USE THE FORCE, CIO! How to use the force in the cloud wisely, Or - PowerPoint PPT Presentation

USE THE FORCE, CIO! How to use the force in the cloud wisely, Or – have you outsourced your security to the cloud?

TAKE-AWAYS ➢ How-to´s keeping information safe regardless of where it is ➢ Other perspectives – CEO, COO, CIO, CISO, Dev/Innovation ➢ Guidance and good examples based on true stories

ANNA REHNSTRÖM • VP Infrastructure • Star wars fan • CSO • Forward • CISO • Mum of 3 teens • Lieutenant Swedish Airforce • Dog-mum • Information security consultant • Married to the same man for 20 years • Information security Swedish • Swedish contingency agency

REFERENCE CASE • AVAILABLE • EASY TO USE • DIGITAL • THE RIGHT PRICE • SECURE • BANG FOR THE BUCK

The developers

IOT APPLICATION LAYER LEGACY APPS CLOUD NATIVE APPS API’s LEGACY APPS LEGACY APPS 3 PARTY IOT IDENTIFY APP *NIX WINDOWS LINUX IAAS PAAS SERVERLESS SERVICES V V V V V OTHER P OTHER MSP ON PREMISE PRIVATE CLOUD PUBLIC CLOUD P P P P PaaS & SaaS N N N N N BIG DATA TRADITIONAL TRADITIONAL TRADITIONAL DATA STORAGE DATA STORAGE DATA STORAGE

IT operations Is there any good links?

GARTNER BIMODAL IT MODE 1 MODE 2

The CISO

Cloud security CUSTOMER CUSTOMER DATA PLATFORM, APPLICATIONS, IDENTITY & ACCESS MANAGEMENT OPERATING SYSTEM, NETWORK & FIREWALL CONFIGURATION CLIENT-SIDE DATA ENCRYPTION NETWORKING TRAFFIC SERVER-SIDE ENCRYPTION & DATA INTEGRITY PROTECTION (ENCRYPTION, (FILE SYSTEM AND/OR DATA) AUTHENTICATION INTEGRITY, IDENTITY) HARDWARE/PUBLIC CLOUD GLOBAL INFRASTRUCTURE PUBLIC CLOUD PROVIDER REGIONS AVAILABILITY ZONES EDGE LOCATIONS SOFTWARE DATABASE NETWORKING compute STORAGE

“WE ARE NOT ALONE, GOOD PEOPLE WILL FIGHT IF YOU LEAD THEM” Poe Dameron, acting General of the Resistance

CYBERHYGIENE

BIG GAME HUNTING Norsk Hydro • 19 th march 2019 • Zero day vulnerability • Sleeper agents – ready to extort • 3 months / 600 million NOK

Cyber hygiene Culture of • accountability Communication team • Awareness training Cybersecurity team • • (*link) Incident Response •

Manners! • Mutually Agreed Norms for Routing Security (MANRS) • CERT Resilience management model

“THERE IS NO NAVY, IT ´S JUST..PEOPLE !” First order command

HOW TO? WHAT IS NEEDED TO BE • CLASSIFY YOUR • PROTECTED AND WHY? DATA USE REFERENCES • USE SERVICE • USE EXPERTS FROM • PROVIDERS CLOUD PROVIDERS

“ IN MY EXPERIENCE THERE IS NO SUCH THING AS LUCK.” Obi-Wan Kenobi

“ I HAVE TAUGHT YOU EVERYTHING I KNOW. AND YOU HAVE BECOME A FAR GREATER JEDI THAN I COULD EVER HOPE TO BE.” Obi-Wan

TAKE-AWAYS ➢ How-to´s keeping information safe regardless of where it is ➢ Other perspectives – CEO, COO, CIO, CISO, Dev/Innovation ➢ Guidance and good examples based on true stories

USE THE FORCE, CIO! PEOPLE, PROCESSES AND TECHNOLOGY - AND EXCELLENT LEADERSHIP