SlideShare a Scribd company logo

The Share Responsibility Model of Cloud Computing - ILTA Philadelphia

Download as PPTX, PDF
P
Patrick Sklodowski

Cloud Security is YOUR responsibility, not just your service provider! Understand the shared responsibilities of Cloud Computing from the public cloud to application as a service

Technology
1 of 16
Square10 Solutions LLCConfidential Cloud Security. Understand the Technical to Enable Business Decisions ILTA - Philadelphia 1
Presenters 2 John LaVigne, a Systems Engineer for Fortinet, has over 15 years of experience in the network field. His focus today is on network security solutions for customers. John has previously worked in a number of project delivery roles in networking, security and messaging. Nick Sandone is a System Architect with Square10 Solutions. His areas of expertise include network design and optimization, advanced threat protection, enterprise monitoring, and securing cloud and hybrid networks. Nick has diverse experience having worked in industries ranging from legal, engineering and healthcare to cloud-based supply chain management. Patrick Sklodowski, a Principal with Square10 Solutions, is a proven technology professional with over two decades of expertise. He works with clients to provide solutions focused on strategic delivery and the alignment of technology with business requirements. His areas of specialty include system architecture, delivery of cloud solutions, messaging, technical project management, disaster recovery and complex migrations.
Cloud Security = Shared Responsibility 3 • Know Your Role and Responsibilities! • Responsibility dependent on: • Type of service • Delivery model • Service provider Courtesy of AWS
Today’s Focus 4Courtesy of Microsoft
Physical Security 5 • Not “our” problem!
Host Infrastructure 6 • Secure the virtual device like it’s “within your walls” • AV & threat protection • Patching • Application updates • Host encryption
Network Controls 7 • What can we expect from CSP? • Protect their infrastructure • Basic built-in tools for customer
Network Controls 8 • CSP Provides • Network Security Groups (group of ACLs) • Basic NAT or PAT • Basic port open port closed • Logical Network Segmentation
Network Controls 9 • Customer Responsibility • Next Generation Firewall (NGFW) • Web Application Filtering (WAF) • Route all traffic through NGFW • Interrogate/Inspect traffic • AV/Malware/IPS/DLP • Log and monitor traffic • Encrypt traffic
Application Level Controls 10 • Infrastructure as a Service (IaaS) • We install the applications, we must security them! • Platform as a Service (PaaS) • SQL • Web Services • PaaS protection through • Application level “firewall” settings • Identity management • SAML • Azure Active Directory “Because you’re building systems on top of the AWS cloud infrastructure, the security responsibilities will be shared: AWS manages the underlying infrastructure, and you secure anything you put on the infrastructure or connect to the infrastructure.” - Amazon Web Services “Sharing the Security Services”
Identity & Access Management 11 • Access and authorization • Identity protection • Service management through user access • Tools • Multi Factor Authentication • Same sign on / Single sign on • Identity providers / SAML • Roles • Auditing and alerting • Conditional access
Single Sign On and Identity Management 12 • More password = less secure passwords • Identity providers – OKTA, Duo, Microsoft, OneLogin • Regardless of Identity Solution • Every business needs to be setup in Microsoft Azure Active Directory • Most businesses should be federated with Azure Active Directory • Enables • Windows Store for Business • Identity management • Keeps users away from consumer accounts!
Client & End-point Protection 13 • End-points are always our responsibility • How end point connects determines risk • PaaS is probably connected to my network • IaaS same risks as on-prem • SaaS more likely app or browser based devices won’t directly access systems • Device has access to data flowing through it! • Advanced threat protection • Microsoft Defender and Intune • Cylance • Carbon Black
Data Classification & Accountability 14 • Compliance obligations • Distinguish - and potentially secure - sensitive data • SaaS - capabilities aren’t meaningful without classification – Digital Loss Prevention • PaaS & IaaS – Data management fully your responsibility • Backups • Encryption
Resources 15 • Data Classification for Cloud Computing • http://aka.ms/dataclassificationforcloud • The ABC’s of the Share Responsibility Model • https://www.trendmicro.com/aws/aws-shared-security-model/ • Microsoft Incident Response and shared responsibility for cloud computing • https://azure.microsoft.com/en-us/blog/microsoft-incident-response-and-shared-responsibility-for-cloud-computing/ • What Does Shared Responsibility in the Cloud Mean • https://blogs.msdn.microsoft.com/azuresecurity/2016/04/18/what-does-shared-responsibility-in-the-cloud-mean/ • Shared Responsibility Model • https://aws.amazon.com/compliance/shared-responsibility-model/
16

Recommended

The Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCThe Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCPatrick Sklodowski
 
Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Moshe Ferber
 
Aligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsAligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsMoshe Ferber
 
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Moshe Ferber
 
Cloud security
Cloud securityCloud security
Cloud securityBikashPokharel3
 
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseThe Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseMoshe Ferber
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......centralohioissa
 

Recommended

The Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCThe Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCPatrick Sklodowski
 
Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Moshe Ferber
 
Aligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsAligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsMoshe Ferber
 
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Moshe Ferber
 
Cloud security
Cloud securityCloud security
Cloud securityBikashPokharel3
 
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseThe Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseMoshe Ferber
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......centralohioissa
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
 
Cloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedCloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedPorticor - The Cloud Security Experts
 
Cloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationCloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationPvrtechnologies Nellore
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedNorm Barber
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
 
Cloud Security Introduction
Cloud Security IntroductionCloud Security Introduction
Cloud Security IntroductionGLC Networks
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and predictionVishwas Manral
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberDefcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberMoshe Ferber
 
Cloud security
Cloud securityCloud security
Cloud securityTushar Kayande
 
The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing Moshe Ferber
 
PaaS security challenges and solutions (salesforce vision)
PaaS security challenges and solutions (salesforce vision)PaaS security challenges and solutions (salesforce vision)
PaaS security challenges and solutions (salesforce vision)Olga Lavrentieva
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersGokul Alex
 
CSA Standards Development Summary
CSA Standards Development SummaryCSA Standards Development Summary
CSA Standards Development SummaryCloudSecurityAllianceAustralia
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt Devyani Vaidya
 
Security for cloud native workloads
Security for cloud native workloadsSecurity for cloud native workloads
Security for cloud native workloadsRuncy Oommen
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloudAzure Group
 
Trusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tipsTrusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tipsKaspersky
 
Managed security services
Managed security servicesManaged security services
Managed security servicesmanoharparakh
 

More Related Content

What's hot

Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
 
Cloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationCloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationPvrtechnologies Nellore
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedNorm Barber
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
 
Cloud Security Introduction
Cloud Security IntroductionCloud Security Introduction
Cloud Security IntroductionGLC Networks
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and predictionVishwas Manral
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberDefcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberMoshe Ferber
 
The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing Moshe Ferber
 
PaaS security challenges and solutions (salesforce vision)
PaaS security challenges and solutions (salesforce vision)PaaS security challenges and solutions (salesforce vision)
PaaS security challenges and solutions (salesforce vision)Olga Lavrentieva
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersGokul Alex
 
Security for cloud native workloads
Security for cloud native workloadsSecurity for cloud native workloads
Security for cloud native workloadsRuncy Oommen
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloudAzure Group
 

What's hot (20)

Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...
 
Cloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedCloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption Explained
 
Cloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationCloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorization
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security Issues
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 
Cloud Security Introduction
Cloud Security IntroductionCloud Security Introduction
Cloud Security Introduction
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberDefcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
 
Cloud security
Cloud securityCloud security
Cloud security
 
The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing
 
PaaS security challenges and solutions (salesforce vision)
PaaS security challenges and solutions (salesforce vision)PaaS security challenges and solutions (salesforce vision)
PaaS security challenges and solutions (salesforce vision)
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and Frontiers
 
CSA Standards Development Summary
CSA Standards Development SummaryCSA Standards Development Summary
CSA Standards Development Summary
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
 
Security for cloud native workloads
Security for cloud native workloadsSecurity for cloud native workloads
Security for cloud native workloads
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloud
 

Similar to The Share Responsibility Model of Cloud Computing - ILTA Philadelphia

Trusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tipsTrusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tipsKaspersky
 
Managed security services
Managed security servicesManaged security services
Managed security servicesmanoharparakh
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...Amazon Web Services
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxTrongMinhHoang1
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in CloudLenin Aboagye
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
Outpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityAndy Powell
 
Maturing Your Organization from DevOps to DevSecOps
Maturing Your Organization from DevOps to DevSecOpsMaturing Your Organization from DevOps to DevSecOps
Maturing Your Organization from DevOps to DevSecOpsAmazon Web Services
 
Maturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsMaturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsAmazon Web Services
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Amazon Web Services
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAmazon Web Services
 

Similar to The Share Responsibility Model of Cloud Computing - ILTA Philadelphia (20)

Trusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tipsTrusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tips
 
Managed security services
Managed security servicesManaged security services
Managed security services
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptx
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Presd1 10
Presd1 10Presd1 10
Presd1 10
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 
Outpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud security
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud security
 
5787355.ppt
5787355.ppt5787355.ppt
5787355.ppt
 
Maturing Your Organization from DevOps to DevSecOps
Maturing Your Organization from DevOps to DevSecOpsMaturing Your Organization from DevOps to DevSecOps
Maturing Your Organization from DevOps to DevSecOps
 
Maturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsMaturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOps
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
 

Recently uploaded

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Recently uploaded (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

The Share Responsibility Model of Cloud Computing - ILTA Philadelphia

  • 1. Square10 Solutions LLCConfidential Cloud Security. Understand the Technical to Enable Business Decisions ILTA - Philadelphia 1
  • 2. Presenters 2 John LaVigne, a Systems Engineer for Fortinet, has over 15 years of experience in the network field. His focus today is on network security solutions for customers. John has previously worked in a number of project delivery roles in networking, security and messaging. Nick Sandone is a System Architect with Square10 Solutions. His areas of expertise include network design and optimization, advanced threat protection, enterprise monitoring, and securing cloud and hybrid networks. Nick has diverse experience having worked in industries ranging from legal, engineering and healthcare to cloud-based supply chain management. Patrick Sklodowski, a Principal with Square10 Solutions, is a proven technology professional with over two decades of expertise. He works with clients to provide solutions focused on strategic delivery and the alignment of technology with business requirements. His areas of specialty include system architecture, delivery of cloud solutions, messaging, technical project management, disaster recovery and complex migrations.
  • 3. Cloud Security = Shared Responsibility 3 • Know Your Role and Responsibilities! • Responsibility dependent on: • Type of service • Delivery model • Service provider Courtesy of AWS
  • 5. Physical Security 5 • Not “our” problem!
  • 6. Host Infrastructure 6 • Secure the virtual device like it’s “within your walls” • AV & threat protection • Patching • Application updates • Host encryption
  • 7. Network Controls 7 • What can we expect from CSP? • Protect their infrastructure • Basic built-in tools for customer
  • 8. Network Controls 8 • CSP Provides • Network Security Groups (group of ACLs) • Basic NAT or PAT • Basic port open port closed • Logical Network Segmentation
  • 9. Network Controls 9 • Customer Responsibility • Next Generation Firewall (NGFW) • Web Application Filtering (WAF) • Route all traffic through NGFW • Interrogate/Inspect traffic • AV/Malware/IPS/DLP • Log and monitor traffic • Encrypt traffic
  • 10. Application Level Controls 10 • Infrastructure as a Service (IaaS) • We install the applications, we must security them! • Platform as a Service (PaaS) • SQL • Web Services • PaaS protection through • Application level “firewall” settings • Identity management • SAML • Azure Active Directory “Because you’re building systems on top of the AWS cloud infrastructure, the security responsibilities will be shared: AWS manages the underlying infrastructure, and you secure anything you put on the infrastructure or connect to the infrastructure.” - Amazon Web Services “Sharing the Security Services”
  • 11. Identity & Access Management 11 • Access and authorization • Identity protection • Service management through user access • Tools • Multi Factor Authentication • Same sign on / Single sign on • Identity providers / SAML • Roles • Auditing and alerting • Conditional access
  • 12. Single Sign On and Identity Management 12 • More password = less secure passwords • Identity providers – OKTA, Duo, Microsoft, OneLogin • Regardless of Identity Solution • Every business needs to be setup in Microsoft Azure Active Directory • Most businesses should be federated with Azure Active Directory • Enables • Windows Store for Business • Identity management • Keeps users away from consumer accounts!
  • 13. Client & End-point Protection 13 • End-points are always our responsibility • How end point connects determines risk • PaaS is probably connected to my network • IaaS same risks as on-prem • SaaS more likely app or browser based devices won’t directly access systems • Device has access to data flowing through it! • Advanced threat protection • Microsoft Defender and Intune • Cylance • Carbon Black
  • 14. Data Classification & Accountability 14 • Compliance obligations • Distinguish - and potentially secure - sensitive data • SaaS - capabilities aren’t meaningful without classification – Digital Loss Prevention • PaaS & IaaS – Data management fully your responsibility • Backups • Encryption
  • 15. Resources 15 • Data Classification for Cloud Computing • http://aka.ms/dataclassificationforcloud • The ABC’s of the Share Responsibility Model • https://www.trendmicro.com/aws/aws-shared-security-model/ • Microsoft Incident Response and shared responsibility for cloud computing • https://azure.microsoft.com/en-us/blog/microsoft-incident-response-and-shared-responsibility-for-cloud-computing/ • What Does Shared Responsibility in the Cloud Mean • https://blogs.msdn.microsoft.com/azuresecurity/2016/04/18/what-does-shared-responsibility-in-the-cloud-mean/ • Shared Responsibility Model • https://aws.amazon.com/compliance/shared-responsibility-model/
  • 16. 16