Professional Documents
Culture Documents
UNSANCTIONED
Mostly Unsanctioned
70% Business-led
20% User-led
With
unknown
X&4$#(@!h~
Presentation.pptx
PO.docx
&6z^*ub$4)!~
Financials.xlsx
+0$%^&vb@!
BusinessPlan.pptx
bw@$59&*@!!+=
X&4$#(@!h~
Presentation.pptx
PO.docx
&6z^*ub$4)!~
Financials.xlsx
+0$%^&vb@!
BusinessPlan.pptx
bw@$59&*@!!+=
FILE NAMES
ENCRYPT
SCRAMBLED TO
IMPORTANT FILES
THWART
FIRST
DECRYPTION
IN
DETECT malware in sanctioned apps by scanning content-at-rest
REAL-
DETECT incoming malware from sanctioned and unsanctioned apps
1. BACK UP
CONTENT; v1
v2
ENABLE v3
TRASH
2. DETECT
MALWARE IN
SANCTIONED
APPS
?
Netskope 2015, Optiv Security Inc. 2015
Detect and quarantine incoming malware in real-
time. Detonate in sandbox. Ensure full
eradication through the cloud, network, and
endpoint.
3. DETECT
INCOMING
MALWARE
? ?
?
4. LOOK FOR
ANOMALIES X&4$#(@!h~
Presentation.pptx
PO.docx
&6z^*ub$4)!~
Financials.xlsx
+0$%^&vb@!
BusinessPlan.pptx
bw@$59&*@!!+=
1011
0110
5. MONITOR 0101
Enterprise DLP
Data upload
FOR DATA Sanctioned or unsanctioned
1011
EXFILTRATION 0110
0101
SENSITIVE
1011
Netskope 2015, Optiv Security Inc. 2015
0110
THANK YOU!
77
Skilled Security Professionals Needed
78
New Control Point for Cloud Security
1,154
cloud Services used on ave.
Partners
Control
Point
BYO
Customers
Network
Device Device
79
Latest Cloud Security Guidance from Gartner
80
Latest Cloud Security Guidance from Gartner
Security leaders
should deploy CASB for
the centralized control
of multiple services
that would otherwise
require individual
management
81
CASB Should Be Delivered via the Cloud
"The SaaS form factor (of CASB) is appreciably more popular than the on-premises
flavors of this technology, and it is increasingly the preferred option for most use cases.
82
CASBs are the Control Point for the Cloud
Gartners
4 Pillars of CASB
1. Visibility
2. Threat Protection
CASB
3. Compliance
4. Data Security
Mobile & Vendors &
Remote Enterprise Partners
83
CASBs are the Control Point for the Cloud
Gartners
4 Pillars of CASB
1. Visibility
2. Threat Protection
CASB
3. Compliance
4. Data Security
Mobile & Vendors &
Remote Enterprise Partners
84
CASBs are the Control Point for the Cloud
Gartners
4 Pillars of CASB
1. Visibility
2. Threat Protection
CASB
3. Compliance
4. Data Security
Mobile & Vendors &
Remote Enterprise Partners
85
CASBs are the Control Point for the Cloud
Gartners
4 Pillars of CASB
1. Visibility
2. Threat Protection
CASB
3. Compliance
4. Data Security
Mobile & Vendors &
Remote Enterprise Partners
86
CASBs are the Control Point for the Cloud
Gartners
4 Pillars of CASB
1. Visibility
2. Threat Protection
CASB
3. Compliance
4. Data Security
Mobile & Vendors &
Remote Enterprise Partners
87
CASBs are the Control Point for the Cloud
Gartners
4 Pillars of CASB
1. Visibility
2. Threat Protection
CASB
3. Compliance
4. Data Security
Mobile & Vendors &
Remote Enterprise Partners
88
CASBs are the Control Point for the Cloud
Gartners
4 Pillars of CASB
1. Visibility
2. Threat Protection
CASB
3. Compliance
4. Data Security
Mobile & Vendors &
Remote Enterprise Partners
89
Cloud Security Reference Architecture
Shadow Sanctioned Fundamental Tenets
IT IT
1. Enable not prevent
Web 2. Leverage and extend
Proxy
CASB Key
KMS
3. No friction, no agents
Mgmt
IDM
CASB On-Premises
Firewall Connector
DRM
Web Proxy SIEM
DLP KMS
On-Premises User Directory Remote Users
Remote Users MDM
Token Database IDM UEBA / Third-Party
Users
On Premises Users
90
Cloud Security Reference Architecture
Shadow Sanctioned Fundamental Tenets
IT IT
1. Enable not prevent
Web 2. Leverage and extend
Proxy
CASB Key
KMS
3. No friction, no agents
Mgmt
IDM
CASB On-Premises
Firewall Connector
DRM
Web Proxy SIEM
DLP KMS
On-Premises User Directory Remote Users
Remote Users MDM
Token Database IDM UEBA / Third-Party
Users
On Premises Users
91
Cloud Security Reference Architecture
Shadow Sanctioned Fundamental Tenets
IT IT
1. Enable not prevent
Web 2. Leverage and extend
Proxy
CASB Key
KMS
3. No friction, no agents
Mgmt
IDM
CASB On-Premises
Firewall Connector
DRM
Web Proxy SIEM
DLP KMS
On-Premises User Directory Remote Users
Remote Users MDM
Token Database IDM UEBA / Third-Party
Users
On Premises Users
92
Cloud Security Reference Architecture
Shadow Sanctioned Fundamental Tenets
IT IT
1. Enable not prevent
Web 2. Leverage and extend
Proxy
CASB Key
KMS
3. No friction, no agents
Mgmt
IDM
CASB On-Premises
Firewall Connector
DRM
Web Proxy SIEM
DLP KMS
On-Premises User Directory Remote Users
Remote Users MDM
Token Database IDM UEBA / Third-Party
Users
On Premises Users
93
Visibility without Accuracy is More Harm than
Good
Comprehensive Governance False Sense of Security
99%+ 54%
94
Dont Store Customer Data in the CASB
Security, privacy, and EU compliance New security risk introduced
110456687
tim@GF.com
274583458909
Alexandria, VA
438734 8734180
IP: 254.369.1.1.5598 HR______
326797845978 65489376 2772 _
Frank Cook San Jose, CA EID: 1298
35254365477 4562547473 134
IP: 254.369.1.1.5598 NID: 3677
321455315 3456543 31 87899966 993439
Cynthia@GF.com Waltham, MA Engineering
54383 95 1325143513 145345 12351235124
SSN: 622-44-990 IP: 254.377.1.1.8378 EID: 1368
2345259975788 45788845 780870876 237809
SSN: 455-76-0098 Patient ID: 24887-8993
78043875201382344 6756854 565367377
95
Dont Flood your SOC
Dozens of Incidents Thousands of False Positives
Static Thresholds
Cross-App UBA + Machine Network Effects:
Learning
Activity Cross-Customer
Model Modeling
96
Encrypt with Care
97
Parting Guidance
98
Leverage your CSA Peer Network
Kevin Winter Otto Chan Steve Martino Robert Webb Lakshman Charanjiva Jerry Brady
Booz Allen Hamilton Royal Bank of Canada Cisco Etihad Aviation Florida Power and Light Morgan Stanley
Brian Lillie Alissa Johnson Jim Routh Myrna Soto Michael Keithley Stephen
Ward
Equinix Stryker Aetna Comcast CAA
TIAA-CREF
Richard Pucket Jay Leek Dave Smoley Mike Benson Chris Camacho Mark Morrison
GE Blackstone AstraZeneca DIRECTV Bank of America State Street
99
Break
Vinay Patel, Chairman
www.cloudsecurityalliance.org
The voice of the Cloud Computing consumer
OR
The simple evolution 8 years ago of the iPod has changed the world
Today more smartphones are sold than babies borne in the world x5
Machines are evolving so rapidly that humans will be left far behind
MIST Systems will know who we are and have significant influence
on our actions - in ways we won't understand
Even what we think
No fallback
Disclaimer
The views and opinions expressed in this presentation are my own and do not
Imagination at work necessarily represent the views or opinions of the General Electric Company or any of its
subsidiaries.
Copyright 2016 Cloud Security Alliance www.cloudsecurityalliance.org
Migration Pattern of Enterprise Data
Enterprise Datacenter Enterprise Datacenter DMZ Ent Cloud Apps & XaaS
100% 75% 25 10 90
% % %
Trusted Trusted All Mobile Trusted Untrusted All Mobile Trusted Untrusted
Trusted Untrusted
If we move 90% of our workloads to the cloud why are most employees on a corporate network?
Copyright 2016 Cloud Security Alliance 1
www.cloudsecurityalliance.org
IRON Internet Routed Only Networks
DLP Access
Virus and Malware Signatures
Tools to prevent known threats Open sourced and custom detection
and mechanisms Prevent Detect
Intelligent Data
PITC Industry Collaboration
Aggregate information to inform Logs Learn
Participate in industry knowledge share
security teams
Internet PITC
Intelligent Routing
(Use DNS for Transparent Proxy)
Hot Spot
MyApps
Guest
Corp Policy Guest Policy
Consume application based access rather than consume over privileged tunnels
Bill Mann
Chief Product Officer
2016 Centrify Corporation. All Rights Reserved. 136
Copyright 2016 Centrify Corporation. All Rights Reserved. 136
Born in the Cloud
No Physical Boundaries
De-perimeterization
Data is Everywhere
(1) Nearly half of all data breaches in 2014 were caused by stolen or misused credentials, according to the Verizon 2015 Data Breach
Investigations Report.
2016 Centrify Identities
Corporation. consist
All Rights of credentials such as usernames and passwords, permissions, privileges and other attributes and are
Reserved. 143
Copyright 2016 Centrify Corporation. All Rights Reserved. 143
the principal means by which applications and systems grant users access to data.
Multiple Points in the Cyber Attack Chain
Breach accomplished
BIG DATA
For
All Users
PRIVILEGED IT OUTSOURCED IT
USER
CUSTOMER
DANGER
GOOD
Too many passwords
Too much privilege
Basic Authentication
Consolidate Identities
MFA Everywhere
All users
VPNs
OATH Tokens
CAC/PIV SmartCards
DANGER
GOOD
Too many passwords BETTER
Too much privilege
Basic Authentication
Consolidate Identities
MFA Everywhere
SSO & Provisioning
Context-aware policy
Approve
Deny
DANGER
GOOD
Too many passwords BETTER
Too much privilege
Basic Authentication OPTIMAL
Consolidate Identities
MFA Everywhere
SSO & Provisioning
Context-aware policy
Least Privileged Management
Auditing
IaaS and Outsourced IT
Copyright 2016 Centrify Corporation. All Rights Reserved. 152
Least Privileged Access and Auditing
RIS
K
Privilege Elevation
With MFA
root
Service Account
root Change Web Server Config
Directory Anywhere
Privileged Identity
Management for IaaS
Centrify
Identity Platform
Federated Identity
Management for Outsourced IT
OUTSOURCE
ENTERPRISE
Directory Directory
Copyright 2016 Centrify Corporation. All Rights Reserved. 154
Identity Security Minimizes Attack Surface Across Hybrid IT
DANGER
GOOD
Too many passwords BETTER
Too much privilege
Basic Authentication OPTIMAL
Consolidate Identities
MFA Everywhere
SSO & Provisioning
Context-aware policy
Least Privileged Management
Auditing
2016 Centrify Corporation. All Rights Reserved.
IaaS and Outsourced IT 155
Copyright 2016 Centrify Corporation. All Rights Reserved. 155
Identity is the New Perimeter
http://svy.mk/24eZnUn
The CSA Top Threats report has identified
insufficient identity, credential and access
management as top concern for 2016.
Should take no longer than 10 minutes
Doug Hauger
General Manager, Trusted and National
Cloud
Microsoft Corporation
To promote the use of best practices
for providing Security Assurance
within Cloud Computing, and
provide education on the uses of
Cloud Computing to help secure all
other forms of computing.
How are we collectively
doing at providing
assurance that the cloud
is secure and can be
trusted?
Poll
Q42. Thinking about on-premises vs. 3rd party cloud solutions, which do you typically trust more?
Where do
cloud
purchase Trust
decision On-
makers trust
placing high
2
Premise
priority s, 83%
workloads? Trust
the
1
Cloud,
36%
47% Cloud Assurance
Opportunity
Q38-41MA. Please indicate how much you trust each of the following different types of infrastructure based on what priority of workloads you would be willing to put on each.
Security is the
biggest
concern but 7 51%
what else? 6 12%
5 10%
The most
important 4 7%
criteria 3 5%
2 4%
1 11%
Q95. You mentioned that more than one criteria were most important to your decision. If you had to choose, which of the following is most important?
Security
assurances
we need to
deliver Cybersecurity. What measures do you have in place to help me address
cybercrime threats such as hackers, DDOS and other attacks?
Encryption. Do you encrypt all data in transit between us and your data centers?
Do you encrypt data in transit between data centers, and provide built-in tools
for customers to enable further encryption capabilities for stored data?
Q58. What specific security concerns do you have with 3rd party public cloud that you dont have with your on-premises solutions?
Privacy and
Control
assurances International privacy standards. Do your enterprise cloud services meet the
we need to strictest data protection requirements?
deliver Control of Access . Do your cloud services allow me to control access to, and
sharing of my data, including by your staff?
Location of Data. Do your offerings allow choice and control over where to
store your data, including backups?
Q58. What specific privacy concerns do you have with 3rd party public cloud that you dont have with your on-premises solutions?
Compliance
assurances Compliance Standards. Can you tell me what international
we need to standards you are compliant with across all of your products and
deliver services to help me meet my obligations?
Q58. What specific compliance concerns do you have with 3rd party public cloud that you dont have with your on-premises solutions?
Transparency Access to my data? Do you provide me with visibility into
assurances where my data is stored and who has access to it and why?
we need to
deliver Breach Notifications. Do you (and when do you) notify me
when there is a breach? Do I have visibility into what
happened and why?
Q58. What specific transparency concerns do you have with 3rd party public cloud that you dont have with your on-premises solutions?
www.microsoft.com/trustedcloud
www.microsoft.com/trustcenter
Containers:
Risks and Opportunities
Global New
Product
Innovation Award
Customers
1,500+ Customers Across 21 Countries
17 of Fortune 30
20+ Cloud and Hosting Providers
Excellence in
Global Presence
Rookie Partner Government
of the Year Data Security
Our Security
Rapid Response
Approach
Deep Expertise
Containers Are All The Rage
Driven by the opportunities created
Infrastructure Evolution
Slide No: 177 Copyright 2016 Vormetric, Inc. All rights reserved.
Fools Rush in Where Angels Fear to Tread?
Is security and compliance being left behind?
Slide No: 178 Copyright 2016 Vormetric, Inc. All rights reserved.
Complexity & Response Times
Behavioral Analytics
RESPONSE TIMES
Endpoints/Host Visibility
Anomaly-Based
Network Detection
COMPLEXITY
Modern security
programs
must enable the business
Containers 101
VMs vs. Containers
Ap
App A App A App B
Containers are isolated,
pA but share an operating system,
Bins/Lib Bins/Lib Bins/Lib
and, where appropriate, bins/libraries
s s s
Containe
V
r M
Guest Guest Guest
OS OS OS
A
App
A
App
A
App
B
App
App B
B
App
r
Docke
Containe
Hypervisor ( Type 2) r
Bins/Lib Bins/Libs
s
Host OS
Host OS
Host
Server
OS
Server
Slide No: 181 Copyright 2016 Vormetric, Inc. All rights reserved.
Containers 101
Images are Layer
Slide No: 182 Copyright 2016 Vormetric, Inc. All rights reserved.
Docker
Basic Components
DOCKER_ HOST
Client Registr
Docker daemon y
docker build
Containers Images
docker pull
docker run
Slide No: 183 Copyright 2016 Vormetric, Inc. All rights reserved.
Leaky Holes Create Risk and GRC Challenges
Can sink the ship the containers rode in on
Infrastructure control
- Who owns?
- Trust?
Slide No: 9
Security Operations The Triple Stack
Challenges
Shared Kernel Host Based
Limits Visibility Protection
Hinders
Cyber Hunting
Net
Based
Protection
Advantages
Minimizes Attack Security
Surface Analytics
Segmentation
The Triple Stack Applied To Containers
Challenges
Host Based
Increased
Complexity
Protection
Inter-Application
Comms. for
Net
Individual
Network Stack
Based
Protection
Advantages Security
Software Defined Analytics
Networks
Prescriptive
Whitelisting
The Triple Stack Applied To Containers
Challenges
New Challenge Host Based
to Protection
Deliver Analytics
at Huge Scale
Advantages Net
Based
Simplified Protection
Behavioral
Analytics Capability
Security
Analytics
Vormetric Container Deployments
Controlling and securing Docker environments and data
Slide No: 13
Carina by Rackspace
Carina by Rackspace
Simplicity of a zero infrastructure environment Controlled and encrypted access through TLS
managed by expert Rackers API-only access and AppArmor container isolation
Speed of bare metal infrastructure and instant-on implement additional security barriers
capabilities Constant testing against latest vulnerabilities and
Greater control & flexibility with native Docker tooling automatic platform upgrades minimize attack
surface
Learn More
Vormetric and Rackspace Securing Docker
Visit us
#3221 North Hall
Cloud Security Alliance Summit
Entrepreneurship in Information Security
17 years old
471 horsepower
0 to 60 3.8 seconds
$ 400K