Insert Your Name

Insert Your Title

Insert Date

Virtual World with Virtual Risks. Can it be Cloudy and Clearly Secure?

Jason Hart – VP, Authentication and Cloud Visionary, SafeNet - Moderator

Panellists:

Gargi Mitra Keeling, Group Product Manager, Networking and Security, VMware

Jofre Palau, Principal Product Manager, Security, Vodafone

Patrick McBride , VP Marketing, Xceedium

Leonor Martins, Principal Solutions Specialist, Virtualization & Cloud, SafeNet

PANEL SESSION

Introductions

Jason Hart – Moderator. VP, Authentication and Cloud, SafeNet

Panellists: Gargi Mitra Keeling, Group Product Manager, Networking and

Security, VMware Jofre Palau, Principal Product Manager, Security, Vodafone Patrick McBride , VP Marketing, Xceedium Leonor Martins, Principal Solutions Specialist, Virtualization &

Cloud, SafeNet

Agenda

Meeting Format Introduction and Welcome 3 questions for the panel discussion 3 polling questions for the audience

Quick analysis of results

Summary Q & A

With the adoption of cloud and migration to the

virtual data center, do you believe customers are

aware of the virtual risks?

What do you see as the cause of the hesitancy

remaining in customers?

Do customers realise they are in the cloud/hybrid

cloud ie. SFDC, Dropbox etc?

Question 1

Today’s issues

Data breaches are rampant

Data is moving everywhere

The approach to protecting data must change

State of Data Security

2012: 855 data breach

incidents 174 million

records affected Second-worst

year ever

*Based on a SafeNet Survey of 800+ security professionals.

Source: 2012 Verizon Data Breach Investigations Report

What are your main concerns or reasons for hesitation to move into the cloud?

Compliance Loss of control Ownership

Polling Question 1

State of Data Security

Security professionals believe they will suffer a breach.

*Based on a SafeNet Survey of 800 security professionals.

State of Data Security

Organizations continue to rely on the same technologies.

*Based on a SafeNet Survey of 800 security professionals.

State of Data Security

Doubt in security industry’s ability to detect and prevent breaches.

*Based on a SafeNet Survey of 800 security professionals.

State of Data Security

Recognition that if perimeters failed, high value data would not be safe.

*Based on a SafeNet Survey of 800 security professionals.

A new prescription for the “Secure Breach” era

Introspection

• Its time to try something new…

Acceptance

• You can’t prevent a perimeter breach…

Understanding

• Know your enemies and what they are after…

Action

• Protect What Matters…THE DATA!

What are your beliefs on a new security paradigm, ie. no perimeter existing and securing the actual data, instead of the vector which no longer exists?

• Breach acceptance and securing the data in view of:

• 800 IT professionals surveyed globally • Survey shows they are continuing to secure the

perimeter and not the data, although they are expecting a breach

Question 2 and discussion points

Verizon’s annual Data Breach Investigations Report (DBIR) published last week

Quoted from the report: 

“Not one breach in this sample happened to data that was ‘in transit’. In fact, two-thirds of breaches involved data ‘at rest’ (in databases and on file servers), and the rest was being processed when compromised.”

Question 2 discussion points

Verizon’s annual Data Breach Investigations Report (DBIR) published last week, 80% of data-breaches could have been eliminated just by using strong-authentication.

Quoted from the report: 

“So, it really comes as no surprise that authentication based attacks (guessing, cracking, or reusing valid credentials) factored into about four of every five breaches involving hacking in our 2012 dataset. …

Question 2 discussion points

• Many threats are invisible:• insider threats and passwords have been

compromised for a considerable time and the data exposed, without the organisation being aware

Quoted from the Verizon report:  “... 66% of the breaches in our 2013 report took months or even years to discover (62% months, 4% years).”

• What is your view on Killing the Data?

Question 2 discussion cont...

Polling question 2

Where/why do you think your data breach would occur?• Data center/Virtual data center• Unapproved hardware• Weak credentials• Phishing attacks• Insider threat/disgruntled employees

18

Should it be mandatory for a cloud provider to make 2 Factor Authentication an option?

• Cloud alliance sets standards. Should this be a standard?

• Should it be clients choice to enable 2FA?

Question 3 and discussion points

Polling question 3

If you had the option to enable 2 Factor AUT for a cloud application, would you use it?

20

Summary

Where encryption can be deployed

The implications of each of those places

The types of threats associated with those

locations

The importance of Key Management

Protect the target, not the perimeter

Controlling access to resources: authentication

At the core: key management, key vaulting, root of trust

In the data center: databases, applications, mainframes, and storage

Into the cloud: virtual servers, applications and storage

The Importance of Key Management

Your data is only as secure as your keys

Keys (and data) may have a life of many decades

Disaster recovery support is essential

Policy driven with role management

Key rotation/Rekeying

Secure destruction

Auditing

System recover

If your data is now encrypted, then losing the keys would be a significant and unrecoverable disaster!

Who We Are

Trusted to protect the world’s most sensitive data for the world’s most trusted brands.

We protect the most money that moves in the world, $1 trillion daily.

We protect the most digital identities in the world.

We protect the most classified information in the world.

FOUNDED

1983

REVENUE

~330m

EMPLOYEES

+1,400In 25 countries

OWNERSHIP

Private

GLOBAL FOOTPRINT

+25,000Customers in100 countries

ACCREDITED

Products certifiedto the highest security standard

Follow SafeNet on Social Media

[Blog] http://data-protection.safenet-inc.com @safenetinc http://www.linkedin.com/company/safenet http://youtube.com/safenetinc http://facebook.com/safenetinc https://plus.google.com/+safenet http://pinterest.com/safenetinc/ http://www.safenet-inc.com/rss.aspx http://www.slideshare.net/SafeNet http://www.govloop.com/group/safenetgov http://www.brighttalk.com/channel/2037 http://community.spiceworks.com/pages/safenetinc

25

Thank you for attending

Any questions?