In June 2015, IDC released a report which found that most customers can be more secure in AWS than their on-premises envir...
AWS and You Share Responsibility for Security
Constantly Monitored The AWS infrastructure is protected by extensive network and security monitoring systems:  Network a...
Highly Available The AWS infrastructure footprint helps protect your data from costly downtime  43 Availability Zones in ...
Integrated with Your Existing Resources AWS enables you to improve your security using many of your existing tools and pra...
Key AWS Certifications and Assurance Programs
The Importance of Consistent and Scalable Security in the Cloud Rob Ayoub, Research Director, IDC
Agenda  The Move to the Cloud  Security Once you Get There  The importance of Elastic Security in the Cloud  Essential...
The Move to the Cloud
 Physically protected  No remote connectivity  Limited number of users  One system In the beginning… © IDC Visit us at...
ServerClients Security Still On Premise AV HIPS USB Firewall IPS SWG SEG VPN Then We Became Client/Server Security © IDC V...
Source: IDC Now We are on the 3rd Platform © IDC Visit us at IDC.com and follow us on Twitter: @IDC
How would you best describe your organization's current or near-term plans to use Public Cloud or Private Cloud solutions ...
Security concerns Not convinced of ROI Reduced customization opportunities Insufficient internal buy-in Don’t have the IT ...
Security Once You Get There
© IDC Visit us at IDC.com and follow us on Twitter: @IDC Scale Changes Your Perspective…
Q: What are the top three (3) cyber-attacks that your customer networks are currently experiencing? Phishing Ransomware Sp...
Network Applications Data © IDC Visit us at IDC.com and follow us on Twitter: @IDC Too Many Vectors!!
The 2017 Cyber Security Reality Growing number of environments and devices to protect Death of the perimeter Sophisticatio...
The Need for Elastic Security in the Cloud
Security is not known for being flexible or elastic… © IDC Visit us at IDC.com and follow us on Twitter: @IDC
© IDC Visit us at IDC.com and follow us on Twitter: @IDC The Times They Are a Changin’
One HUGE Example of Elasticity © IDC Visit us at IDC.com and follow us on Twitter: @IDC
At That Scale, Security Must Be Elastic  Impossible to manually provision security  Workloads/servers need consistent se...
Cloud Security Adoption: Customer Preferences Q: What are your customer preferences for on-premises and SaaS/cloud SECURIT...
Guidance  Enterprises should evaluate a security providers ability to be both flexible based on the environment and elast...
Dynamic Security for AWS Workloads Dave Morrissey, Director – Cloud Service Providers, Fortinet
Fortinet Facts Devices shipped >3.1M Unit share worldwide #1 Patents 380 Patents pending 298 In Network Security (IDC) Fou...
Security Must Be Flexible in the Cloud Environment Flexibility Elastic Flexibility Deployment Flexibility
Global Security Scaling Supported in all 16 AWS Regions. Cloud Formation Templates accessible from GitHub. New Deployments...
You select the scale-in/out trigger  CPU Utilization  Memory Utilization  Concurrent Sessions Adds to Security Groups C...
Flexible Deployment Options Multiple Auto Scaling Cloud Formation Templates Use the License you already Own On Demand Pay-...
FortiGate Firewall Auto Scaling…Made Easy Integrates with AWS Services  AWS Cloud Formation Template: automates Auto Scal...
Q & A Moderators Nick Matthews, nickmatt@amazon.com John Jacobs, jjacobs@fortinet.com Speakers Rob Ayoub, rayoub@idc.com D...
Resources  Learn More: www.Fortinet.com/aws  Contact Fortinet: awssales@fortinet.com  Auto Scaling Guide: https://www.f...
    1. 1. Keeping Security In-Step with your Application Demand Curve Nick Matthews, Solutions Architect, AWS Rob Ayoub, Research Director, IDC Dave Morrissey, Director – Cloud Service Providers, Fortinet
    2. 2. $6.53M 56% 70% https://www.csid.com/resources/stats/data-breaches/ Increase in theft of hard intellectual property http://www.pwc.com/gx/en/issues/cyber- security/information-security-survey.html Of consumers indicated they’d avoid businesses following a security breach https://www.csid.com/resources/stats/data-breaches/ Average cost of a data breach Your Data and IPAre Your Most Valuable Assets
    3. 3. In June 2015, IDC released a report which found that most customers can be more secure in AWS than their on-premises environment. How? Automating logging and monitoring Simplifying resource access Making it easy to encrypt properly Enforcing strong authentication AWS Can Be More Secure than Your Existing Environment
    4. 4. AWS and You Share Responsibility for Security
    5. 5. Constantly Monitored The AWS infrastructure is protected by extensive network and security monitoring systems:  Network access is monitored by AWS security managers daily  AWS CloudTrail lets you monitor and record all API calls  Amazon Inspector automatically assesses applications for vulnerabilities
    6. 6. Highly Available The AWS infrastructure footprint helps protect your data from costly downtime  43 Availability Zones in 16 regions for multi-synchronous geographic redundancy  Retain control of where your data resides for compliance with regulatory requirements  Mitigate the risk of DDoS attacks using services like Route 53  Dynamically grow to meet unforeseen demand using Auto Scaling
    7. 7. Integrated with Your Existing Resources AWS enables you to improve your security using many of your existing tools and practices  Integrate your existing Active Directory  Use dedicated connections as a secure, low-latency extension of your data center  Provide and manage your own encryption keys if you choose
    8. 8. Key AWS Certifications and Assurance Programs
    9. 9. The Importance of Consistent and Scalable Security in the Cloud Rob Ayoub, Research Director, IDC
    10. 10. Agenda  The Move to the Cloud  Security Once you Get There  The importance of Elastic Security in the Cloud  Essential Guidance © IDC Visit us at IDC.com and follow us on Twitter: @IDC
    11. 11. The Move to the Cloud
    12. 12.  Physically protected  No remote connectivity  Limited number of users  One system In the beginning… © IDC Visit us at IDC.com and follow us on Twitter: @IDC
    13. 13. ServerClients Security Still On Premise AV HIPS USB Firewall IPS SWG SEG VPN Then We Became Client/Server Security © IDC Visit us at IDC.com and follow us on Twitter: @IDC
    14. 14. Source: IDC Now We are on the 3rd Platform © IDC Visit us at IDC.com and follow us on Twitter: @IDC
    15. 15. How would you best describe your organization's current or near-term plans to use Public Cloud or Private Cloud solutions to support production workloads and services? 14.1% 8.0% 21.7% 12.5% 38.2% 20.3% 25.9% 59.3% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2015 2016 Not interested Evaluating Deploying Embracing 129% increase in organizations embracing cloud What Does the Adoption Trend of Cloud Look Like? IDC# US41636616 (August 2016) Source: IDC CloudView, cJanuary, 2016, n=11,350 worldwide respondents; IDC CloudView Survey, December, 2014, n=19,080 worldwide respondents; weighted by GDP and company size © IDC Visit us at IDC.com and follow us on Twitter: @IDC
    16. 16. Security concerns Not convinced of ROI Reduced customization opportunities Insufficient internal buy-in Don’t have the IT skills Will cost too much OP / Performance concerns Worries around network infrastructure Reliability / Downtime Vendor lock-in Hard to integrate Loss of operational control Regulatory / Compliance issues IT Governance 15% 40% 45% 50%20% 25% 30% 35% Which of the following best describe your organization's main concerns about Cloud and are IMPORTANT INHIBITORS for your organization in considering Public Cloud services or Private Cloud technologies? What’s Holding Organizations Back from Switching to Cloud? © IDC Visit us at IDC.com and follow us on Twitter: @IDCIDC# US41636616 (August 2016) Source: IDC CloudView, January, 2016, n=11,350 worldwide respondents; IDC CloudView Survey, December, 2014, n=19,080 worldwide respondents; weighted by GDP and company size © IDC Visit us at IDC.com and follow us on Twitter: @IDC
    17. 17. Security Once You Get There
    18. 18. © IDC Visit us at IDC.com and follow us on Twitter: @IDC Scale Changes Your Perspective…
    19. 19. Q: What are the top three (3) cyber-attacks that your customer networks are currently experiencing? Phishing Ransomware Spyware Web-borne Malware Similar Threats – New Vectors © IDC Visit us at IDC.com and follow us on Twitter: @IDCSource: IDC-The Channel Company Security Trends Survey 2016
    20. 20. Network Applications Data © IDC Visit us at IDC.com and follow us on Twitter: @IDC Too Many Vectors!!
    21. 21. The 2017 Cyber Security Reality Growing number of environments and devices to protect Death of the perimeter Sophistication of cyber miscreants growing rapidly Proliferation of security tool sets Scarcity of qualified information security professionals © IDC Visit us at IDC.com and follow us on Twitter: @IDC 3rd Platform Effects on Security
    22. 22. The Need for Elastic Security in the Cloud
    23. 23. Security is not known for being flexible or elastic… © IDC Visit us at IDC.com and follow us on Twitter: @IDC
    24. 24. © IDC Visit us at IDC.com and follow us on Twitter: @IDC The Times They Are a Changin’
    25. 25. One HUGE Example of Elasticity © IDC Visit us at IDC.com and follow us on Twitter: @IDC
    26. 26. At That Scale, Security Must Be Elastic  Impossible to manually provision security  Workloads/servers need consistent security every time  Security must be tailored to the specific cloud environment © IDC Visit us at IDC.com and follow us on Twitter: @IDC
    27. 27. Cloud Security Adoption: Customer Preferences Q: What are your customer preferences for on-premises and SaaS/cloud SECURITY solutions? Prefer on- premise security solutions 37% Prefer cloud security solutions 21% Prefer adopting a hybrid security approach 42%  Cloud, mobility, and Big Data adoption has increasingly impacted enterprise’s security strategies. They add complexity and drive investments in IT infrastructure and data protection.  The rising number of cyberattacks and increasing complexities have led to demand for managed security services and more sophisticated security solutions.
    28. 28. Guidance  Enterprises should evaluate a security providers ability to be both flexible based on the environment and elastic in order to meet the demands of modern cloud environments  Performance is critical when deploying cloud security products, simply porting an existing product to a VM will not allow for efficiencies in the cloud  Inherent automation is key to cloud security products. © IDC Visit us at IDC.com and follow us on Twitter: @IDC
    29. 29. Dynamic Security for AWS Workloads Dave Morrissey, Director – Cloud Service Providers, Fortinet
    30. 30. Fortinet Facts Devices shipped >3.1M Unit share worldwide #1 Patents 380 Patents pending 298 In Network Security (IDC) Founded 2000 FY16 Revenue $1.3B Customers >310K Sunnyvale, CA Advanced AWS partner
    31. 31. Security Must Be Flexible in the Cloud Environment Flexibility Elastic Flexibility Deployment Flexibility
    32. 32. Global Security Scaling Supported in all 16 AWS Regions. Cloud Formation Templates accessible from GitHub. New Deployments Cloud Formation Templates built specifically for new AWS VPC deployments. Existing AWS Networks Cloud Formation Templates built specifically for existing AWS VPC augments. Flexibility to Scale Security in any Environment
    33. 33. You select the scale-in/out trigger  CPU Utilization  Memory Utilization  Concurrent Sessions Adds to Security Groups Complements your use of Security Groups Network Segmentation & NACLs. Advanced Security Layers  Application Control  Antivirus  Antispam  IPS Flexible Scaling Criteria  Threat Research  DLP  WAF  VPN
    34. 34. Flexible Deployment Options Multiple Auto Scaling Cloud Formation Templates Use the License you already Own On Demand Pay-as-you-Go BYOL  New VPC – Two options  Existing VPC – Two options  Use your BYOL license as your primary instance in each Availability Zone  Create On Demand Auto Scale Groups that Build on your BYOL License  Create primary instances and Auto Scale Groups with Hourly or Annual usage rates  On Demand Hourly will ALWAYS be used as the Auto Scaling Group – true Elasticity
    35. 35. FortiGate Firewall Auto Scaling…Made Easy Integrates with AWS Services  AWS Cloud Formation Template: automates Auto Scaling deployment  Amazon CloudWatch: alarms trigger scale- up/down  AWS Elastic Load Balancing: distributes inbound traffic equally  Amazon Simple Que Service: lifecycle hook posts scaling events  Amazon EC2: creates a worker node  AZs: launches (2) FortiGates in (2) AZs in a High Availability architecture  AWS Identify and Access Management (IAM): creates dynamic roles for EC2 launch and SQS for Auto Scaling lifecycle hook  Management Console: enables the Cloud Formation Template deployment
    36. 36. Q & A Moderators Nick Matthews, nickmatt@amazon.com John Jacobs, jjacobs@fortinet.com Speakers Rob Ayoub, rayoub@idc.com Dave Morrissey, dmorrissey@fortinet.com
    37. 37. Resources  Learn More: www.Fortinet.com/aws  Contact Fortinet: awssales@fortinet.com  Auto Scaling Guide: https://www.fortinet.com/content/dam/fortinet/assets/solutio ns/aws/dg-fortigate-autoscaling.pdf  Configuring your FortiGate Firewall: http://cookbook.fortinet.com/creating-security-policies/ services like Route 53  Admin Guide for your FortiGate Firewall: http://docs.fortinet.com/fortigate/admin-guides

