Cloud computing provides improved security, agility, and flexibility. However, integrating this new service into legacy IT environments comes with great concern.
In a recent report published by the Cloud Security Alliance (CSA), security, data loss and compliance were identified as the top 3 concerns when moving to the cloud. In the face of increasingly complex environments, cloud visibility and expertise are essential to ensuring a manageable, secure and fluent transition to a native cloud, hybrid or multi-cloud environment.
Join our special webinar with John Yeoh, Director of Research with expertise in cybersecurity, cloud computing, information security, and next generation technology from the Cloud Security Alliance (CSA).
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
2019 05-22 CSA Study: Security Challenges in Cloud Environments
1. John Yeoh
Global VP of
Research at CSA
Yitzy Tannenbaum
Product Marketing
Manager at AlgoSec
2. WELCOME
Have a question? Submit it via the chat tab or email us:
This webinar is being recorded!
The recording will be emailed to you after the webinar
And the slides will be available in the Attachments tab
Follow us online !
2
marketing@algosec.com
3. AGENDA
Complexity of the modern-day network
01
Visibility
02
Who’s responsible for cloud security
03
3
04
05
Compliance
Misconfigurations and Outages
4. Source: Cloud Security Alliance (CSA) survey, March 2019
WHAT PERCENTAGE OF YOUR WORKLOADS DOES YOUR
ORGANIZATION CURRENTLY RUN IN THE PUBLIC CLOUD IN
PRODUCTION?
9.30%
37.75%
20.57%
11.09%
5.90%
8.05%
We do not deploy any
workloads in the cloud
1-20% 21-40% 41%-60% 61%-80% 81%-100%
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
40.00%
4
5. Source: Cloud Security Alliance (CSA) survey, March 2019
BY THE END OF THE YEAR 2020, WHAT PERCENTAGE OF YOUR
WORKLOADS DO YOU ANTICIPATE YOUR ORGANIZATION WILL BE
RUNNING IN THE PUBLIC CLOUD IN PRODUCTION?
3.75%
14.64%
23.75%
18.93%
17.50%
13.57%
We will not deploy any
workloads in the cloud
1-20% 21-40% 41%-60% 61%-80% 81%-100%
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
5
6. Source: Cloud Security Alliance (CSA) survey, March 2019
WHAT CONCERNS DOES YOUR ORGANIZATION ENCOUNTER
WHEN ADOPTING A PUBLIC CLOUD PLATFORM
80.85%
62.48%
57.06%
49.13%
44.29% 43.71%
38.68%
35.01%
32.69%
23.02%
Security concerns Data loss and
leakage risks
Regulatory
compliance
Integration with the
rest of our IT
environment
Legal concerns Cost Visibility into
resources in the
cloud environment
Migration of
applications to the
cloud
Lack of expertise to
manage the cloud
environment
Lack of staff to
manage the cloud
environment
0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
70.00%
80.00%
90.00%
6
7. Source: Cloud Security Alliance (CSA) survey, March 2019
WHICH PUBLIC CLOUD PLATFORMS DOES YOUR
ORGANIZATION USE?
7
60.70%
56.45%
25.22%
4.40%
8.50%
7.04%
3.08%
9.24% 8.36%
Amazon Web Services
(AWS)
Microsoft Azure Google Cloud Platform Alibaba Cloud IBM cloud Oracle cloud Unsure None Other (please specify)
0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
70.00%
8. Source: Cloud Security Alliance (CSA) survey, March 2019
WHICH PRIVATE CLOUD PLATFORMS DOES YOUR
ORGANIZATION USE
49.34%
18.46%
14.33% 14.33%
22.45%
5.61%
VMware NSX OpenStack Cisco ACI Unsure None Other (please specify)
0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
8
9. Source: Cloud Security Alliance (CSA) survey, March 2019
66% use multiple clouds. In
fact, more than a third
(35%) of respondents using
cloud leverage 3+ cloud
platform vendors
Organizations may use both
public and private clouds.
More than half (55%) operate
in a hybrid-cloud
environment
36% have a combination of
multi-cloud and hybrid-cloud
environment
SECURITY NETWORK COMPLEXITY
9
10. MANAGING SECURITY IN THE CLOUD IS COMPLEX
MULTIPLE CLOUDS
Private
Clouds
Multi
Public Clouds
On-Prem Intranet Dedicated Server
10
11. MANAGING SECURITY IN THE CLOUD IS COMPLEX
MULTIPLE LAYERS OF SECURITY CONTROLS
3rd party Security Vendors
Products
Cloud Infra Security
Controls
Security Products by
Cloud Providers
11
12. Source: Cloud Security Alliance (CSA) survey, March 2019
WHAT NETWORK SECURITY CONTROLS DO YOU CURRENTLY
USE TO SECURE YOUR PUBLIC CLOUD DEPLOYMENTS?
70.37%
58.48%
45.03%
31.58%
4.29%
Cloud provider’s native security controls
(e.g. Security Groups, Network ACLs)
Cloud provider’s additional security
controls (e.g. Azure Firewall, AWS WAF)
Virtual editions of traditional firewalls (e.g.
Palo Alto Networks, Check Point,
Barracuda) deployed in the cloud
environment
Host based enforcement Other (please specify)
0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
70.00%
80.00%
12
13. Source: Cloud Security Alliance (CSA) survey, March 2019
PLEASE RATE THE LEVEL OF CHALLENGE EACH ITEM
POSES IN MANAGING SECURITY IN THE PUBLIC CLOUD?
3.35
3.21 3.16 3.1 3.09 3.07
2.89
2.73
Proactively detecting
misconfigurations and
security risks
Lack of visibility into the
entire cloud estate
Compliance and preparing
for audits
Managing both cloud and
on-prem environments
Managing a multi-cloud
environment
Lack of expertise in cloud-
native security constructs
Troubleshooting
connectivity issues
Understanding which
team is responsible for
cloud security
0
0.5
1
1.5
2
2.5
3
3.5
4
13
14. Source: Cloud Security Alliance (CSA) survey, March 2019
WHAT CONCERNS DOES YOUR ORGANIZATION ENCOUNTER
WHEN ADOPTING A PUBLIC CLOUD PLATFORM?
80.85%
62.48%
57.06%
49.13%
44.29% 43.71%
38.68%
35.01%
32.69%
23.02%
Security concerns Data loss and
leakage risks
Regulatory
compliance
Integration with
the rest of our IT
environment
Legal concerns Cost Visibility into
resources in the
cloud environment
Migration of
applications to the
cloud
Lack of expertise
to manage the
cloud environment
Lack of staff to
manage the cloud
environment
0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
70.00%
80.00%
90.00%
14
15. Source: Cloud Security Alliance (CSA) survey, March 2019
PLEASE RATE THE LEVEL OF CHALLENGE EACH ITEM POSES
IN MANAGING SECURITY IN THE PUBLIC CLOUD?
3.35
3.21 3.16 3.1 3.09 3.07
2.89
2.73
Proactively detecting
misconfigurations and
security risks
Lack of visibility into the
entire cloud estate
Compliance and preparing
for audits
Managing both cloud and
on-prem environments
Managing a multi-cloud
environment
Lack of expertise in cloud-
native security constructs
Troubleshooting
connectivity issues
Understanding which
team is responsible for
cloud security
0
0.5
1
1.5
2
2.5
3
3.5
4
15
16. 16
VISIBILITY – REQUIREMENTS
Full visibility into all
elements that make
up your network:
cloud, SDN and on-
premise
Single pane of glass
to manage security
controls
Unified management
of security policy
across hybrid
environments and
mixed environments
Discovery and mapping of
business application
connectivity
requirements to the
network infrastructure
Platform Security Control Application ConnectivityPolicy
17. A SINGLE PANE OF GLASS INTO YOUR ENTIRE NETWORK
Native Cloud Security Models
Virtual appliance in the cloud
Traditional FW
17
20. Source: Cloud Security Alliance (CSA) survey, March 2019
WHICH TEAM IS RESPONSIBLE FOR MANAGING
SECURITY IN THE PUBLIC CLOUD?
35.59%
28.24%
15.28%
6.00%
3.87% 3.87% 3.48% 3.68%
Information Security IT Operations Cloud team within the IT
department
Application Owners /
Developers / DevOps
Managed Service
Provider
CISO Not sure Other (please specify)
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
40.00%
20
21. WHO IS RESPONSIBLE FOR YOUR CLOUD SECURITY?
Customer Data
Platform, Application, Identity & Access Management
Operating System, Network & Firewall Configuration
Client-side Data Encryption &
Data Integrity Authentication
Server-side Encryption
(File System and/or Data)
Network Traffic Protection
(Encryption/ Integrity/ Identity)
Compute Storage Database Networking
AWS Global
Infrastructure
Region
Availability zones
Edge location
Source: Amazon Web Services
Customer
Responsible for
security ‘in’ the
cloud
AWS
Responsible for
security ‘of’ the
cloud
22. MANAGING SECURITY IN THE CLOUD IS COMPLEX
Multiple Stakeholders
Application Developers/
DevOps
CISO IT / Network Security Cloud Teams
Security Operations
22
25. Source: Cloud Security Alliance (CSA) survey, March 2019
WHAT CONCERNS DOES YOUR ORGANIZATION ENCOUNTER
WHEN ADOPTING A PUBLIC CLOUD PLATFORM?
80.85%
62.48%
57.06%
49.13%
44.29% 43.71%
38.68%
35.01%
32.69%
23.02%
2.32%
Security concerns Data loss and
leakage risks
Regulatory
compliance
Integration with
the rest of our IT
environment
Legal concerns Cost Visibility into
resources in the
cloud
environment
Migration of
applications to
the cloud
Lack of expertise
to manage the
cloud
environment
Lack of staff to
manage the
cloud
environment
Other (please
specify)
0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
70.00%
80.00%
90.00%
25
26. Source: Cloud Security Alliance (CSA) survey, March 2019
PLEASE RATE THE LEVEL OF CHALLENGE EACH ITEM
POSES IN MANAGING SECURITY IN THE PUBLIC CLOUD?
3.35
3.21 3.16 3.1 3.09 3.07
2.89
2.73
Proactively detecting
misconfigurations and
security risks
Lack of visibility into the
entire cloud estate
Compliance and preparing
for audits
Managing both cloud and
on-prem environments
Managing a multi-cloud
environment
Lack of expertise in cloud-
native security constructs
Troubleshooting
connectivity issues
Understanding which
team is responsible for
cloud security
0
0.5
1
1.5
2
2.5
3
3.5
4
26
27. POLL
How much of your time is invested in preparing for audits?
Less than a week
1 – 2 weeks
2 – 4 weeks
1 – 2 Months
2+ Months
Please vote using
the “Votes” tab
27
28. Source: Cloud Security Alliance (CSA) survey, March 2019
COMPLIANCE –
REQUIREMENTS
Instant generation of audit-ready reports
for major regulations, including PCI,
GDPR, HIPAA, SOX, NERC etc.
Generate custom reports for internal
compliance mandates
Proactive checks of every change for
internal and regulatory compliance
and/or network segmentation violations
28
31. PLEASE RATE THE LEVEL OF CHALLENGE EACH ITEM
POSES IN MANAGING SECURITY IN THE PUBLIC CLOUD?
3.35
3.21 3.16 3.1 3.09 3.07
2.89
2.73
Proactively detecting
misconfigurations and
security risks
Lack of visibility into the
entire cloud estate
Compliance and
preparing for audits
Managing both cloud
and on-prem
environments
Managing a multi-cloud
environment
Lack of expertise in
cloud-native security
constructs
Troubleshooting
connectivity issues
Understanding which
team is responsible for
cloud security
0
0.5
1
1.5
2
2.5
3
3.5
4
31
32. HAS YOUR ORGANIZATION EXPERIENCED A NETWORK
OR APPLICATION OUTAGE IN THE LAST YEAR?
42.57% 42.77%
14.65%
Yes No Not sure
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
40.00%
45.00%
32
33. WHAT WAS THE MAIN CONTRIBUTOR TO YOUR
NETWORK OR APPLICATION OUTAGE IN THE LAST YEAR?
20.36%
19.76%
15.32%
12.10%
8.47%
5.24% 5.24%
3.23%
2.22%
1.01%
7.06%
Not sure Operational
human errors and
mismanagement
of devices
Device
configuration
changes
Faults, errors, or
discards in
network devices
Link failure caused
due to fibre cable
cuts or network
congestion
Server hardware
failure
Power outages Failed software
and firmware
upgrade or
patches
Security attacks
such as denial of
service (DoS)
Incompatibility
between firmware
and hardware
device
Other (please
specify)
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
33
34. IF YOU EXPERIENCED A NETWORK OR APPLICATION OUTAGE,
HOW LONG DID IT LAST BEFORE IT WAS RESTORED TO NORMAL
OPERATION?
35.03% 34.39%
19.32%
7.86%
2.55%
0.85%
Less than 1 hour 1 to 3 hours 3 to 5 hours A working day Longer than one working day Longer than a week
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
40.00%
34
35. THE COST OF NETWORK DOWNTIME
According to Gartner
The average cost of network downtime is about
$5,600 per minute,
just about $300,000 per hour
Source: https://blogs.gartner.com/andrew-lerner/2014/07/16/the-cost-of-downtime/
37. SUMMARY
37
• Networks are complex
• Multiple cloud vendors
• On-prem, private and public cloud
• Multiple stake-holders
• Challenges in the hybrid estate
• Visibility
• Who’s responsible for cloud security
• Compliance
• Human errors and misconfigurations
• Outages can be costly
• They can be eliminate with automation
• You can apply your security guidelines in the cloud
if you choose the right tools
38. Q & A
Submit your questions via the chat
Request a Demo: marketing@algosec.com
40. 40
JOIN OUR COMMUNITY
Follow us for the latest on security policy management trends, tips & tricks,
best practices, thought leadership, fun stuff, prizes and much more!
Subscribe to our YouTube channel for
a wide range of educational videos
presented by Professor Wool
youtube.com/user/AlgoSeclinkedin.com/company/AlgoSec
facebook.com/AlgoSec
twitter.com/AlgoSec
www.AlgoSec.com/blog
41. ALGOSUMMIT
THE PREMIER EVENT FOR
ALGOSEC CUSTOMERS & CHANNEL PARTNERS
41
Dallas | Oct 21-24
2019
www.algosec.com/algosummit
UPCOMING WEBINARS
May 29th
Cisco Firepower Migration –
Joint Webinar
June 12th
Application Connectivity
June 26th
Fortinet – Joint Webinar