cloud mz cto_roundtable
TRANSCRIPT
![Page 1: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/1.jpg)
CTO Roundtable
![Page 2: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/2.jpg)
O’Reilly Definition - What is Web 2.0?
• Scalable services, not packaged software
• Harnessing collective intelligence through an
“architecture of participation”
• “Open Source” => users as co-developers
• Leveraging the long tail => customer self-
service
• Rich user experience => rich client
![Page 3: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/3.jpg)
Web 2.0 - A Practical Definition
SocialNetworks
Skype
P2P Networks
Blogs
Wikis
SaaS
Mashups
IMLinkedin
BitTorrent
YouTube
The Emerging
Web
Salesforce
![Page 4: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/4.jpg)
The Web 2.0 Security ProblemThe Web 2.0 Security Problem
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
![Page 5: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/5.jpg)
Web 2.0 Security Implications
• Consumerization of IT => UnregulatedCorporate IT
• Rich Client Side Scripting => Emerging Attack Vectors
• Web 2.0 plus Mobility => Loss ofPerimeter Control
![Page 6: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/6.jpg)
Web 2.0 Security - “IT
Consumerization”
“[Consumer IT] is the most significant trend affecting information technology (IT) during the next 10 years…Consumer IT will affect every enterprise…Attempts by enterprises to deny this are doomed to failure”
David Mitchell Smith, Gartner Fellow
Gartner press release, October 2005
![Page 7: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/7.jpg)
IT Consumerization -
Unregulated Applications
• Velocity of Application Deployment & Usage
– “Rogue IT” proliferation
• Use of Common Ports or Hopping Ports
Makes Policy Enforcement Difficult.
– Example: Skype
• Encrypted Traffic Obfuscates Attacks
– What are attackers doing in the encrypted
transport?
![Page 8: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/8.jpg)
IT Consumerization - P2P
Liability Issue
• Data Theft with P2P File Sharing Tools like Limewire, Kazaa or BearShare.
• Increasing Corporate Compliance Issue around P2P File Sharing.
• FTC Issued Warning on P2P tools
![Page 9: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/9.jpg)
IT Consumerization - Covert
Communications
• Unmonitored Covert Communication Channels– Web mail unmonitored by many security
organizations
– IM is informal communication channel
• Tools to Bypass Policy Enforcement– Meebo
– Anonymizers
![Page 10: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/10.jpg)
Web 2.0 - Emerging Attack
Vectors• Web 2.0 is about rich clients
– AJAX programming
• AJAX Increases Attack Surface– Dynamic script execution leads to malicious script
injection
– Poisoning of Javascript serialization objects
– Cross domain requests lead to XSRF (Cross Site Request Forgery)
![Page 11: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/11.jpg)
Emerging Attack Vectors
• New Channels for Launching Attacks– RSS Injection
– Social networks like MySpace, Facebook
• Example: Samy Worm– Circa October 2005
– AJAX script executed
– Added Samy to visitor’s friends list w/ message
![Page 12: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/12.jpg)
Emerging Attack Vectors -
Phishing Revival
• Next Generation Phishing
– Ajax Enabled
• Next Generation Targets - Saas Applications?
– Salesforce
![Page 13: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/13.jpg)
Web 2.0 Meets MobilityWeb 2.0 Meets Mobility
Web 2.0
Application
Model
Web 2.0
Application
Model
Ubiquitous
Mobile Access
Ubiquitous
Mobile Access
++
Loss of Perimeter
Control
Loss of Perimeter
Control
![Page 14: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/14.jpg)
The Traditional EnterpriseThe Traditional Enterprise
Internet
Remote Access
Network
Segment 1
Mail Server
Customer Database
Network
Segment…
Network
Segment N
Intranet
Firewall
Corporate Web Server
Finance/HR Servers
Attacker
DMZ
Corporate End Users
![Page 15: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/15.jpg)
The Emerging Enterprise TodayThe Emerging Enterprise Today
Internet
Ubiquitous Access
Network
Segment 1
Untrusted Web 2.0
SalesForce.com
Network
Segment…
Network
Segment N
Intranet
Firewall
Corporate Web Server
Finance/HR ServersDMZ
Collaboration
Server
Corporate End-Users
Trojans
Bots
SpywareAnonymizers
![Page 16: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/16.jpg)
The Dissolving Enterprise Perimeter
- Security Implications
The Dissolving Enterprise Perimeter
- Security Implications
Internet
Remote Corporate
End Users
Untrusted
Web 2.0
SalesForce.com
Corporate
Network
Firewall
DMZ
Data Theft
Productivity Loss
Drive by Downloads
Unauthorized P2P Tools
Bandwidth Stealing
Non-compliant Comm.
Client Scripting Attacks
Benign Misuse
COMPLIANCECOMPLIANCE
EMERGING ATTACKSEMERGING ATTACKS
DATA LEAKAGEDATA LEAKAGE
INEFFICIENCIESINEFFICIENCIES
![Page 17: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/17.jpg)
Different OptionsDifferent Options
• Custom Security Architecture
– Remote web traffic rerouted back into Enterprise
– Specialized web gateway combined with standard
FW, IPS, AV
• De-perimeterize by Design
– Jericho Forum
– Protect end points, not the network
• Custom Security Architecture
– Remote web traffic rerouted back into Enterprise
– Specialized web gateway combined with standard
FW, IPS, AV
• De-perimeterize by Design
– Jericho Forum
– Protect end points, not the network
![Page 18: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/18.jpg)
CloudMZ - Securing the Emerging
Enterprise
CloudMZ - Securing the Emerging
Enterprise
Internet
Ubiquitous Access
Network
Segment 1
Web 2.0
SalesForce.com
Network
Segment…
Network
Segment N
Intranet
Corporate Web Server
Finance/HR Servers
Mail Server
CloudMZ
Corporate Access
-Enforce web 2.0 usage policy
-Discover hidden usage patterns
-Secure SaaS mobility backdoor
![Page 19: Cloud mz cto_roundtable](https://reader034.vdocuments.net/reader034/viewer/2022052523/55504961b4c905b2788b4ed4/html5/thumbnails/19.jpg)
SummarySummary
• Perimeter Security is on the Brink of a
Disruptive Shift
• Pure Play Security SaaS is the New Emerging
Architecture
• Seeking Beta Customers…secure your
emerging web experience
• Perimeter Security is on the Brink of a
Disruptive Shift
• Pure Play Security SaaS is the New Emerging
Architecture
• Seeking Beta Customers…secure your
emerging web experience