Presentation is loading. Please wait.

Presentation is loading. Please wait.

IaaS PaaS SaaS This is, in fact, the only risk to which we can lose the entire company. Chief Risk Manager.

Similar presentations


Presentation on theme: "IaaS PaaS SaaS This is, in fact, the only risk to which we can lose the entire company. Chief Risk Manager."— Presentation transcript:

1

2

3

4

5 IaaS PaaS SaaS

6

7

8 This is, in fact, the only risk to which we can lose the entire company. Chief Risk Manager

9 Competitors want your Intellectual Property Competitors want your Intellectual Property Organized crime wants your money Organized crime wants your money Intel Agencies want your personal data Intel Agencies want your personal data Terrorists want your life Terrorists want your life

10

11 There’s a huge gap between the threats and our protective measures to defend against those attacks. Khalid Kark, vice president and research director, Forrester Research Inc. There’s a huge gap between the threats and our protective measures to defend against those attacks. Khalid Kark, vice president and research director, Forrester Research Inc.

12

13 “If you protect your paper clips and diamonds with equal vigor, you’ll soon have more paper clips and fewer diamonds” -Attributed to Dean Rusk, US Secretary of State, 1961- 1969

14 Detect Current state Cyber Capabilities Desired state Cyber Capabilities Anomaly Detection Attack High Privilege accounts

15

16

17

18 High Risk Data Zone Medium Risk Data Zone High Business Impact Data Medium Business Impact Data $$$$$ $$$ Low Risk Data Zone Low Business Impact Data $

19 GoalBenefit Differentiation of controls per Zone Cost avoidance Reduce risk of attack moving from one Zone to another Risk likelihood and impact reduction Enable secure adoption of Cloud and Consumerization Business enablement

20 One Open Network Contoso.com 1.Move the most valuable assets to a highly secure environment 2.Move the most exposed assets to a separate environment 3.Move the most vulnerable assets out of the Open Network Office Automation Medium/Low Risk Data Office Automation Contoso.com Secure Cell High Risk Data Secure Cell Secure.com Containment W2K, Old Java, Test Contain.com W2K, Old Java, Test Access Services Internet Facing Apps Secure Cell Office Automati on Access Services Internet Facing Apps External Connect External.com

21

22 Basic Infrastructure Network, Storage, Desktop, Servers, etc. Basic Infrastructure Network, Storage, Desktop, Servers, etc. Management Asset Management (incl AV, patching and configuration) Security Identity and Access management Application Services E.g. LDAP, Search

23 Application Network stack Operating System MBI Data “Bring your own device” or Cloud Application Network stack Other data Operating System MBI Data Application Part of Medium Risk Zone Fully isolated application Internal server application

24 Example Controls Adequate? Start Encryption (e.g. RMS) Adequate? No Yes Done Yes Done Yes Done Sandboxing, Presentation virtualization (e.g. RDS) Health check/contractual, Mobile Device Management Application Protection Network stack Operating System Data Protection Fully managed corporate device

25

26

27

28 Access: Users and Workstations Power: Domain Controllers Data: Servers and Applications DCIM-B213 TWC: Pass-the-Hash and Credential Theft Mitigation Architectures DCIM-B359 TWC: Pass-the-Hash: How Attackers Spread and How to Stop Them

29

30

31 Protective Controls By 2020, 60% of enterprise information security budgets will be allocated to rapid detection and response approaches, up from less than 10% in 2013 (Gartner, May 2013)

32 ReconnaissanceWeaponizationDeliveryExploitationInstallation Command and Control Actions on Objective

33

34

35 PANIC …

36

37

38

39

40 Effectiveness Depends on ExecutionInherent Low Effectiveness Low Attacker Skill/Presence 0% chance of persistence High Attacker Skill/Presence 100% chance of persistence $$$$$$$ $$$ $

41

42

43

44

45 www.microsoft.com/learning http://microsoft.com/msdn http://microsoft.com/technet http://channel9.msdn.com/Events/TechEd

46

47

48


Download ppt "IaaS PaaS SaaS This is, in fact, the only risk to which we can lose the entire company. Chief Risk Manager."

Similar presentations


Ads by Google