SlideShare uma empresa Scribd logo

Symantec Best Practices for Cloud Security: Insights from the Front Lines

Symantec
Symantec

Download AWS Security Best Practices Guide with Cloud Configuration Checklist https://symc.ly/2FGNqC5.

Tecnologia
1 de 19
Baixar para ler offline
February 2019 Best Practices for Cloud Security: Insights from the Front Lines
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Security in the Public Cloud The Shared ResponsibilityModel 2
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Security in the Public Cloud Challenges 3 • Immature practice of security controls yields low-hanging fruit for attackers • Zero-day exploits against cloud workloads and containers • Malware outbreak via cloud storage • Attackers insert rogue processes into authorized workloads • Traditional endpoint protection does not work in cloud environments
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Lift & Shift Security Fails in the Cloud Not a Long-termSolution 4 Traditional security tools - Can’t integrate with modern DevOps workflows - Break immutable workload requirements - Break auto-deployment workflows
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only IaaS: CASB & CWP IaaS/PaaS+ SaaS IaaS/PaaS InfoSec DevSecOps InfrastructureManagement UserManagement OS Hardening App Control RT File IntegrityManagement App Isolation Malware Protection Data Loss Prevention User/AdminMonitoring and Control UEBA Account Protection PreventMisconfiguration PolicyEnforcement DLP for Storage Malware Protection for Storage Custom App Security IaaS/PaaS Compliance Assurance ConfigurationMonitoring ComputeStorage ComplianceThreat Protection Integrated Cyber Defense Data Loss Prevention 5 Configuration Control Plane
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Symantec Cloud Workload Protection (CWP) AutomatedSecurity for Public Cloud InfrastructureManagement 6 • Cloud-nativeprotectionintegrateswith modern DevOpsand CI/CD pipelines • Cost savings resultfrom automating deploymentworkflows • Anti-malwarefor computeand storage • OS and application hardeningfor continuous management withoutpatchingor intervention • CWP security controlsarebaked into images satisfying immutability requirements * 20,000 hours of free usage, valid for 89 days Details. Try SymantecCloud Workload Protectionfor free*
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Symantec Cloud Workload Assurance (CWA) Cloud Security Posture Managementfor ConfigurationControl Plane 7 • Gain deep visibility of all risksand controlof the cloud management plane acrossmulti-cloud surfaces • Monitorcloud resourcesformisconfigurations that can exposedata • Fix misconfigurationsquickly and easily with guided remediation and alerts • Assess and reportcompliancepostureagainst regulations & benchmarks * 1 account and up to 500 resources, valid for 30 days Details. Try SymantecCloud Workload Assurancefor free*
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Symantec CloudSOC Cloud Access Security Broker for SaaS, PaaS, and IaaS 8 • Shadow IT: Detect, monitor, and control Shadow IT use of cloud and mobile apps • Data Security: Protect confidential data from loss or exposure in the cloud with advanced DLP • Threat Protection: Combat threats with malware analysis, advanced threat protection, and the world’s largest civilian threat intelligence network. Protect against compromised accounts and careless or malicious users. • Compliance: Perform risk analysis of cloud services, monitor use of cloud, and protect regulated data types with automated controls and at-a-glancedashboards Requesta Shadow Data Risk Assessmentfor AWS Today!
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only AWS Cloud Security Best Practices 9 Decentralize security responsibility Educateapplicationowners on how to secure their services. Engage risk and compliance team to establish regulatorycompliance requirements. Involve InfoSecteam to include AWS into cloud app security and dataloss protectionstrategy. Democratize cloud infrastructure Adopt a shared responsibility model. • AWS to secure the underlying infrastructure • Your teams to determine how to configureand use your AWS environment “Organizations can’t have centralized security and decentralized operations.” Hardeep Singh Symantec Cloud Security Architect
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only AWS Cloud Security Best Practices 10 Deploy DevSecOps Reengineer software development lifecycle (SDLC)and morph it into a security practice. Embed security within the software development lifecycle process when migratingto AWS. Address attack vectors Adopt a holistic cloud security approachand secure the entire fabric. • From where the informationis stored,to compute, to different service componentsthat you may consume from AWS “Security is not absolute, but a gradient against the lever of velocity.” Raj Patel Vice Presidentof Cloud Platform Engineering, Symantec
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only AWS Cloud Security Best Practices 11 Automate Compliance Enforcecritical policies and regulationsby employing governance,risk and compliance tools that can help inventory your IT assets,evaluate vulnerabilities, govern informationaccess, and automatecompliance reporting. Enhance visibility Monitorand audit the configurationof your cloud services and security-related actions of your admins and users by obtaining visibility and controlof their cloud management plane.
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only AWS Cloud Security Best Practices 12 Avoid configuration mistakes Configure your cloud in key areas including identity and access management,logging, monitoring and networking. “Companies with limited resources and budget should actually consider moving to the cloud in order to benefit from stronger security and compliance.” Curt Dukes Executive Vice President for Security Best Practices, CIS (Centerfor Internet Security, Inc)
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only DevOps + InfoSec 5 Steps to Better Security 13 Embrace the shared responsibilitymodel Approach for therelationship between the DevOpsteam and the security team—both teams need to work collaboratively to securepublic cloud infrastructure.
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only DevOps + InfoSec 5 Steps to Better Security 14 Apply security at all layers in CI/CD pipeline Shift left for planning, shift right for runtime. This movessecurity managementto a continuous validation mode. The cloud allows you to change things or movethings really rapidly and in a software-drivenway.
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only DevOps + InfoSec 5 Steps to Better Security 15 Implement a “least privilege”approach Adopt a “least privilege” approachupfrontand if your organization is just starting down the DevSecOpspath,focus on the usersand appsthat havethe most risk for their business.
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only DevOps + InfoSec 5 Steps to Better Security 16 Protect data in transit and at rest Leveragethe agile softwaredevelopment processes to write cyber security-relateduse cases with data protection foremostin mind.
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only DevOps + InfoSec 5 Steps to Better Security 17 Embed a security professional or engineer within DevOps Ensuresecurity is a regulardiscipline in CI/CD pipeline by havingdevelopers and InfoSec professionalsworkingelbow-to-elbow.
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Resources 18 • A Guide to Amazon Web Services (AWS) Cloud Security Best Practices • AWS & Symantec Webcast: Security that Scales: Automating Security and Compliance for DevOps • Infographic for DevOps: Work Less. Secure More. • Infographic for InfoSec: DevOps + InfoSec − The New Dynamic Duo • Shared Responsibility Quiz: Now Who Protects What? • Try Symantec Cloud Workload Protection for free • Try Symantec Cloud Workload Protection for Storage for free • Try Symantec Cloud Workload Assurance for free
Thank You!

Recomendados

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
Iftikhar Ali Iqbal
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfee
Cristian Garcia G.
 
Day 3: Security Auditing and Compliance
Day 3: Security Auditing and ComplianceDay 3: Security Auditing and Compliance
Day 3: Security Auditing and Compliance
VMware Tanzu
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinar
AlgoSec
 
Cyber Tech Israel 2016: Get Your Head in the Cloud
Cyber Tech Israel 2016: Get Your Head in the CloudCyber Tech Israel 2016: Get Your Head in the Cloud
Cyber Tech Israel 2016: Get Your Head in the Cloud
Symantec
 
Inteligentní ochrana osobních údajů v procesu digitální transformace
Inteligentní ochrana osobních údajů v procesu digitální transformaceInteligentní ochrana osobních údajů v procesu digitální transformace
Inteligentní ochrana osobních údajů v procesu digitální transformace
MarketingArrowECS_CZ
 
Qualys Brochure for CISOs
Qualys Brochure for CISOsQualys Brochure for CISOs
Qualys Brochure for CISOs
Qualys
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate Brochure
Qualys
 

Recomendados

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
Iftikhar Ali Iqbal
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfee
Cristian Garcia G.
 
Day 3: Security Auditing and Compliance
Day 3: Security Auditing and ComplianceDay 3: Security Auditing and Compliance
Day 3: Security Auditing and Compliance
VMware Tanzu
 
The state of the cloud csa survey webinar
The state of the cloud csa survey webinarThe state of the cloud csa survey webinar
The state of the cloud csa survey webinar
AlgoSec
 
Cyber Tech Israel 2016: Get Your Head in the Cloud
Cyber Tech Israel 2016: Get Your Head in the CloudCyber Tech Israel 2016: Get Your Head in the Cloud
Cyber Tech Israel 2016: Get Your Head in the Cloud
Symantec
 
Inteligentní ochrana osobních údajů v procesu digitální transformace
Inteligentní ochrana osobních údajů v procesu digitální transformaceInteligentní ochrana osobních údajů v procesu digitální transformace
Inteligentní ochrana osobních údajů v procesu digitální transformace
MarketingArrowECS_CZ
 
Qualys Brochure for CISOs
Qualys Brochure for CISOsQualys Brochure for CISOs
Qualys Brochure for CISOs
Qualys
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate Brochure
Qualys
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
Iftikhar Ali Iqbal
 
Cisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPsCisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPs
Cisco Russia
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
Amazon Web Services
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
CloudPassage
 
2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...
AlgoSec
 
Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next Level
Skybox Security
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
Cisco Canada
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
CloudPassage
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
MarketingArrowECS_CZ
 
Application Secuirty in the Cloud
Application Secuirty in the CloudApplication Secuirty in the Cloud
Application Secuirty in the Cloud
Steven_Jackson
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
AlgoSec
 
Cw13 securing your journey to the cloud by rami naccache-trend micro
Cw13 securing your journey to the cloud by rami naccache-trend microCw13 securing your journey to the cloud by rami naccache-trend micro
Cw13 securing your journey to the cloud by rami naccache-trend micro
TheInevitableCloud
 
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar DeckHow PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
Amazon Web Services
 
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
MarketingArrowECS_CZ
 
Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015
Kaspersky
 
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Cloud Security Alliance, UK chapter
 
Introducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for VirtualizationIntroducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for Virtualization
Ariel Martin Beliera
 
McAfee - Portfolio Overview
McAfee - Portfolio OverviewMcAfee - Portfolio Overview
McAfee - Portfolio Overview
Iftikhar Ali Iqbal
 
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
Iftikhar Ali Iqbal
 
Cisco's 2016 Annual Security report
Cisco's 2016 Annual Security reportCisco's 2016 Annual Security report
Cisco's 2016 Annual Security report
Cisco Canada
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
Symantec
 

Mais conteúdo relacionado

Mais procurados

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
Iftikhar Ali Iqbal
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
Amazon Web Services
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
CloudPassage
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
CloudPassage
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
AlgoSec
 
Cw13 securing your journey to the cloud by rami naccache-trend micro
Cw13 securing your journey to the cloud by rami naccache-trend microCw13 securing your journey to the cloud by rami naccache-trend micro
Cw13 securing your journey to the cloud by rami naccache-trend micro
TheInevitableCloud
 
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar DeckHow PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
Amazon Web Services
 
Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015
Kaspersky
 
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Cloud Security Alliance, UK chapter
 
Introducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for VirtualizationIntroducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for Virtualization
Ariel Martin Beliera
 

Mais procurados (20)

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
 
Cisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPsCisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPs
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
 
2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...2020 04-07 webinar slides -turning network security alerts into action change...
2020 04-07 webinar slides -turning network security alerts into action change...
 
Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next Level
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
 
Application Secuirty in the Cloud
Application Secuirty in the CloudApplication Secuirty in the Cloud
Application Secuirty in the Cloud
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
 
Cw13 securing your journey to the cloud by rami naccache-trend micro
Cw13 securing your journey to the cloud by rami naccache-trend microCw13 securing your journey to the cloud by rami naccache-trend micro
Cw13 securing your journey to the cloud by rami naccache-trend micro
 
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar DeckHow PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
 
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
 
Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015
 
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
 
Introducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for VirtualizationIntroducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for Virtualization
 
McAfee - Portfolio Overview
McAfee - Portfolio OverviewMcAfee - Portfolio Overview
McAfee - Portfolio Overview
 
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
 
Cisco's 2016 Annual Security report
Cisco's 2016 Annual Security reportCisco's 2016 Annual Security report
Cisco's 2016 Annual Security report
 

Semelhante a Symantec Best Practices for Cloud Security: Insights from the Front Lines

Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
DevOps.com
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Amazon Web Services
 
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Amazon Web Services
 
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
Glenn Ambler
 
QRadar_on_Cloud_client_presentation.PPTX
QRadar_on_Cloud_client_presentation.PPTXQRadar_on_Cloud_client_presentation.PPTX
QRadar_on_Cloud_client_presentation.PPTX
NatashaVerma29
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
Lenin Aboagye
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
Amazon Web Services
 

Semelhante a Symantec Best Practices for Cloud Security: Insights from the Front Lines (20)

Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
 
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
 
Security Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference ArchitectureSecurity Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference Architecture
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020
 
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
QRadar_on_Cloud_client_presentation.PPTX
QRadar_on_Cloud_client_presentation.PPTXQRadar_on_Cloud_client_presentation.PPTX
QRadar_on_Cloud_client_presentation.PPTX
 
Datacenter 2014: Trend Micro - Bill MCGee
Datacenter 2014: Trend Micro - Bill MCGeeDatacenter 2014: Trend Micro - Bill MCGee
Datacenter 2014: Trend Micro - Bill MCGee
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 

Mais de Symantec

Mais de Symantec (20)

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of Broadcom
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own IT
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
 
GDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantGDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators Want
 
Symantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 WebinarSymantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 Webinar
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
 

Último

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Último (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Symantec Best Practices for Cloud Security: Insights from the Front Lines

  • 1. February 2019 Best Practices for Cloud Security: Insights from the Front Lines
  • 2. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Security in the Public Cloud The Shared ResponsibilityModel 2
  • 3. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Security in the Public Cloud Challenges 3 • Immature practice of security controls yields low-hanging fruit for attackers • Zero-day exploits against cloud workloads and containers • Malware outbreak via cloud storage • Attackers insert rogue processes into authorized workloads • Traditional endpoint protection does not work in cloud environments
  • 4. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Lift & Shift Security Fails in the Cloud Not a Long-termSolution 4 Traditional security tools - Can’t integrate with modern DevOps workflows - Break immutable workload requirements - Break auto-deployment workflows
  • 5. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only IaaS: CASB & CWP IaaS/PaaS+ SaaS IaaS/PaaS InfoSec DevSecOps InfrastructureManagement UserManagement OS Hardening App Control RT File IntegrityManagement App Isolation Malware Protection Data Loss Prevention User/AdminMonitoring and Control UEBA Account Protection PreventMisconfiguration PolicyEnforcement DLP for Storage Malware Protection for Storage Custom App Security IaaS/PaaS Compliance Assurance ConfigurationMonitoring ComputeStorage ComplianceThreat Protection Integrated Cyber Defense Data Loss Prevention 5 Configuration Control Plane
  • 6. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Symantec Cloud Workload Protection (CWP) AutomatedSecurity for Public Cloud InfrastructureManagement 6 • Cloud-nativeprotectionintegrateswith modern DevOpsand CI/CD pipelines • Cost savings resultfrom automating deploymentworkflows • Anti-malwarefor computeand storage • OS and application hardeningfor continuous management withoutpatchingor intervention • CWP security controlsarebaked into images satisfying immutability requirements * 20,000 hours of free usage, valid for 89 days Details. Try SymantecCloud Workload Protectionfor free*
  • 7. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Symantec Cloud Workload Assurance (CWA) Cloud Security Posture Managementfor ConfigurationControl Plane 7 • Gain deep visibility of all risksand controlof the cloud management plane acrossmulti-cloud surfaces • Monitorcloud resourcesformisconfigurations that can exposedata • Fix misconfigurationsquickly and easily with guided remediation and alerts • Assess and reportcompliancepostureagainst regulations & benchmarks * 1 account and up to 500 resources, valid for 30 days Details. Try SymantecCloud Workload Assurancefor free*
  • 8. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Symantec CloudSOC Cloud Access Security Broker for SaaS, PaaS, and IaaS 8 • Shadow IT: Detect, monitor, and control Shadow IT use of cloud and mobile apps • Data Security: Protect confidential data from loss or exposure in the cloud with advanced DLP • Threat Protection: Combat threats with malware analysis, advanced threat protection, and the world’s largest civilian threat intelligence network. Protect against compromised accounts and careless or malicious users. • Compliance: Perform risk analysis of cloud services, monitor use of cloud, and protect regulated data types with automated controls and at-a-glancedashboards Requesta Shadow Data Risk Assessmentfor AWS Today!
  • 9. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only AWS Cloud Security Best Practices 9 Decentralize security responsibility Educateapplicationowners on how to secure their services. Engage risk and compliance team to establish regulatorycompliance requirements. Involve InfoSecteam to include AWS into cloud app security and dataloss protectionstrategy. Democratize cloud infrastructure Adopt a shared responsibility model. • AWS to secure the underlying infrastructure • Your teams to determine how to configureand use your AWS environment “Organizations can’t have centralized security and decentralized operations.” Hardeep Singh Symantec Cloud Security Architect
  • 10. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only AWS Cloud Security Best Practices 10 Deploy DevSecOps Reengineer software development lifecycle (SDLC)and morph it into a security practice. Embed security within the software development lifecycle process when migratingto AWS. Address attack vectors Adopt a holistic cloud security approachand secure the entire fabric. • From where the informationis stored,to compute, to different service componentsthat you may consume from AWS “Security is not absolute, but a gradient against the lever of velocity.” Raj Patel Vice Presidentof Cloud Platform Engineering, Symantec
  • 11. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only AWS Cloud Security Best Practices 11 Automate Compliance Enforcecritical policies and regulationsby employing governance,risk and compliance tools that can help inventory your IT assets,evaluate vulnerabilities, govern informationaccess, and automatecompliance reporting. Enhance visibility Monitorand audit the configurationof your cloud services and security-related actions of your admins and users by obtaining visibility and controlof their cloud management plane.
  • 12. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only AWS Cloud Security Best Practices 12 Avoid configuration mistakes Configure your cloud in key areas including identity and access management,logging, monitoring and networking. “Companies with limited resources and budget should actually consider moving to the cloud in order to benefit from stronger security and compliance.” Curt Dukes Executive Vice President for Security Best Practices, CIS (Centerfor Internet Security, Inc)
  • 13. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only DevOps + InfoSec 5 Steps to Better Security 13 Embrace the shared responsibilitymodel Approach for therelationship between the DevOpsteam and the security team—both teams need to work collaboratively to securepublic cloud infrastructure.
  • 14. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only DevOps + InfoSec 5 Steps to Better Security 14 Apply security at all layers in CI/CD pipeline Shift left for planning, shift right for runtime. This movessecurity managementto a continuous validation mode. The cloud allows you to change things or movethings really rapidly and in a software-drivenway.
  • 15. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only DevOps + InfoSec 5 Steps to Better Security 15 Implement a “least privilege”approach Adopt a “least privilege” approachupfrontand if your organization is just starting down the DevSecOpspath,focus on the usersand appsthat havethe most risk for their business.
  • 16. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only DevOps + InfoSec 5 Steps to Better Security 16 Protect data in transit and at rest Leveragethe agile softwaredevelopment processes to write cyber security-relateduse cases with data protection foremostin mind.
  • 17. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only DevOps + InfoSec 5 Steps to Better Security 17 Embed a security professional or engineer within DevOps Ensuresecurity is a regulardiscipline in CI/CD pipeline by havingdevelopers and InfoSec professionalsworkingelbow-to-elbow.
  • 18. Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Resources 18 • A Guide to Amazon Web Services (AWS) Cloud Security Best Practices • AWS & Symantec Webcast: Security that Scales: Automating Security and Compliance for DevOps • Infographic for DevOps: Work Less. Secure More. • Infographic for InfoSec: DevOps + InfoSec − The New Dynamic Duo • Shared Responsibility Quiz: Now Who Protects What? • Try Symantec Cloud Workload Protection for free • Try Symantec Cloud Workload Protection for Storage for free • Try Symantec Cloud Workload Assurance for free