Cloud Security: Constant Innovation

Similar documents
Cloud Security. Presented by Richard Brown

Identity Management as a Service

CipherCloud CASB+ Connector for ServiceNow

Go mobile. Stay in control.

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Cloud Computing: Making the Right Choice for Your Organization

Securing Your Most Sensitive Data

Virtual Machine Encryption Security & Compliance in the Cloud

PCI DSS Compliance. White Paper Parallels Remote Application Server

Next Generation Privilege Identity Management

The Next Evolution of Enterprise Public Cloud. Bring the Oracle Cloud to Your Data Center

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

Microsoft 365 Security & Compliance For Small- and Mid-Sized Businesses

Total Cost of Ownership: Benefits of the OpenText Cloud

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

MANAGING THE COMPLEXITY.

10 QUESTIONS, 10 ANSWERS. Get to know VMware Cloud on AWS The Best-in-Class Hybrid Cloud Service

VMware Hybrid Cloud Solution

Transformation Through Innovation

OFFICE 365 GOVERNANCE: Top FAQ s & Best Practices. Internal Audit, Risk, Business & Technology Consulting

Crash course in Azure Active Directory

The Oracle Trust Fabric Securing the Cloud Journey

Total Cost of Ownership: Benefits of ECM in the OpenText Cloud

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

Office 365 Business The Microsoft Office you know, powered by the cloud.

BRINGING CLARITY TO THE CLOUD

An introductory look. cloud computing in education

Cloud Computing: The Next Wave. Matt Jonson Connected Architectures Lead Cisco Systems US and Canada Partner Organization

THALES DATA THREAT REPORT

Information Security Controls Policy

Total Threat Protection. Whitepaper

ERP Solution to the Cloud

Enterprise Private Cloud. Fully managed private cloud as a service in your data centre or ours.

Best Practices in Securing a Multicloud World

MySQL CLOUD SERVICE. Propel Innovation and Time-to-Market

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Business Strategy Theatre

Shift CAPEX to OPEX. With an Expedient On-Site Private Cloud

NetApp Private Storage for Cloud: Solving the issues of cloud data privacy and data sovereignty

3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity

Safeguard Application Uptime and Consistent Performance

Spotlight Report. Information Security. Presented by. Group Partner

Next-Gen CASB. Patrick Koh Bitglass

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

Why is Office 365 the right choice?

Amit Panchal Enterprise Technology Strategist

Intermedia s Private Cloud Exchange

BUILDING A NEXT-GENERATION FIREWALL

How to master hybrid IT. Get the speed and agility you want, with the visibility and control you need

BYOD Success Kit. Table of Contents. Current state of BYOD in enterprise Checklist for BYOD Success Helpful Pilot Tips

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

MICROSOFT APPLICATIONS

Cloud Confidence: Simple Seamless Secure. Dell EMC Data Protection for VMware Cloud on AWS

BT Compute. BT Private Compute. Dedicated cloud infrastructure hosting your IT. BT Compute

How SD-WAN will Transform the Network. And lead to innovative, profitable business outcomes

Transform your network and your customer experience. Introducing SD-WAN Concierge

NETWORK AND SD-VPN. Meshing legacy and Cloud Service Providers

10 Cloud Myths Demystified

SIEMLESS THREAT DETECTION FOR AWS

Cloud Connections SEE Partner Summit Janos Strausz Product Sales Specialist, DC

Preparing your network for the next wave of innovation

Evolution For Enterprises In A Cloud World

SAFE JOURNEY TO THE CLOUD. Eric Meadows Cloud Security Team

2017 Annual Meeting of Members and Board of Directors Meeting

Government IT Modernization and the Adoption of Hybrid Cloud

Cyber Essentials Questionnaire Guidance

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Vscale: Real-World Deployments of Next-Gen Data Center Architecture

Smart Data Center From Hitachi Vantara: Transform to an Agile, Learning Data Center

Choosing the Right Cloud Computing Model for Data Center Management

Your Data Demands More NETAPP ENABLES YOU TO LEVERAGE YOUR DATA & COMPUTE FROM ANYWHERE

QUALITY IT SUPPORT TAILORED FOR NOT FOR PROFITS

Secure Messaging as a Service

Protecting Your Cloud

ASD CERTIFICATION REPORT

Reaping the Full Benefits of a Hybrid Network

A Cloud WHERE PHYSICAL ARE TOGETHER AT LAST

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Hardening the Cloud: Assuring Agile Security in High-Growth Environments (Moving from span ports to virtual appliances)

FUJITSU Backup as a Service Rapid Recovery Appliance

Cisco Cloud Application Centric Infrastructure

Cisco Software-Defined Access

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS

Why Converged Infrastructure?

BEST PRACTICES FOR PERSONAL Security

The IBM Platform Computing HPC Cloud Service. Solution Overview

MODERNIZE INFRASTRUCTURE

Understanding As-a-service: Teradata IntelliCloud

ESSENTIAL, QUALITY IT SUPPORT FOR SMALL AND MEDIUM BUSINESSES

Five Reasons It s Time For Secure Single Sign-On

EXPLORE MICROSOFT SHAREPOINT SERVER 2016 AND BEYOND #ILTAG70

Cisco CloudCenter Solution Use Case: Application Migration and Management

IT Enterprise Services. Capita Private Cloud. Cloud potential unleashed

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Top. Reasons Legal Teams Select kiteworks by Accellion

MObile. end. complexity

Choosing the Right Cloud. ebook

SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE

Protecting your Data in the Cloud. Cyber Security Awareness Month Seminar Series

Transcription:

Cloud Security: Constant Innovation without constant capital expenditure Presented by Richard Brown Wednesday 19 July 2017 CIO Summit Gold Coast, Australia

How do we combat evolving threats? Traditional way is not ideal Technology is moving at a rapid rate How do we keep up with innovation? How do I keep my capital costs from blowing out?

Abstract As a Service model is delivering: Better and constant innovation Ability to adopt new technologies faster Lowering cost (especially up front capital costs) Less vendor lock-in (in some cases) No waiting for an upgrade cycle Lowering your configuration and change management burden

Agenda Rapidly changing face of cyber security As a Service Model Addressing Security in the Cloud Case Study 1: AWS Case Study 2: Microsoft Office 365 Case Study 3: New Zealand Government Telecommunications as a Service model (TaaS) Case Study 4: Jellyfish (IdMaaS)

Historically Traditional data protection: the castle defence strategy Strong protection of the border involved: Restricted entry based on entry points (ports) Then came SPI, DLP etc On compromise only options were: Further restrict entry points Restrict access methods (eg VPN) Still have a host of vulnerabilities. Large capital expenditure Some of these are still all relevant, but

Today Rapidly changing landscape We need ever more flexible access Threats often don t use the front door The trusted insider threat Bring Your Own Device Systems are no longer just on premises but in the cloud too More of the enterprise is accessible via the internet. Access is by not just employees, but now also contractors, customers and partners Accessed any time from anywhere in the world Once your inside the network most organisations have very few restrictions.

The challenge Usability versus security Business now expects high levels of connectivity between applications, devices and individuals. Security must adapt to this. Security needs to: See past one box or solution. A layered approach gives greater assurance Authentication and encryption are essential components. Adapt to internet scale rather than enterprise scale. The boundary is still important

The internet of threats Gartner prediction of 25 billion connected things by 2020 Need to make them more useful Better relationships: Individual to individual, individual to device and device to device. Delegation with accountability (eg UMA) Improved security through Contextually aware dynamic decision making Improvement of Behavioral analytics Sharing while maintaining control More automation but still need the ability to have approval workflow and handle exceptions.

The future

The New Look Castle Next Generation Firewalls Boundary Protection still plays a role New and improved guards at the entrance: Heuristic techniques Content identification Rules based on user identification Decryption and inspection of secure packets Filtering and checking based on daily updates (eg URL and AV) *Image courtesy of Palo Alto Networks

Identity is KEY An entity may be: a person a device a third party Entities include users from outside the organisation and may represent a group or role. Organisations now need to gain an understanding of the relationships it has with identities. You need to get it right from the start and to the end Provisioning, update and de-provisioning are key

Access Control Seamless access to users to authorised systems Know who and what is accessing your data Provisioning rules Allow automated and supervisor approvals of special access

Authentication Go beyond passwords to: Ensure better level of authentication Hackers can t access data once past firewall Systems authenticate (not just users): Share data ONLY with other known and trusted systems Not with a hacker or foreign system

Multi Factor Authentication One of the most effective measures to prevent a cyberintruder MFA is the provision of multiple pieces of information Enables tasks such as system authentication. Edward Snowden proves why this can be so effective.

Encryption A compromise of your boarder will occur at some point. Protect your data using encryption Virtual Machines, Databases, Storage Devices, Files and folders, Applications (Office 365, Gmail, etc) On premises, in the cloud or hybrid solutions Encrypt TROPHY systems Protect the keys used for encryption from compromise and loss. Make sure you change keys regularly.

Keys Keys to the kingdom stay in control of the castle owner This is true for data kept: On-premise Cloud Hybrid Keeping the keys still means: The trusted cloud service providers host the data, but have no access to the information. On-premises administrators don t need to see the data to perform their roles Castle owner decides who has access to the information

Costs Sounds great, but sounds expensive: Huge capital outlay Large time to implement Have to evolve with the threats, so capital outlay is potentially every year and whenever a new threat is identified. So I need a massive budget that I can t determine in advance? Are you crazy?

All this can be accessed as a Service As a Service Model brings substantial benefits an Organisation It also keeps providers on their toes It s a WIN-WIN

Benefits for YOUR organisation Cost is less and has one way to go. Down! Keep up with latest security innovation Ease of transition Best protection available at a fraction of capital outlay Multiple security providers can be combined and replaced as need to maintain best of breed Business service management vs patch and upgrade management.

The Providers Easing the transition to another provider is no or low capital costs. This means: More not less competitors and choice over time Need to keep innovating and investing to stay relevant Need to keep costs low Need to offer more over time Capital costs amortised across subscribers Agility to evolve quickly: Maintain a service not patch level Only one version of product to maintain New features deployed centrally

Case Study 1: AWS Amazon Web Services Benefits Cost No capex Pay only for what you use No lock in. Reduce cost again by turning things off Ability to provision quickly Ability to quickly scale Elastic growth Easy to set up load balancing Multiple geographic locations

AWS keeps data safe The AWS infrastructure puts strong safeguards in place to protect customer privacy. All data is stored in highly secured AWS data centres You retain control and ownership over the region in which your data is physically located, making it easy to meet regional compliance and data residency requirements.

AWS Challenges Data sovereignty Security Privacy Industry specific compliance requirements for above Legal (subpoenas) Location of datacentres to meet data sovereignty retention laws or customer requirements. Insider threats

Further Securing AWS Automated provisioning and deprovisioning Single Sign On (SSO) Encrypted data stores Encrypted Virtual Machines Encrypted DB components Protect Apps

Case Study 2: Office 365 Office 365 Benefits Cost: Reduced Capex Pay only for what you use Bundled licences for end user tools included as part of subscription Access to familiar tools in the cloud 99.9% uptime guarantee

Office 365 keep data safe Trusted cloud security More control over your data security and compliance with built-in privacy, transparency and refined user controls Conforms to ISO/IEC 27018 which prohibits use of personal data for marketing Keeps data secure and protected both in transit and at rest. Multiple levels of approval and just-in time access with limited and time-bound authorisation

Office 365 Challenges Data sovereignty Security Privacy Industry specific compliance requirements for above Legal (subpoenas) Location of datacentres to meet data sovereignty retention laws or customer requirements. Insider threats

Further Securing Office 365 Trusted cloud security Email encryption Onedrive, Sharepoint encryption SSO to avoid password use by users MFA

Problems Systems not talking to one another: Legacy and new systems/applications No linkages/workflow Costly ad-hoc approach Allows gaps in security No one talks about the cloud providers trusted insider Jellyfish R can solve these problems

The Benefits Works with existing/future systems Improve end user productivity Do more with less Reduce capex/opex costs Automate Modular

Enhanced Security and Control Cross system workflow and communications Systems can: Share data seamlessly Make dynamic decisions Example is Logical talking to Physical: Provision/De-provision from either affects other Event on one affects another

CASB Capability Matrix

Thank You Thanks for listening. Please direct any further questions to: Richard Brown CEO, Cogito Group sales@cogitogroup.com.au www.cogitogroup.com.au cogitogroup Cogito Group Pty Ltd @CogitoGroup1

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback