Csa Summit SF 2016 Slides

Welcome
The Malware Attack Fan-out Effect in the Cloud
Krishna Narayanaswamy, Chief Scientist, Netskope
Netskope 2015, Optiv Security Inc. 2015

We looked at hundreds of
enterprises sanctioned apps
4.1 %
SANCTIONED
UNSANCTIONED

Sanctioned
10% IT-led
Mostly Unsanctioned
70% Business-led
20% User-led

At least two dozen
ecosystem apps
per anchor
tenant app

IT estimates 30% business data is in cloud
With
unknown

What role does the
cloud play in
INSERT A CLOUD GRAPHIC
perpetuating
malware?

Infiltration and lateral movement phases of APTs

Other effects of malware
X&4$#(@!h~
Presentation.pptx
PO.docx
&6z^*ub$4)!~
Financials.xlsx
+0$%^&vb@!
BusinessPlan.pptx
bw@$59&*@!!+=
X&4$#(@!h~
Presentation.pptx
&6z^*ub$4)!~
PO.docx
+0$%^&vb@!
Financials.xlsx
bw@$59&*@!!+=
BusinessPlan.pptx
X&4$#(@!h~
Presentation.pptx
PO.docx
&6z^*ub$4)!~
Financials.xlsx
+0$%^&vb@!
BusinessPlan.pptx
bw@$59&*@!!+=
X&4$#(@!h~
Presentation.pptx
PO.docx
&6z^*ub$4)!~
Financials.xlsx
+0$%^&vb@!
BusinessPlan.pptx
bw@$59&*@!!+=

The cloud malware
attack fan-out in action

ENCRYPT PORTIONS
ROBUST CIPHERS MEMORY ONLY KEY
OF FILES FOR
RSA-2048, AES-128 STORAGE
SPEED
FILE NAMES
ENCRYPT
SCRAMBLED TO
IMPORTANT FILES
THWART
FIRST
DECRYPTION

BACK UP versions of critical data
IN
DETECT malware in sanctioned apps by scanning content-at-rest
REAL-
DETECT incoming malware from sanctioned and unsanctioned apps
LOOK for anomalous behavior indicative of malware
MONITOR for data exfiltration TIME

Ensure critical content is backed up and that
prior versions are easily available in the event of
a fan-out attack involving ransomware. Enable
trash and set default purge to 1+ weeks.
1. BACK UP
CONTENT; v1
v2
ENABLE v3
TRASH

Detect and quarantine malware in sanctioned
apps. Detonate in sandbox. Ensure full
eradication through the cloud, network, and
endpoint.
2. DETECT
MALWARE IN
SANCTIONED
APPS
?
Detect and quarantine incoming malware in real-
time. Detonate in sandbox. Ensure full
eradication through the cloud, network, and
endpoint.
3. DETECT
INCOMING
MALWARE
? ?
?

Detect anomalous behavior in real-time that
indicates malware
4. LOOK FOR
ANOMALIES X&4$#(@!h~
Presentation.pptx
PO.docx
&6z^*ub$4)!~
Financials.xlsx
+0$%^&vb@!
BusinessPlan.pptx
bw@$59&*@!!+=

Detect sensitive data exfiltration in real-time
1011
0110
5. MONITOR 0101
Enterprise DLP
Data upload
FOR DATA Sanctioned or unsanctioned
1011
EXFILTRATION 0110
0101
SENSITIVE
1011
0110
THANK YOU!

Evolving Roles and Responsibilities in an
Age of Constant Technological Innovation
Luis A. Aguilar, Former Commissioner of U.S. Securities
and Exchange Commission
Centralizing Cloud Security in a De-Centralized World
John Stewart, SVP, Chief Security and Trust Officer, Cisco

Rajiv Gupta, CEO and Co-Founder, Skyhigh Networks
Private and Confidential

2016 is a Watershed Year for Cloud
77
Skilled Security Professionals Needed
78
New Control Point for Cloud Security
1,154
cloud Services used on ave.
Partners
Control
Point
BYO
Customers
Network
Device Device
79
Latest Cloud Security Guidance from Gartner
Cloud Access Security

Broker (CASB) is a
required security
platform for
organizations using
cloud services.
80
Latest Cloud Security Guidance from Gartner
Security leaders
should deploy CASB for
the centralized control
of multiple services
that would otherwise
require individual
management
81
CASB Should Be Delivered via the Cloud
"The SaaS form factor (of CASB) is appreciably more popular than the on-premises
flavors of this technology, and it is increasingly the preferred option for most use cases.
faster UEBA no traffic

deployment, requires pinning back
lower cost cloud scale to premises
82
CASBs are the Control Point for the Cloud
Gartners
4 Pillars of CASB
1. Visibility
2. Threat Protection
CASB
3. Compliance
4. Data Security
Mobile & Vendors &
Remote Enterprise Partners
83
Gartners
4 Pillars of CASB
1. Visibility
CASB
3. Compliance
4. Data Security
Mobile & Vendors &
84
Gartners
4 Pillars of CASB
1. Visibility
CASB
3. Compliance
4. Data Security
Mobile & Vendors &
85
Gartners
4 Pillars of CASB
1. Visibility
CASB
3. Compliance
4. Data Security
Mobile & Vendors &
86
Gartners
4 Pillars of CASB
1. Visibility
CASB
3. Compliance
4. Data Security
Mobile & Vendors &
87
Gartners
4 Pillars of CASB
1. Visibility
CASB
3. Compliance
4. Data Security
Mobile & Vendors &
88
Gartners
4 Pillars of CASB
1. Visibility
CASB
3. Compliance
4. Data Security
Mobile & Vendors &
89
Cloud Security Reference Architecture
Shadow Sanctioned Fundamental Tenets
IT IT
1. Enable not prevent
Web 2. Leverage and extend
Proxy
CASB Key
KMS
3. No friction, no agents
Mgmt
IDM
CASB On-Premises
Firewall Connector
DRM
Web Proxy SIEM
DLP KMS
On-Premises User Directory Remote Users
Remote Users MDM
Token Database IDM UEBA / Third-Party
Users
On Premises Users
90
IT IT
Proxy
CASB Key
KMS
Mgmt
IDM
CASB On-Premises
Firewall Connector
DRM
Web Proxy SIEM
DLP KMS
Remote Users MDM
Users
On Premises Users
91
IT IT
Proxy
CASB Key
KMS
Mgmt
IDM
CASB On-Premises
Firewall Connector
DRM
Web Proxy SIEM
DLP KMS
Remote Users MDM
Users
On Premises Users
92
IT IT
Proxy
CASB Key
KMS
Mgmt
IDM
CASB On-Premises
Firewall Connector
DRM
Web Proxy SIEM
DLP KMS
Remote Users MDM
Users
On Premises Users
93
Visibility without Accuracy is More Harm than
Good
Comprehensive Governance False Sense of Security
99%+ 54%
94
Dont Store Customer Data in the CASB
Security, privacy, and EU compliance New security risk introduced
110456687
tim@GF.com
274583458909
Alexandria, VA
438734 8734180
IP: 254.369.1.1.5598 HR______
326797845978 65489376 2772 _
Frank Cook San Jose, CA EID: 1298
35254365477 4562547473 134
IP: 254.369.1.1.5598 NID: 3677
321455315 3456543 31 87899966 993439
Cynthia@GF.com Waltham, MA Engineering
54383 95 1325143513 145345 12351235124
SSN: 622-44-990 IP: 254.377.1.1.8378 EID: 1368
2345259975788 45788845 780870876 237809
SSN: 455-76-0098 Patient ID: 24887-8993
78043875201382344 6756854 565367377
Tokenized In the clear
95
Dont Flood your SOC
Dozens of Incidents Thousands of False Positives
Static Thresholds
Cross-App UBA + Machine Network Effects:
Learning
Activity Cross-Customer
Model Modeling
96
Encrypt with Care
Contact Owner Ben Wallace Contact Owner Ben Wallace

Contact Name Jordan Pinkerton Contact Name
Beneficiary Number J-504-337-AM Beneficiary Number
Social Security Number 610-46-5447 Social Security Number
dont peer and own

break academia your
the app reviewed keys
97
Parting Guidance
2016 is the Some of

Cloud use is year of your peers
inevitable deploying are already
CASB
peer and there!
academia
reviewed
98
Leverage your CSA Peer Network
Kevin Winter Otto Chan Steve Martino Robert Webb Lakshman Charanjiva Jerry Brady
Booz Allen Hamilton Royal Bank of Canada Cisco Etihad Aviation Florida Power and Light Morgan Stanley
Brian Lillie Alissa Johnson Jim Routh Myrna Soto Michael Keithley Stephen
Ward
Equinix Stryker Aetna Comcast CAA
TIAA-CREF
Richard Pucket Jay Leek Dave Smoley Mike Benson Chris Camacho Mark Morrison
GE Blackstone AstraZeneca DIRECTV Bank of America State Street
99
Break
Vinay Patel, Chairman
www.cloudsecurityalliance.org
The voice of the Cloud Computing consumer
Leading security experts from large multi-national

enterprises
Tasked to advise CSA on strategy from an enterprise

point of view
Active participants in community security events
A public advocate for enterprise-grade security in the

cloud
Copyright 2016 Cloud Security Alliance www.cloudsecurityalliance.org

Good and Bad: cloud provider security is uneven
Better alignment between providers and enterprises

needed
Need provider collaboration and transparency
Forceful regulatory body engagement needed
Major industry skills gap

Annual State of Cloud Security report at RSA
Conference
Initial report: https://cloudsecurityalliance.org/geab/downloads
Speaking at CSA and other industry events

https://cloudsecurityalliance.org/events/
Follow us, help us, work with us:

Web: https://cloudsecurityalliance.org/geab
Email: geab@cloudsecurityalliance.org
Twitter: @csageab

Overcoming the Top Threats to
Cloud Computing
Rich Campagna, VP Products and Marketing, Bitglass
Rohit Gupta, Founder & CEO, Palerra
Sami Laine, Principal Technologist, CloudPassage
Erik Peterson, Director of Technology Strategy, Veracode
Raj Samani, VP, CTO, Intel Security EMEA
Wolfgang Kandek, CTO, Qualys, Inc
CSA Top Threats for 2016
1. Data Breaches 7. APTs

2. Compromised Credentials 8. Data Loss
and IAM 9. Due Diligence
3. Insecure APIs 10.Nefarious Use and Abuse
4. System and App 11.Denial of Service
Vulnerabilities 12.Shared Technology
5. Account Hijacking Issues
6. Malicious Insiders
www.cloudsecurityalliance.org 109
Lunch
Planes, Trains, and Automobiles, and Ships, and
the Internet of Everything.
An Irreversible Course into the Cloud's MIST

Driving Revolutionary Evolution
OR
Jerrys Photo Show

GLEN DEVON FARM, BEN VENUE, VA
MIST
Solving todays problems is necessary but not sufficient
Conventional thinking must give way to radical innovation
Failure will be painful and likely catastrophic !

SHENANDOAH MOUNTAIN MORNING
Copyright 2016 Cloud Security Alliance MILAGRO
EVERY ONCE IN A WHILE, A REVOLUTIONARY PRODUCT COMES
ALONG THAT CHANGES EVERYTHING.
-- 2007 Steve Jobs regarding the iPhone
The simple evolution 8 years ago of the iPod has changed the world
Today more smartphones are sold than babies borne in the world x5
Today 50% of the worlds adult population has a smartphone
By 2020, 500 million Africans will own a smartphone
Revolutionary Evolution is all around us
Our World is turning upside down !

OLIVER LEARNING ABOUT IPHONES
NOW, HERE, YOU SEE, IT TAKES ALL THE RUNNING YOU CAN DO, TO
KEEP IN THE SAME PLACE. IF YOU WANT TO GET SOMEWHERE ELSE,
YOU MUST RUN AT LEAST TWICE AS FAST AS THAT!
Lewis Carroll, Through the Looking Glass
Our world is on a revolutionary trajectory equal to free-falling UP a

cliff
Cyberspace is rapidly, continuously and unpredictably evolving
A spectrum of massively large, to the massively small
From linear to exponential
LOLA AND OLIVERS MORNING SHOWER We arewww.cloudsecurityalliance.org

in the MIST !
"IN EVOLVING SYSTEMS, BURSTS OF SIMPLICITY OFTEN CUT THROUGH
GROWING COMPLEXITY AND ESTABLISH A NEW BASIS FOR
COMPLEXITY TO GROW.
-- Brian Arthur Santa Fe Institute
Yahoo now releases new software everyday
Amazon has a new software release every 11 seconds
Hackers release new malware every 200 milliseconds, &
Today, only 41% of web traffic is originated by humans
By 2018, 20% of all business content will be authored by machines

SWAN FEATHER Copyright 2016 Cloud Security Alliance
"SCIENCE DOESN'T ADVANCE AS A ACCUMULATION OF NEW IDEAS BUT
BY OCCASIONAL REVOLUTIONARY EXPLOSIONS - A PARADIGM SHIFT."
-- Thomas Kuhn in his book The Structure of Scientific Revolutions
By 2018, more than 3 MM workers will be supervised by a "roboboss
Machines are evolving so rapidly that humans will be left far behind
By 2018, smart machines exceed staff in 50% of fast growing firms
Was the Internet was merely the "butterfly effect !

A FLUTTER Copyright 2016 Cloud Security Alliance
JUST THE FACTS MAAM
-- Joe Friday Dragnet
MIST Systems will know who we are and have significant influence
on our actions - in ways we won't understand
Even what we think
Governments will leverage data from all of the intelligent devices
Legal protections will be extended to systems
Significant diffusion of computing, resulting in disintermediation

of traditional government and business models, creating diffuse
accountability or attribution !
DEBATE AT TOWN HALL IN WASHINGTON, VA Cloud Security Alliance
Copyright 2016
"THEY CAME IN THE HOUSE, STOLE EVERYTHING, THEN BURNED DOWN
THE HOUSE. THEY DESTROYED SERVERS, COMPUTERS, WIPED THEM
CLEAN OF ALL THE DATA AND TOOK ALL THE DATA.
-- Chief Executive of Sony Pictures, Michael Lynton
No fallback
There is no path back
Society is now past the point of no return
We are accelerating toward uncertain future
Security is not an option, it is an imperative forwww.cloudsecurityalliance.org

our future !
STORE IN SARATOGA, WYOMING Copyright 2016 Cloud Security Alliance
KILLING ALL THE SNAKES ON YOUR FRONT PORCH DOES LITTLE TO
CHANGE THE NUMBER OF SNAKES IN YOUR FRONT YARD."
-- Dan Geer
MIST is all about action Security needs to reflect a new reality
Trust cant be assumedEverything must be validated before

action
New Boundaries Embedded applications must self-defend
Containment Failures must be contained and acceptable

Embedded Tools for monitoring, blocking, etc
BULL SNAKE Copyright 2016 Cloud Security Alliance
What lives and dies [will be] based on human desires and choices, not
the natural ability to reproduce and thrive
-- Juan Enriquez, Harvard Professor and Genomist
Because in the future someone will

choose who and what we are !!!
A STORM IS COMING Copyright 2016 Cloud Security Alliance
Chief Enterprise Architect
GE Digital
rafal@ge.com
Disclaimer
The views and opinions expressed in this presentation are my own and do not
Imagination at work necessarily represent the views or opinions of the General Electric Company or any of its
subsidiaries.
Migration Pattern of Enterprise Data
Identity Management Service Management Data Governance
Enterprise Datacenter Enterprise Datacenter DMZ Ent Cloud Apps & XaaS
100% 75% 25 10 90
% % %
Trusted Trusted All Mobile Trusted Untrusted All Mobile Trusted Untrusted
Office of Yesterday Office of Today Office of Tomorrow
Trusted Untrusted
If we move 90% of our workloads to the cloud why are most employees on a corporate network?
Copyright 2016 Cloud Security Alliance 1
IRON Internet Routed Only Networks
All Internet Office

Transport
Router: ISP circuit
3d
r Proxy
Protection PIT
Part
y
C Support: 3rd Party
MGT
Tunnel
Users:
Remote Access / Collaboration
Wireless default mode for access (80%)
Video through external providers
All documented address space
All traffic default route to proxy provider
End points managed over the internet
Site as a service model, no servers at site

Enterprise Ecosystem Proxy In The Cloud
Data Loss Prevention Protect & Control Traffic

Tools preventing intellectual property leaks Solutions that cover all access modalities
DLP Access
Virus and Malware Signatures
Tools to prevent known threats Open sourced and custom detection
and mechanisms Prevent Detect
Intelligent Data
PITC Industry Collaboration
Aggregate information to inform Logs Learn
Participate in industry knowledge share
security teams
User Identification Auth Policy Single Experience

Validate user identity Policy follows the user no matter the location
Enterprise Benefits Strategic Direction

Single vendor to manage policy Inspection and protection built into the solution
Security controls to protect all traffic Under the hood functions not seen by end users
Resilient and Redundant configuration Able to apply policy and strategy to new acquisitions

Why does legacy VPN fall short of enterprise needs?
What really VPN allows 65,535 TCP/UPD Ports

Extends full corporate network to host
grinds my Access lists are not enterprise manageable
Programs move and change IP addresses
gears: Host inspection takes time (60-120sec)
PIN + Token means users do the security work
Tunneling 100% traffic back over links for
security
Double paying for internet traffic (cloud apps)
Concentrators can be DDOSed (ex: vpn.company.com)
We need a new approach to remote access to meet

our enterprise application, security, and cost
needs.

Endpoint Egress Strategy
Internet PITC
Intelligent Routing
(Use DNS for Transparent Proxy)
Hot Spot
MyApps
Guest
Corp Policy Guest Policy
Corporate Device Visitor + BYOM
Consume application based access rather than consume over privileged tunnels

Thank you, any questions ?

Rethink Security
Cloud Security Alliance,
Feb 29th, 2016
Bill Mann
Chief Product Officer
2016 Centrify Corporation. All Rights Reserved. 136
Copyright 2016 Centrify Corporation. All Rights Reserved. 136
Born in the Cloud

Future
Mac and Access

Chromebooks Mobile SaaS IaaS Anywhere
No Physical Boundaries

Hybrid-IT Mindset Change
De-perimeterization
Data is Everywhere
Intranet is No Safer than the Internet

Rethink:
Identity is the New Perimeter

They are Worried About
Resource Devices Identity

Apps Servers Mobile Mac PC Chromebook
BeyondCorp
Securely Identifying the User
Securely Identifying the Device
Removing Trust From the Network

Copyright 2016 Centrify Corporation. All Rights Reserved. http://blogs.wsj.com/digits/2015/05/13/google-moves-its-corporate-applications-to-the-internet/ 142
Identity at the Center of Cyber Attacks
Nearly 50% of Security Breaches are Caused by Compromised Identities1
(1) Nearly half of all data breaches in 2014 were caused by stolen or misused credentials, according to the Verizon 2015 Data Breach
Investigations Report.
2016 Centrify Identities
Corporation. consist
All Rights of credentials such as usernames and passwords, permissions, privileges and other attributes and are
Reserved. 143
the principal means by which applications and systems grant users access to data.
Multiple Points in the Cyber Attack Chain
Breach accomplished
Initial attack on End User Leverage

account access
of Privileged
User
Hackers Target Both End and Privileged Users

Hybrid IT Needs an Identity Security Solution that
CLOUD (IAAS & PAAS)
APPLICATIONS
NETWORK Secures Access

DEVICES
to Apps & From Any
DATA CENTER SERVERS
Infrastructure Device
BIG DATA
For
All Users
END USER PARTNER
PRIVILEGED IT OUTSOURCED IT
USER
CUSTOMER

Rethink:
Identity Security Advantages
Identity Security Minimizes Attack Surface Across Hybrid IT
DANGER
GOOD
Too many passwords
Too much privilege
Basic Authentication
Consolidate Identities
MFA Everywhere

MFA Everywhere
All users
All Apps & Resources
VPNs
OATH Tokens
CAC/PIV SmartCards

DANGER
GOOD
Too many passwords BETTER
Too much privilege
Basic Authentication
MFA Everywhere
SSO & Provisioning
Context-aware policy

App SSO and Provisioning
Kill Passwords Mobile App Provisioning

Demand SAML BYOD Friendly

Context-Aware Policy
for all App and Resources
DEVICE WHO WHEN WHERE
Approve
Deny

DANGER
GOOD
Too much privilege
Basic Authentication OPTIMAL
MFA Everywhere
SSO & Provisioning
Least Privileged Management
Auditing
IaaS and Outsourced IT
Least Privileged Access and Auditing
RIS
K
Privilege Elevation
With MFA
root
Service Account
root Change Web Server Config
Tony Restart Web Server Backup Files
Reduce Risk by Not Sharing Service Accounts,

BUT Login as Yourself and Elevate Privilege

IaaS and Outsourced IT
Directory Anywhere
Privileged Identity
Management for IaaS
Centrify
Identity Platform
Federated Identity
Management for Outsourced IT
OUTSOURCE
ENTERPRISE
Directory Directory
DANGER
GOOD
Too much privilege
Basic Authentication OPTIMAL
MFA Everywhere
SSO & Provisioning
Least Privileged Management
Auditing
2016 Centrify Corporation. All Rights Reserved.
IaaS and Outsourced IT 155
Identity is the New Perimeter

Identity Security Survey
http://svy.mk/24eZnUn
The CSA Top Threats report has identified
insufficient identity, credential and access
management as top concern for 2016.
Should take no longer than 10 minutes
Responses are anonymous and confidential
Enter for a chance to win great prizes!
1 of 10 CCSK Test Tokens
Drone with camera and LCD display
Video & voice Wi-Fi door bell (CSA/RSA Special)

Thank You

Trusted Cloud
Doug Hauger
General Manager, Trusted and National
Cloud
Microsoft Corporation
To promote the use of best practices
for providing Security Assurance
within Cloud Computing, and
provide education on the uses of
Cloud Computing to help secure all
other forms of computing.
How are we collectively
doing at providing
assurance that the cloud
is secure and can be
trusted?
Poll
How many of you trust

on-premises infrastructure
more than public cloud?
Which
Trust Cloud Trust Both
approac More, 20% About
h do IT the Same, 32%
decision
makers Trust On-
Premises More,
trust 48%
more?
Opportunity: Almost 50% of IT Decision Makers across 13 countries arent

assured today that the cloud can be trusted at least as much as an on-
premises solution.
Q42. Thinking about on-premises vs. 3rd party cloud solutions, which do you typically trust more?
Where do
cloud
purchase Trust
decision On-
makers trust
placing high
2
Premise
priority s, 83%
workloads? Trust
the
1
Cloud,
36%
47% Cloud Assurance
Opportunity
Q38-41MA. Please indicate how much you trust each of the following different types of infrastructure based on what priority of workloads you would be willing to put on each.
Security is the
biggest
concern but 7 51%
what else? 6 12%
5 10%
The most
important 4 7%
criteria 3 5%
2 4%
1 11%
Q95. You mentioned that more than one criteria were most important to your decision. If you had to choose, which of the following is most important?
Security
assurances
we need to
deliver Cybersecurity. What measures do you have in place to help me address
cybercrime threats such as hackers, DDOS and other attacks?
Data Leakage Prevention. What integrated controls do you have to enable me to

detect and prevent data leakage?
Encryption. Do you encrypt all data in transit between us and your data centers?
Do you encrypt data in transit between data centers, and provide built-in tools
for customers to enable further encryption capabilities for stored data?
Identity and Access Management. Do you provide support for extending my

authentication strategy to the cloud, including support for multi factor
authentication?
Q58. What specific security concerns do you have with 3rd party public cloud that you dont have with your on-premises solutions?
Privacy and
Control
assurances International privacy standards. Do your enterprise cloud services meet the
we need to strictest data protection requirements?
deliver Control of Access . Do your cloud services allow me to control access to, and
sharing of my data, including by your staff?
Location of Data. Do your offerings allow choice and control over where to
store your data, including backups?
Data Deletion. If I delete data or terminate my contract, can you assure me

that my data is really gone?
Q58. What specific privacy concerns do you have with 3rd party public cloud that you dont have with your on-premises solutions?
Compliance
assurances Compliance Standards. Can you tell me what international
we need to standards you are compliant with across all of your products and
deliver services to help me meet my obligations?
Compliance Reports. Can you provide me with access to your

compliance reports for my auditors?
Auditing. Do you subject your services to rigorous independent

third party audits and is there a mechanism to audit your services
and data centers?
Compliance in regulated sectors. I have specific regulatory

requirements. Can you help me understand what I need to do on
your systems to achieve and maintain compliance?
Q58. What specific compliance concerns do you have with 3rd party public cloud that you dont have with your on-premises solutions?
Transparency Access to my data? Do you provide me with visibility into
assurances where my data is stored and who has access to it and why?
we need to
deliver Breach Notifications. Do you (and when do you) notify me
when there is a breach? Do I have visibility into what
happened and why?
Requests for data. Do you disclose customer data to any

government (or third party) unless compelled to do so by legal
demand? Do you notify me when access to my data has been
requested?
Incident management. If I experience an issue such as an

outage or cybersecurity attack, how do I find out what is
happening and what the resolution is?
Q58. What specific transparency concerns do you have with 3rd party public cloud that you dont have with your on-premises solutions?
www.microsoft.com/trustedcloud
www.microsoft.com/trustcenter
Containers:
Risks and Opportunities
Sol Cates Daniel Clayton

Chief Security Officer Head of Customer Security Operations
Vormetric Rackspace
@solcates daniel.clayton@rackspace.com
Vormetric Data Security Platform
Data-at-rest encryption ready for the next use case
Global New
Product
Innovation Award
Customers
1,500+ Customers Across 21 Countries
17 of Fortune 30
20+ Cloud and Hosting Providers
Excellence in
Global Presence
Rookie Partner Government
of the Year Data Security
Global Headquarters - San Jose, CA, USA

EMEA Headquarters - Reading, UK
APAC Headquarters - Singapore
Vormetrics Data Security Platform enables confidence, speed, and trust

by encrypting the data that builds businesswithout disruption.
Proactive Detection
Our Security
Rapid Response
Approach
Deep Expertise
Containers Are All The Rage
Driven by the opportunities created
Infrastructure Evolution
Off the chart stats*
97% net usage / purchasing

intention enterprises
18,802% Yr/Yr Github

download growth
1,720% increase Docker

job openings
*ETR, April 2015
Slide No: 177 Copyright 2016 Vormetric, Inc. All rights reserved.
Fools Rush in Where Angels Fear to Tread?
Is security and compliance being left behind?
Container Use in the Cloud
Source: 451 VotE Cloud, Q1 2015; n=991
Complexity & Response Times
Behavioral Analytics
RESPONSE TIMES
Endpoints/Host Visibility
Anomaly-Based
Network Detection
COMPLEXITY
Modern security
programs
must enable the business
Containers 101
VMs vs. Containers
Ap
App A App A App B
Containers are isolated,
pA but share an operating system,
Bins/Lib Bins/Lib Bins/Lib
and, where appropriate, bins/libraries
s s s
Containe
V
r M
Guest Guest Guest
OS OS OS
A
App
A
App
A
App
B
App
App B
B
App
r
Docke
Containe
Hypervisor ( Type 2) r
Bins/Lib Bins/Libs
s
Host OS
Host OS
Host
Server
OS
Server
Containers 101
Images are Layer
Docker
Basic Components
DOCKER_ HOST
Client Registr
Docker daemon y
docker build
Containers Images
docker pull
docker run
Leaky Holes Create Risk and GRC Challenges
Can sink the ship the containers rode in on
App1 App2 App3 Application security concerns

- Traditional application security
Data and network access Bins/Libs Bins/Libs Bins/Libs and compliance concerns
unchecked - Now deployed at an incredible
- BYO controls pace
Docker Engine
Operating System Docker runs as root

Governance - Everyone has access to
- What is the system? everything
- Where is the data? Network and Storage Infrastructure - Docker images and data visible
- How or do you patch?
- ? ? ? Host Volumes NAS (volume plugins)
Lots of data storage options
volumes_from Clustered File Systems - Lack of controls
- Clear-text data
Infrastructure control
- Who owns?
- Trust?
Slide No: 9
Security Operations The Triple Stack
Host Based Protection

Context rich data Host Based
Real-time access Protection
Net Based Protection

Visibility
Net
Inbound and outbound C&C traffic Based
Protection
Security Analytics
Advanced analytics engine Security
Big data Analytics
The Triple Stack Applied To Containers
Challenges
Shared Kernel Host Based
Limits Visibility Protection
Hinders
Cyber Hunting
Net
Based
Protection
Advantages
Minimizes Attack Security
Surface Analytics
Segmentation
Challenges
Host Based
Increased
Complexity
Protection
Inter-Application
Comms. for
Net
Individual
Network Stack
Based
Protection
Advantages Security
Software Defined Analytics
Networks
Prescriptive
Whitelisting
Challenges
New Challenge Host Based
to Protection
Deliver Analytics
at Huge Scale
Advantages Net
Based
Simplified Protection
Behavioral
Analytics Capability
Security
Analytics
Vormetric Container Deployments
Controlling and securing Docker environments and data
Secure Container Volumes Protect Private Registry

Protect & control data from being inappropriately Protect & control who can pull and push
accessed or carried away to the registry
Secure Application Data Control Containers

Application-layer encryption and tokenization Control access to what processes and users can
protects the data within the container and out access inside / outside containers
Slide No: 13
Carina by Rackspace
Carina by Rackspace
Carina by Rackspace provides a hosted environment for creating Docker

containers that allows the user to run & deploy apps faster with improved
reliability and reduced complexity.
FEATURES & BENEFITS SECURITY: HOW IT WORKS
Simplicity of a zero infrastructure environment Controlled and encrypted access through TLS
managed by expert Rackers API-only access and AppArmor container isolation
Speed of bare metal infrastructure and instant-on implement additional security barriers
capabilities Constant testing against latest vulnerabilities and
Greater control & flexibility with native Docker tooling automatic platform upgrades minimize attack
surface
Learn More
Vormetric and Rackspace Securing Docker
For more information:

rackspace.com/security
getcarina.com
Visit us
#3221 North Hall
Cloud Security Alliance Summit
Entrepreneurship in Information Security
17 years old
471 horsepower
0 to 60 3.8 seconds
$ 400K
2013 model year

707 horsepower
0 to 60 2.9 seconds
$ 69K
207
209
Thank You
@RobertHerja Robert HerjavecGroup.co

vec Herjavec m
Cloud and the Enterprise 2016
Moderator: Robert Herjavec, CEO, Herjavec Group
Eran Feigenbaum, Director of Security, Google for Work, Google
Rajan Kapoor, Lead, Trust & Security Dropbox
Daniel Clayton, Customer Security Operations at Rackspace Global
Enterprise Security, Rackspace
Tim Rains, Director of Security, Microsoft
Thank You!

Csa Summit SF 2016 Slides

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Csa Summit SF 2016 Slides

Uploaded by

Copyright:

Available Formats

Welcome

The Malware Attack Fan-out Effect in the Cloud

Krishna Narayanaswamy, Chief Scientist, Netskope

Netskope 2015, Optiv Security Inc. 2015

Netskope 2015, Optiv Security Inc. 2015

Netskope 2015, Optiv Security Inc. 2015

Netskope 2015, Optiv Security Inc. 2015

Netskope 2015, Optiv Security Inc. 2015

Netskope 2015, Optiv Security Inc. 2015

Netskope 2015, Optiv Security Inc. 2015

Netskope 2015, Optiv Security Inc. 2015

Netskope 2015, Optiv Security Inc. 2015

Netskope 2015, Optiv Security Inc. 2015

LOOK for anomalous behavior indicative of malware

MONITOR for data exfiltration TIME

Netskope 2015, Optiv Security Inc. 2015

Netskope 2015, Optiv Security Inc. 2015

Netskope 2015, Optiv Security Inc. 2015

Netskope 2015, Optiv Security Inc. 2015

John Stewart, SVP, Chief Security and Trust Officer, Cisco

Private and Confidential

Cloud Access Security

faster UEBA no traffic

Tokenized In the clear

Contact Owner Ben Wallace Contact Owner Ben Wallace

dont peer and own

2016 is the Some of

Leading security experts from large multi-national

Tasked to advise CSA on strategy from an enterprise

Active participants in community security events

A public advocate for enterprise-grade security in the

Copyright 2016 Cloud Security Alliance www.cloudsecurityalliance.org

Better alignment between providers and enterprises

Need provider collaboration and transparency

Forceful regulatory body engagement needed

Major industry skills gap

Copyright 2016 Cloud Security Alliance www.cloudsecurityalliance.org

Speaking at CSA and other industry events

Follow us, help us, work with us:

Copyright 2016 Cloud Security Alliance www.cloudsecurityalliance.org

1. Data Breaches 7. APTs

An Irreversible Course into the Cloud's MIST

Jerrys Photo Show

Conventional thinking must give way to radical innovation

Failure will be painful and likely catastrophic !

Today 50% of the worlds adult population has a smartphone

By 2020, 500 million Africans will own a smartphone

Revolutionary Evolution is all around us

Our World is turning upside down !

Our world is on a revolutionary trajectory equal to free-falling UP a

A spectrum of massively large, to the massively small

From linear to exponential

LOLA AND OLIVERS MORNING SHOWER We arewww.cloudsecurityalliance.org

Yahoo now releases new software everyday

Amazon has a new software release every 11 seconds

Hackers release new malware every 200 milliseconds, &

Today, only 41% of web traffic is originated by humans

By 2018, 20% of all business content will be authored by machines

By 2018, more than 3 MM workers will be supervised by a "roboboss

By 2018, smart machines exceed staff in 50% of fast growing firms

Was the Internet was merely the "butterfly effect !

Governments will leverage data from all of the intelligent devices

Legal protections will be extended to systems