Cyber and Technology Risk Management Forum, Park City, UT

Hyperscale Cloud Security

Assume breach identifies & addresses significant gaps: f Detect attack & penetration f Respond to attack & penetration f Recover from data leakage or tampering Scope ongoing live site testing of security response plans to drastically improve mean time to detection & recovery Reduce exposure to internal attack (once inside, attackers have broad access) Periodic environment post breach assessment & clean state

Prevent Breach Vulnerability and Update Management Isolation (Data, Network, Trust) Security development lifecycle (SDL) Least Privileged/JIT Access

Assume Breach

Red vs Blue Live Site Penetration Testing

Centralized security logging & monitoring Breach Hunt

25

TRADITIONAL SECURITY

CLOUD SECURITY