O slideshow foi denunciado.
Seu SlideShare está sendo baixado. ×

Outpost24 webinar : how to secure your data in the cloud - 06-2018

Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio

Confira estes a seguir

1 de 29 Anúncio
Anúncio

Mais Conteúdo rRelacionado

Diapositivos para si (20)

Semelhante a Outpost24 webinar : how to secure your data in the cloud - 06-2018 (20)

Anúncio

Mais de Outpost24 (20)

Mais recentes (20)

Anúncio

Outpost24 webinar : how to secure your data in the cloud - 06-2018

  1. 1. How to secure your data in the cloud Sergio Loureiro, Director Product Management 1
  2. 2. Objective 2 • The lack of visibility and control in hybrid and multi-cloud environment • Why security automation is mandatory for agile environments? • Why traditional solutions do not cope with cloud and containers? • 3 steps plan for data security in AWS, Azure and Docker
  3. 3. Shared Responsibility between Providers and Enterprises 3
  4. 4. Cloud Trust Models 4 Trustgap Trustgap Trustgap
  5. 5. Workloads are Enterprise’s Responsibility 5 Most common cases Strategic cases
  6. 6. First Headline back in 2011
  7. 7. Fast forward to 2018
  8. 8. Securing the Migration Journey to IaaS 8 source: https://www.rightscale.com/lp/state-of-the-cloud Customer Challenges - Assess a different kind of infrastructure - Time consuming permission process - Evaluate configurations for all instances and storage
  9. 9. Growth of Container Adoption with DevOps Trend 9 Customer Challenges - Evaluate containers environments - Evaluate container configurations and management source: https://www.docker.com/what-container
  10. 10. Security Automation is Mandatory for DevOps • Auto-Discovery of assets by API • Security checks automatically launched • Agentless is less costly to manage and works with Serverless • DevOps is changing when, who and how security management is done
  11. 11. Why traditional solutions do not cope with cloud? • Shared responsibility and new cloud services every week • Elasticity and Agile • Changing IPs • License model • Cloud Shadow IT • APIs for everything • Publicly accessible • New layer of configuration (and misconfigurations)
  12. 12. Overview of AWS and Azure security capabilities 12 AWS - Security Groups (firewall) - Trusted Advisor (high level) - Inspector (assessment) - Key Management Service - Identity and Access Management - Macie (DLP) - GuardDuty (threat detection) - Shield (DoS) - WAF (WAF) Azure - Azure Security Center - Security Groups (firewall) - Key Vault - Endpoint Protection - VM agent - … + Integration with security partner solutions
  13. 13. What’s missing from AWS and Azure? 13 1. Putting all security services together and assessing that continuous changes are not bringing added risk 2. Workloads (Applications + Data) security, your own stuff 
  14. 14. Cloud Workload Protection Controls - Top 3 Approaches Operations Hygiene Core Additional • CIS AWS benchmark • CIS Azure benchmark • CIS Docker benchmark • CIS Kubernetes bench.
  15. 15. EWP Features Source: Gartner Market Guide to Cloud Workload Protection Platform 2017
  16. 16. Let’s draw a plan 16 - 1st step: workload security assessment + cloud configuration assessment - 2nd step: security automation for continuous assessment - 3rd step: extend to new services
  17. 17. 1. Comprehensive Solution 17 Vulnerability Management identifies vulnerabilities Application Security evaluates applications Cloud & Container Security assesses configurations and workloads Combines all 3 into one solution
  18. 18. 2. Continuous Workload Analytics • Implementation of CIS benchmarks: AWS, Azure, Docker and Kubernetes • Using the IaaS Provider or Hypervisors APIs • Auto-discovery for elastic scenarios, zero configuration • Real-time alerts on configuration issues
  19. 19. 3. Extend to new cloud services • Orchestration possible by API • Integration on CI/CD setups for containers • Virtual appliances available for Azure and AWS for private assets • Managed Services, Snapshot and Professional Services plans available
  20. 20. Examples of CIS AWS and CIS Azure Controls
  21. 21. Use Case with AWS Elastic Map Reduce (EMR)
  22. 22. Use Case with AWS Elastic Map Reduce (EMR)
  23. 23. Use Case with AWS Elastic Map Reduce (EMR)
  24. 24. Supporting Material • EWP web: https://outpost24.com/cloud-security • EWP white paper - https://marketing.outpost24.com/cloud-security-whitepaper • AWS best practices white paper - https://marketing.outpost24.com/aws-security- whitepaper Looking for more? • Gartner Cloud Workload Protection Platform (CWPP) research • Cloud Security Alliance Security Guidance version 4 • Latest CIS benchmarks for Amazon AWS 1.1.0 and Microsoft Azure 1.0.0 • Demo accounts available on request
  25. 25. Q & A
  26. 26. Outpost24 EWP executive overview
  27. 27. Outpost24 EWP cloud provider status view
  28. 28. Outpost24 EWP instances status view
  29. 29. Outpost24 EWP workload findings view

Notas do Editor

  • Customer uncertainty is your entry point
    “How quickly are you moving workloads to the cloud?”
    “How quickly will your DevOps team migrate to containers?”
    “How are you handling security assessments in the cloud?”
    “What makes you confident with your cloud provider’s security capabilities?”
  • Note: this is a Microsoft slide and over-simplified
    the “security box means basic protections like AV
  • Note: this is a Microsoft slide and over-simplified
    the “security box means basic protections like AV
  • Workloads = applications + security + data + OS
  • Misconfiguration will give access to data, every service can give access to your data
  • New infrastructure, new security pains, new knowledge

    In 2010, AWS was a 200M$ business, last year they did 17B$, Azure is catching up, so currently we are focusing on the top 2
  • New infrastructure, new security pains, new knowledge

    In 2010, AWS was a 200M$ business, last year they did 17B$, Azure is catching up, so currently we are focusing on the top 2
  • In Gartner’s terms – Outpost24 covers the Core workload protection strategies
    In CIS terms – Outpost24 addresses benchmarks for required technologies
    In CSA terms – Outpost 24 covers Essential characteristics, PaaS and IaaS service models, and Public-Private-Hybrid deployment models

    Outpost24 acquired SecludIT in January 2018, a cloud security pioneer and founding member of CSA
  • Put data in perspective, all ways of getting to your data
  • Data sovereignty scenarios, data do not leave customer premises - Regional or country-specific clouds, data never leaves customer cloud account, etc.

  • Data sovereignty scenarios, data do not leave customer premises - Regional or country-specific clouds, data never leaves customer cloud account, etc.

  • Data sovereignty scenarios, data do not leave customer premises - Regional or country-specific clouds, data never leaves customer cloud account, etc.

  • Data sovereignty scenarios, data do not leave customer premises - Regional or country-specific clouds, data never leaves customer cloud account, etc.

  • Data sovereignty scenarios, data do not leave customer premises - Regional or country-specific clouds, data never leaves customer cloud account, etc.

×