Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cloud-native security principles
•Download as PPTX, PDF•
0 likes•28 views
Most information security (InfoSec) teams have a good handle on the manner in which InfoSec is designed and managed for internal or monolithic applications, but what about the cloud? The VMware InfoSec Architecture function had to redesign and reimagine those structures and models to fit a highly adaptive cloud world—all while taking into account containers, microservices, IoT, and other cutting edge advances our business employing now. Topics covered include a quick overview of the ecosystem at VMware, our methodology for high-performing InfoSec, how we have adapted our old models and architected them into our new services and solutions, and how we created our cloud security architecture model.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cloud-native security principles
Similar to Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cloud-native security principles (20)
More from Cloud Security Alliance, UK chapter
More from Cloud Security Alliance, UK chapter (11)
Recently uploaded
Recently uploaded (20)
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cloud-native security principles
- 1. Confidential │ ©2019 VMware, Inc. VMware Information Security Safe as Clouds May 2019
- 2. Confidential │ ©2019 VMware, Inc. Agenda 2 Introductions (already done) VMware InfoSec Security Principles for the Hybrid Cloud Conclusion and Q&A Close
- 3. 3Confidential │ ©2019 VMware, Inc. VMware Information Security Our foundation
- 4. Confidential │ ©2019 VMware, Inc. 4 Our task is to activate the trait Security is already in our DNA Think differently Take risks Innovate at speed Be secure
- 5. Confidential │ ©2019 VMware, Inc. 5 Focus on simplicity The foundation and five core pillars of Cyber Hygiene Culture Culture Our people are open and communicative, the geographically dispersed team is focused on improving the user and developer experience and reducing the security “hurdles” Stewardship Our goal is to have all critical patches deployed within 24 hours, all cloud services running on the latest releases, all CI/CD tools and containers on current version Managed Identity Focusing on controlling privileged access, whether to on-prem, cloud or hybrid environments both reduces the risk of harmful mistakes and limits the ability for any malicious activity. Micro-Segmentation Micro-segmenting our applications (and stretching into the physical world now too) allows for simpler control, increased automation and more meaningful alerting, thus reducing the need for 3rd party tools and complex management solutions Encryption Ensuring all our devices and data traffic are encrypted reduces our risks of data breaches due to device loss or network intrusion and we maintain 99%+ compliance to this metric Next-gen Authentication We are working to remove passwords from VMware systems using next generation Multi- Factor tools. We require all external access, and all access to our cloud platforms and services, to be via MFA or our vIDM tool.
- 6. Confidential │ ©2019 VMware, Inc. 6 Plus one more The three core information security activities Scanning Actively looking for ways to make the system better Hygiene Living by the pillars of cyber hygiene, being meticulously secure Monitoring Knowing what the systems should be doing and consistently checking for anomalies Plus one more…
- 7. 7Confidential │ ©2019 VMware, Inc. Security Principles Changing the ubiquitous
- 8. Confidential │ ©2019 VMware, Inc. 8
- 9. Confidential │ ©2019 VMware, Inc. 9 Core principles Confidentiality / Integrity / Availability Ensure protection of sensitive systems and data Ensure received data is the same as the transmitted data Ensure services function as per purpose and function C I A
- 10. Confidential │ ©2019 VMware, Inc. 10 Security should be built in to systems from their inception, such that a “known good” baseline can be established early. Security controls shall be commensurate with both the value and the risk associated with the asset being protected. Understand Risk Secure by design Value based security controls Manage the security investment properly from the start
- 11. Confidential │ ©2019 VMware, Inc. 11 Access to resources is denied by default, provisioned based on the concept of least privilege, and dictated by business requirements. Embrace the concepts of both defense in depth and compartmentalization, establish what good looks like and have zero trust for all activity that deviates from the known good. Defense in Depth Least Privilege Insulation Micro-segmentation and least privilege isn’t just for on-premise systems
- 12. Confidential │ ©2019 VMware, Inc. 12 Security controls must be automated whenever possible and designed to not rely on human judgment or enactment. Human validation must be the preferred operational security stance. Errors are inevitable, build security controls to accurately audit activity. Ensure controls compensate for, recover from and rapidly diagnose error conditions Plan for failures Standardize and Automate P-D-C-A Plan – Do – Check - Act
- 13. 13Confidential │ ©2019 VMware, Inc. Conclusion Any questions?
- 14. Confidential │ ©2019 VMware, Inc. 14 Making principles into practices Embedding the principles in our culture Security community DevOps community Entire user base
- 15. Confidential │ ©2019 VMware, Inc. Thank You
Editor's Notes
- Session Title: Safe as Clouds. The Journey from Legacy to Cloud-Native Security Principles Type: Breakout Session Abstract: Most information security (InfoSec) teams have a good handle on the manner in which InfoSec is designed and managed for internal or monolithic applications, but what about the cloud? The VMware InfoSec Architecture function had to redesign and reimagine those structures and models to fit a highly adaptive cloud world—all while taking into account containers, microservices, IoT, and other cutting edge advances our business employing now. Topics covered include a quick overview of the ecosystem at VMware, our methodology for high-performing InfoSec, how we have adapted our old models and architectected them into our new services and solutions, and how we created our cloud security architecture model. Submitting to Present at VMworld: Both Main Track: Network and Security Sub Track: Secure Application Infrastructure Products: Pulse IoT, VMware Cloud on AWS Technical Level: Management level Session Participants: Brad Doctor , Craig Savage – Information Security
- Making the point that as a person, we’re all capable of being intrinsically secure, activating this ability in the corporate world is key to having a secure by default organization.
- Principle: Security controls must not rely on secrecy or obscurity for effectiveness. Rationale: Obscure configurations do not provide any meaningful measure of security. Effective security designs can withstand scrutiny without being compromised. Implications: Security by obscurity is not acceptable, the design of security controls will be open for evaluation by parties that have a stake and interest in VMware security.
- Confidentiality – Focus in the Cloud is around the interception of credentials (user/API/etc), encryption far more critical than previously, understanding how shared hosting can impact confidentiality Integrity – moving towards certificate based validation, secure channels of communication and micro segmentation to limit transmission interception/manipulation Availability- Focus shifts to purpose and function, recoverability plans, protecting access to data
- Rationale: Perfect security does not exist, and security controls can be expensive in terms of financial and human resources to implement and maintain. Additionally, not all resources have the same value or risk. As such, it is critical to focus primary efforts on securing the most valuable and highest risk assets. Implications: When prioritizing security spending and resources, the value of the system being protected, and the risk associated with operating the asset will be prime considerations. Overall security effort will be weighted toward the assets that are of the highest value to VMware and whose compromise presents the greatest risk. Not all assets will be protected equally. Rationale: Security is a requirement and feature best implemented at design-time. Attempting to secure a system after it has been implemented and deployed is costlier, more intrusive and less effective. Implications: Systems and projects will be reviewed for security implications and design issues as early in the development process as is feasible. There may be a “security tax” associated with new developments and implementations.
- D-i-D Rationale: Compartmentalizing systems for security purposes helps localize security issues and contain incidents. Providing defense in depth enables multiple means of thwarting a particular threat, which decreases the likelihood that the threat will be exploited. Knowing when there has been a deviation from established baseline enables detection of new exploits. Implications: Security controls will be layered and will include technical, process, and people controls as well as preventive, detective, and recovery measures. System design should take threat models into account to help identify effective controls. Trust levels and exposure to threats will drive system, application, and network design and segmentation. Internal servers will not be permitted to run services listening on the Internet - use of secure transfer servers in public DMZs must be used to transfer data between external and internal systems. LP Rationale: Resource access is governed by least privilege – only the minimum level of access required will be granted. Any unnecessary access to resources can be considered a risk. Implications: Business requirements drive security controls and resource access. System design must consider access requirements. Controls that streamline access management and help detect failures in the resource control model will be favored. Systems shall be configured to maximize security and minimize the available services to unauthorized individuals.
- Rationale: Any security control implemented must directly support security policies and standards. Auditability of controls helps validate this link between controls and policy and provides transparency and assurance to internal and external business partners. Implications: The implementation and management of security controls will be driven by policy and standards. Audit, monitoring, and integrity features will be key selection criteria for security controls. Rationale: Procuring, implementing, and managing multiple security solutions that address the same issue is not cost-effective. Solutions that can be implemented across all supported platforms will be more manageable and effective. Implications: Preference will be given to those security solutions that are platform independent. Exceptions to security policies must be actively managed and monitored. Rationale: Controls that rely on human enforcement and judgment are by nature unreliable. Whenever possible, controls that can be automatically and consistently enforced must be selected. Implications: Controls that provide automated and consistent enforcement are preferred. Security controls that have significant manual requirements will, in general, not be pursued.