Hardening the Cloud: Assuring Agile Security in High-Growth Environments (Moving from span ports to virtual appliances)

Similar documents
Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

Cloudreach Data Center Migration Services

Securely Moving Data to the Cloud with Confidence and Customer Focus

Minfy MS Workloads Use Case

Getting Started with AWS Security

Minfy MS Workloads Use Case

Delivering Intent for Data Center Networking

Amazon Web Services. For Government, Education, and Nonprofit Organizations

DevOps Agility in the Evolving Cloud Services Landscape

Minfy-Vara Migration Use Case

Making hybrid IT simple with Capgemini and Microsoft Azure Stack

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Cisco Cloud Application Centric Infrastructure

Training and Certification. Guide to Learning and Certification Paths

THE JOURNEY OVERVIEW THREE PHASES TO A SUCCESSFUL MIGRATION ADOPTION ACCENTURE IS 80% IN THE CLOUD

AWS Web Application Firewall. Darren Weiner Cloud Architect/Engineer

in Action Delivering the digital enterprise Human Centric Innovation Ralf Salzmann Manager OEM

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

THE RISE OF THE MODERN DATA CENTER

SIMPLIFY, AUTOMATE & TRANSFORM YOUR BUSINESS

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

VMware vcloud Networking and Security Overview

Service Provider Consulting

Cloud solution consultant

Building a Resilient Security Posture for Effective Breach Prevention

Microsoft 365 Security & Compliance For Small- and Mid-Sized Businesses

Preparing your network for the next wave of innovation

Cloud solution consultant

Strong Security Elements for IoT Manufacturing

VMWARE CLOUD FOUNDATION: INTEGRATED HYBRID CLOUD PLATFORM WHITE PAPER NOVEMBER 2017

Cloud Security: Constant Innovation

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Securing Digital Transformation

Perfect Balance of Public and Private Cloud

Weaving Security into Every Application

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

CYBER SECURITY WHITEPAPER

Windows 10 IoT Overview. Microsoft Corporation

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Better skilled workforce

Cisco ONE Enterprise Cloud Suite

10 Considerations for a Cloud Procurement. March 2017

DELIVERING SIMPLIFIED CYBER SECURITY JOURNEYS

Why Enterprises Need to Optimize Their Data Centers

Leading Investment Management Software Firm Slashes Infrastructure Costs, Maximizes Application Availability ATTENTION. ALWAYS.

Design Build Services - Service Description-v7

INTRO TO AWS: SECURITY

Archiving. Services. Optimize the management of information by defining a lifecycle strategy for data. Archiving. ediscovery. Data Loss Prevention

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

Managing Security While Driving Digital Transformation

Defensible Security DefSec 101

AWS Well Architected Framework

Healthcare IT Modernization and the Adoption of Hybrid Cloud

Cloud Computing: Making the Right Choice for Your Organization

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Accelerate Your Enterprise Private Cloud Initiative

Security & Compliance in the AWS Cloud. Amazon Web Services

Best Practices to Transition to the Cloud. Five ways to improve IT agility and speed development by adopting a Cloud DevOps approach

Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER

Colocation Enabler for Hybrid and Multi Cloud Solutions. Toan Nguyen, Director Business Development & Cloud Platform, e-shelter services GmbH

VMWARE CLOUD FOUNDATION: THE SIMPLEST PATH TO THE HYBRID CLOUD WHITE PAPER AUGUST 2018

Cloud Services. Infrastructure-as-a-Service

10 Cloud Myths Demystified

Cisco Digital Network Architecture The Network Enables Digital Business. Rene Andersen Cisco DK

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

The fast-track to NFV

Manchester Metropolitan University Information Security Strategy

What s New at AWS? looking at just a few new things for Enterprise. Philipp Behre, Enterprise Solutions Architect, Amazon Web Services

Matrix IT work Copyright Do not remove source or Attribution from any graphic or portion of graphic

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

Angela McKay Director, Government Security Policy and Strategy Microsoft

AKAMAI CLOUD SECURITY SOLUTIONS

Love Containers, Love Devops, Love Openshift, Where's my business case?

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

10 QUESTIONS, 10 ANSWERS. Get to know VMware Cloud on AWS The Best-in-Class Hybrid Cloud Service

Data Virtualization Implementation Methodology and Best Practices

OSS for Digital Services From evolution to revolution

Data Management and Security in the GDPR Era

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Go Cloud. VMware vcloud Datacenter Services by BIOS

Professional Services for Cloud Management Solutions

Cloud Security Strategy - Adapt to Changes with Security Automation -

The Mobile World Introduction

Getting Hybrid IT Right. A Softchoice Guide to Hybrid Cloud Adoption

What It Takes to be a CISO in 2017

BUILDING the VIRtUAL enterprise

Delivering the Digital Institution

VMware Cloud on AWS. A Closer Look. Frank Denneman Senior Staff Architect Cloud Platform BU

RED HAT CLOUD STRATEGY (OPEN HYBRID CLOUD) Ahmed El-Rayess Solutions Architect

AWS Reference Design Document

Service provider GTM strategy session: New revenue opportunities with Veeam

Data Protection Everywhere. For the modern data center

Digital Network Architecture

ArcGIS in the Cloud. Andrew Sakowicz & Alec Walker

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Closing the Hybrid Cloud Security Gap with Cavirin

Service Delivery Platform

Transcription:

SESSION ID: CSV-F01 Hardening the Cloud: Assuring Agile Security in High-Growth Environments (Moving from span ports to virtual appliances) Aaron McKeown Lead Security Architect Xero

Fast or Secure Fast & Secure

Beautiful cloud-based accounting software Connecting people with the right numbers anytime, anywhere, on any device 1,450+ staff globally $474m raised in capital $202m sub revenue FY16 $1tr incoming and outgoing transactions in past 12 mths 450m incoming and outgoing transactions in past 12 mths All figures shown are in NZD 3

862,000+ Subscribers globally 2009 2010 2011 2012 2013 2014 2015 2016

Public Cloud Migration Supporting the next wave of growth Reducing our cost to serve Improving data protection Eliminating scheduled downtime Maintaining and improving security 5

Key Challenges Skills are scarce Automation is key Regional representation and recommendations Need to focus on visibility Application architecture has to change Third-party commercial models need to change 6

Challenge #1: Skills are scarce Challenge #1: Skills are scarce Make an initial investment in education Join industry groups and forums Selective engagement of contractors Promotion of industry wide cyber skills 7

Challenge #2: Regional representation Challenge #2: Regional representation and recommendations Build a strong relationship with AWS Reach out to your contacts Look at alternatives Build a communication path to remote organizations 8

Challenge #3: Application architecture changes Challenge #3: Application architecture has to change Work in cross-functional teams Deliver in short, frequent cycles Communicate quickly and effectively Build and deliver security as a service 9

Challenge #4: Automation is key Challenge #4: Automation is key Make automation a core principle Start with basic use of CloudFormation Use a code repository Build a Continuous Integration (CI) and Continuous Delivery (CD) system 10

Challenge #5: Focus on visibility Challenge #5: Need to focus on visibility CloudTrail is enabled by default for all accounts Track configuration drift Get the development teams invested Extended into a virtual team 11

Challenge #6: Third-party commercial models Challenge #6: Third-party commercial models need to change Do what we advise others to do, use the cloud Work with our technology partners and vendors Move from perpetual licenses, to core based licenses Address commercial and legal issues first 12

Key Principles Repeatable, automated build and management of security systems Accelerated pace of security innovation On-demand security infrastructure that works at any scale 13

Key Learnings Security by design - what s that? Communication is key Measure & Test, monitor everything Welcome to the cloud - Where s my span port? 14

Key Learnings: Security by design Build security into every layer Treat your infrastructure as code Iterate, iterate, iterate Security by design - what s that? Build security into the product lifecycle 15

Key Learnings: Communication is key Make everyone a spokesperson Evangelize and sell your service Communicate success (as well as failure) Communication is key Documentation is critical 16

Key Learnings: Measure everything How do you know what normal looks like? Continually track configuration drift Do a gap analysis Measure & test, monitor everything Perform internal and external testing 17

Key Learnings: Where s my span port? Change your way of thinking Expand your scope of responsibility It is a shared journey for all Welcome to the cloud - Where s my span port? Use cross-functional teams 18

The New Paradigm of Shared Responsibility Xero + Partner Xero Applications & Content Ecosystem Network Identity & Access Inventory Security Control & Config Data Encryption Security IN the Cloud AWS Foundation Services Compute Storage Database Networking Security OF the Cloud AWS Global Infrastructure Availability Zones Regions Edge Locations 19

Security as a Service VPN connectivity Host Based Security Proxy Services Security Operations and Consulting Services Web Application Security and Delivery Shared Key Management Services Secure Bastion Access 20

Multi-Factor Authentication The decision to utilize MFA was a core component of security design User awareness was initially an issue Some users refused to utilize the system Multiple MFA systems already in place Enable the MFA enhanced features 21

Configuration Drift Management Finding the needle in an automated and freedom-to-deploy haystack Used Netflix Security Monkey to track, monitor, and action key AWS resource changes Watchers configured across all AWS accounts Started as an internal Cloud Security tool Adoption was driven by the product teams Risk and compliance utilization for best practice review 22

Host Security Automation Next layer of defense at the host level Used to monitor, notify, and action instance-level configurations, vulnerabilities and integrity Automated roll-out and integration with all hosts Make use of the cloud Adopt elasticity and automation Accelerated pace of development 23

Apply What You Have Learned Today WEEK 1 MONTH 3 MONTH 6 Activate multi-factor authentication Enable CloudTrail Start your first automation! Define your principles Develop a security architecture Start to track your configuration drift Measure, test & monitor everything Build a culture of communication Automate more! 24

Aaron McKeown Lead Security Architect Xero www.xero.com @xero

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback