Duqu W32/Agent.DTIW Mediyes Troj/BredoZp – Adobe compromised Sony compromise Bit9 compromise User Error Poorly managed keys Yahoo Foxconn - Wii U keys TurkTrust McAfee Microsoft Fraudulent Certificates CA Compromise Verisign Comodo StartSSL DigiNotar DigiCert Technology Advances Weak Crypto BEAST – SSL 3 FLAME – MD5 Lucky 13 – (D)TLS SSH daemon backdoors
8 Trust is The New Target “PKI is under attack” Scott Charney, Microsoft
9 Real World Data Weak crypto exploit Server key theft CA compromise SSH attacks Attacks over last 24 months 18.104.22.168.3 Expected attacks in next 24 months 18%5%7%3% Cost of Failed Trust: Threats & Attacks, Feb 2013, Underwritten by Venafi – download @ www.venafi.com/Ponemonwww.venafi.com/Ponemon Demographics: 2,300 Global 2000 organizations U.S, Germany, UK, Australia, France
10 Real World Data 1 in 5 organizations expect to fall prey to attacks due to weak or legacy cryptography Cost of Failed Trust: Threats & Attacks, Feb 2013, Underwritten by Venafi – download @ www.venafi.com/ponemonwww.venafi.com/ponemon
11 Emerging Threats#1 Most Alarming Key & Certificate Management Threat SSH Critical for establishing trust and control in the cloud Cost of Failed Trust: Threats & Attacks, Feb 2013, Underwritten by Venafi – download @ www.venafi.com/ponemonwww.venafi.com/ponemon
13 Control Over Trust Challenges Security Threats & Attacks Operational Risks & Outages Compliance Audits
14 Solving the Problem? Getting key and certificate management right first, solves security, operations, and compliance problems of using encryption 59% Cost of Failed Trust: Threats & Attacks, Feb 2013, Underwritten by Venafi – download @ www.venafi.com/ponemonwww.venafi.com/ponemon
15 A Rather Large Problem! Average number of server keys and certificates in a Global 2000 organization 17,807 Cost of Failed Trust: Threats & Attacks, Feb 2013, Underwritten by Venafi – download @ www.venafi.com/ponemonwww.venafi.com/ponemon
16 Gaining Control Over Trust Central Policy Control Discovery Enrollment Server Certs Module Symmetric Key Module SSH Key Module User Certs Module Provisioning Monitoring
17 Journey to Control Trust AUTOMATEREPORT AND AUDIT ENFORCE POLICY DISCOVER ASSETS ANALYZE FOR INSIGHT CONNECT PEOPLE
20 Gain Control Over Trust Streamline your trust asset management Gain knowledge Bring under control Eliminate failed audits Put controls in place Reduce operational cost Own Nothing. Control Everything.
21 Gained Control Over Trust Learn More: www.venafi.com/about/case-studies/
22 Any Key. Any Cert. Anywhere.™ Read Key & Certificate Management Best Practices www.venafi.com/best-practices/ www.venafi.com/best-practices/ Take the Enterprise risk assessment to understand your risks www.venafi.com/venafi-assessor/