Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security Teams & Tech In A Cloud World

360 views

Published on

Security in the cloud is fundamentally different. Not so much due to the technology--though there's plenty of differences there--but more with respect to the way that security is applied and how it's run.

Over the past few years, we've seen a radical shift in how development and operational teams work together. Security teams have been left out in the cold and are still viewed as the "No" team.

It doesn't have to be that way.

Cloud technologies have enabled new work flows and models for businesses and other teams...security is no different. We just have to wake up and take advantage of the new ecosystem.

When security teams embrace change, the boundaries start to dissolve and security can finally be built in instead of bolted on.

In this session, we'll look at some of the challenges involved in this shift, how it impacts your teams, your skill set, and how a modern approach to defence will improve your security posture.

Presented at BC Aware Day, 31-Jan-2017

Published in: Internet
  • Be the first to comment

Security Teams & Tech In A Cloud World

  1. 1. Security Teams & Tech In A Cloud World Mark Nunnikhoven, Vice President Cloud Research @marknca Audience: Public
  2. 2. Security “Facts”
  3. 3. Security “Facts”* About your organization or one just like it
  4. 4. We will respond quickly to an incident
  5. 5. Attackers are on a network an average of 154 days
  6. 6. We need more tools
  7. 7. Canadian companies spend just under 10% on IT security
  8. 8. Canadian companies spend just under 10% on IT security * 60% of companies didn’t mention people or process as an area of focus
  9. 9. Users are a major problem
  10. 10. Security is considered the opposite of usability
  11. 11. Security is everyone’s responsibility
  12. 12. You have one, isolated security team
  13. 13. You have one, isolated security team * …and a wildly unsuccessful “awareness” program
  14. 14. Mark Nunnikhoven Vice President, Cloud Research Trend Micro @marknca
  15. 15. Modern Security
  16. 16. Video available at https://vimeo.com/111631197
  17. 17. Video available at https://vimeo.com/111631197
  18. 18. © Trend Micro, 201615 Automated Response Web UIWeb UIWeb UIVM
  19. 19. © Trend Micro, 201615 Automated Response Web UIWeb UIWeb UIVM SIEM / Log Store
  20. 20. © Trend Micro, 201615 Automated Response Web UIWeb UIWeb UIVM SIEM / Log StoreMonitoring
  21. 21. © Trend Micro, 201615 Automated Response Web UIWeb UIWeb UIVM SIEM / Log StoreMonitoring Event-driven Function
  22. 22. © Trend Micro, 201615 Automated Response Web UIWeb UIWeb UIVM SIEM / Log StoreMonitoring CSP API Event-driven Function
  23. 23. © Trend Micro, 201615 Automated Response Web UIWeb UIWeb UIVM SIEM / Log Store Restrict Access Monitoring CSP API Event-driven Function
  24. 24. © Trend Micro, 201615 Automated Response Web UIWeb UIWeb UIVM SIEM / Log Store Restrict Access Monitoring Web UI CSP API Event-driven Function
  25. 25. 2014
  26. 26. What’s the hold up?
  27. 27. Running in the Cloud
  28. 28. IaaS
 (Infrastructure) PaaS
 (Container) SaaS
 (Abstract) Data Application Operating System Virtualization Infrastructure Physical Data Application Operating System Virtualization Infrastructure Physical Data Application Operating System Virtualization Infrastructure Physical Shared Responsibility Model
  29. 29. Setup • Lock down operating system, applications, and data
 Harden system according to NIST / best practices
 Encrypt everything • Enable service health monitoring features
 Check your CSP’s documentation • Monitor service API activities
 Look for unauthorized; replication, start up, termination, etc. Steps: IaaS
  30. 30. Setup • Read all the documentation
 Seriously, RTFM • Implement strong code quality systems
 Automation is critical to success • Configure access control and other security features
 Check your CSP’s documentation Steps: PaaS
  31. 31. Setup • Read all the documentation
 Seriously, RTFM • Configure access control and other security features
 Check your CSP’s documentation Steps: SaaS
  32. 32. Setup • Evaluate controls against acceptable level of risk for data used in service
 I shouldn’t have to say this • Monitor all service provider status updates and communications channels
 Remember to include them in your IR plans Steps: Any Cloud Service
  33. 33. IaaS
 (Infrastructure) PaaS
 (Container) SaaS
 (Abstract) Data Application Operating System Virtualization Infrastructure Physical Data Application Operating System Virtualization Infrastructure Physical Data Application Operating System Virtualization Infrastructure Physical Shared Responsibility Model
  34. 34. Opportunity
  35. 35. © Trend Micro, 201627 Physical Weeks Virtual Days Cloud Minutes Container Seconds Function Immediate { Time to deploy } { Environment }
  36. 36. © Trend Micro, 201628 Physical Weeks Virtual Days Cloud Minutes Container Seconds Function Immediate { Time to deploy } { Environment }
  37. 37. © Trend Micro, 201629 Move faster Focus on value Goal
  38. 38. © Trend Micro, 201630 Deploy using the method that delivers the most value Goal
  39. 39. © Trend Micro, 201631 Every tool adds overhead Constraint
  40. 40. © Trend Micro, 201632 Automation allows for the speed, scale, and consistency required Relief
  41. 41. © Trend Micro, 201633 Deploy using the method that delivers the most value Goal
  42. 42. © Trend Micro, 201634 …with minimal operational impact Deploy using the method that delivers the most value Goal
  43. 43. DevOps
  44. 44. Flickr deploys 10+/day Success
  45. 45. Etsy deploys 50+/day Flickr deploys 10+/day Success
  46. 46. Etsy deploys 50+/day Amazon deploys 11.7 seconds Flickr deploys 10+/day Success
  47. 47. Etsy deploys 50+/day Amazon deploys 11.7 seconds Adobe +60% app development Flickr deploys 10+/day Success
  48. 48. Etsy deploys 50+/day Amazon deploys 11.7 seconds Adobe +60% app development Fidelity $2.3M saved for one app Flickr deploys 10+/day Success
  49. 49. Where’s security?
  50. 50. …can have a much stronger security posture in AWS and the cloud than they can on-premises Andy Jassy, AWS CEO * From an interview with the Wall Street Journal, http://www.wsj.com/articles/amazons-andy-jassy-on-the-promise-of-the-cloud-1477880220
  51. 51. Security is everyone’s responsibility
  52. 52. Security Everyone
  53. 53. Team Challenges
  54. 54. New Skills Needed • Basic understanding of development practices & ability to write simple code
 Everything in the cloud is an API. Security MUST BE automated • Puts the user first
 We make the tech that they “can’t use right” … not their fault • Perspective & understanding of practical security
 No more “the sky is falling” • Educators
 Written, video, presentations, Slack,…anywhere teams are working Steps: Security Specialist
  55. 55. Your Org Chart Is Wrong
  56. 56. Typical Org Chart CISO Dev GRC Ops Infrastructure CIO Ops
  57. 57. Updated Org Chart CISO Dev GRC Ops Infrastructure CIO Ops
  58. 58. Updated Org Chart CISO Dev GRC OpsInfrastructure CIO Ops
  59. 59. Updated Org Chart CISO Dev GRC OpsInfrastructure CIO Ops GrC
  60. 60. @peterme Peter Merholz Kristin Skinner @bettay
  61. 61. Specialist Distribution
  62. 62. Specialist Distribution
  63. 63. Specialist Distribution
  64. 64. Specialist Distribution
  65. 65. Specialist Distribution
  66. 66. Specialist Distribution
  67. 67. Specialist Distribution
  68. 68. Coffee Shadowing Teaching Bridges
  69. 69. Goal
  70. 70. Fabric
  71. 71. 1 min
  72. 72. 1 min Slow lane
  73. 73. 1 min Slow lane Fast lane
  74. 74. 1 min Slow lane Fast lane
  75. 75. 1 min
  76. 76. 1 min
  77. 77. 1 min Is this bad?
  78. 78. 1 min Is this bad?
  79. 79. 1 min Is this bad? Is this malicious? and
  80. 80. 1 min Is this bad? Is this malicious? and
  81. 81. 1 min Is this bad? Is this malicious? and
  82. 82. 1 min
  83. 83. 1 min Aggregate information
  84. 84. 1 min Aggregate information 1m, h, d, w, m Trends
  85. 85. 1 min Aggregate information 1m, h, d, w, m Trends
  86. 86. 1 min Aggregate information 1m, h, d, w, m Trends Evidence of compliance
  87. 87. 1 min Aggregate information 1m, h, d, w, m Trends Evidence of compliance Configuration Processes
  88. 88. 1 min Aggregate information 1m, h, d, w, m Trends Evidence of compliance Configuration Processes Deployment data
  89. 89. 1 min Aggregate information 1m, h, d, w, m Trends Evidence of compliance Configuration Processes Deployment data Performance Debug
  90. 90. 1 min
  91. 91. 1 min SecOps
  92. 92. 1 min Aggregate Evidence Deployments SecOps
  93. 93. Get stuff done
  94. 94. © Trend Micro, 201660 Thank you! mark_nunnikhoven@trendmicro.com | @marknca

×