Make Cloud the Most Secure Environment for Business Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)
Enterprise cloud apps Consumer cloud apps The average organization now uses 1,935 cloud apps 1935 1427 1682 513 582 1187 409 897 333 an increase of 15% over last year 626 169 457 259 638 854 1018 1169 1353 2013 2014 2015 2016 2017 2018 Source: McAfee Cloud Adoption Report, Nov 2018 2
The average Financial Services organization uses 1,545 cloud apps Source: Business @ Work Finance 2018, Okta 3
Most Cloud Apps are not Enterprise-ready Source: McAfee Cloud Adoption Report, Nov 2018 4
Office365, Workday, AWS, Azure?
Most Organizations: 38 days to patch a vulnerability regardless of security level 34 days to patch most critical CVEs Source: Tcell Report on Security Patching
Mature Cloud Providers: Weekly planned patching model Critical vulnerabilities patched in 24 hours Source: Tcell Report on Security Patching
Source: Gartner Through 2020, public cloud infrastructureas-a-service (IaaS) workloads will suffer at least 60% fewer security incidents than those in traditional data centers
Source: Microsoft Microsoft s annual security budget: $1bn
Source: Gartner Through 2022, at least 95% of cloud security failures will be the customer s fault
Cloud security is a shared responsibility
Shared Responsibility Model for Cloud IaaS PaaS SaaS Data Classification & Accountability Shared Responsibility Client & End-Point Protection Identity & Access Management Application Level Controls Network Control Customer Responsibility Service Provider Responsibility Host Infrastructure Physical Security 12
Shared Responsibility Model for SaaS Data Classification & Accountability Client & End-Point Protection Identity & Access Management 13
Shared Responsibility Model for SaaS Rogue Employee Unmanaged devices Compromised Accounts Collaboration Malware 14
87% companies permit employees to use unmanaged devices to access business apps Source: McAfee Cloud Adoption Report, Nov 2018
Source: McAfee Cloud Adoption Report, Nov 2018 21% of cloud data is sensitive
83% of organizations worldwide admit that they store sensitive data in the cloud Source: McAfee Cloud Adoption Report, Nov 2018
48.3% of files in the cloud are shared
12% of shared files are accessible to anyone with a link 14% of files shared with a personal email address Source: McAfee Cloud Adoption Report, Nov 2018 19
Cloud is the new favorite target of threat actors Source: McAfee Cloud Adoption Report, Nov 2018 20
81% of all hacking-related breaches leveraged either stolen and/or weak passwords Source: Verizon Data Breach Investigation Report 2018
Of All Organizations, Every Month 94%: at least 1 insider threat 80%: at least 1 compromised account threat 92%: stolen cloud credentials on dark web Source: Verizon Data Breach Investigation Report 2018
Persistent Login Attack Brute Force Logins Distant Cousin Attack MO Enumerate usernames (using first, middle and last names) 5-60 different username combinations attempted per User Number of attempts vary proportionally, to the value of the User Attempt logins for each of the usernames Multiple IPs used, one attempt by one IP using one password Threat Objectives Assess the organization s O365 authentication framework (username validation, SSO, MFA etc) Identify valid usernames, system accounts etc; and if they federate to an SSO/MFA Compromise O365 accounts 23
KnockKnock Attack Attack MO Target system accounts, that do not have MFA or federate to an SSO Target admins & accounts that have higher privileged access (non-federated auth accounts like *.onmicrosoft.com for O365) Threat Objectives Compromise high privilege system accounts Widen a breach using malware or phishing leading to deep-set infiltration Rogue Machines Originating Geos & Networks Large Enterprises Service Accounts 24
Identifying cloud threats is like finding a needle in the CloudStack 100M:1 events:threats Source: McAfee Cloud Adoption Report, Nov 2018 25
High-Risk Shadow Med/Low-Risk Shadow Salesforce Custom Apps 5% 5% 16% Office 365 contains the most sensitive data, at 31% AWS 13% 11% 31% Slack 2% Google Docs 2% 7% 8% Office 365 Box ServiceNow Source: McAfee Cloud Adoption Report, Nov 2018 26
Threats in Office365 have grown 63% in past two years
Shared Responsibility Model for IaaS/PaaS Data Classification & Accountability Client & End-Point Protection Identity & Access Management Application Level Controls Network Control Host Infrastructure Physical Security 28
Shared Responsibility Model for IaaS/PaaS Rogue Use Provisioning Sprawl Compromised Accounts Containers and Workloads Misconfiguration Workload to Workload Communication Malware 29
AWS dominates in terms of user access count Source: McAfee Cloud Adoption Report, Nov 2018 30
Most organizations have a multi-cloud strategy Source: McAfee Cloud Adoption Report, Nov 2018 31
Average organization has 14 misconfigured IaaS services running at a given time Source: McAfee Cloud Adoption Report, Nov 2018
Top 10 most commonly misconfigured AWS services 1. EBS Data encryption is not turned on 2. There s unrestricted outbound access 3. Access to resources is not provisioned using IAM roles 4. EC2 security group port misconfigured 5. EC2 security group inbound access misconfigured 6. Unencrypted AMI 7. Unused security groups 8. VPC Flow logs disabled 9. Multi-factor authentication not enabled for IAM users 10.S3 bucket encryption not turned on Source: McAfee Cloud Adoption Report, Nov 2018 33
Source: McAfee Cloud Adoption Report, Nov 2018 34
GhostWriter Threat Attack MO Identify publicly readable, writeable or AWS user readable, writeable buckets Identify publicly modifiable or AWS user modifiable ACLs Plant malware in the publicly accessible AWS buckets Threat Objectives Leak hundreds of thousands of records from misconfigured S3 buckets Distribute malware using trusted-iaas instances 35
Average organization experiences 1,527 DLP incidents in IaaS/PaaS per month Source: McAfee Cloud Adoption Report, Nov 2018
Source: Gartner In 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience 33% fewer security failures
Source: Gartner Security of the past is inadequate
Security of the Past was Network-centric Enterprise Data and Applications were Secured by Locking Everything Down Network Devices Enterprise Data center 39
Security of the Cloud has to be Cloud-native SaaS IaaS/PaaS Enterprise Data Creation and Access in the Cloud Bypasses Existing Network Security Infrastructure 40
Security of the Cloud has to be Cloud-native SaaS IaaS/PaaS and has to be convenient enough! 41
Cloud-native Security Regaining Visibility w/o Friction SaaS Devices Cloud-native Security Platform IaaS/PaaS Connect and Regain Visibility 42
Cloud-native Security Enforcing Control w/o Friction SaaS Devices Cloud-native Security Platform IaaS/PaaS Connect and Regain Visibility Enforce Threat and Data Protection Policies 43
Cloud-native Security Platform SaaS Managed and Unmanaged Devices IaaS/PaaS Visibility Control Gain complete visibility into data, workloads, containers and user behavior in the cloud Apply persistent protection to sensitive data and take real-time action to correct policy violations 44
Making Cloud the Most Secure Environment for Business Cloud increasingly is home to sensitive enterprise data Data sharing in the cloud is increasing Data loss and threat vectors span SaaS and IaaS/PaaS Cloud security is a shared responsibility Deploy cloud-native security platform 45
Thank you!