My Notes: Securing Innovation | Cloud Connections Keynote

Speaker: Nils Puhlmann, Chief Security officer, Zynga Inc.  Co-founder Cloud Security Alliance

Zynga (maker of FarmVille, CityVille, Mofia Wars, etc) adds as many as 1000 servers a week to keep up with growth.

“We have to accept what we all know to be elemental – that taking a defensive position can, at best, only limit losses.  And we need gains. ” Peter Drucker.

Point of quote is to say we need to shape security as an enabler rather than just thinking about it as a way to be on the defensive.

Top mobile activities in US:

  • – Sent text msgs 68%
  • – Took photo 52.4%
  • – Accessed news and info 39.5%
  • – Used browser 36.4%

Point:Spectrum of usage is going wider

47 apps downloaded per user for iPhone/ITouch.  22 for Android per user.

Internet has changed from Internet of content/search, to a Internet of people interaction.

 

Social networking has surpassed email use now. People used to have Internet access to get to their email account(s), now it’s to get to Facebook or other social networking sites.

Most Security challenges of Social networks are not technical.

Non-technical info:

  •  Obvious productivity impact
  •  Information disclosure
  •  The graying of personal and professional lives
  •  Corporate disclosure
  •  Social engineering made easy
  •  Sharing of passwords/predictable user names

Technical:

  •  Social networking malware
  •  most AV Challenged the web-base malware
  •  Bots
  •  Bandwidth concerns

“AV is dead anyway”… Web Based malware eliminates the effectiveness of the desktop Anti-Virus products.

Top risks of Social Network’s

  •  Unproven identity of profiles and info
  •  Malware targeting social network sites and users
  •  Inadvertent disclosure of private or sensitive info
  •  Social engineering made easy
  •  Complete loss of privacy
  •  Identity theft
  •  Frameworks for app dev and delivery can lead to malware distribution

Maltego.com… shows you info correlation/connection.  Check this out on your name

Touchgraph.com – Google tool that shows social relationships.

 

Key cloud security problems of today (from CSA Top threats research):

  • Trust: lack of provider transparency, impacts governance, risk management, compliance
  • Data: Leakage, Loss of storage in unfriendly geography
  • Insecure Cloud software
  • Malicious use of Cloud services
  • Account/Service Hijacking
  • Malicious insiders
  • Cloud-specific attacks

Only way to drive risk down to a appropriate level is by managing vulnerabilities. 

Now more than ever, it’s important to have experts look at your data/apps/etc regularly.

it’s also important to have separation of duties.  Don’t want one person or the use of that person’s credentials to have too much access to allow for a lack of check pointing before changes to systems/etc get implemented. 

Security as a Service Initiative:

  • Info assurance challenged by disruptive trends (cloud, mobile, social networking, etc)
  • Cloud proves opportunity to rethink security (economics, arch, service delivery models, etc)

 

Leave a Reply

Your email address will not be published. Required fields are marked *