SEE the Cloud: Hans Rattink - Is uw security net zo secure als de cloud zelf?

Classification: //SecureWorks/Public Use:


#SEETHECLOUD

Is uw security net zo secure als de cloud zelf?Hans Rattink, Secureworks

#SEETHECLOUD

Hans Rattink

Security Architect, Secureworks


4

About me

• Hans Rattink

• Senior Security Architect @ SecureWorks.com

• Region: Central EU

• Active in IT for over 17 years, Security over 12 years

• [email protected]

mailto:[email protected]


5

Is the cloud secure?

What are my responsibilities?

What should I do next?


6

State of the art Data Centres

Foundation of Cloud Service Providers

Ref.: https://www.datapipe.com/blog/2017/11/14/touring-equinixs-state-of-the-art-dc12-data-center/


7

Can it get any better?

https://aws.amazon.com/compliance/


8

Through 2020, public cloud infrastructure as a service (IaaS)

workloads will suffer at least 60% fewer security incidents

than those in traditional data centres.

https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/

- Gartner, Inc.


9

Are we good?


10

Are we?


11

By 2020, 95 percent of cloud security failureswill be the customer’s fault

Gartner, Clouds Are Secure: Are You Using Them Securely?, 21 July 2016

- Gartner, Inc.


12

What did we see this year so far?

http://www.bbc.com/news/technology-41969061


13

• A third-party vendor working with Verizon left the data of as many as 14 million US customers exposed

• The data was contained on a misconfigured Amazon S3 data repository owned and operated by telephonic software and data firm NICE Systems, a third-party vendor for Verizon, according to a July 12 blog post

• “This massive data leak could have been avoided by using specific data-centric security tools, which can ensure appropriate configuration of cloud services, deny unauthorized access, and encrypt sensitive data at rest.”

https://www.scmagazine.com/misconfigured-server-leaves-14-million-verizon-customer-records-exposed/article/674590/

Verizon – July 2017


15

• The perpetrators may have had access to the server back to October or November 2016

• Deloitte acknowledged that an attacker “accessed data from an email platform.”. Which Deloitte used to store also usernames, passwords, IP addresses, architectural diagrams, health information, and sensitive security and design details.

• The adversary accessed the Azure cloud service by compromising an administrator's account with unrestricted access to content. The account did not have “two-step” verification set up.

• To make matters worse, it appears that no one at Deloitte noticed suspicious account activity for months

https://www.scmagazine.com/no-accounting-for-this-deloittes-email-server-reportedly-breached/article/695503/

Deloitte – September 2017


16

• The BBC has discovered a security flaw in the office collaboration tool Huddle that led to private documents being exposed to unauthorised parties

• On Wednesday (8th Nov.), a BBC correspondent logged in to Huddle to access a shared diary that his team kept on the platform. He was instead logged in to a KPMG account, with a directory of private documents and invoices, and an address book.

• According to Huddle, if two people arrived on the same login server within 20 milliseconds of one another, they would both be issued the same authorisation code.

• Huddle has now changed its system so that every time it is invoked, it generates a new authorisation code. This ensures no two people are ever simultaneously issued the same code.


Huddle – November 2017



17http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks


18http://breachlevelindex.com/


19

Results from 1 year Data Breach Notification law

• 5,500 notifications of data breaches

• 4,000 notifications investigated

• 100’s of organisations been warned

• 10’s of organisations involved in deeper investigations

Numbers from the Dutch Authority Personal Data (AP)

Source: https://autoriteitpersoonsgegevens.nl/nl/nieuws/overzicht-meldingen-datalekken-eerste-kwartaal-2017#subtopic-5247

GDPR

Fines for data breaches can have a maximum of 4% of the yearly gross turnover or €20 Million

whatever is largest

https://autoriteitpersoonsgegevens.nl/nl/nieuws/overzicht-meldingen-datalekken-eerste-kwartaal-2017#subtopic-5247


20

What are my responsibilities?


21

Cloud models

Cloud Consumer Cloud Provider

Infrastructure as a Service

Software as a Service

Platform as a Service


22

Key responsibilities for Cloud models


23

Clarify and document your responsibilities

Vendor management is key

• Know where your responsibilities end and the provider’s begin

• Patching, encryption, software licenses, data retention

• Make sure there is documented responsibility for each layer in the Cloud stack

• Agree the responsibilities with the Cloud provider and ensure contracts are in place reflecting responsibilities

• Ensure as a Cloud Consumer you have the ability to assess/audit the Cloud Provider’s security and privacy controls


24

What should I do?


25

By 2018, the 60% of enterprises that implement

appropriate cloud visibility and control tools

will experience one-third fewer security failures.

https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/

- Gartner, Inc.


26

1 Assess and Plan

• Security Maturity Assessment

• Identify security gaps

• Understand risks to (personal) data

• Develop risk based Security Programme that includes best practices

Increase visibility2

• Implement (threat intel based) Security analytics

• Use a 24x7 SOC for incident analysis

• Apply a Vulnerability Scanning & Management program

• Improve Security Awareness

3 Implement controls

• Implement governance controls

• Add controls for detection and protection

• Create runbooks and incident response plans

Test, operate & manageTarget

• Govern Security Programme• Test security controls, programme and

employees • Evaluate and improve

Security roadmap


27

Build your security program

Cloud Security Strategy

• Holistic view of implications of cloud computing

• Full evaluation of threats and risks

• Identification and implementation of mitigating controls against assets and cloud providers

• Understand their security control framework

• What information do they provide you, what is documented?

• What options do they give you to ensure security?

Check your cloud provider

• Where is your data now and in the future?

• Are you monitoring the security controls in place?

• What happens to your data if your cloud provider ceases service?

• Are you GDPR compliant and prepared for a security breach?

Understand the implications

• What are your responsibilities in keeping the data secure?

• Do you know what services you use and who has access to your critical data in the cloud?

• Can you successfully respond to security incidents?

Assess your existing controls


28

Increase visibility

Security monitoring results


29

Implement controls

Cloud Security Configuration Management

https://cloud.secureworks.com/


30

About SecureWorks


31

Intelligence-driven information security solutions…

2,400+ employees

Recognized as an

industry leader~4,500

clients across

61 countries

18Years of threat

intelligence data

240BSecurity events

processed daily

2B+Threat indicators

300+Expert security

analysts

700+IR engagements

last year


32

Acknowledged leader


33

Secureworks Cloud Portfolio

✓ Security Design and Architecture

✓Cloud Strategy Development and Assessment

✓Managed Vulnerability Scanning

✓Managed Web Application Scanning

✓Monitored Firewall

✓ Vulnerability Assessment

✓ Advanced Penetration Tests

✓Web App Security Assessment

✓ Penetration Tests

✓ Remote Red Team

✓ API Assessments

✓Cloud Vendor Assessment

✓Cloud Strategy Assessment

✓ Security Framework Assessments

✓ Vulnerability Scanning

✓ PCI, HIPAA, GLBA, FISMA, EI3PA

✓ Penetration Testing

✓ Emergency Incident Response ✓ Incident Management Retainer

Strategize and Architect Secure Applications and Data

Test Your Cloud Security

Assess Your Deployment

Meet Compliance

Respond to a Breach

✓Monitored Web Application Firewall

✓Monitored Elastic Server Groups

✓ Advanced Endpoint Threat Detection - Red Cloak

Multiple cloud platforms supported

Amazon Web Services supported

Cloud Security & Risk Consulting

Cloud Managed Security Services & SaaS

Cloud Incident Response


34

Is the cloud secure?

What are my responsibilities

What should I do next?


35

Questions?

• [email protected]

• @hrattink

• https://www.linkedin.com/in/hrattink/

Hans Rattink, CISSP CISMSenior Security Architect

SecureWorks | Central EuropePhone: +31 6 250 93 872 [email protected]

mailto:[email protected]


Thanks for your time!

#SEETHECLOUD


37

Colophon

Author: Hans RattinkModified: November 2017

Revision history0.4: Initial version for See2017

Business

SEE the Cloud: Hans Rattink - Is uw security net zo secure als de cloud zelf?