Sept MN Cloud Security Alliance Chapter - Cloud Maturity Presentation

F I S H T E C H G R O U P September 24, 2018The information contained in this document is confidential, privileged and only for the information of the intended recipient
and may not be used, published or redistributed without the prior written consent of Fishtech Group LLC.
Your partner
in secure digital
transformation
CLOUD MATURITY WORKSHOP
Dan Thormodsgaard, CTO

2
2
AGENDA
• CLOUD MATURITY WORKSHOP
• BUILDING BLOCKS
• CLOUD STRATEGY
• GOVERNANCE
• ARCHITECTURE
• VALIDATION
• OPERATIONALIZE
• USE CASE
• SHORT TERM OBJECTIVES
• LONG TERM OBJECTIVES

3
3
FISHTECH APPROACH
STRATEGY
OPERATIONS
ARCHITECTURE
GOVERNANCE
IMPLEMENTATION
VALIDATION
Cloud Strategy – Collaborate with our
customer to develop a comprehensive
strategy
Cloud Governance – Map
Organizational Governance
Program to Cloud Strategy
Cloud Architecture – Provide
Multi Cloud Architecture based on
Governance Objectives
Validation – Utilize lab to ensure interoperability, right solution
Implementation – Develop a
execution strategy with short
term and long term objectives
Operations – CYDERES
solutions help Operationalize
Cloud Strategy and Governance

4
4
CLOUD DISCOVERY METHODOLOGY
Methodology
- Service definition
• Automation and provisioning
- Discovery
• Detail of current state
- Develop target state
• Gaps analysis of people, process and technology
- Feasibility study
• Tool cost, skill set gaps and process refinement
- Execution strategy
• Execute Plan

5
5BUILDING BLOCKS
SERVICE MODEL
SPONSORSHIP/EXECUTIVE
SUPPORT
CLOUD
VISIBILITY
DATA SECURITY BUSINESS CRITICAL
APPLICATIONS
THREAT
PROTECTION
COMPLIANCE
OBJECTIVES
OPERATING MODEL
PEOPLE PROCESS TECHNOLOGY
Executives Management
Human Resources Legal
SOC Analysts Security Architecture
Network Architecture Application Architecture
Security Operations Network Operations
Application Operations Compliance
RACI Model Incident Management
POC/Deployment Operational
Procurement Access Controls
Data Lifecycle Change Management
Monitoring SLAs
Metrics BC/DR
AWS Ticketing
CMDB SIEM
CASB APIs
Visibility Security Controls
Infrastructure Encryption/Tokenization
Application Security Monitoring Tools
CLOUD

6
6
CLOUD STRATEGY
Problem Statements:
- We have 800 SaaS Applications (that we know of)
- CEO/CIO/CTO "Cloud First”
- Data Center Migration to IaaS (Lift & Shift)
- No Defined Cloud Strategy
- Lack of Cost Control
- Gaps in Cloud IAM Strategy
- Visibility Challenges
- DevOps Teams
- Where do we start
- We need training

7
7
CLOUD STRATEGY
Target Capabilities:
- Business enablement
- Cost governance
- Configuration management
- Competitive advantage
- Application Onboarding Process
- Maintain Compliance
- Hybrid Cloud
- Build DevSecOps
- Automation orchestration and provisioning
- Develop Cloud IAM Strategy
- Cloud Program Manager
- Develop Target Architecture
- IT Collaboration
- Business Alignment
- Maintain Compliance
- Reduce Risk
- Availability
- Operationalize Cloud
- Education

8
8
CLOUD STRATEGY
Use Cases:
- SaaS
• Unsanctioned Applications
• Governance
- IaaS
• What application
• AWS, GCP, Azure
• Cost
- PaaS
• DevOps
• CI/CD

9
9
CLOUD GOVERNANCE
Compliance & Standards:
- Map Compliance Standards to CSA CCM
- Develop Cloud Standards
- Map Cloud Compliance & Standards to
requirements
Data Governance:
- Data Classifications
- DLP
- Data Tagging
- Data Lakes

10
10
CLOUD GOVERNANCE
IAM Governance
4 Pillars
IAM
Identity Access
Governance (IAG)
Privilege Access
Management (PAM)
Access
Management (AM)
Multi Factor
Authentication
(MFA)

11
11
CLOUD REFERENCE ARCHITECTURE
REMOTE END USERS
Mobile Device Management (MDM)
Endpoint Detection & Response (EDR)
Threat, Phishing & Forensics
DLP, Data Tagging & Encryption
End Point Protection (EPP)
CASB/SWG (Secure Web Gateway)
DLP- SaaS, PaaS, IaaS
Advanced Threat Protection
Session Highjack Protection
Encryption
Sandboxing
Malware Protection
IdAM
IdP Federation
MFA
SSO
PAM
IGA
SaaS
Office 365
Netsuite
Salesforce
Concur
Zoom
DATA CENTER / BRANCH
FW
WAF
IPS
SSLi
EPP/EDR
Logging
Alerting
Forensics
Threat Detection & Response
AZURE
FW
WAF
EPP/EDR
Logging
Alerting
GCP
FW
WAF
EPP/EDR
Logging
Alerting
Forensics
AWS
FW
WAF
EPP/EDR
Logging
Alerting
Forensics

12
12
CLOUD VALIDATION
Validate Capabilities:
- SDWAN
- Develop testing requirements
- Test against metrics
- Security Controls in the Cloud
Branch Office
DC2
DC1
INTERNET
WEB GATEWAY
MPLS
CASB
SaaS
IaaS
PaaS
B2B

13
13
ATTESTATION &
CERTIFICATION
ROLE MANAGEMENT
CLOUD PROVISIONING
DEVELOPMENT &
MONITORING
WORKFLOW & ACCESS
OPERATIONALIZE IDM
• Create and configure access rule sets
• Design and manage workflow requests: approvers, notifications
• Customization to environment (scripting, code updates, connectors, adapter modification)
• Monitor IDM health, error logs, processing and environment connections
• Scripting language and membership group provisioning
• Manage request policy process
• Create and develop role management, role mining and role rules
• Create rule sets, manage request process, SME for role governance
• Manage certification review, application integration, SoD library, SoD rule sets
• Develop, create application design reviews, file feed, data management, scheduling

14
14
CLOUD OPERATIONS
SOC/NOC Integration:
- Cloud Management Platforms
• Security & Compliance
• Cost Management
• Metrics & Alerting
- Test against metrics
- Security Controls in the Cloud
- Security Logging & Alerting
• Session High Jacking
• Threat Intelligence
• Analytics

15
15
SHORT TERM & LONG TERM OBJECTIVES

16
16
SHORT TERM OBJECTIVES
Develop a Cloud Strategy
Governance & Standards
- CSA and NIST
- Data Governance
- Develop Cloud Standards
- Sanction Applications
Cloud Deployment Models & Maturity
Model
- SaaS, PaaS, IaaS, Hybrid
Develop Target Architecture that maps to
controls
Training & Education
- Cloud architecture competencies
- Cloud certifications
Cloud Benefit Analysis
- On premise vs cloud
- Cost considerations
- Agility
Connectivity Review
- Performance hub
- SDWAN
- End user experience

17
17
IDM Objectives
- Heavy manual quarterly review
attestations
- Directory domains and forests alignment
- Centralized password management
- High-level access audit, logging and
management provisioning
- Role management and role governance
Target Capabilities
- Business governance
- Identity governance
- Compliance and risk
- Scalability
- Reconciliation
- Privilege account management
- Ease of deployment
- Configuration
- Automation provisioning

18
18
SaaS
APPLICATION
SANCTIONING
§ Execution Strategy
§ Review:
⁃ API Gateway
⁃ Align CASB Requirements
⁃ IAM Dependencies
⁃ Encryption Dependencies
⁃ Sanctioned and Unsanctioned
applications
⁃ DLP Dependencies
⁃ Certificate Lifecycle Dependencies
⁃ Logging and Alerting Dependencies
⁃ SD-WAN Dependencies
§ Defined process to onboarding sanctioned
applications
§ Visibility for SaaS applications
§ Role-based application controls
§ Data Loss Prevention safeguards
§ Develop IdAM execution strategy
§ Smarter and shorter application turn up time
§ Encryption standards
§ Define Bring Your Own Keys (BYOK)
§ Define SD-WAN integration requirements
§ Define certificate lifecycle management
§ Define Managed Detection and Response (MDR)
§ Incident Response (IR)
RESULTS
«

19
19
LONG TERM OBJECTIVES
HYBRID CLOUD
STRATEGY
§ Private, Public, Hybrid Cloud & Data
Center
§ DevOps
§ Security Stack in the cloud
§ Redefining Boundaries
§ API Driven Architecture
§ Data Center Automation Orchestration
§ Micro-segmentation
§ Cloud and Data Center connectivity
§ IdAM for IaaS. PaaS
§ Office 365, and other SaaS applications
§ Develop Private, Public, Hybrid Cloud & Data
Center target architecture
§ DevOps CI/CD Process and tools
§ Develop requirements and execution strategy
⁃ Cloud security stack
⁃ Unified security stack
⁃ Data center automation, orchestration &
provisioning
⁃ Micro-segmentation requirements & execution
strategy
⁃ Performance Hub requirements
⁃ IdAM PaaS & IaaS
⁃ Cloud Management Platform (CMP)
⁃ Security & Compliance, Logging, Alerting,
Metrics,
Cost Management
RESULTS
«

Your partner
in secure digital
transformation
Q&A

Sept MN Cloud Security Alliance Chapter - Cloud Maturity Presentation

Recommended

Recommended

More Related Content

Similar to Sept MN Cloud Security Alliance Chapter - Cloud Maturity Presentation

Similar to Sept MN Cloud Security Alliance Chapter - Cloud Maturity Presentation (20)

Recently uploaded

Recently uploaded (20)

Sept MN Cloud Security Alliance Chapter - Cloud Maturity Presentation