SlideShare a Scribd company logo

Securing Hybrid and Multi Cloud Deployment

Download as PPTX, PDF
DATA SECURITY SOLUTIONS
DATA SECURITY SOLUTIONS

Robert L Kennedy, security consultant IBM https://dssitsec.eu

Technology
1 of 19
Securing the Hybrid (& Multi) Cloud October 2018 Robert Kennedy Sales Enablement Lead Cloud Security Solutions kennedyr@us.ibm.com
A Journey to Cloud © 2018 IBM Corporation MULTI CLOUD Is SECURITY a BARRIER ? HARD TO FIND TALENT ZERO to 95%
Regulators expect the same level of control in a cloud environment © 2018 IBM Corporation Regulators require firms to review the following before deciding to use cloud services • Location of data and the related legal jurisdiction • Identity and access management • Auditability • Availability • Data classification • Encryption management • Security incident management • Business continuity
Cloud is disrupting enterprise security with shared responsibility Think 2018 / DOC ID / Month XX, 2018 / © 2018 IBM Corporation Hybrid CloudEnterprise Enterprise Security Traditional security controls and infrastructure operational practices are changing to data and workload centric cloud security policies, technologies and practices LoB / Developer DevOps is evolving to enforce security policies (DevSecOps) CISO Office SOC is evolving to allow for disruption across people, process and technology Deploy Test BuildSecure Security Policy Visibility and Protection
Native Security IN the Cloud as well as ON the Cloud Identity and Access Management Data Protection Cloud Network Security Workload Management Visibility and Intelligence Application Security Trusted Cloud Platform Trusted Cloud Platform Continuous Security for Apps Hyper Protection for Data Security IN the Cloud • Native Platform Security Services • Automated and Continuous DevSecOps for the LOB Security ON the Cloud API-driven Security • Influence DevSecOps by the CISO • Multi-Cloud Visibility and compliance Policy-driven Security CISO Office LoB / Developer © 2018 IBM Corporation
Data Security Identity & Access Network Security Application Security Security Visibility Identity Governance Enterprise IAM Multi Cloud Encryption Data activity monitoring Workload security Threat Protection virt appliances Security Scanning App Runtime Protection Threat Intelligence SIEM /Security Intelligence Cloud IAM Identity Service Storage & Data Encryption Key Management Firewalls, IPS/ISD Network Security Groups Vulnerability Assessment DevOps Pipeline Integrations Activity Logging Security Dashboard ON the Cloud • Security capabilities that are either software, virtual appliances or consumed as a service • Vendor specific user experience IN the Cloud • Native security capabilities in the Cloud platform • Delivered as integrated capabilities and as-a-service • Integrated experience The Shared Responsibility Model: Cloud has some security baked in, ……and enterprises need to bring their own © 2018 IBM Corporation
Security is an integral part of cloud adoption patterns Extend On- Prem to hybrid cloud Migrate workloads to the cloud Build cloud-native applications © 2018 IBM Corporation
Adoption Pattern: Migrate workloads to the cloud 11 2 3 Security Assessment • Cloud Strategy assessment • Data & App Risk assessment • Compliance assessment 2 Harden Security 3 Threat Management • Log integration and monitoring • Compliance & Incident Response • Access Management • Data Protection • Network Protection X-Force Cloud Security Services © 2018 IBM Corporation
Example: Identifying misconfigured access in AWS © 2018 IBM Corporation
Adoption Pattern : Build cloud- native applications 11 2 3 API based DevSecOps • API based authentication • Data protection with encryption & key mgmt. • Vulnerability Assessment 2 Integrate with Enterprise Security 3 Continuous Compliance • Integration with cloud logs & monitoring • Threat Management & incident response • Enterprise SSO & multi- factor authentication • Enterprise data protection • Policy based DevSecOps X-Force Cloud Security Services © 2018 IBM Corporation
Example: Integrate cloud native application with enterprise identity © 2018 IBM Corporation
Adoption Pattern: Extend On- Prem to Hybrid Cloud 11 2 3 Data Protection • Data discovery & classification • Multi cloud encryption with key management • Data activity monitoring 2 Access Management & Governance 3 Monitoring & Compliance • Integration with logs & continuous monitoring • Threat management & compliance • Access management & identity propagation • Privileged identity mgmt. • Identity governance X-Force Cloud Security Services © 2018 IBM Corporation
Example: Data protection throughout its lifecycle CISO’s Office Native Key Management Multi-Cloud Data Encryption LoB © 2018 IBM Corporation
Take action with a maturity model for cloud security Extend On- Prem to hybrid cloud Migrate workloads to the cloud Build cloud-native applications • Key Protect - Key management • Data encryption for block, object, cloud data services • BYOK • Cloud HSM • App ID - Application user identity • Runtime Data protection with Intel SGX • IBM Cloud Private • Identity Governance & Intelligence • Bigfix patch management • Resilient Incident Response • Cloud Identity • Guardium Data Protection • QRadar Cloud Application Discovery • QRadar for VMware • VMWare Encryption with BYOK • Network security groups • Vulnerability Advisor • Application Security on Cloud • QRadar on Cloud • Hybrid Cloud Security Services © 2018 IBM Corporation
Hybrid Cloud 3 Continuous Compliance as a Service offering Watson learns the regulatory environment, scales the solution and simplifies the change management process HC3 Managed Service Includes: – 24 regulatory jurisdictions across IT and cloud for the financial sector – Real time monitoring of relevant regulations – Creation of a standard control framework extended from CSA – Standard controls mapped to regulatory requirements Includes upfront controls assessment Fully outsourced managed service available to regulated institutions on a subscription based model Linking to risks, regulations & controls Policy framework Compliance monitoring Regulatory reporting Compliance breach reporting Residual risk assessment Feedback to risk appetite Regulatory obligations inventory Incident planning and response Controls Testing Risk reporting Threat analysis Risk assessment Governance Risk appetite Controls Reporting Risk management Standard Control Framework © 2018 IBM Corporation
Cloud Security Strategy Assessment: Path to Secure Cloud Adoption Current State Assessment • Current cloud controls • Compliance standards to consider • What is current security state of an existing cloud? Gap Analysis • Can I extend my existing security solutions? • What new governance do I need? • What part of my portfolio is ready for cloud? • What is the impact to my security operations? High Level Plan • What’s the multi-year cloud strategy that address regulatory, risk, security and compliance needs • Do you have the right roles and responsibilities to support steady state? PrepareCurrent StateAssessment Roadmap Assess Current IT Security Posture Catalog Enterprise Cloud Usage Recommend Project Definitions Analyze Perform Gap Analysis Define Target State Prepare Executive Report © 2018 IBM Corporation
IBM Security Services has been designated by Amazon AWS as a global integration services partner for AWS GuardDuty. Quote from AWS: “Adoption of GuardDuty has blown away our forecasts so we are going to double down and accelerate our investments in the service.” - Michael Fuller – Product Manager GuardDuty AWS Link to AWS GuardDuty page: https://aws.amazon.com/guardduty/ GuardDuty Specific Offerings: • Security Intelligence & Operations Consulting SIOC Assessment • Resilient Incident Response platform • Managed Security Services • QRadar (SIEM) use cases for GuardDuty • Intelligent Security Monitoring (ISM) © 2018 IBM Corporation
Identity and Access Management Data Protection Cloud Network Security Workload Management Visibility and Intelligence Application Security Secure Dev Ops IBM Cloud Security: Comprehensive security to empower cloud transformation with confidence. • The only security vendor that is also a major cloud infrastructure provider • The only vendor with leading cloud security solutions across IAM, Visibility & Monitoring, data protection and services • The largest enterprise security organization – with 8,000 professionals • Chosen by AWS to provide global security services for AWS IBM Security for the Cloud Offering Map © 2018 IBM Corporation
© Copyright IBM Corporation 2018. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANYSYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. © 2018 IBM Corporation

Recommended

The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
DATA SECURITY SOLUTIONS
 
MLM or how to look at company users with new eyes
MLM or how to look at company users with new eyesMLM or how to look at company users with new eyes
MLM or how to look at company users with new eyes
DATA SECURITY SOLUTIONS
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defense
DATA SECURITY SOLUTIONS
 
How to maintain business equality secured in network and cloud
How to maintain business equality secured in network and cloudHow to maintain business equality secured in network and cloud
How to maintain business equality secured in network and cloud
DATA SECURITY SOLUTIONS
 
Forensic tool development with rust
Forensic tool development with rustForensic tool development with rust
Forensic tool development with rust
DATA SECURITY SOLUTIONS
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmap
DATA SECURITY SOLUTIONS
 
Transform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wanTransform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wan
DATA SECURITY SOLUTIONS
 
How to discover vulnerabilities in business and mission critical systems
How to discover vulnerabilities in business and mission critical systemsHow to discover vulnerabilities in business and mission critical systems
How to discover vulnerabilities in business and mission critical systems
DATA SECURITY SOLUTIONS
 

Recommended

The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
DATA SECURITY SOLUTIONS
 
MLM or how to look at company users with new eyes
MLM or how to look at company users with new eyesMLM or how to look at company users with new eyes
MLM or how to look at company users with new eyes
DATA SECURITY SOLUTIONS
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defense
DATA SECURITY SOLUTIONS
 
How to maintain business equality secured in network and cloud
How to maintain business equality secured in network and cloudHow to maintain business equality secured in network and cloud
How to maintain business equality secured in network and cloud
DATA SECURITY SOLUTIONS
 
Forensic tool development with rust
Forensic tool development with rustForensic tool development with rust
Forensic tool development with rust
DATA SECURITY SOLUTIONS
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmap
DATA SECURITY SOLUTIONS
 
Transform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wanTransform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wan
DATA SECURITY SOLUTIONS
 
How to discover vulnerabilities in business and mission critical systems
How to discover vulnerabilities in business and mission critical systemsHow to discover vulnerabilities in business and mission critical systems
How to discover vulnerabilities in business and mission critical systems
DATA SECURITY SOLUTIONS
 
Protecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricProtecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabric
DATA SECURITY SOLUTIONS
 
Patching: answers to questions you probably were afraid to ask about oracle s...
Patching: answers to questions you probably were afraid to ask about oracle s...Patching: answers to questions you probably were afraid to ask about oracle s...
Patching: answers to questions you probably were afraid to ask about oracle s...
DATA SECURITY SOLUTIONS
 
Practical approach to NIS Directive's incident management
Practical approach to NIS Directive's incident managementPractical approach to NIS Directive's incident management
Practical approach to NIS Directive's incident management
DATA SECURITY SOLUTIONS
 
When network security is not enough
When network security is not enoughWhen network security is not enough
When network security is not enough
DATA SECURITY SOLUTIONS
 
New security solutions for next generation of IT
New security solutions for next generation of ITNew security solutions for next generation of IT
New security solutions for next generation of IT
DATA SECURITY SOLUTIONS
 
Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data
DATA SECURITY SOLUTIONS
 
Network is the Firewall
Network is the FirewallNetwork is the Firewall
Network is the Firewall
DATA SECURITY SOLUTIONS
 
Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.
DATA SECURITY SOLUTIONS
 
Secure enterprise mobility
Secure enterprise mobilitySecure enterprise mobility
Secure enterprise mobility
DATA SECURITY SOLUTIONS
 
North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...
DATA SECURITY SOLUTIONS
 
IoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware SecurityIoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware Security
DATA SECURITY SOLUTIONS
 
Cyber crime as a startup
Cyber crime as a startupCyber crime as a startup
Cyber crime as a startup
DATA SECURITY SOLUTIONS
 
Services evolution in cybercrime economics
Services evolution in cybercrime economicsServices evolution in cybercrime economics
Services evolution in cybercrime economics
DATA SECURITY SOLUTIONS
 
FSDI Latvia presentation 2018
FSDI Latvia presentation 2018FSDI Latvia presentation 2018
FSDI Latvia presentation 2018
DATA SECURITY SOLUTIONS
 
CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...
CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...
CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...
DATA SECURITY SOLUTIONS
 
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...
DATA SECURITY SOLUTIONS
 
A deep walk on the dark side of information security
A deep walk on the dark side of information securityA deep walk on the dark side of information security
A deep walk on the dark side of information security
DATA SECURITY SOLUTIONS
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
 

More Related Content

More from DATA SECURITY SOLUTIONS

More from DATA SECURITY SOLUTIONS (17)

Protecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricProtecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabric
 
Patching: answers to questions you probably were afraid to ask about oracle s...
Patching: answers to questions you probably were afraid to ask about oracle s...Patching: answers to questions you probably were afraid to ask about oracle s...
Patching: answers to questions you probably were afraid to ask about oracle s...
 
Practical approach to NIS Directive's incident management
Practical approach to NIS Directive's incident managementPractical approach to NIS Directive's incident management
Practical approach to NIS Directive's incident management
 
When network security is not enough
When network security is not enoughWhen network security is not enough
When network security is not enough
 
New security solutions for next generation of IT
New security solutions for next generation of ITNew security solutions for next generation of IT
New security solutions for next generation of IT
 
Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data
 
Network is the Firewall
Network is the FirewallNetwork is the Firewall
Network is the Firewall
 
Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.
 
Secure enterprise mobility
Secure enterprise mobilitySecure enterprise mobility
Secure enterprise mobility
 
North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...
 
IoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware SecurityIoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware Security
 
Cyber crime as a startup
Cyber crime as a startupCyber crime as a startup
Cyber crime as a startup
 
Services evolution in cybercrime economics
Services evolution in cybercrime economicsServices evolution in cybercrime economics
Services evolution in cybercrime economics
 
FSDI Latvia presentation 2018
FSDI Latvia presentation 2018FSDI Latvia presentation 2018
FSDI Latvia presentation 2018
 
CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...
CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...
CloudGen Firewall, SD-WAN, WAF security - Protection and Performance in the C...
 
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...
 
A deep walk on the dark side of information security
A deep walk on the dark side of information securityA deep walk on the dark side of information security
A deep walk on the dark side of information security
 

Recently uploaded

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Securing Hybrid and Multi Cloud Deployment

  • 1. Securing the Hybrid (& Multi) Cloud October 2018 Robert Kennedy Sales Enablement Lead Cloud Security Solutions kennedyr@us.ibm.com
  • 2. A Journey to Cloud © 2018 IBM Corporation MULTI CLOUD Is SECURITY a BARRIER ? HARD TO FIND TALENT ZERO to 95%
  • 3. Regulators expect the same level of control in a cloud environment © 2018 IBM Corporation Regulators require firms to review the following before deciding to use cloud services • Location of data and the related legal jurisdiction • Identity and access management • Auditability • Availability • Data classification • Encryption management • Security incident management • Business continuity
  • 4. Cloud is disrupting enterprise security with shared responsibility Think 2018 / DOC ID / Month XX, 2018 / © 2018 IBM Corporation Hybrid CloudEnterprise Enterprise Security Traditional security controls and infrastructure operational practices are changing to data and workload centric cloud security policies, technologies and practices LoB / Developer DevOps is evolving to enforce security policies (DevSecOps) CISO Office SOC is evolving to allow for disruption across people, process and technology Deploy Test BuildSecure Security Policy Visibility and Protection
  • 5. Native Security IN the Cloud as well as ON the Cloud Identity and Access Management Data Protection Cloud Network Security Workload Management Visibility and Intelligence Application Security Trusted Cloud Platform Trusted Cloud Platform Continuous Security for Apps Hyper Protection for Data Security IN the Cloud • Native Platform Security Services • Automated and Continuous DevSecOps for the LOB Security ON the Cloud API-driven Security • Influence DevSecOps by the CISO • Multi-Cloud Visibility and compliance Policy-driven Security CISO Office LoB / Developer © 2018 IBM Corporation
  • 6. Data Security Identity & Access Network Security Application Security Security Visibility Identity Governance Enterprise IAM Multi Cloud Encryption Data activity monitoring Workload security Threat Protection virt appliances Security Scanning App Runtime Protection Threat Intelligence SIEM /Security Intelligence Cloud IAM Identity Service Storage & Data Encryption Key Management Firewalls, IPS/ISD Network Security Groups Vulnerability Assessment DevOps Pipeline Integrations Activity Logging Security Dashboard ON the Cloud • Security capabilities that are either software, virtual appliances or consumed as a service • Vendor specific user experience IN the Cloud • Native security capabilities in the Cloud platform • Delivered as integrated capabilities and as-a-service • Integrated experience The Shared Responsibility Model: Cloud has some security baked in, ……and enterprises need to bring their own © 2018 IBM Corporation
  • 7. Security is an integral part of cloud adoption patterns Extend On- Prem to hybrid cloud Migrate workloads to the cloud Build cloud-native applications © 2018 IBM Corporation
  • 8. Adoption Pattern: Migrate workloads to the cloud 11 2 3 Security Assessment • Cloud Strategy assessment • Data & App Risk assessment • Compliance assessment 2 Harden Security 3 Threat Management • Log integration and monitoring • Compliance & Incident Response • Access Management • Data Protection • Network Protection X-Force Cloud Security Services © 2018 IBM Corporation
  • 9. Example: Identifying misconfigured access in AWS © 2018 IBM Corporation
  • 10. Adoption Pattern : Build cloud- native applications 11 2 3 API based DevSecOps • API based authentication • Data protection with encryption & key mgmt. • Vulnerability Assessment 2 Integrate with Enterprise Security 3 Continuous Compliance • Integration with cloud logs & monitoring • Threat Management & incident response • Enterprise SSO & multi- factor authentication • Enterprise data protection • Policy based DevSecOps X-Force Cloud Security Services © 2018 IBM Corporation
  • 11. Example: Integrate cloud native application with enterprise identity © 2018 IBM Corporation
  • 12. Adoption Pattern: Extend On- Prem to Hybrid Cloud 11 2 3 Data Protection • Data discovery & classification • Multi cloud encryption with key management • Data activity monitoring 2 Access Management & Governance 3 Monitoring & Compliance • Integration with logs & continuous monitoring • Threat management & compliance • Access management & identity propagation • Privileged identity mgmt. • Identity governance X-Force Cloud Security Services © 2018 IBM Corporation
  • 13. Example: Data protection throughout its lifecycle CISO’s Office Native Key Management Multi-Cloud Data Encryption LoB © 2018 IBM Corporation
  • 14. Take action with a maturity model for cloud security Extend On- Prem to hybrid cloud Migrate workloads to the cloud Build cloud-native applications • Key Protect - Key management • Data encryption for block, object, cloud data services • BYOK • Cloud HSM • App ID - Application user identity • Runtime Data protection with Intel SGX • IBM Cloud Private • Identity Governance & Intelligence • Bigfix patch management • Resilient Incident Response • Cloud Identity • Guardium Data Protection • QRadar Cloud Application Discovery • QRadar for VMware • VMWare Encryption with BYOK • Network security groups • Vulnerability Advisor • Application Security on Cloud • QRadar on Cloud • Hybrid Cloud Security Services © 2018 IBM Corporation
  • 15. Hybrid Cloud 3 Continuous Compliance as a Service offering Watson learns the regulatory environment, scales the solution and simplifies the change management process HC3 Managed Service Includes: – 24 regulatory jurisdictions across IT and cloud for the financial sector – Real time monitoring of relevant regulations – Creation of a standard control framework extended from CSA – Standard controls mapped to regulatory requirements Includes upfront controls assessment Fully outsourced managed service available to regulated institutions on a subscription based model Linking to risks, regulations & controls Policy framework Compliance monitoring Regulatory reporting Compliance breach reporting Residual risk assessment Feedback to risk appetite Regulatory obligations inventory Incident planning and response Controls Testing Risk reporting Threat analysis Risk assessment Governance Risk appetite Controls Reporting Risk management Standard Control Framework © 2018 IBM Corporation
  • 16. Cloud Security Strategy Assessment: Path to Secure Cloud Adoption Current State Assessment • Current cloud controls • Compliance standards to consider • What is current security state of an existing cloud? Gap Analysis • Can I extend my existing security solutions? • What new governance do I need? • What part of my portfolio is ready for cloud? • What is the impact to my security operations? High Level Plan • What’s the multi-year cloud strategy that address regulatory, risk, security and compliance needs • Do you have the right roles and responsibilities to support steady state? PrepareCurrent StateAssessment Roadmap Assess Current IT Security Posture Catalog Enterprise Cloud Usage Recommend Project Definitions Analyze Perform Gap Analysis Define Target State Prepare Executive Report © 2018 IBM Corporation
  • 17. IBM Security Services has been designated by Amazon AWS as a global integration services partner for AWS GuardDuty. Quote from AWS: “Adoption of GuardDuty has blown away our forecasts so we are going to double down and accelerate our investments in the service.” - Michael Fuller – Product Manager GuardDuty AWS Link to AWS GuardDuty page: https://aws.amazon.com/guardduty/ GuardDuty Specific Offerings: • Security Intelligence & Operations Consulting SIOC Assessment • Resilient Incident Response platform • Managed Security Services • QRadar (SIEM) use cases for GuardDuty • Intelligent Security Monitoring (ISM) © 2018 IBM Corporation
  • 18. Identity and Access Management Data Protection Cloud Network Security Workload Management Visibility and Intelligence Application Security Secure Dev Ops IBM Cloud Security: Comprehensive security to empower cloud transformation with confidence. • The only security vendor that is also a major cloud infrastructure provider • The only vendor with leading cloud security solutions across IAM, Visibility & Monitoring, data protection and services • The largest enterprise security organization – with 8,000 professionals • Chosen by AWS to provide global security services for AWS IBM Security for the Cloud Offering Map © 2018 IBM Corporation
  • 19. © Copyright IBM Corporation 2018. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANYSYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. © 2018 IBM Corporation