IPEXPO presentation on 10 things to consider when moving from datacenter only environments to cloud based infrastrucutre. Highlights some of the security considerations and things to think about.
8. 8
Understand cloud services in your organization
Understand access patterns
1 Use tools and technology to understand how Cloud apps/
technologies are being used in your company
Understand devices connecting to your apps
Strategy 1 – Visibility
9. 9
Policy, Compliance,
Access Control
2 Use your VPN technology to secure the data center
3 Use your secure access technology (VPN) to secure cloud services
PS Connect Secure
Pulse Client
Strategy 2 & 3 – Secure Data in Motion
Datacenter
Use VPN/IDP gateway to hairpin
access, compliance and identity
• Restricted IP
• Internal IDP and DNS
10. 10
Public Cloud
Policy and Compliance
Datacenter
Private Cloud
Pulse Data Membrane™ Technology
Pulse One Management
Pulse Workspace
4
Use endpoint containerization to protect your data
Strategy 4 – Protect Your Mobile Data
PS Connect Secure
Access Policy & Compliance
is controlled whether through
VPN or Direct to cloud
11. 11
• Push a certificate using SCEP and Certificate Authority
• Use the certificate as part of the authentication process
5
Use certification to create trusted devices
6
Assess the devices posture during access
Threat protection installed?
Device encrypted or container?
Is it a trusted device?
Any indication of compromise?
Is it correctly patched or vulnerable?
Is it unlocked?
Is it running risky apps?
Strategy 5 & 6 – Trust the Device
12. 12
Access decision based on contextual information
to improve secure access
7
Use contextual information to control access decisions
Strategy 7 – Leverage Context
DeviceLocation
Data Network
13. 13
Federation
Cloud and SaaS based services can be set up to use SAML and point at a Identity
Provider
SSO needs to move beyond the browser
Identity Federation plays many important roles in securing access.
Strategy 8 – Identity Federation
8
Use SAML/Oauth and IDP federation
Public Cloud Private CloudData Center
14. 14
Trust Elevation
• Use Step-up authentication for high value resources
Create group and role-based rules
• Authentication chains for sensitive data access.
Use data from multiple places
• Use identity attributes from multiple sources like
external identity repositories.
Create simplicity and great user experience
• Biometrics are becoming common
• Great user experience mean adoption
Strategy 9 – Modernize Your 2FA/MFA
9
Use more modern MFA solutions
+
Something
you know
Something
you have
+ +
Multifactor Authentication
Something
you know
Something
you have
Something
you are
Knowledge
questions
One time
password
Biometrics
15. 15
Strategy 10 – Find the glue
10
Evaluated the vendor you are selecting. Find a vendor
or multiple vendor that can be the glue or be glued.
2FA/MFA
Authentication
Identity
Federation
Contextual
Access Control
Device
Compliance
Data Protection
Secure Data
Center Access
Secure Cloud
Access
Visibility
16. 16
• The perimeter is dissolving
• Hybrid is here to stay – some companies will never be 100% cloud
or stay 100% data center
• Identity with a trusted device becomes critically important
• You can only secure what you can see so visibility is key
• There are tools available to you today but search for the glue to
center your solution
It’s a Wrap!
Some final thoughts