Super Secure Cloud

CLOUD

S U P E RSECURE

Peter Cochraneformicio.com

Thursday, 12 July 12

Security is always a cat and mouse game...


And we are always trying to tilt the odds in our favour...


But we cannot leave anything to chance, we cannot afford to gamble, the stakes are far too high..


We have to think like the enemy, war game, test and probe, & constantly keep ahead technically and strategically...


1) There is always a threat

2) It is always in a direction you’re not looking

3) Perceived risk/threat never equals reality

4) Nothing is 100% secure

5) People are always the primary risk

6) Resources are deployed inversely proportional to actual risk

Laws of security...


Laws of security...

7) You need two security groups - defenders & attackers

8) Security & operational requirements are mutually exclusive

9) Legislation is always > X years behind

10) Security standards are an oxymoron

11) Security people are never their own customer

12) Cracking systems is far more fun than defending them


Laws of security...

13) Hackers are smarter than you - they are younger!

14) Hackers are not the biggest threat - governments are!

15) As life becomes faster it becomes less secure

16) Connectivity and data half lives are getting shorter too

17) We are most at risk during a time of transition

18) The weakest link generally defines the outcome


If we continue to do what we’ve always done our Cloud exposure will accelerate..


In The Cloud - the attack surface is the entire planet...


We w i l l n e e d more and smarter firewalls...


All forms of malware protection will have to become evolutionary...


Has to become far more sophisticated...


Enhancing login vectors...Something you:

- Do- Are- Know- Possess- Deduce- Relate to- Recognise- Remember- Understand

A concatenation of weak vectors rapidly becomes very strong...


Concatenating numerous low cost biometrics is a good example...

- Eye- Face- Hand- Voice- Typing- Habits- Devices- Locations- ++++


Automated & stronger encryption...

...but only where needed !Thursday, 12 July 12

More anonymity applications...


More url hopping, identity, & location cloaking applications...


What does The Cloud offer beyond all this ?


So what are the extras The Cloud brings to the party ?

It will destroy dominant mono-cultures of:- Devices- Browsers- eMail clients- Application sets- Operating modes- Operating systems

Hackers love mono-cultures - it makes their lives so very

much easier...


More variety, dynamism, and faster change...


Clouds of all sizes will form and dissipate by demand . . .w i t h t h e clustering of people and devices +++


Connectivity will be less static, comms between Clouds sporadic and far more varied...

Movie


Moving targets are very hard to hit


Thin clients offer very limited processing and memory, making it far harder for malware to be effective...


Cloud services now a v a i l a b l e f r o m multiple suppliers...

- Infrastructure- Platform- Software


Use multiple suppliers for connectivity, apps, storage, security et al and employ in a randomised fashion...


...seamlessly flip between devices...Thursday, 12 July 12

Why


To make it incredibly difficult for the dark side:

- No single log-on device- No single log-on location- Variable log-on routine- Distributed applications- Distributed filing system- Parsed and distributed data- Multiple clouds and providers- Dynamic creation of clouds- Dynamic cloud interconnection- Inter-cloud encryption and coding- Corporate strength security for all


App

App App

App

App Storage

Storage Corporate

Corporate

Corporate

Personal Personal Storage

One of manyConnection

Clouds

SurroundedBy

Clouds


Parsed data flows to/frommultiple destinations...

...are incredibly difficult to intercept and decode...


Parsed, encrypted & distributed folders over multiple global ser vers . . . i s even harder!


Parsed, encrypted and distributed data folders over multiple global servers...is even worse!

The biggest threat is still people laxity and the insider...


Behavioural monitoring and analysis will become an essential cloud service for SMEs, corporations & .gov...


Half lives of connections, data, info and knowledge...are going to get much shorter!


We have toreduce theopportunityand the time available forThe Dark Sideto infiltrate and take action...


And should they break in we confront them with partial access and a very confusing picture...

Which door to choose, and to which cloud, for how long, with access to what ?


How many layers, combinations,connections, locks,types ?

How long will they be open,

and what is in each of the many clouds ?


The Dark S i d e w i l l thus have far less time to infiltrate a n d t a k e action...

The day of the lone hacker is coming to an end...


The New Dark Side are gov agencies and criminal organisations with huge budgets, people & tech resources...


The sophistication of StuxNet and Flame surprised industry and governments .. .and they mark the start of a new era...


We may be transiting to‘Cyber Warfare’...


Fending off such threats

demands more capability

than individual corps can

muster


Global cooperation will be required, to develop military grade solutions ...


To survive and prosper we have to think and act differently whilst leverag ing new technology, and techniques...


The DIYcompanies

will not survive...


Malware is now open code for free or a modest price f r o m m u l t i p l e sources...

...it is also breeding by the hand of man and by a digital life force we created...


The Art of War by Sun Tzu, 600 BC

“Speed is the essence of war. Take advantage of the enemy's unpreparedness ; t rave l by unexpected routes and strike him where he has taken no precautions”


http://refspace.com/quotes/The_Art_of_War

http://refspace.com/quotes/The_Art_of_War

http://refspace.com/quotes/Sun_Tzu

http://refspace.com/quotes/Sun_Tzu

Be prepared !Thursday, 12 July 12

Thank You

formicio.com


Business

Super Secure Cloud