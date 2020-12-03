Successfully reported this slideshow.
How to Govern Identities and Manage Entitlements in Cloud Infrastructure AppsFlyer Case Study
75% Gartner predicts that “by 2023, 75% of security failures will result from mismanagement of IAM privileges”
79% of the respondents admitted to experiencing a cloud data breach in the past 18 months 3 IDC Survey of 300 US CISOs Con...
CIEM •Cloud Infrastructure Entitlement Management (CIEM) – a new category named by Gartner CIG Cloud Identity Governance (...
5 ▪ A toxic combination: ▪ EC2 is exposed to the internet ▪ EC2 has privileged permissions ▪ The role is over-provisioned ...
Common Challenges 6 “ Knowing who can access what and making permissions granular are top goals for security teams ” Steph...
Governing Identities and Entitlements in IaaS and PaaS 7 Platform Capabilities Visibility Discover all human and machine i...
10 Marketing measurement and analytics platform What is AppsFlyer?
11 AppsFlyer In Numbers Marketers and Developers 75K+ 55B+ Mobile Actions Measured Per Month 5,000+ Integrated Partners 7B...
260 56 Number of Developers Last 2 years
13 WE ARE OUTNUMBERED </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> ...
17 Security @AppsFlyer Guardrails, not Gates!
18 Security work isn’t “special”. It gets planned the same as other engineering work.
19 How do we do it?
20 New Service Host Image Container Image Secrets Dependencies Health, Logs, Utils Other services Network
New Service Host Image Container Image Secrets Dependencies Health, Logs, Utils Other services AWS Account Security Groups...
Demo
24 ▪ SaaS platform ▪ Subscription service ▪ Predictable pricing model ▪ API-based, agent-less ▪ Rapid, easy deployment ▪ R...
Introducing Ermetic Full-stack Cloud Identity Governance and Entitlement Management Solution 25 Unique Leadership Truly Gl...
THANK YOU
Introducing Ermetic Full-stack Cloud Identity Governance and Entitlement Management Solution 27 Amy Ariel, CMO Meta Networ...
It is Difficult to Manage Entitlements in Public Cloud Infrastructure 28 • Lack of visibility • Complex configurations • H...
It is Difficult to Manage Entitlements in Public Cloud Infrastructure 29 • Lack of visibility • Complex configurations • H...
  1. 1. How to Govern Identities and Manage Entitlements in Cloud Infrastructure AppsFlyer Case Study
  2. 2. 75% Gartner predicts that “by 2023, 75% of security failures will result from mismanagement of IAM privileges”
  3. 3. 79% of the respondents admitted to experiencing a cloud data breach in the past 18 months 3 IDC Survey of 300 US CISOs Confirms the Challenge Top IaaS/PaaS Concerns In a survey of 300 companies in the United States, we asked senior decision makers responsible for cloud security about their concerns regarding their cloud production environments. Below are the top responses. Security Misconfigurations IAM Lack of Visibility Improper IAM Configurations 67% 64 % 62 %
  4. 4. CIEM •Cloud Infrastructure Entitlement Management (CIEM) – a new category named by Gartner CIG Cloud Identity Governance (CIG) – a new category named by Forrester
  5. 5. 5 ▪ A toxic combination: ▪ EC2 is exposed to the internet ▪ EC2 has privileged permissions ▪ The role is over-provisioned ▪ Potential mitigation: ▪ Review and remove risky permissions ▪ Review network exposure CASE STUDY Poor Access Controls Lead to Cloud Breaches EC2 Virtual Server S3 Virtual Storage AWS Account Internet Network exposure Privileged permissions
  6. 6. Common Challenges 6 “ Knowing who can access what and making permissions granular are top goals for security teams ” Stephen Schmidt, CISO, AWS ▪ Quantify IAM risk ▪ Resolve organizational disconnects ▪ Govern 3rd party (e.g. SaaS) access ▪ Govern user and machine permissions ▪ Protect access to sensitive resources ▪ Unblock access and accelerate business
  7. 7. Governing Identities and Entitlements in IaaS and PaaS 7 Platform Capabilities Visibility Discover all human and machine identities, data and compute resources, roles and policies Analytics Analyze all access policies and activity to model and identify risks, while ensuring business continuity Enforcement Eliminate excessive access and privileges based on actual access patterns and data sensitivity • “Who can access what?” • “Which resources this user can access?” • “Who has access to this bucket?” • “Who are all my privileged users?” • “What is the risk of this 3rd party?” • “What permissions does this app require?” • “How do I remove stale access, at scale?” • “How do I remediate over provisioned users and apps?”
  8. 8. 8
  9. 9. 9
  10. 10. 10 Marketing measurement and analytics platform What is AppsFlyer?
  11. 11. 11 AppsFlyer In Numbers Marketers and Developers 75K+ 55B+ Mobile Actions Measured Per Month 5,000+ Integrated Partners 7B+ Devices with AppsFlyer SDK 0 On-Prem Servers 100B+ Mobile Actions Measured Per Month 3+5 3 Different cloud providers (AWS, GCP, AliCloud) in 5 Different countries 15,000+ Servers 80T Of Data on a Daily Basis
  12. 12. 260 56 Number of Developers Last 2 years
  13. 13. 13 WE ARE OUTNUMBERED </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </> </>
  14. 14. 14
  15. 15. 15
  16. 16. 16
  17. 17. 17 Security @AppsFlyer Guardrails, not Gates!
  18. 18. 18 Security work isn’t “special”. It gets planned the same as other engineering work.
  19. 19. 19 How do we do it?
  20. 20. 20 New Service Host Image Container Image Secrets Dependencies Health, Logs, Utils Other services Network
  21. 21. New Service Host Image Container Image Secrets Dependencies Health, Logs, Utils Other services AWS Account Security Groups & IAM Configuration Network
  22. 22. 22
  23. 23. Demo
  24. 24. 24 ▪ SaaS platform ▪ Subscription service ▪ Predictable pricing model ▪ API-based, agent-less ▪ Rapid, easy deployment ▪ REST API ▪ IaC support Technology, Architecture, and Licensing
  25. 25. Introducing Ermetic Full-stack Cloud Identity Governance and Entitlement Management Solution 25 Unique Leadership Truly Global Presence Your picture here USD 30M Investment Arick Goomanovsky CBO & Co-founder
  26. 26. THANK YOU
  27. 27. Introducing Ermetic Full-stack Cloud Identity Governance and Entitlement Management Solution 27 Amy Ariel, CMO Meta Networks (PFPT), Secdo (PAN) Shai Morag, CEO Secdo (PAN), Integrity P. (MLNX) 8200, Talpiot elite program Michael Dolinsky, CTO Aorato (MSFT) IDF cybersecurity unit Sivan Krigsman, CPO Aorato (MSFT) Israeli Air Force Leadership Arick Goomanovsky, CBO Sygnia (Temasek), McKinsey 8200, Talpiot elite program USD 30M Investment
  28. 28. It is Difficult to Manage Entitlements in Public Cloud Infrastructure 28 • Lack of visibility • Complex configurations • High scale KMS AWS Cloud IAM user Role3 DynamoDB RDS S3 KMS DynamoDB RDS S3
  29. 29. It is Difficult to Manage Entitlements in Public Cloud Infrastructure 29 • Lack of visibility • Complex configurations • High scale KMS AWS Cloud IAM user Role3 DynamoDB RDS S3 KMS DynamoDB RDS S3

