Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2019 03-27 taming the storm clouds managing network security across the hybrid and multi-cloud estate (yonatan klein) v5

240 views

Published on

Good old perimeter security, enforced by traditional firewall protection, is now combined with distributed firewalls, public cloud native security controls and third-party security services. The shared-responsibility security model means that IT organizations need to assume accountability for the data and overall security posture, as this is not exclusively the cloud providers’ responsibility.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

2019 03-27 taming the storm clouds managing network security across the hybrid and multi-cloud estate (yonatan klein) v5

  1. 1. ALGOSEC CLOUD SECURITY MANAGEMENT Yonatan Klein Director of Product
  2. 2. WELCOME Have a question? Submit it via the chat tab or email us: This webinar is being recorded! The recording will be emailed to you after the webinar And the slides will be available in the Attachments tab Follow us online ! 2 marketing@algosec.com
  3. 3. AGENDA Who owns cloud security? Why is it important?01 The complexities of cloud security02 How visibility and automation solutions can help you manage your cloud estate security 03 3 | Proprietary
  4. 4. SECURITY IS THE MAJOR CONCERN IN CLOUD ADOPTION 80.85% 62.48% 57.06% 49.13% 44.29% 43.71% 38.68% 35.01% 32.69% 23.02% 2.32% Security concerns Data loss and leakage risks Regulatory compliance Integration with the rest of our IT environment Legal concerns Cost Visibility into resources in the cloud environment Migration of applications to the cloud Lack of expertise to manage the cloud environment Lack of staff to manage the cloud environment Other (please specify) 0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00% 80.00% 90.00% What concerns does your organization encounter when adopting a public cloud platform (Select all that apply)? 4 | Confidential Source: Cloud Security Alliance (CSA) survey, March 2019
  5. 5. WHO IS RESPONSIBLE FOR YOUR CLOUD SECURITY? Customer Data Platform, Application, Identity & Access Management Operating System, Network & Firewall Configuration Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/ Integrity/ Identity Compute Storage Database Networking AWS Global Infrastructure Region Availability zones Edge location Source: Amazon Web Services Customer Responsible for security ‘in’ the cloud AWS Responsible for security ‘of’ the cloud 5 | Confidential
  6. 6. 6 | Confidential POLL #1 Who owns cloud security risk in your organization?  Information Security  Operational team/DevOps fully owns their apps security  DevSecOps Please vote using the “Votes“ tab
  7. 7. Through 2019, 80%of cloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, not cloud provider vulnerabilities. 80% MISCONFIGURATION A MAJOR SECURITY RISK 7 | Confidential
  8. 8. MISCONFIGURATION A MAJOR OPERATIONAL RISK 20.36% 19.76% 15.32% 12.10% 8.47% 5.24% 5.24% 3.23% 2.22% 1.01% 7.06% Not sure Operational human errors and mismanagement of devices Device configuration changes Faults, errors, or discards in network devices Link failure caused due to fibre cable cuts or network congestion Server hardware failure Power outages Failed software and firmware upgrade or patches Security attacks such as denial of service (DoS) Incompatibility between firmware and hardware device Other (please specify) 0.00% 5.00% 10.00% 15.00% 20.00% 25.00% What was the main contributor to your network or application outage in the last year? 8 | Confidential Source: Cloud Security Alliance (CSA) survey, March 2019
  9. 9. 9 | Confidential Public Clouds Public Clouds Private Clouds On-Prem CLOUD SECURITY COMPLEXITY Account 1 Account 2 Account 3 VPC/VNET VPC payroll Payroll stage VPC CRM Sub 1 Sub 2 Sub 3 VNET test1 Germany Central Website stage Website production Security Controls SG1 SG2 SG3 NACL1 NACL2 AZFW1 AZFW2 NSG1 NSG2
  10. 10. MANAGING SECURITY IN THE CLOUD IS COMPLEX MULTIPLE LAYERS OF SECURITY CONTROLS Security Products by ISVs • NG Firewalls (Checkpoint, Palo-Alto .. ) • WAF (Imperva, F5 .. ) Cloud Infra Security Controls • Security Groups • Permissions • More.. Security Products by Cloud Providers 10 | Confidential
  11. 11. MANAGING SECURITY IN THE CLOUD IS COMPLEX MULTIPLE LAYERS OF SECURITY CONTROLS 70.37% 58.48% 45.03% 31.58% 9.55% 4.29% 0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00% 80.00% Cloud provider's native security controls )e.g. Security Groups, Network ACLs) Cloud provider's additional security controls (e.g. Azure Firewall, AWS WAF) Virtual editions of firewalls (e.g. Palo Alto Networks, Check Point, Barracuda) deployed in the cloud environment Hosts based enforcement Don't know Other (please specify) What network security controls do you currently use to secure your public cloud deployments? (Select all that apply) 11 | Confidential Source: Cloud Security Alliance (CSA) survey, March 2019
  12. 12. MANAGING SECURITY IN THE CLOUD IS COMPLEX Multiple stakeholders 12 | Confidential Multiple Stake Holders Cloud Teams IT / Network Security CISO Security OperationsApplication Developers / DevOps 12 | Confidential
  13. 13. MANAGING SECURITY IN THE CLOUD IS COMPLEX Multiple stakeholders 35.59% 28.24% 15.28% 6.00% 3.87% 3.87% 3.48% 3.68% Information Security IT Operations Cloud team within the IT department Application Owners / Developers / DevOps Managed Service Provider CISO Not sure Other (please specify) 0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00% 40.00% Which team is responsible for managing security in the public cloud (please select the primary team)? 13 | Confidential Source: Cloud Security Alliance (CSA) survey, March 2019
  14. 14. MANAGING SECURITY IN THE CLOUD IS COMPLEX Multiple Layers of Security Controls 3rd party Security Vendors Products Cloud Infra Security Controls Security Products by Cloud Providers Multiple Stakeholders CISO IT / Network Security Cloud Teams Security Operations Application Developers / DevOps Multiple Clouds Public Clouds Private Clouds ACI 14 | Confidential
  15. 15. Instant visibility Risk analysis Compliance Central policy management ALGOSEC SIMPLIFIES CLOUD SECURITY Across Multiple Layers of Security Controls Multiple Stakeholders Across Hybrid and Multiple Clouds ACI 15 | Confidential
  16. 16. VISIBILITY INTO YOUR CLOUD ESTATE • End-to-end network visibility • Visibility into your estate • What assets do I need to protect? • What security controls do I have in each VPC/VNET? • Change monitoring – what was recently changed? By whom? 16 | Confidential
  17. 17. END-TO-END NETWORK VISIBILITY Across the hybrid estate Native Cloud Security Models (Security Groups/NACL/NSG) Virtual security device in the cloud Traditional FW Virtual appliance in the SDN fabric Private cloud SDN – distributed FW 17 | Confidential
  18. 18. VISIBILITY INTO YOUR CLOUD ESTATE 03 Easy Navigation 01 Know what you need to protect 02 Security controls in each VPC/VNET 04 Change monitoring 18 | Confidential
  19. 19. RISK ANALYSIS • What is my overall risk level? • Which areas should I focus on? 01 At-a-glance security posture view 02 Risk notifications and remediation • Network risks – native cloud controls and security devices • Storage permissions (public/private) • IAM • Account setting • Sensitive Data not encrypted • Key management • Audit trail not enabled Actionable risk management 19 | Confidential
  20. 20. CENTRAL POLICY MANAGEMENT: THE CHALLENGE • Similar security controls in multiple accounts, regions, VPCs/VNETs • … that should include the same rules • … but with some specific per-policy rules • Result: an admin maintains many (many!) copies of the same policy 20 | Confidential Public Clouds BU 1 BU 2 BU 3 VPC payroll Central Germany Website stage Website production AZFW1 AZFW2 NSG1 NSG2
  21. 21. CENTRAL MANAGEMENT OF NETWORK POLICIES 21 | Confidential Easy provisioning of on- prem network rules and virtual firewalls 03 Across accounts, regions, VPCs, VNETS 01 02. 02 Easy management of rules in similar SGs
  22. 22. CENTRAL MANAGEMENT OF NETWORK POLICIES 22 | Confidential Easy provisioning of on- prem network rules and virtual firewalls 03 Across accounts, regions, VPCs, VNETS 01 02. 02 Easy management of rules in similar SGs
  23. 23. COMPLIANCE 23 | Confidential Corporate Compliance 01 02. 02 Regulatory Compliance
  24. 24. 24 | Confidential POLL #2 Who is responsible for security related cloud configurations ? (e.g. security groups, encryption settings)  Information Security solely  Operational teams/DevOps solely  Information Security provide automation tools for DevOps to provision Please vote using the “Votes“ tab
  25. 25. MATCH SOLUTION TO YOUR ORGANIZATION AND PROCESSES NEEDS “Similar purpose security policies are managed per each region, VPC” • SecOps need change monitoring; risk analysis, risk management solution • DevOps need a solution for what-if risk check before deploying their app. “DevOps configure security configs, but SecOps are responsible for security” “All security changes are going through SecOps” Need a good change management solution Need a good central management solution 25 | Confidential
  26. 26. SUMMARY • Responsibility for security in the cloud is up to us (IT and security personnel) • Cloud security is complex: • Multi-security controls • Problematic visibility • Multiple stake-holders Hence introducing a security risk • Easy to achieve agility, harder to keep it secure • AlgoSec is your partner for: • Risk and compliance management • Cloud Security Policy Management • Support for hybrid cloud and multi-clouds 26 | Confidential
  27. 27. PROF. WOOL VIDEO COURSE https://www.algosec.com/resources PPT
  28. 28. Q & A Submit your questions via the chat Request a Demo: marketing@algosec.com
  29. 29. 29 JOIN OUR COMMUNITY Follow us for the latest on security policy management trends, tips & tricks, best practices, thought leadership, fun stuff, prizes and much more! Subscribe to our YouTube channel for a wide range of educational videos presented by Professor Wool youtube.com/user/AlgoSeclinkedin.com/company/AlgoSec facebook.com/AlgoSec twitter.com/AlgoSec www.AlgoSec.com/blog
  30. 30. ALGOSUMMIT THE PREMIER EVENT FOR ALGOSEC CUSTOMERS & CHANNEL PARTNERS 30 APAC - Bangkok | April 1-5 EMEA - Lisbon | May 20-23 2019 www.algosec.com/algosummit UPCOMING WEBINARS April 17 Boosting Network Security with ChatOps April 24 Firewall Rule Recertification May 1 Full Hybrid Cloud Survey Report (CSA)
  31. 31. THANK YOU! Questions marketing@algosec.com

×