Insert Your Name
Insert Your Title
Insert Date
Whose Cloud Is It Anyway?
Exploring Data Security, Ownership and
Control
David Etue
VP, Corporate Development Strategy
February 26, 2014
@djetue
Who We Are SafeNet is trusted to protect, control access to, and manage
the worlds most sensitive data and high value applications
We control access to the most
sensitive corporate information–
more than 35 million identities
protected via tokens, smartcards,
and mobile devices managed on-
premise and in the cloud.
We protect the most money that
moves–over 80% of the world’s
intra-bank fund transfers and
nearly $1 trillion per day.
We monetize the most high-value
software–more than 100 million
license keys protect and manage
on-premise, embedded, and cloud
applications globally.
We are the de facto root of trust–
deploying more than 86,000 key
managers and protecting up to
750,000,000 encryption keys.
FOUNDED
1983
REVENUE
~330m
EMPLOYEES
+1,500 In 25 countries
GLOBAL
+25,000 Customers in
100 countries
ACCREDITED
Products certified
to the highest
security standard
Cloud and Virtualization Are Changing the
Way IT is Managed and Consumed
3
Agile.
Now.
On demand.
Simple.
Secure?
Cloud Benefits Are Being Realized…
80% of mature cloud adopters are seeing:1
• Faster access to infrastructure
• Greater Scalability
• Faster Time to Market for Applications
50% of cloud users report benefits including:1
• Better application performance
• Expanded geographic reach
• Increased IT staff efficiency
4 © SafeNet Confidential and Proprietary
1RightScale State of
the Cloud Report
2013
…But Cloud Benefits Are Driven by Sharing
5 © SafeNet Confidential and Proprietary
And Security and Compliance Are Not the
Biggest Fans of Sharing…
6 © SafeNet Confidential and Proprietary
Leading Inhibitors to Cloud Adoption
451 TheInfoPro 2013 Cloud Computing Outlook
– Cloud Computing Wave 5
Security and Compliance Concerns
With Shared Clouds
8 © SafeNet Confidential and Proprietary
How Do You Maintain Ownership and Control Of Your
Information In A Multi-Tenant Environment?
Data Governance
Lack of Visibility
• Can you track all of my data instances?
Backups? Snapshots?
• Am I aware of government requests/discovery?
• Do you new when data is copied?
Data Compliance
Lack of Data Control
• Who is accessing my data?
• Can I illustrate compliance with internal and
external mandates?
• Is there an audit trail of access to my data?
Data Protection
Risk of Breach and
Data Loss
• Are all my data instances secure?
• Can I assure only authorized access to my data?
• Can I “pull the plug” on data that’s at risk of exposure or who’s lifecycle has expired?
New Risks Driving
Cloud Security Challenges
Increased Attack
Surface
Privileged Users
Ability to Apply
Security Controls
Control (or there
lack of)
New Risk:
Increased Attack Surface
New Risk:
New Definition of Privilege
New Risk:
Ability to Apply Security Controls
Security Management & GRC
Identity/Entity Security
Data Security App Sec
CSA Cloud Model
Host
Network
Infrastructure Security
Security Controls Mapping and Sized by Budget
New Risk:
Ability to Apply Security Controls
Most organizations
are trying to deploy
“traditional”
security controls in
cloud and virtual
environments…but
were the controls
even effective then?
Amazon EC2 - IaaS
The lower down the stack the Cloud
provider stops, the more security you are
tactically responsible for implementing &
managing yourself.
Salesforce - SaaS
Google AppEngine - PaaS
New Risk:
Control (or there lack of)
And Not Just The Traditional “Bad Guys"
Sensitive Data in
the Cloud
Adversaries
Government Discovery
Cloud Administrators
Auditors / Regulators
So, Whose Cloud Is It Anyway?
Model Private
Cloud
IaaS in Hybrid / Community /
Public Cloud
PaaS/SaaS
Whose Privilege
Users? Customer Provider Provider
Whose
Infrastructure? Customer Provider Provider
Whose VM /
Instance? Customer Customer Provider
Whose
Application? Customer Customer Provider
Law
Enforcement
Contact?
Customer Provider Provider
Making it Your Cloud:
Key Enablers to Cloud Security
Encryption (and Key Management)
Identity and Access Management with Strong Authentication
Segmentation
Privilege User Management
Detection and Response Capabilities
System Hardening
Asset, Configuration, and Change Management
Encryption: Un-Sharing in a Shared
Environment
Un-Sharing
FTW!!!
Clouds Love Crypto!!!*
*with good key management…
Typical Sources of Trust
Source Traditional
Data Center
Internal Cloud
(Private)
External
Cloud
(Public,
Community,
Hybrid)
“Own the Stack” Yes N/A No
System
Fingerprinting Yes No No
Trusted Platform
Module (TPM) Yes Maybe? No
Hardware Security
Module (HSM) –
Server Card
Yes Maybe? No
Hardware Security
Module (HSM) -
Network
Yes Yes Yes
Smartcard Yes Maybe Maybe
Leveraging Crypto In The Cloud
21 © SafeNet Confidential and Proprietary
Sources of Trust
Customer Premise Cloud Provider
Customer
Controlled at
Service Provider
Trusted 3rd Party
+ Most Control + Architecture + Architecture + Multi Cloud
- Architecture - Security /
Separation - Multi Cloud - Integration
Hardware
Security
Module =
Trust Anchor
Leveraging Crypto In The Cloud
22 © SafeNet Confidential and Proprietary
Sources of Trust
Customer Premise Cloud Provider
Customer
Controlled at
Service Provider
Trusted 3rd Party
+ Most Control + Architecture + Architecture + Multi Cloud
- Architecture - Security /
Separation - Multi Cloud - Integration
Hardware
Security
Module =
Trust Anchor
Key Management
Applications
and Workloads
Leveraging Crypto In The Cloud
23 © SafeNet Confidential and Proprietary
Sources of Trust
Customer Premise Cloud Provider
Customer
Controlled at
Service Provider
Trusted 3rd Party
+ Most Control + Architecture + Architecture + Multi Cloud
- Architecture - Security /
Separation - Multi Cloud - Integration
Hardware
Security
Module =
Trust Anchor
Key Management
Applications
and Workloads
Highest
Assurance Most
Flexible
How Do You Apply Security Controls?
Security Management & GRC
Identity/Entity Security
Data Security App Sec
CSA Cloud Model
Host
Network
Infrastructure Security
Security Controls Mapping and Sized by Budget
Need to Focus “Up The Stack”
Security Management & GRC
Identity/Entity Security
Data Security App Sec
CSA Cloud Model
Host
Network
Infrastructure Security
Virtualization, Software Defined Networks,
and Public/Hybrid/Community Cloud Forces
a Change in How Security Controls Are
Evaluated and Deployed
Data Centric Security = Agility!
Security Management & GRC
Identity/Entity Security
Data Security App Sec
CSA Cloud Model
Host
Network
Infrastructure Security
Insert Your Name
Insert Your Title
Insert Date
Thank You!!!
@djetue
safenet-inc.com
@SafeNetInc
facebook.com/SafeNetInc