SlideShare a Scribd company logo

Surviving the lions den - how to sell SaaS services to security oriented customers

Moshe Ferber
Moshe Ferber

Passing through the Lion’s den – How to sell cloud services to security guys: Pitching your SaaS offering is usually fun, until the security guys walks into the room as anyone who try to promote cloud services to organizations probably knows. On the other hand, for the CISO, sometimes cloud vendors represent the sum of all their greatest fears. So, how can providers of cloud based software do better job in satisfying those gate keepers? Learn to speak their language and understand their terminology and way of thinking. In this presentation we will walk through the do’s and don’ts when pitching to information security professionals, and try to better understand their motivation and how to address their concerns. This presentation is an introduction to a workshop providing better tools for cloud based companies to overcome challenges when selling their offering.

Related slideshows

Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)
 
Architect secure cloud services.
Architect secure cloud services.Architect secure cloud services.
Architect secure cloud services.
 
Cloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationCloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorization
 
1 of 33
Pitching cloud services to security folks Moshe Ferber, CCSK  Onlinecloudsec.com Surviving the Lion’s den…
About  Information security professional for over 20 years  Working on cloud strategy with the world largest software vendors  Founded Cloud7, Managed Security Services provider (currently 2bsecure cloud services)  Partner at Clarisite – Your customer’s eye view  Partner at FortyCloud – Make your public cloud private  Member of the board at Macshava Tova – Narrowing societal gaps  Certified CCSK instructor for the Cloud Security Alliance.  Co-Chairman of the Board, Cloud Security Alliance, Israeli Chapter
Cloud Computing How the CIO see it?
Cloud Computing How the End-user see it?
Cloud Computing How the CFO see it?
Cloud Computing And how the CISO see it?
Mistakes Cloud provider do #1
Mistakes Cloud provider do #2
Mistakes Cloud provider do #3
Mistakes Cloud provider do #4
What else ciso’s don’t like
AgilityAgility What do you say… And how the CISO understand it
ScalabilityScalability What do you say… And how the CISO understand it
ComplianceCompliance What you say? How the CISO understand it
ManageabilityManageability What do you say… And how the CISO understand it
ReliabilityReliability What do you say… And how the CISO understand it
So what is the ciso looking for?
So, how do we create trust? 1. Transparency 2. Competency
Transparency
Transparency #1 takeout Security in the cloud is a shared responsibility Source: Trend Micro Blog
Transparency #2 Security Policy Security Policy is mandatory, it should contain all aspects of how you protect your customers data.
Transparency #3 Audits Don’t run away from security audits
Competency Skill Design Governance
Skill • Make sure your sales / pre-sales understand cloud security. • Understand the standards and regulation relevant to your sector.
Skill #2 • Make your security building block tangible to the customers. Monitoring and Incident management Application Security Data Security Infrastructure Security Data Center Security
Understand Cloud threats & Risks Threat RISK Losing Money Theft Unsecure Door Attack Vector
Cloud Attack vectors Cloud attack vectors Provider administration Management console Multi tenancy & virtualization Automation & API Chain of supply Side channel attack Insecure instances
Understanding controls Preventive • Firewall (Security Groups) • Authentication • Anti Virus • Guards Detective • IDS • System monitoring • Motion detector Corrective • Upgrades & Patches • Vulnerability scanning Compensatory • DRP & Backup • Firewall logs • Reviews • Audit & reconciliation
Design Threat Security Service Spoofing Authentication Tampering Digital Signature, Hash Repudiation Audit Logging Information Disclosure Encryption Denial of Service Availability Elevation of privilege Authorization • Integrate security to your software lifecycle. • Account for cloud specific threats. • Think about separation of tenants. • Explore encryption at all layers. • Think about 3rd party access.
Governance • Most security companies simply don’t know how to do ongoing operational security. • If you are guarding banks data, you need Banks operational capabilities.
Questions?
To wrap things up Speak your customers lingo Use good building blocks Don’t hesitate to be transparent on your security controls. Cloud Security is very much about your customers market sector. Be proactive in your security, think ahead of your customers.
Moshe Ferber   www.onlinecloudsec.com http://il.linkedin.com/in/MosheFerber KEEP IN TOUCH Cloud Security Course Schedule can be find at: http://www.onlinecloudsec.com/course-schedule

More Related Content

Surviving the lions den - how to sell SaaS services to security oriented customers

Editor's Notes

  1. Thank you for inviting me, I am very happy to be here in Athens.
  2. My name is Moshe Ferber, and I am working with some of the world largest software vendors in order to help them define and achieve their go-to-cloud strategy. I am also very kin on educating about the cloud, so I am helping in creating some of the world cloud security certification.