uc cloud computing security

54
•Infrastructure As A Service (IAAS) BDPA DALLAS •Dean Jones, Engagement Manager UC Cloud Computing Security May 31 st Program Meeting

Upload: stacy-stewart

Post on 30-Nov-2014

558 views

Category:

Technology


1 download

DESCRIPTION

Dean Jones has more than a 24-year track record in understanding technology-business interface, identifying & aligning clients technology needs with products & services, and solving complex problems. He has a successful and diverse background spanning technical, operational management, project delivery, and strategy development disciplines underscores expertise in engaging decision makers and devising winning strategies and solutions.

TRANSCRIPT

Page 1: UC Cloud Computing Security

•Infrastructure As A Service (IAAS)

BDPA DALLAS

•Dean Jones, Engagement Manager

UC Cloud Computing Security

May 31st Program Meeting

Page 2: UC Cloud Computing Security

Discussion Topics

• Potential Security Breaches & Associated Cost• Cloud Computing and Topology• SIP – UC Cloud / IAAS Topology• Case Studies

Page 3: UC Cloud Computing Security

Potential Security Breaches

Page 4: UC Cloud Computing Security

The Cost of Unsecured Hosted and Private UC Environments.

One Successful Toll Fraud Attack $40,000

Page 5: UC Cloud Computing Security

Cloud Computing 5

Steady CAPEX spend

Global Annual Server Spending (IDC)

Source: IBM Corporate Strategy analysis of IDC data

Uncontrolled management and energy costs

To make progress, delivery organizations must address the server, storage and network operating cost problem, not just CAPEX

$0B

50

100

150

200

250

300

1996

1997

1998

1999

2000

2001

2002

2003

2004

2005

2006

2007

2008

2009

2010

New system spend Management and admin costsPower and cooling costs

A crisis of complexity. The need for progress is clear.

Page 6: UC Cloud Computing Security
Page 7: UC Cloud Computing Security

Majority of IT and security execs say insider vulnerabilities worry them most.

Mar 09, 2009 | 08:08 AMBy Tim WilsonDarkReading

It's official: Today's security managers are more worried about insiders leaking sensitive corporate data than they are about outsiders breaking in to steal it.

http://www.darkreading.com/insiderthreat/security/vulnerabilities/showArticle.jhtml?articleID=215801195

Reports: Security Pros Shift Attention From External Hacks To Internal Threats

Page 8: UC Cloud Computing Security

Perimeter defense is essential – But it doesn’t guard data against the human factor

Lost or stolen devices

Intellectual property exposed to competitors

Sensitive customer data compromised Competitive information leaked to the

media

Exposed business processes

Extracts pulled for processing and reporting

Circulating data across organizations Workarounds during system outages

Malicious insiders

Malware deployed within the network Intentional misuse of company information Identity theft and Industrial espionage

Careless use of the corporate network

Viruses unwittingly downloaded at home Unsecured archives or copies of data Uncontrolled circulation of classified

documents or personal e-mail messages

Page 10: UC Cloud Computing Security

Many companies expend resources on the network without achieving the expected results.

• A piecemeal approach to network security and updates leads to an overly complex infrastructure

– Time-consuming to pinpoint causes of performance problems, especially for newly added voice and video applications that impact traditional mission-critical applications

– Difficult to determine the best way to optimize costs and performance

– Hard to estimate future expenditures and justify current costs

– Almost impossible to predict capacity requirements accurately• Through 2011, enterprises will waste $100 billion buying

the wrong networking technologies and services3

– Unnecessary technologies

– Excess bandwidth

– Unwarranted upgrades3 Gartner, Gartner’s Top Predictions for IT Organizations and Users, 2007 and Beyond, Daryl C. Plummer and others, December 2006.

Page 11: UC Cloud Computing Security

Ponemon Institute’s Security Breach Studies

• Ponemon Institute’s released two separate reports, ”The First Annual Cost of Cyber Crime Study” (PDF), which was sponsored by ArcSight, “The Leaking Vault” (PDF) released today by the Digital Forensics Association, both showing troubling findings for companies’ finances:

• a median cost of $3.8 million for an attack per year, including all costs, from detection, investigation, containment, and recovery to any post-response operations.

• out of 2,807 publicly disclosed data breaches worldwide during the past five years, the cost to the victim firms as well as those whose information was exposed reached $139 billion.

• nearly half of all of the reported breaches came from a laptop, which in 95 percent of the cases is stolen

• hacks led to the most stolen records during 2005 to 2009, with 327 million of the 721.9 million covered in the report, although hacks represent only about 16 percent of the data breaches

• Web-borne attacks, malicious code, and malicious insiders are the most costly types of attacks, making up more than 90 percent of all cybercrime costs per organization per year

• A Web-based attack costs 143,209 USD; malicious code, 124,083 USD; and malicious insiders, 100,300 USD.

Page 12: UC Cloud Computing Security
Page 13: UC Cloud Computing Security

Cloud Security Breach Examples

• Google Doc allowed shared permission without user knowledge

– http://www.google.com/support/forum/p/Google+Docs/thread?tid=2ef115be2ce4fd0e&hl=en

• Salesforce.com phishing attack led to leak of a customer list; subsequent attacks

– http://voices.washingtonpost.com/securityfix/2007/11/salesforcecom_acknowledges_dat.html

• Vasrev.com Webhost hack wipes out data for 100,000 sites– http://www.theregister.co.uk/2009/06/08/webhost_attack/

• Twitter company files leaked in Cloud Computing security failure

– http://www.infosecurity-us.com/view/2554/twitter-company-files-leaked-in-cloud-computing-security-failure/• DDoS attack that downed Twitter also hit Facebook

– http://www.computerworld.com/s/article/9136340/DDoS_attack_that_downed_Twitter_also_hit_Facebook?source=CTWNLE_nlt_security_2009-08-07

Page 14: UC Cloud Computing Security

UC Cloud Computing Security and Topology

Page 15: UC Cloud Computing Security

15 Cloud Computing

Cloud: Consumption & Delivery Models Optimized by Workload

• A new consumption and delivery model inspired by consumer Internet services.

Private, Public and Hybrid

Workload and/or Programming Model Specific

The Industrialization of Delivery for IT supported Services

Cloud Services

Cloud Computing Model

Self-service

Sourcing options

Economies-of-scale

Multiple Types of Clouds

will co-exist:

“Cloud” represents:

Cloud enables:“Cloud” is:

Page 16: UC Cloud Computing Security

Cloud Computing

Is cloud computing really new? Yes, and No.

Cloud computing is a new consumption and delivery model inspired by consumer Internet services. Cloud computing exhibits the following 5 key characteristics:

• On-demand self-service • Ubiquitous network access• Location independent resource pooling• Rapid elasticity• Pay per use

While the technology is not new, the end user focus of self-service, self-management leveraging these technologies is new.

Virtualization ServiceAutomation & SOA

UsageTracking Web 2.0

End User Focused

Page 17: UC Cloud Computing Security

Cloud Computing

Enterprise

Today there are three primary delivery models that companies are implementing for cloud

Public Cloud

IT activities/functions are provided “as a service,” over the Internet

Key features:– Scalability– Automatic/rapid provisioning– Standardized offerings– Consumption-based pricing.– Multi-tenancy

Traditional Enterprise IT

Private Cloud

IT activities/functions are provided “as a service,” over an intranet, within the enterprise and behind the firewall

Key features include:– Scalability– Automatic/rapid provisioning– Chargeback ability– Widespread virtualization

Hybrid Cloud

Internal and external service delivery methods are integrated, with activities/functions allocated to based on security requirements, criticality, architecture and other established policies.

Private Cloud

Public Clouds

Hybrid Cloud

Source: IBM Market Insights, Cloud Computing Research, July 2009.

Page 18: UC Cloud Computing Security

Security Implications of the Delivery Models

Page 19: UC Cloud Computing Security
Page 20: UC Cloud Computing Security

UC Cloud Computing

Cost savings and faster time to value are the leading reasons why companies consider cloud

Respondents could rate multiple drivers items

50%

72%

77%

Improve reliability

Faster time to value

Reduce costs

Improve system availability

Pay only for what we use Hardware savings

Software licenses savings Lower labor and IT

support costs Lower outside maintenance costs

Take advantage of latest functionality

Simplify updating/upgrading Speed deployment

Scale IT resources to meet needs

Improve system reliability

To what degree would each of these factors induce you to acquire public cloud services?

Source: IBM Market Insights, Cloud Computing Research, July 2009. n=1,090

Page 21: UC Cloud Computing Security

Cloud Computing 21

Managing Cloud Adoption

• Cloud economics can be compelling– Small companies will adopt as reliable, easy-to-use services are available– Scale economics are within reach of many enterprises

• Client migration will be work load driven– Trade-off is value vs. risk of migration– Workload characteristics are critical – New workloads will emerge as cloud makes them affordable (e.g. pervasive

analytics, Smart Healthcare)

Page 22: UC Cloud Computing Security

Virtualized environments only get benefits of scale if they are highly utilized

Drives lower capital requirements

More complexity = less automation possible

= people needed

Take repeatable tasks and automate

Lab

or

Lev

erag

eIn

fras

tru

ctu

re

Lev

erag

e

Clients who can “serve themselves” require less support and get services

Elements that Drive Cloud Efficiency and Economics

Self Service

Automation of Management

Standardization of Workloads

Virtualization of Hardware

Utilization of Infrastructure

Page 23: UC Cloud Computing Security

Cloud Computing

Enterprise Benefits from Cloud Computing

Server/Storage Utilization 10-20%

Self service None

Test Provisioning Weeks

Change Management Months

Release Management Weeks

Metering/Billing Fixed cost model

Standardization Complex

Payback period for new services Years

70-90%

Unlimited

Minutes

Days/Hours

Minutes

Granular

Self-Service

Months

Legacy environments Cloud enabled enterprise

Cloud accelerates business value across a wide variety of domains.

Capability From To

Page 24: UC Cloud Computing Security

Clients told us their implementation strategies — public or private Cloud, present or future — for 25

specific workloadsAnalytics• Data mining, text mining, or other analytics• Data warehouses or data marts• Transactional databases

Business Services• CRM or Sales Force Automation• e-mail• ERP applications• Industry-specific applications

Collaboration• Audio/video/web conferencing• Unified communications• VoIP infrastructure

Desktop and devices• Desktop• Service/help desk

Development and testing• Development environment• Test environment

Infrastructure• Application servers• Application streaming• Business continuity/disaster recovery• Data archiving• Data backup• Data center network capacity• Security• Servers• Storage• Training infrastructure• WAN capacity

BusinessServices

Collaboration

Analytics

Desktop and Devices

Infrastructure

Development and Test

Source: IBM Market Insights, Cloud Computing Research, July 2009.

Page 25: UC Cloud Computing Security

Clients cite "push factors" for and "barriers" against cloud adoption for each workload type

Push factors

Fluctuating demand Highly standardized

applications Modular, independent applications

Unacceptably high costs

Higher propensity for cloud

Lower propensity for cloud

Barriers

Data privacy or regulatory and

compliance issues High level of Internal

control required Accessibility and

reliability are a concern

Cost is not a concern

Source: IBM Market Insights, Cloud Computing Research, July 2009. n=1,090

Page 26: UC Cloud Computing Security

… delivering “services” and service management Standardized processes Service management systems provide visibility, control and automation Lower operational costs and higher productivity

… optimizing workloads Rate and degree of standardization of IT and business services Complex transaction and information management processes Rapid return-on-investment and productivity gains

Desktop and Devices

Development and Test

Infrastructure BusinessServices

CollaborationAnalytics

… deployment choices New models are emerging for the enterprise Self-service, economies-of-scale, and flexible sourcing options New choices of deployment – define these new models

IT needs to become smarter about…

Page 27: UC Cloud Computing Security

Modular, Self-contained, Scalable Workload Delivery Platform

WORKLOAD A

Modular, Self-contained, Scalable Workload Delivery Platform

WORKLOAD B

Legacy Environment :NON – IBM SolutionsRequiring workload connectivity

WORKLOAD C

Service Management

Service Management

Service Management

Architectural and process level integration that delivers business aligned Visibility, Control and Automation of all Data Center Elements

End to End Service Management

Focus on Managing Services

Facilities Infrastructure

ProductionInfrastructure

MobilityInfrastructure

TechnologyInfrastructure

Communications Infrastructure

+ + + +

Page 28: UC Cloud Computing Security

3 options to deploy workloads – providing you the choice to meet your business needs!

Smart Business Services – cloud services delivered.1. Standardized services on the cloud – Public Cloud.2. Private cloud services, built and/or run by Private Cloud.

Smart Business Systems – purpose-built infrastructure.3. Integrated Service Delivery Platform

Desktop and Devices

Development and Test

Infrastructure BusinessServices

CollaborationAnalytics

Page 29: UC Cloud Computing Security

SIP – UC Cloud / IAAS Topology

Page 30: UC Cloud Computing Security

What do we mean by Unified Communications and Collaboration?

VoiceMobile

Communities

Web Conferencing

Call Management

Instant MessagingE-Mail

Calendaring

Messaging VideoConferencing

Unified Communications + Collaboration = UC²with the added power of mobility

Page 31: UC Cloud Computing Security

Renovate & Innovate

• How do we address the immediate pressure to cut costs, reduce risk and complexity?

• How do we Innovate to take advantage of new opportunities?

How can we do both at the same time?

• We focus on delivering services in new ways - lowering cost while increasing speed and flexibility!

Page 32: UC Cloud Computing Security

Benefits of Unified Communications

• UC benefits come from extending the UC network

• New modes of collaboration– Extended workforce– Suppliers– Partners– Clients

• Corporate policies– Business continuity– Privacy compliance, auditing– Green initiatives

• Cost reduction– Converged infrastructure– SIP trunks

Clients

Suppliers, Partners

Enterprise

Extended Workforce

IP-PBXUC Assets

Employees, Departments

Remote Phones SIP Trunks

SIP TrunksInternal Phones

Page 33: UC Cloud Computing Security

Enterprise

Challenges of Extending UC• IP PBX & phone protection• Policy and compliance

enforcement• Device and user authentication• Signaling and media privacy• Deployment

– Phone configuration and management

– Corporate firewall configuration– Remote firewall traversal

Clients

Suppliers, PartnersExtended Workforce

IP-PBXUC Assets

Employees, Departments

Remote Phones SIP Trunks

Internal Phones SIP Trunks

Rogue Employee Spammer

Internet Hacker Infected PC

Page 34: UC Cloud Computing Security

Additional Security Concerns

• The significant security concerns for this type of deployment are mainly SIP/SCCP/H.323 call control and application level attacks along with:

• Attacks originating from a peering network• End user Spam attacks• Border control and traversal issues• Handling of domain policies

Page 35: UC Cloud Computing Security

ComplianceComplying with SOX, HIPPA,

PCI DSS, FERPA and other regulations may prohibit the use of clouds

for some applications. Comprehensive auditing capabilities are essential.

High-level Cloud Security concerns

Less ControlMany companies and governments are uncomfortable with the idea of

their information located on systems they do not control.

Providers must offer a high degree of security transparency to help

put customers at ease. ReliabilityHigh availability will be a key concern. IT departments will worry about a loss

of service should outages occur. Mission critical applications may not

run in the cloud without strong availability guarantees.

Security ManagementProviders must supply easy, visual controls to manage

firewall and security settings for applications and runtime environments in the

cloud.

Data SecurityMigrating workloads to a

shared network and compute infrastructure

increases the potential for unauthorized exposure.

Authentication and access technologies become

increasingly important.

Page 36: UC Cloud Computing Security

Industry, Government, Risk & Corporate Compliance

Numerous mandates for privacy apply to UC deployments as well as data protection• FDIC VoIP Guidelines• FERPA: Family Educational Rights and Privacy Act• GLBA: Gramm-Leach-Bliley Act – consumer data protection• FTC Safeguards for consumer protection, enforcing GLBA• HIPAA: The Health Insurance Portability and Accountability Act• PCI DSS: The Payment Card Industry Data Security Standard

Page 37: UC Cloud Computing Security

Inherent Technology Threats

Page 38: UC Cloud Computing Security

Cloud Security 101: Simple Example

?

We Have Control

It’s located at X.

It’s stored in server’s Y, Z.

We have backups in place.

Our admins control access.

Our uptime is sufficient.

The auditors are happy.

Our security team is engaged.

Who Has Control?

Where is it located?

Where is it stored?

Who backs it up?

Who has access?

How resilient is it?

How do auditors observe?

How does our securityteam engage?

?

?

?

??

TODAY TOMORROW

Lesson Learned: We have responded to these questions before… clouds demand fast, responsive, agile answers.

Page 39: UC Cloud Computing Security

What is a SIP Trunk?

LAN

PSTN

Internet

ISPITSPSIP Trunk

PBXMGW

IPCS

Enterprise

Definition: • SIP Trunk is a service offered by

an ITSP (Internet Telephony Service Provider) that connects a company's IP-PBX to the telephone system (PSTN) via Internet using the SIP VoIP standard.

(Source: wikipedia.org)

Extending VoIP: • With IP-PBX enterprise’s have

converged data and Voice over LAN, SIP trunk allows enterprises to do the same over WAN/Internet

Page 40: UC Cloud Computing Security

SIP Trunk Requirements

LAN

PSTN

Internet

ITSPSIP Trunk

PBX

IPCS

Enterprise

Threat protection• What about toll fraud, Spam, DoS• Who has access to my PBX• Monitoring of security incidences

Policy enforcement• Need to change Fire Wall policy?• Control services and features

Access control• Who, from where, when

Privacy• Who has access to my private

communication

Deployment issues• Will it work• Change, upgrades• Voice Quality• Visibility QoS/SLA

Page 41: UC Cloud Computing Security

SIP Trunk Requirements Cont’d

Page 42: UC Cloud Computing Security

Key Benefits of UC Cloud Computing Security

Page 43: UC Cloud Computing Security

The UC Cloud Computing Security Competitive Advantage

Threat Protection• Block reconnaissance• Block DoS floods• Block DDoS floods• Block stealth DoS• Block fuzzing/malformed messages• Block spoofing, masquerading, toll

fraud• Rogue media blocking• Block and verify anomalous behavior

Access Control• SSL/TLS X.509 certificate-based mutual

authentication• Clientless two-factor (RSA SecurID)

authentication• Local firewall/NAT traversal• Secure channel NAT traversal• SIP digest authentication• RADIUS AAA integration• Call admission control

Policy Enforcement• Domain and user level blacklist• Network, user, device, ToD-based

policy control• Application control• Signaling control• Media control• Security rules and profiles• Soft key control• Device security profiles• Web application control

Privacy• Encryption (TLS to TCP) signaling proxy• Encryption (SRTP or ERTP to RTP)

media proxy• Topology hiding (network privacy)• User and caller ID privacy (user

privacy)

Security Services• Asset Discovery• Security Posture Assessment• Business Risk Assessment• Security Recommendations

Security Research• Vulnerability Discovery• Threat Advisory• Exploit Tools (Sipera LAVA)• Security Signature Development

Page 44: UC Cloud Computing Security

Case Studies

Page 45: UC Cloud Computing Security

The Cost Benefits of a SIP Deployment

Page 46: UC Cloud Computing Security

Return on Security Investment

• Return on Security Investment factors– Single Loss Expectancy (SLE)

• Dollar amount assigned to event

– Annualized Rate of Occurrence (ARO)• Estimated frequency of event

– Annualized Loss Expectancy (ALE)• SLE x ARO = ALE

Page 47: UC Cloud Computing Security

Theft of Service Assumptions

• Large Enterprise with 500 SIP trunks– 50% average utilization

• Without SIP trunk security– Billing rate 2¢ / min– Event forces theft of 20% of average utilized trunks– SLE = 20% x 250 x 2¢ = $ 1/min– ARO = 365 days x 24 hours x 60 min = events/year– ALE = 365 x 24 hours 60 min x $1 = $525,600

• With UC Security -protected SIP Trunk– VOIP Vulnerability Assessment– Best practices– Comprehensive UC security

Page 48: UC Cloud Computing Security

Theft of Service Business CaseUnprotected SIP Trunk Protected SIP TrunkItem Qty Unit Cost Total Cost Item Qty Unit Cost Total Cost

Capital Cost (list price) Capital Cost (list price)VOIP Sec AssesUC-Sec 2000 HAUC-SEC EMSInstallation

2 weeks1 pair11

$10,000$65,950

$7,495$3,000

$20,000$65,950

$7,495$3,000

Total Capital Cost $0 Total Capital Cost $96,445

Monthly Service Theft Cost Monthly Maintenance CostTheft 30*24*60

= 43,200$1 $43,200 UC-Sec Maint.

EMS Maint.1 yr / 121 yr / 12

$13,190$1,499

$1,099$125

Total Monthly Theft Cost $43,200 Total Monthly Maintenance Cost $1,224

Pay Back Period: 3 months and IRR > 75%With No VoIP/UC Security In place Annualized Loss Expectancy = $525,600

Pay Back Period: 3 months and IRR > 75%With No VoIP/UC Security In place Annualized Loss Expectancy = $525,600

Page 49: UC Cloud Computing Security

Loss of Service Assumptions

• Large enterprise– 25,000 users– 20% using softphones

• Assets– 5 Avaya SES SIP servers– 25,000 IP Phones– 5,000 Softphones – Softphone laptops carry company confidential

data

Page 50: UC Cloud Computing Security

Threat Level Assumptions

• Threat level or probability of exploit– 37 Vulnerabilities discovered – 7 high threats with exploit probability

>70% per month– 5 medium threats with exploit

probability >50% per month– 26 low threats with exploit probability

<50% per month• SIP Servers

– Integrity• 1 medium: Spoof Call Server

– Availability• 2 high: Denial of Service• 1 medium: Service degradation

• IP Phones, Softphones– Confidentiality

• 1 medium: Unencrypted snoop– Integrity

• 2 medium: Spoofing / hijacking– Availability

• 2 high: Denial of Service, fuzzing• 1 medium: QoS degradation

• Softphones only– Confidentiality and availability

• 2 high: Fuzzing with execute shell code

– Integrity (no high/medium)

Page 51: UC Cloud Computing Security

Loss of Service ALE CalculationNumber Vulnerability Type Probability of

ExploitAssets Affected $Loss on single

occurrenceAnnualized rate of occurrence

Annualized Loss Expectancy

1 DoS High Server 15 mins, $50,000 7 350,000

2 DoS High Server 15 mins, $50,000 7 350,000

3 Degradation Medium Server 15 mins, $25,000 5 125,000

4 Spoofing Medium Server 15 mins, $35,000 5 175,000

5 DoS High IP Phone, Softphone

1 hr, $50 35 1,750

6 DoS High IP Phone, Softphone

1 hr, $50 35 1,750

7 Degradation Medium IP Phone, Softphone

1 hr, $25 25 625

8 Spoofing Medium IP Phone, Softphone

1 hr, $500 25 6,250

9 Hijack Medium IP Phone, Softphone

1 hr, $500 25 6,250

10 Sniffing Medium IP Phone, Softphone

1 hr, $500 25 6,250

11 Buffer overflow, Shell-code

High Softphone Company, $3000, 35 105,000

12 Buffer overflow, Shell-code

High Softphone Company, $3000, 35 105,000

Total 12 7 High, 5 medium ~ $1.2 million

Page 52: UC Cloud Computing Security

Loss of Service Business CaseUnprotected IP-PBX Sipera-protected IP-PBXItem Qty Unit Cost Total Cost Item Qty Unit Cost Total Cost

Capital Cost (list price) Capital Cost (list price)VIPER AssesUC-Sec 50k HAUC-SEC EMSInstallation

2 weeks1 pair11

$10,000$229,850

$7,495$3,000

$20,000$229,850

$7,495$3,000

Total Capital Cost $0 Total Capital Cost $260,345

Monthly Service Loss Cost Monthly Maintenance CostLoss 1 $100,000 $100,000 UC-Sec Maint.

EMS Maint.1 yr / 121 yr / 12

$30,000$1,499

$2,500$125

Total Monthly Loss Cost $100,000 Total Monthly Maintenance Cost $2,625

Pay Back Period: 3 months and IRR > 60%With No VoIP/UC Security In place Annualized Loss Expectancy = $1,200,000

Pay Back Period: 3 months and IRR > 60%With No VoIP/UC Security In place Annualized Loss Expectancy = $1,200,000

Page 53: UC Cloud Computing Security

Other Downtime Effects

• Impact on stock price • Cost of fixing / replacing equipment • Cost of fixing / replacing software • Salaries paid to staff unable to undertake

productive work • Salaries paid to staff to recover work

backlog and maintain deadlines• Cost of re-creation and recovery of lost

data • Loss of customers (lifetime value of each)

and market share • Loss of product• Product recall costs • Loss of cash flow from debtors

• Interest value on deferred billings • Penalty clauses invoked for late delivery

and failure to meet Service Levels • Loss of profits • Additional cost of credit through reduced

credit rating • Fines and penalties for non-compliance • Liability claims • Additional cost of advertising, PR and

marketing to reassure customers and prospects to retain market share

• Additional cost of working; administrative costs; travel and subsistence etc.

Page 54: UC Cloud Computing Security

Hacking Tools - YouTube Movies

• http://youtu.be/89fXxmaca4E• http://youtu.be/x56j2BRkUME• http://youtu.be/DU8hg4FTm0g