This page is fully or partially automatically translated.

BITKOM Header
  • it-sa insights
  • Management I
  • Mobile Security

IT security in the age of cloud infrastructures

In this session you will learn why cloud security is a team effort rather than an individual task and how new Security by Design approaches can help make IoT environments so secure that an attack is not economically viable.

10/7/2020 3:00:00 PM – 10/7/2020 3:30:00 PM

Please log in or register in advance so that you can take part in actions or watch videos about the action!

This action is available to the it-sa 365 community as a video.

BITKOM Header
  • it-sa insights
  • Management I

In this session you will learn why cloud security is a team effort rather than an individual task and how new Security by Design approaches can help make IoT environments so secure that an attack is not economically viable.

Language: German

Questions and Answers: Yes

graphical blue background
close

This video is available to the it-sa 365 community. Please register or log in with your login data.

Action description

1st Spotlight: The 360° Shared Responsibility Model for Cloud Security (15 minutes)

Companies benefit from the cloud in many ways: it makes not only employees but also business processes more productive, efficient and flexible. However, new security-related requirements are emerging. The presentation presents the 360° Shared Responsibility Model and shows why it is equally important for providers, companies and users to work together on the topic of cloud security.

Security is a process. Ensuring a secure cloud cannot be left in the hands of a single party alone. The responsibility must be shared among all stakeholders. If you look at the context of a car rental company, for example - from the factory to the tenant - it becomes clear how important it is that each party knows and makes its contribution to the level of security: The manufacturer must ensure that his car is fit for driving, safe and meets current safety standards. The car rental company cannot influence this, but bears its own responsibility elsewhere. It must ensure that individual components of the car are regularly checked for wear and tear and functionality. It must also make sure that the customer meets the legal requirements to be allowed to rent and drive a car. Although the manufacturer provides built-in safety belts ex works, it is up to the driver to use them and to behave in accordance with the German Road Traffic Regulations (StVO) - neither the manufacturer nor the rental company has any influence on these aspects.

This is the case with security in the cloud. Here, too, security gaps arise if someone fails to meet their responsibilities. Data leaks, compliance violations, associated fines and damage to reputation are just some of the consequences of negligence. The 360° Shared Responsibility Model helps to counteract this problem: it provides for the equal sharing of all areas of responsibility in the cloud and involves all players - from providers to companies to each individual user of the cloud.


2nd Spotlight: IoT, Cloud & Security by Design (15 minutes)

o The use of IoT (Internet of Things) devices in business is growing exponentially. According to Gartner, the number of IoT connections worldwide is expected to rise to around 25 billion by 2025. But as the number of connected devices increases, so does the need for security. Gartner has highlighted that almost 20% of organizations have seen cyber attacks on IoT devices in the last three years. Because of their connectivity and access to corporate networks, IoT systems increase the potential surface area for cyberattacks in any organization. Therefore, the most important consideration for organizations that have introduced IoT devices into their business processes or plan to do so is to ensure adequate IoT security that addresses the multi-layered security risks in heterogeneous environments.

A novel Security by Design model could be a possible answer to this. The basic idea here is that cyber attacks can be avoided if they are economically unviable for potential attackers. The lecture will present basic considerations and explain how new cyber-immune systems can be developed. The basis for this can be a highly secure operating system whose security architecture is designed in such a way that the security functions are separated from the application business logic. Thus both the configuration of security policies and the development of applications is facilitated.

read more

Speaker