cloud security today
play

Cloud Security Today Presenter: Jason Sheffield Topics What are - PowerPoint PPT Presentation

Nov 21, 2022 •32 likes •302 views

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology

  1. Cloud Security Today Presenter: Jason Sheffield

  2. Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology drivers Common use cases for Cloud security technologies What technologies exist to address risk? 2

  3. Designed for Controlled Access Old IT Security Architecture From Yesterday Web FW SWG VPN Data Center Endpoi Apps nt IPS

  4. Designed for Controlled Access Old IT Security Architecture From Yesterday SaaS IaaS Web FW SWG VPN Data Endpoi Center nt Apps IPS

  5. With Digital Transformation … Everything Changed SaaS IaaS Web FW SWG VPN Data Endpoint Center Apps IPS 5

  6. With Digital Transformation … Data is Everywhere SaaS IaaS Web FW SWG VPN Data Endpoint Center Apps IPS 6

  7. DATA FLOWS LIKE WATER 7

  8. LACK OF VISIBILITY 8

  9. COMPLEXITY 9

  10. CONTROLS CREATES FRICTION 1 0

  11. What is the Cloud? • Gartner defines the Cloud as a style of computing in which scalable and elastic IT- enabled capabilities are delivered as a service using Internet technologies. • Public Cloud: Computing, Networking, Server and Storage resources owned and operated by a third party Cloud Service Provider and delivered over the Internet. Public Cloud resources are shared with other organizations and separated into individual tenants. • Private Cloud: Computing resources used exclusively by one business or organization. In the Private Cloud services and infrastructures are maintained by your organization. Private Clouds can be physically located in your organizations data center or can be hosted by a third party service provider. • Hybrid Cloud: Hybrid Clouds are a mixture on-premise infrastructure, Private Clouds and Public Clouds. 11

  12. What is the Cloud?

  13. Who in the Organization is Buying and Why? 13

  14. How is the Cloud delivered: Key differences between Iaas, PaaS and SaaS 14

  15. Cloud Security Challenges and Risks Exposure Disrupt Sensitive data Malware upload to shared publicly sanctioned cloud Data Access Destroy Download to Ransomware personal device via cloud Theft Extort Exfiltration via Cloud account unsanctioned hijacking cloud INTERNAL RISK EXTERNAL RISK

  16. Current Cloud Security Report Enterprise Use of Cloud Services On average the number of cloud services in use per enterprise, there was an increase to 1,246 from 1,181 last report. Source: Netskope Cloud Security Report, October 2018

  17. Current Cloud Security Report CIS Benchmark Violations for AWS By category in the CIS benchmark for AWS, the majority of violations are in the Identity and Access Management category at 71.5 percent. Monitoring followed with 19.0 percent, Networking with 5.9 percent, and Logging with 3.6 percent. This may indicate that while many organizations have controls around cloud services and implemented things like multi-factor authentication (MFA) and single sign-on solutions, I/PaaS identity and access policies still need to be set. Source: Netskope Cloud Security Report, October 2018 17

  19. Cloud Security Technology Drivers • Professionals now work from multiple devices in multiple locations • Instantaneous sharing and collaboration happens through numerous applications • Firewalls cannot protect data stored throughout various cloud applications • Traditional security tools cannot provide visibility in the cloud • Non-enterprise cloud applications are consumed by end users without regard for their risk exposure 19

  20. Common Use Cases for Cloud Security Technologies Safely Enable Cloud Apps Discover Shadow IT Unified Cloud Policies Continuous Security Detect Cloud Threats Prevent Data Exfiltration Assessments 20

  21. What Technologies Exist to Address Risk? CASB & Cloud Security Platform Any SaaS User Analytics Policy Any IaaS Device Data Threat Any Web Protection Protection Location 21

  22. Mapping of Cloud Security Controls

  23. Mapping of Cloud Security Controls cont. Source: Peerlyst Post – Adrian Grigorof, February 2019

  24. What Technologies Exist to Address Risk Technical capabilities needed to address todays risk Data Loss Prevention Web Security Encryption Threat Protection Adaptive Access Control Anomaly Detection Visibility into Cloud Application Use Continuous Security Assessment 24

  25. Questions?

  26. Appendix • Netskope Cloud Report: https://resources.netskope.com/cloud-reports/netskope-cloud-report- october-2018

  27. Thank You!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste Orange Labs SEC2 ComPAS15 Workshop on Cloud Security Lille, June 30, 2015 Cloud Security Today Security = key concern in cloud adoption for the

2.73k views • 33 slides
Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined) Administrative discussions Stephen McCamant University of Minnesota Multi-Cloud Oblivious Storage Old and new topics in security Cloud threats, old and new

645 views • 8 slides
1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

Agenda Related Polices to Cloud Computing I. Guidelines for Information Security of Cloud II. Computing Cloud Security Certification Scheme in KOREA Cloud Security Certification Program in Korea III. April. 11, 2017 Jungduk (JD) KIM, Ph.

403 views • 5 slides
Old Man Yells at Cloud Computing Presented by: Terry Labach Information Security Services, IST

Old Man Yells at Cloud Computing Presented by: Terry Labach Information Security Services, IST

Old Man Yells at Cloud Computing Presented by: Terry Labach Information Security Services, IST December 4, 2019 Old Man Yells at Cloud Computing Old Man Yells at Cloud Computing PAGE 2 The plan for today Whats all this cloud

920 views • 39 slides
Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing Storage Computation High availability No maintenance Decreased Costs Elasticity & Flexibility Security and Privacy for Cloud

529 views • 36 slides
The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud

The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud

The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud Engineering Immunet, Inc. Monday, August 22, 2011 The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Chief Architect, Cloud

848 views • 68 slides
Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud Computing model. Presented By: Marissa Hollingsworth Overview What is Cloud Computing? Unique Security Concerns in the Cloud

556 views • 34 slides
Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by

Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by

Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by design Ecosystem integration Strong momentum Founded by Wireshark Cloud-native security Customer expansion mirrors co-creator and

247 views • 22 slides
Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security

Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security

Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security Cap-ex Free Resilience Infrastructure Elasticity Infrastructure Flexibility Sevices 5% of organizations have migrated at least 30% 41% 52%

540 views • 11 slides
CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns Hopkins University What is Cloud Computing ? Lets hear from the experts 2 What is Cloud Computing ? The infinite wisdom of the crowds (via

709 views • 38 slides
Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of

Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of

Agenda Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of Multi-Tier Cloud Security (MTCS SS584:2013) standard 2. To detail the deployment considerations and related initiatives Wong Onn Chee, Cloud

352 views • 6 slides
Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief

Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief

Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief Solutions Architect AWS Public Sector team Khawaja Shams Cloud Architect Jet Propulsion Labs / NASA QCon New York 2012 Agenda Identity &

594 views • 21 slides
Day 4 Cloud Resource Provisioning Plans Agenda for Today Cloud service providers offer cloud

Day 4 Cloud Resource Provisioning Plans Agenda for Today Cloud service providers offer cloud

Day 4 Cloud Resource Provisioning Plans Agenda for Today Cloud service providers offer cloud consumers a variety of service provisioning plans for computing resources. Today, we will look at these service provisioning plans that include

596 views • 34 slides
Cloud: How Big Is Your Risk? Prasidh Srikanth Booth #450 Agenda Cloud BYOD Security Booth

Cloud: How Big Is Your Risk? Prasidh Srikanth Booth #450 Agenda Cloud BYOD Security Booth

psrikanth@bitglass.com Booth #450 Surviving the Cloud: How Big Is Your Risk? Prasidh Srikanth Booth #450 Agenda Cloud BYOD Security Booth #450 Time Travel to 2004 Virtual Private Server Dedicated Server Shared Hosting Cloud Booth

498 views • 14 slides
WiF iFi security UW Madison CS 642 1 Announcements HW 3 (network security) out today

WiF iFi security UW Madison CS 642 1 Announcements HW 3 (network security) out today

WiF iFi security UW Madison CS 642 1 Announcements HW 3 (network security) out today Due April 2 nd Online classes going forward Testing out BBCollaborate Ultra today Recordings should be available Might use different

1.19k views • 27 slides
Secure Relocation: Understanding Data Security Dave Siegel Siegel

Secure Relocation: Understanding Data Security Dave Siegel Siegel

Secure Relocation: Understanding Data Security Dave Siegel Siegel Data Management (SDM) resources bring nearly 100 man-years of global business experience

519 views • 15 slides
Next Generation Security Adaptive | Intelligent | Resilient Scott Montgomery VP, Chief Technical

Next Generation Security Adaptive | Intelligent | Resilient Scott Montgomery VP, Chief Technical

NIST Cyber Security Framework & Healthcare IT Security Clarksville, MD | 22 April 2016 | Annual Spring Conference Next Generation Security Adaptive | Intelligent | Resilient Scott Montgomery VP, Chief Technical Strategist

523 views • 24 slides
A SECURITY REFERENCE ARCHITECTURE FOR CLOUD SYSTEMS Eduardo B. Fernandez Dept. of Computer

A SECURITY REFERENCE ARCHITECTURE FOR CLOUD SYSTEMS Eduardo B. Fernandez Dept. of Computer

A SECURITY REFERENCE ARCHITECTURE FOR CLOUD SYSTEMS Eduardo B. Fernandez Dept. of Computer Science and Engineering Florida Atlantic University Boca Raton, FL, USA http://www.cse.fau.edu/~ed ed@cse.fau.edu Secure Systems Research Group - FAU

1.08k views • 76 slides
Approaching Security from an "Architecture First" Perspective Rick Kazman, University

Approaching Security from an "Architecture First" Perspective Rick Kazman, University

Approaching Security from an "Architecture First" Perspective Rick Kazman, University of Hawaii Jungwoo Ryoo, Penn State University Humberto Cervantes, Universidad Autonoma Metropolitana-Itztapalapa An Architectural Approach

435 views • 24 slides
Security and Resilience Juan Torres, SNL April 21, 2016 Overview The "Security and

Security and Resilience Juan Torres, SNL April 21, 2016 Overview The "Security and

Security and Resilience Juan Torres, SNL April 21, 2016 Overview The "Security and Resilience" focus area has five main activities, based on the NIST cybersecurity framework, but expanded to all- hazards. Improve the Ability to

647 views • 6 slides
BitSight Security Ratings www.bitsighttech.com Trends 2 www.bitsighttech.com Increasing

BitSight Security Ratings www.bitsighttech.com Trends 2 www.bitsighttech.com Increasing

BitSight Security Ratings www.bitsighttech.com Trends 2 www.bitsighttech.com Increasing governance and assurance required Subsidiary Third Party Risk Risk Management Management Fourth Party Risk Benchmarking Management Cyber

407 views • 29 slides
Cyber Security for Non-Technical Managers Thursday, August 22, 2019 1:00 2:30 PM ET 2 1

Cyber Security for Non-Technical Managers Thursday, August 22, 2019 1:00 2:30 PM ET 2 1

8/22/2019 1 Cyber Security for Non-Technical Managers Thursday, August 22, 2019 1:00 2:30 PM ET 2 1 8/22/2019 How to Participate Today Audio Modes Listen using Mic & S peakers Or, select Use Telephone

255 views • 23 slides
MEETING JUNE 8, 2016 AGENDA Call to Order and Welcome 9:00 Michelle Mills, Chair Old Business

MEETING JUNE 8, 2016 AGENDA Call to Order and Welcome 9:00 Michelle Mills, Chair Old Business

EHEALTH COMMISSION MEETING JUNE 8, 2016 AGENDA Call to Order and Welcome 9:00 Michelle Mills, Chair Old Business 9:05 Approval of Minutes New Business 9:10 Review and Discuss Use Case for Master Data Management Carol Robinson,

512 views • 29 slides

More recommend