More Related Content
More from DATA SECURITY SOLUTIONS (17)
Securing Hybrid and Multi Cloud Deployment
- 1. Securing the Hybrid (&
Multi) Cloud
October 2018
Robert Kennedy
Sales Enablement Lead
Cloud Security Solutions
kennedyr@us.ibm.com
- 2. A Journey to Cloud
© 2018 IBM Corporation
MULTI CLOUD
Is SECURITY a
BARRIER ?
HARD TO FIND
TALENT
ZERO to 95%
- 3. Regulators expect the same level of
control in a cloud environment
© 2018 IBM Corporation
Regulators require firms to review the following
before deciding to use cloud services
• Location of data and the related legal jurisdiction
• Identity and access management
• Auditability
• Availability
• Data classification
• Encryption management
• Security incident management
• Business continuity
- 4. Cloud is disrupting enterprise security with shared responsibility
Think 2018 / DOC ID / Month XX, 2018 / © 2018 IBM Corporation
Hybrid CloudEnterprise
Enterprise Security
Traditional security controls and infrastructure operational practices are changing to data
and workload centric cloud security policies, technologies and practices
LoB / Developer
DevOps is evolving
to enforce security
policies (DevSecOps)
CISO Office
SOC is evolving
to allow for disruption
across people, process
and technology
Deploy Test BuildSecure
Security
Policy
Visibility
and Protection
- 5. Native Security IN the Cloud as well as ON the Cloud
Identity
and Access
Management
Data
Protection
Cloud
Network
Security
Workload
Management
Visibility and
Intelligence
Application
Security
Trusted
Cloud
Platform
Trusted
Cloud
Platform
Continuous Security
for Apps
Hyper Protection
for Data
Security IN the Cloud
• Native Platform Security
Services
• Automated and
Continuous DevSecOps
for the LOB
Security ON the Cloud
API-driven Security
• Influence DevSecOps
by the CISO
• Multi-Cloud Visibility
and compliance
Policy-driven Security
CISO Office
LoB / Developer
© 2018 IBM Corporation
- 6. Data Security
Identity &
Access
Network
Security
Application
Security
Security
Visibility
Identity
Governance
Enterprise IAM
Multi Cloud
Encryption
Data activity
monitoring
Workload
security
Threat Protection
virt appliances
Security
Scanning
App Runtime
Protection
Threat
Intelligence
SIEM /Security
Intelligence
Cloud IAM
Identity Service
Storage & Data
Encryption
Key Management Firewalls, IPS/ISD
Network Security
Groups
Vulnerability
Assessment
DevOps Pipeline
Integrations
Activity
Logging
Security
Dashboard
ON the Cloud
• Security capabilities that are
either software, virtual
appliances or consumed as
a service
• Vendor specific user
experience
IN the Cloud
• Native security capabilities
in the Cloud platform
• Delivered as integrated
capabilities and as-a-service
• Integrated experience
The Shared Responsibility Model: Cloud has some security baked in,
……and enterprises need to bring their own
© 2018 IBM Corporation
- 7. Security is an integral part of cloud adoption patterns
Extend On-
Prem to
hybrid cloud
Migrate
workloads to
the cloud
Build
cloud-native
applications
© 2018 IBM Corporation
- 8. Adoption Pattern: Migrate
workloads to the cloud
11 2 3
Security
Assessment
• Cloud Strategy assessment
• Data & App Risk assessment
• Compliance assessment
2
Harden
Security
3
Threat
Management
• Log integration and
monitoring
• Compliance & Incident
Response
• Access Management
• Data Protection
• Network Protection
X-Force Cloud Security Services
© 2018 IBM Corporation
- 10. Adoption Pattern : Build cloud-
native applications
11 2 3
API based
DevSecOps
• API based authentication
• Data protection with encryption
& key mgmt.
• Vulnerability Assessment
2
Integrate with
Enterprise Security
3
Continuous
Compliance
• Integration with cloud
logs & monitoring
• Threat Management &
incident response
• Enterprise SSO & multi-
factor authentication
• Enterprise data protection
• Policy based DevSecOps
X-Force Cloud Security Services
© 2018 IBM Corporation
- 12. Adoption Pattern: Extend On-
Prem to Hybrid Cloud
11 2 3
Data Protection
• Data discovery & classification
• Multi cloud encryption with key
management
• Data activity monitoring
2
Access Management &
Governance
3
Monitoring &
Compliance
• Integration with logs &
continuous monitoring
• Threat management &
compliance
• Access management &
identity propagation
• Privileged identity mgmt.
• Identity governance
X-Force Cloud Security Services
© 2018 IBM Corporation
- 13. Example: Data protection throughout its lifecycle
CISO’s Office
Native Key
Management
Multi-Cloud Data
Encryption
LoB
© 2018 IBM Corporation
- 14. Take action with a maturity
model for cloud security
Extend On-
Prem to
hybrid cloud
Migrate
workloads to
the cloud
Build
cloud-native
applications
• Key Protect - Key management
• Data encryption for block,
object, cloud data services
• BYOK
• Cloud HSM
• App ID - Application user identity
• Runtime Data protection with Intel SGX
• IBM Cloud Private
• Identity Governance &
Intelligence
• Bigfix patch management
• Resilient Incident Response
• Cloud Identity
• Guardium Data Protection
• QRadar Cloud Application
Discovery
• QRadar for VMware
• VMWare Encryption with
BYOK
• Network security groups
• Vulnerability Advisor
• Application Security on Cloud
• QRadar on Cloud
• Hybrid Cloud Security Services
© 2018 IBM Corporation
- 15. Hybrid Cloud 3 Continuous Compliance as a Service offering
Watson learns the regulatory environment, scales the
solution and simplifies the change management process
HC3 Managed Service Includes:
– 24 regulatory jurisdictions across IT and cloud for the
financial sector
– Real time monitoring of relevant regulations
– Creation of a standard control framework extended
from CSA
– Standard controls mapped to regulatory requirements
Includes upfront controls assessment
Fully outsourced managed service available to regulated
institutions on a subscription based model
Linking to risks,
regulations & controls
Policy
framework
Compliance
monitoring
Regulatory
reporting
Compliance breach
reporting
Residual risk
assessment
Feedback to risk
appetite
Regulatory obligations
inventory
Incident
planning
and
response
Controls
Testing
Risk
reporting
Threat
analysis
Risk assessment
Governance
Risk appetite
Controls
Reporting
Risk
management
Standard Control
Framework
© 2018 IBM Corporation
- 16. Cloud Security Strategy Assessment: Path to Secure Cloud Adoption
Current State Assessment
• Current cloud controls
• Compliance standards to
consider
• What is current security state of
an existing cloud?
Gap Analysis
• Can I extend my existing security
solutions?
• What new governance do I need?
• What part of my portfolio is ready
for cloud?
• What is the impact to my security
operations?
High Level Plan
• What’s the multi-year cloud
strategy that address
regulatory, risk, security and
compliance needs
• Do you have the right roles and
responsibilities to support
steady state?
PrepareCurrent
StateAssessment
Roadmap
Assess
Current IT
Security Posture
Catalog Enterprise
Cloud Usage
Recommend
Project
Definitions
Analyze
Perform Gap Analysis
Define Target State
Prepare Executive Report
© 2018 IBM Corporation
- 17. IBM Security Services has been designated by Amazon AWS as a
global integration services partner for AWS GuardDuty.
Quote from AWS:
“Adoption of GuardDuty has blown away our forecasts so we are going to double down and
accelerate our investments in the service.”
- Michael Fuller – Product Manager GuardDuty AWS
Link to AWS GuardDuty page: https://aws.amazon.com/guardduty/
GuardDuty Specific Offerings:
• Security Intelligence & Operations Consulting
SIOC Assessment
• Resilient Incident Response platform
• Managed Security Services
• QRadar (SIEM) use cases for GuardDuty
• Intelligent Security Monitoring (ISM)
© 2018 IBM Corporation
- 19. © Copyright IBM Corporation 2018. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied.
IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or
its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all
countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to
future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or
service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise.
Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product
should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed
to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT
WARRANT THAT ANYSYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
© 2018 IBM Corporation