1 / 71

Dawn of the Intelligence Age by Dr. Anton Ravindran

Dawn of the Intelligence Age by Dr. Anton Ravindran MENA Conference, Jordan

globalstf
Download Presentation

Dawn of the Intelligence Age by Dr. Anton Ravindran

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dawn of the Intelligence Age Dr. Anton Ravindran MENA Conference, Jordan

  2. People - things People - people Things - things

  3. DIKW Source : Chaim Zins Theory of DIKW

  4. Source: BI Intelligence

  5. Technologies

  6. History of Cloud

  7. Five Key Cloud Attributes • Shared / pooled resources • Broad network access • On-demand self-service • Scalable and elastic • Metered by use

  8. IOT – Airline Era

  9. Cyber Security Issues - Due to Cloud, Big Data Analytics & IoT

  10. Why is Cloud Security Important • Increasing Usage of Cloud Services in Non-traditional Sectors • Growing Adoption of Cloud Services in Government Departments • Rise in Cloud Service-specific Attacks • Growing Usage of Cloud Services for Critical Data Storage • Rise in Employee Mobility

  11. A survey commissioned by Microsoft on ‘Cloud computing among business leaders and the general population’ states that: • 58% of the general population and 86% of senior business leaders are excited about the potential of cloud computing. • But, more than 90% of these same people are concerned about the security, access and privacy of their own data in the cloud. Why Security? Source: Microsoft

  12. Source: IBM

  13. Market Analysis What market size are we talking about Market Size: 2012 : US $425.4 Million 2013 : US $629.6 Million 2014 : US $963.4 Million

  14. Global Cloud Security Market Growth Analysis 2012-2014 (US$ million)

  15. Global Cloud Security Market by End-User Segmentation

  16. What is Cloud Security? Cloud Security • Agility • Self-service • Scale • Automation • Gate-keeper • Standards • Control • Centralized Cloud Security is security principles applied to protect data, applications and infrastructure associated within the Cloud Computing technology.

  17. Most security problems stem from: • Loss of control • Lack of trust • Multi-tenancy • These problems exist mainly in 3rd party management models • Self-managed clouds still have security issues, but not related to above Cloud Computing Problems

  18. Accountability Identity, authentication & access control Confidentiality Defining Security in Cloud Integrity Audited code, Access control and distributed systems Resilience Redundancy, diversification, forensic capacity Availability/ Assurance Source: NIST

  19. Data-in-transit • (secure protocols & Encryption, TLS) Data Security and Storage • Data-at-rest • (Homomorphic encryption) Processing of Data(Multi-tenancy)

  20. Private Cloud vs. Public Cloud

  21. Cloud-based Attacks and Outages

  22. Sony’s Attack • The Sony Pictures Entertainment hack was a release of confidential data belonging to Sony Pictures Entertainment on November 24, 2014 • On September 1, 2015, plaintiffs and Sony reached an agreement in principle to settle all of the claims of the putative class against SPE (Sony Pictures Entertainment)

  23. Verizon Cloud Outage • Verizon (VZ) shut down its cloud infrastructure-as-a-service (IaaS) for roughly 40 hours in January 2015. • While a cloud provider's worst fear is a prolonged outage, Verizon Communications stunned customers by scheduling to take its cloud offline for some 40 hours over the weekend to implement a comprehensive system maintenance project. • One reason for the upgrade of its cloud infrastructure, ironically, was to prevent future outages. • While many customers were peeved their provider intentionally cut their cloud service, some took solace knowing Verizon spent those 40 hours adding seamless upgrade capabilities that would enable future upgrades to be executed on live systems without disruptions, or even the need to be reboot servers.

  24. Google Compute Engine Outage • Multiple zones of Google's IaaS offering went down just before midnight of Feb 18th, 2015. After about an hour of downtime, service for most affected customers returned around 1 a.m. the next morning. • While some connectivity issues lasted almost three hours, there were roughly 40 minutes during which most outbound data packets being sent by Google Compute Engine virtual machines were ending up in the wind. • Google said the problem was "unacceptable" and apologized to users who were affected.

  25. AOL Outage • On 2015 February 19, apparently some people were actually affected when AOL’s email service suffered a widespread outage beginning around 4 a.m. Eastern. • The problem, which started in the U.K. and spread to the U.S., made it impossible for many AOL users to log in to their accounts. • While the AOL jokes come easy, there were real complaints online from people still using the vintage email addresses. AOL said a network issue was at fault.

  26. Amazon Outage #1 • In April 2011, Amazon EC2 went offline due to a network configuration problem. • Companies such as Foursquare, Quora, Reddit were offline for 12-48 hrs. • Companies that had invested in multiple availability zones were less affected (e.g. Netflix). • Amazon provided 10 days credit to the companies as compensation.

  27. Amazon Outage #2 • In August 2011, a lightning strike in Dublin caused a datacenter blackout for 24-48 hrs. • Due to the sudden failure, data in many servers was in an inconsistent state. • EBS (Elastic Block Storage) services were affected; but EC2 remained online so this did not count as downtime under the SLA. • These incidents raised serious doubts about the future of cloud.

  28. Lessons Learned • Manage risks and prepare for failure just as you would with traditional IT. • Utilize multiple availability zones and multiple regions. • Design the SLAs carefully. • Do not take your provider’s assurances for granted. • Design for the cloud computing model and supplement the resilience of the cloud provider.

  29. Research question At Broad Level,  Three major question are: • How secure is the data? • How secure is the code? • How secure is the infrastructure?

  30. Trends associated with Cloud Security • Increasing Partnerships between CSPs and Security Solution Providers Expected • Increasing Emergence of Cloud Service-specific Security Solution Providers • Identity Management and Encryption to Remain the Top Cloud Security Solutions Offered • Increasing Availability of Cloud Security Solutions for Small and Medium-sized Businesses (SMBs) • Emergence of Strong Cloud Security Standard and Guidelines

  31. Gartner Forecast

  32. Global Cloud Security Software Market as a Percentage of Global IT Security Software Market 2010 and 2014 Source: TechNavio Analysis

  33. CSA Enterprise Architecture • The Trusted Cloud Initiative Reference Architecture is both a methodology and a set of tools that enables security architects, and risk management professionals to leverage a common set of solutions. • These solutions fulfill a set of common requirements that risk managers must assess regarding the operational status of internal IT security and cloud provider controls.

  34. CSA Enterprise Architecture

  35. Commercial Vendor Solutions • Trend Micro SecureCloud • AppRiver SaaS-based e-mail and Web security tools • Awareness Technologies • Barracuda Web Security Flex • CloudPassage Halo SVM and Halo Firewall • M86 Security - Secure Web Service Hybrid • Panda Cloud Protection • SafeNet's Trusted Cloud Fabric • Symantec. Cloud Services

  36. Cloud-hosted security solutions from Trend Micro • With cloud-based security, you eliminate the cost and hassle of provisioning, managing, and scaling security hardware and software. And you ensure fast, consistent delivery of the newest security technologies and updates, helping you stay compliant and reduce risk. • Key Features: • Hosted Email Security • Intrusion Detection and Prevention • Firewall • Anti-Malware • Web Reputation • Log Inspection • Integrity Monitoring • Deep Security as a Service Trend Micro - Security as a Service

  37. Symantec protects the cloud and gives you the confidence you need in your cloud initiatives – whether you are directly consuming cloud services, building your own cloud, or extending your IT operations to include other clouds. • Key Features: • Symantec™ Email Security.cloud • Symantec™ Email Encryption.cloud • Symantec™ Instant Messaging Security.cloud • Symantec Enterprise Vault.cloud™ • Symantec™ Email Continuity.cloud • Symantec Backup Exec.cloud™ Symantec Protected Clouds

  38. The industry's first server security and compliance products purpose-built for elastic cloud environments. These products deliver fast, easy and highly accurate server exposure assessment, configuration compliance monitoring and network access control - automating the three most fundamental practices for securing servers in public and hybrid clouds. • Key Features: • Configuration security monitoring • Multi-factor Authentication • Software Vulnerability Assessment • Workload Firewall Management • Server Access Management • File Integrity Monitoring • Event Logging & Alerting CloudPassage Halo SVM and Halo Firewall

  39. CloudPassage Halo SVM and Halo Firewall

  40. Cloud-Based Web Content Filtering and Malware Protection • As a cloud-based service, Barracuda Web Security Service provides a convenient option to deploy Barracuda's powerful web security technology for organizations looking to leverage the scalability and flexibility of the cloud. Ideal for safeguarding users on and off the network, the solution unites award-winning spyware, malware, and virus protection with a powerful policy and reporting engine. • Key Features: • Spyware and Virus Protection • Barracuda Central • Application Control  Barracuda Web Security Flex

  41. There are undoubtedly risks associated with the use of Cloud-based services, just as there are risks associated other delivery models. Source: Capgemini

  42. What is “cybersecurity?”

  43. “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism, and tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe”

  44. WeaponS of mass disruption?

  45. Source: Scalar

  46. Source: Scalar

More Related