SlideShare a Scribd company logo
1 of 23
Download to read offline
Codeless Security for the
Apps You Buy & Build on
AWS
Russell Miller
Director, Product Marketing
Ari Leeds
Senior Product Manager
1
Continuing Professional Education (CPE) Credits
Claim your CPE credit for attending this webinar
https://www.isc2.org/
For more information or questions please contact us
info@cloudlock.com
2
Agenda
02
SaaS & IaaS Markets: Why are we here?
Security Requirements for IaaS
01
3
03 The CloudLock Approach to IaaS
& AWS Security
“
2016 Market Growth:
● SaaS: 20.3%
● IaaS: 38.4%
“IaaS continues to be the strongest-growing segment as
enterprises move away from data center build-outs and move their
infrastructure needs to the public cloud.”
4
SaaS vs. IaaS Market Growth
http://www.gartner.com/newsroom/id/3188817
- Sid Nag, Gartner Research Director
"Forecast: Public Cloud Services, Worldwide, 2013-2019, 4Q15 Update"
IaaS spending is skyrocketing
5
© Statista 2016
Apps on IaaS MORE critical than SaaS Apps
6
1. Internal & Partner-facing IaaS apps
2. Customer-facing IaaS apps
Platform
as a Service (PaaS)
People
Data
Applications
Runtime
Middleware
Operating System
Virtual Network
Hypervisor
Servers
Storage
Physical Network
Cloud Shared Responsibility - SaaS/PaaS/IaaS
7Gartner, Mind the SaaS Security Gaps, Craig Lawson and Sid Deshpande, May 19, 2016
Infrastructure
as a Service (IaaS)
Hypervisor
Servers
Storage
Physical Network
SaaS
People
Data
Applications
Runtime
Middleware
Operating System
Virtual Network
Hypervisor
Servers
Storage
Physical Network
CSP
Responsibility
Customer
Responsibility
People
Data
Applications
People
Data
Applications
People
Data
Applications
Runtime
Middleware
Operating System
Virtual Network
Amazon’s View: “The Shared Responsibility Model”
8Source: https://aws.amazon.com/compliance/shared-responsibility-model/
Let’s Talk About Bees (No Birds Needed)
9Source: http://www.ForestWander.com
Connections in AWS
EC2 Instance
S3 Bucket
User
App
10
Connections in AWS
EC2 Instance
S3 Bucket S3 Bucket
Log File Log File Log File Log File
S3 BucketS3 Bucket S3 Bucket
Employee Customer AttackerPartner Admin
11
03 The CloudLock Approach
to IaaS & AWS Security
12
CloudLock Coverage & Use Cases
Admin Console
Custom
Apps
Data Loss Prevention
Compliance
Forensics
Configuration Security
Visibility & User Behavior Analytics
13
AWS Use Case #1: Forensics
14
AWS Use Case #2A: Visibility & Behavior (Sec Admin)
15
AWS Use Case #2B: Suspicious Behavior (AWS Admin)
**********
16
AWS Use Case #3: Data Compliance & Auditing
17
AWS Use Case #4: Data Leak Protection (DLP)
18
AWS Use Case #5: Configuration Security
19
CloudLock Platform
Protect the usage of
business apps in
the cloud
CASB for
SaaS
Protect the usage of
critical infrastructure
in the cloud
CASB for
IaaS/PaaS
Include the cloud in
security workflows
Cloud Security
Orchestration
20
CloudLock Platform
DLP
User Behavior
Analytics
Central
Auditing
Configuration
Security
Encryption
Management
Apps
Firewall
Protect the usage of
business apps in
the cloud
Protect the usage of
critical infrastructure
in the cloud
CASB for
SaaS
CASB for
IaaS/PaaS
Include the cloud in
security workflows
Cloud Security
Orchestration
21
Where is the threat in your environment?
http://bit.ly/CL-aws-demo
22
Questions
Russ Miller
Director, Product
Marketing
Ari Leeds
Senior Product
Manager
23

More Related Content

What's hot

Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceDavid J Rosenthal
 
Mitigating the Top 5 Cloud Security Threats
Mitigating the Top 5 Cloud Security ThreatsMitigating the Top 5 Cloud Security Threats
Mitigating the Top 5 Cloud Security ThreatsBitglass
 
How to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantHow to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantRobert Crane
 
Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Robert Crane
 
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...
2020-03-05 Secure IT day 2020  Abalon - comment protéger votre environnement ...2020-03-05 Secure IT day 2020  Abalon - comment protéger votre environnement ...
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...Patrick Guimonet
 
Webinar bitglass - complete deck-2
Webinar   bitglass - complete deck-2Webinar   bitglass - complete deck-2
Webinar bitglass - complete deck-2Bitglass
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASBAmmar Hasayen
 
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIntroducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIBM Security
 
Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid World
Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid WorldCrossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid World
Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid WorldOneLogin
 
Defcon 27 - Phishing in the Cloud Era
Defcon 27 - Phishing in the Cloud EraDefcon 27 - Phishing in the Cloud Era
Defcon 27 - Phishing in the Cloud EraNetskope
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint LLC
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applicationsForcepoint LLC
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021Matt Soseman
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRJürgen Ambrosi
 
Microsoft EMS Enterprise Mobility and Security Architecture Poster
Microsoft EMS Enterprise Mobility and Security Architecture PosterMicrosoft EMS Enterprise Mobility and Security Architecture Poster
Microsoft EMS Enterprise Mobility and Security Architecture PosterAmmar Hasayen
 
20180120 spsbre - we are moving to the cloud what about security
20180120   spsbre - we are moving to the cloud what about security20180120   spsbre - we are moving to the cloud what about security
20180120 spsbre - we are moving to the cloud what about securityArjan Cornelissen
 
Webinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsWebinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsBitglass
 
Ciso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedCiso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedElastica Inc.
 

What's hot (20)

Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
 
Mitigating the Top 5 Cloud Security Threats
Mitigating the Top 5 Cloud Security ThreatsMitigating the Top 5 Cloud Security Threats
Mitigating the Top 5 Cloud Security Threats
 
How to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantHow to get deeper administration insights into your tenant
How to get deeper administration insights into your tenant
 
Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365
 
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...
2020-03-05 Secure IT day 2020  Abalon - comment protéger votre environnement ...2020-03-05 Secure IT day 2020  Abalon - comment protéger votre environnement ...
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...
 
Webinar bitglass - complete deck-2
Webinar   bitglass - complete deck-2Webinar   bitglass - complete deck-2
Webinar bitglass - complete deck-2
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASB
 
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIntroducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
 
Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid World
Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid WorldCrossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid World
Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid World
 
Defcon 27 - Phishing in the Cloud Era
Defcon 27 - Phishing in the Cloud EraDefcon 27 - Phishing in the Cloud Era
Defcon 27 - Phishing in the Cloud Era
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware Detection
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applications
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021
 
CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption? CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption?
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
 
Microsoft EMS Enterprise Mobility and Security Architecture Poster
Microsoft EMS Enterprise Mobility and Security Architecture PosterMicrosoft EMS Enterprise Mobility and Security Architecture Poster
Microsoft EMS Enterprise Mobility and Security Architecture Poster
 
20180120 spsbre - we are moving to the cloud what about security
20180120   spsbre - we are moving to the cloud what about security20180120   spsbre - we are moving to the cloud what about security
20180120 spsbre - we are moving to the cloud what about security
 
Cloud App Security
Cloud App SecurityCloud App Security
Cloud App Security
 
Webinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsWebinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security Threats
 
Ciso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedCiso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data Exposed
 

Similar to Codeless Security for the Apps You Buy & Build on AWS

McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
 
Mission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web ServicesMission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web ServicesAmazon Web Services
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security SuperheroAmazon Web Services
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Amazon Web Services
 
Driven by security: Legendary Entertainment’s high-velocity cloud transformat...
Driven by security: Legendary Entertainment’s high-velocity cloud transformat...Driven by security: Legendary Entertainment’s high-velocity cloud transformat...
Driven by security: Legendary Entertainment’s high-velocity cloud transformat...Amazon Web Services
 
AWS101 Cloud is the New Normal
AWS101  Cloud is the New Normal AWS101  Cloud is the New Normal
AWS101 Cloud is the New Normal Sandy Carter
 
MassMutual Goes Cloud-First with Hybrid Cloud on AWS
MassMutual Goes Cloud-Firstwith Hybrid Cloud on AWSMassMutual Goes Cloud-Firstwith Hybrid Cloud on AWS
MassMutual Goes Cloud-First with Hybrid Cloud on AWSTom Laszewski
 
Feet On The Ground Head In The Cloud
Feet On The Ground Head In The CloudFeet On The Ground Head In The Cloud
Feet On The Ground Head In The Clouddchmielewski
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusCloudera, Inc.
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingIRJET Journal
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecurityAmazon Web Services
 
Client presentation ibm private modular cloud_082013
Client presentation ibm private modular cloud_082013Client presentation ibm private modular cloud_082013
Client presentation ibm private modular cloud_082013jimmykibm
 
Making Sense Of Cloud Computing - by Mark Rivington
Making Sense Of Cloud Computing - by Mark RivingtonMaking Sense Of Cloud Computing - by Mark Rivington
Making Sense Of Cloud Computing - by Mark RivingtonCA Nimsoft
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero 3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero Amazon Web Services
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
 
SaaS Platform Securing
SaaS Platform SecuringSaaS Platform Securing
SaaS Platform SecuringLeo TechnoSoft
 

Similar to Codeless Security for the Apps You Buy & Build on AWS (20)

McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
 
Mission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web ServicesMission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web Services
 
AWSome Day Nairobi 2019
AWSome Day Nairobi 2019AWSome Day Nairobi 2019
AWSome Day Nairobi 2019
 
State of the Union: Networking
State of the Union: NetworkingState of the Union: Networking
State of the Union: Networking
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
 
Driven by security: Legendary Entertainment’s high-velocity cloud transformat...
Driven by security: Legendary Entertainment’s high-velocity cloud transformat...Driven by security: Legendary Entertainment’s high-velocity cloud transformat...
Driven by security: Legendary Entertainment’s high-velocity cloud transformat...
 
AWS101 Cloud is the New Normal
AWS101  Cloud is the New Normal AWS101  Cloud is the New Normal
AWS101 Cloud is the New Normal
 
MassMutual Goes Cloud-First with Hybrid Cloud on AWS
MassMutual Goes Cloud-Firstwith Hybrid Cloud on AWSMassMutual Goes Cloud-Firstwith Hybrid Cloud on AWS
MassMutual Goes Cloud-First with Hybrid Cloud on AWS
 
Feet On The Ground Head In The Cloud
Feet On The Ground Head In The CloudFeet On The Ground Head In The Cloud
Feet On The Ground Head In The Cloud
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
 
Hybrid Cloud on AWS
Hybrid Cloud on AWSHybrid Cloud on AWS
Hybrid Cloud on AWS
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud Computing
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on Security
 
Client presentation ibm private modular cloud_082013
Client presentation ibm private modular cloud_082013Client presentation ibm private modular cloud_082013
Client presentation ibm private modular cloud_082013
 
Making Sense Of Cloud Computing - by Mark Rivington
Making Sense Of Cloud Computing - by Mark RivingtonMaking Sense Of Cloud Computing - by Mark Rivington
Making Sense Of Cloud Computing - by Mark Rivington
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero 3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
 
SaaS Platform Securing
SaaS Platform SecuringSaaS Platform Securing
SaaS Platform Securing
 

Recently uploaded

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 

Recently uploaded (20)

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 

Codeless Security for the Apps You Buy & Build on AWS

  • 1. Codeless Security for the Apps You Buy & Build on AWS Russell Miller Director, Product Marketing Ari Leeds Senior Product Manager 1
  • 2. Continuing Professional Education (CPE) Credits Claim your CPE credit for attending this webinar https://www.isc2.org/ For more information or questions please contact us info@cloudlock.com 2
  • 3. Agenda 02 SaaS & IaaS Markets: Why are we here? Security Requirements for IaaS 01 3 03 The CloudLock Approach to IaaS & AWS Security
  • 4. “ 2016 Market Growth: ● SaaS: 20.3% ● IaaS: 38.4% “IaaS continues to be the strongest-growing segment as enterprises move away from data center build-outs and move their infrastructure needs to the public cloud.” 4 SaaS vs. IaaS Market Growth http://www.gartner.com/newsroom/id/3188817 - Sid Nag, Gartner Research Director "Forecast: Public Cloud Services, Worldwide, 2013-2019, 4Q15 Update"
  • 5. IaaS spending is skyrocketing 5 © Statista 2016
  • 6. Apps on IaaS MORE critical than SaaS Apps 6 1. Internal & Partner-facing IaaS apps 2. Customer-facing IaaS apps
  • 7. Platform as a Service (PaaS) People Data Applications Runtime Middleware Operating System Virtual Network Hypervisor Servers Storage Physical Network Cloud Shared Responsibility - SaaS/PaaS/IaaS 7Gartner, Mind the SaaS Security Gaps, Craig Lawson and Sid Deshpande, May 19, 2016 Infrastructure as a Service (IaaS) Hypervisor Servers Storage Physical Network SaaS People Data Applications Runtime Middleware Operating System Virtual Network Hypervisor Servers Storage Physical Network CSP Responsibility Customer Responsibility People Data Applications People Data Applications People Data Applications Runtime Middleware Operating System Virtual Network
  • 8. Amazon’s View: “The Shared Responsibility Model” 8Source: https://aws.amazon.com/compliance/shared-responsibility-model/
  • 9. Let’s Talk About Bees (No Birds Needed) 9Source: http://www.ForestWander.com
  • 10. Connections in AWS EC2 Instance S3 Bucket User App 10
  • 11. Connections in AWS EC2 Instance S3 Bucket S3 Bucket Log File Log File Log File Log File S3 BucketS3 Bucket S3 Bucket Employee Customer AttackerPartner Admin 11
  • 12. 03 The CloudLock Approach to IaaS & AWS Security 12
  • 13. CloudLock Coverage & Use Cases Admin Console Custom Apps Data Loss Prevention Compliance Forensics Configuration Security Visibility & User Behavior Analytics 13
  • 14. AWS Use Case #1: Forensics 14
  • 15. AWS Use Case #2A: Visibility & Behavior (Sec Admin) 15
  • 16. AWS Use Case #2B: Suspicious Behavior (AWS Admin) ********** 16
  • 17. AWS Use Case #3: Data Compliance & Auditing 17
  • 18. AWS Use Case #4: Data Leak Protection (DLP) 18
  • 19. AWS Use Case #5: Configuration Security 19
  • 20. CloudLock Platform Protect the usage of business apps in the cloud CASB for SaaS Protect the usage of critical infrastructure in the cloud CASB for IaaS/PaaS Include the cloud in security workflows Cloud Security Orchestration 20
  • 21. CloudLock Platform DLP User Behavior Analytics Central Auditing Configuration Security Encryption Management Apps Firewall Protect the usage of business apps in the cloud Protect the usage of critical infrastructure in the cloud CASB for SaaS CASB for IaaS/PaaS Include the cloud in security workflows Cloud Security Orchestration 21
  • 22. Where is the threat in your environment? http://bit.ly/CL-aws-demo 22
  • 23. Questions Russ Miller Director, Product Marketing Ari Leeds Senior Product Manager 23

Editor's Notes

  1. RUSS
  2. RUSS http://www.computerworld.com/article/3026396/cloud-computing/global-public-cloud-market-expected-to-hit-204b-in-2016.html
  3. http://www.forbes.com/sites/louiscolumbus/2016/03/13/roundup-of-cloud-computing-forecasts-and-market-estimates-2016/#575801f674b0
  4. ARI
  5. Challenge: As the AWS security admin, I need insight into AWS logs, so that I can perform spot checks, produce weekly status reports to my boss and perform forensic analysis as needed. With all the activity in AWS, I need to make sure that I can reduce noise and filter out an activity stream that tells a story that I can follow. CloudLock Capability: In the CloudLock platform, navigate to the “Activities” page. Begin by prepare a series of filters for inclusion: Platform = “AWS” Event Type = “Login”, “Update”, “Create”, “Delete” These normalized event type filters will provide the best insight into your user and data transactions. For deeper insight on known specific AWS raw events, you may use the Raw events filter for finer control.
  6. Challenge: As the security admin, I need to know when our AWS environment has been accessed from IP addresses that are known bad actors or are on our list of black-listed countries, so that I can manage a potential compromise or breach and mitigate further risk. CloudLock Capability: Create a Correlated User Behavior policy specific to the AWS platform. Add “Countries” context criteria and create a Black list. Also, add context for Blacklisted IPs, utilizing the CloudLock CyberLab Suspicious IP Feed. Create a response action to notify the administrator. The incident will be available for review with all related activities included for performing a forensic analysis. The admin can now take appropriate action such as suspending the account or modifying configuration within the AWS console to close the entry point.
  7. Challenge: As the general admin for our AWS console, I need to know when potentially sensitive activities occur that may indicate new access points to our instances, changes in user accounts and updates to Identity Access Management (IAM) roles and policies, so that I can make sure that all changes have been approved and follow company protocol. CloudLock Capability: Create a Correlated User Behavior policy specific to the AWS platform and set the severity to Warning. Add “Events” context criteria and select “Events By Threat Category”. Include the “Sensitive” category and optionally add in “Privilege escalation” to cover permissions changes in the AWS console as well. Optionally, create a response action to notify the administrator immediately or in a daily digest. The incident will be available for review with all related activities included for performing a forensic analysis. The admin can now take appropriate action such as suspending the account or modifying configuration within the AWS console to close the entry point.
  8. Challenge: We have and allow certain types of sensitive data in our AWS environment in specific S3 buckets. However, for compliance and auditing purposes, I need to know exactly where that data resides, so that I can provide an export in the case of an audit. CloudLock Capability: Create a custom or predefined content policy for discovering this data and set the severity level to “Alert” with a policy name that clearly indicates its purpose. Optionally, create a response action to auto-resolve the incident so that it is not mixed up with other unresolved incidents that may actually require immediate attention. When it’s time to provide the results for a compliance audit, simply navigate to the CloudLock incidents page and filter by any/all of the policy names used for this purpose and perform an export.
  9. Challenge: To be in compliance with our PCI data policy, we do not allow any payment card information to be added to our S3 buckets. The threat comes from the applications that are hosted on our AWS instance which allow end-users to upload files. When a file containing PCI information is uploaded, we need to be alerted immediately so that we can take corrective action. CloudLock Capability: Create a PCI policy for discovering this data and set the severity level to “Severe”. Create a response action to notify the administrator. The incident will be available for review with a link to the violating content in AWS, so that the administrator can take actions such as removing the file or redacting the sensitive information in place and resolve the incident.
  10. So that’s a little bit of the first question on Why do something? Let’s talk a little bit about what CloudLock actually does form a product solution standpoint. CloudLock is 100% cloud native and what that means is that CloudLock is running in the cloud we run on top of AWS ourselves and to consume CloudLock there are no agents to be installed no proxies to be installed anywhere it is literally a process that takes a few minutes to connect to our customers environments. Everything we do, we do through API’s both internally and as a way to connect to our customers cloud applications. There are three areas of our platform, these areas are: CASB for SaaS where you use CloudLock to protect data and users and we are unique in the industry in our ability to extend these CASB controls into the apps running on Iaas and Paas. Last but not least we have a cloud sec orchestration play which really means that we integrate with all other moving pieces in the environment.
  11. So let’s break this down a little bit - CASB for SaaS really means taking a level of our core security capabilities - At the bottom of the page you see our security micro services which are the internal security engines that make up our platform and are being applied towards those environments. So when you think about a customer that has SFDC, Box and O365 and really applying CloudLock to those environments means that I as a customer can see if Eric is logging into SFDC at 9:00 AM from SanFran and then at 9:15 logging into Box and downloading data from Boston. That activity is obviously suspicious and we have the UEBA security micro service that can detect that anomalous behavior and flag a potentially compromised account.. Similarly I might be deploying apps from AWS and I need to enforce HIPAA compliance because I am operating in or selling in the Healthcare market and CloudLock has a DLP sec microservice that has the ability to scan and detect sensitive content stored in this case, in aws S3 buckets and flag objects stored in those S3 buckets as containing, in this case HIPAA related information and also the applications that are making use of those pockets and hence that data. And last but not least from an orchestration perspective CloudLock today through our API’s has the ability to integrate into NGF, SWG, SIEM solutions, malware protection solution, IDaaS solutions to provide support for advanced workloads in the environment. For example we can set a policy that grabs files being uploaded into Box and we can send those files to an external sandbox solution for malware scanning looking for zero day threats. We have the ability to connect to Idaas solutions like Okta or OneLogin or others and if we see Eric performing suspicious activities either in the way Eric is downloading or accessing data or the way that Eric is logging into the environment that could suggest that Eric is either being a malicious insider or perhaps Eric’s account has been compromised we could trigger a two factor authentication or terminate Eric’s session through the fact that we can orchestrate or integrate or speak to a SSO or IDaas platform. These are some of the advanced uses cases we can bring to the table through these orchestrations.
  12. Actual Questions: Seed Questions: Does CloudLock see actual data living in the custom apps we have built on AWS? How is that data secured? Tell more more about how you index our data? Do you store any of it? Why should I use CloudLock for AWS? A: Microservices, unlike other CASBs