Get ahead of cloud network security trends and practices in 2020

1
GET AHEAD OF CLOUD NETWORK
SECURITY TRENDS AND PRACTICES
FEB 12, 2020
WEBINAR

RICHARD STIENNON
CEO and Co-Founder
Valtix
ROHIT GUPTA
Global Segment Leader
Security, Amazon Web
Services
SPEAKER PANEL
VISHAL JAIN
Chief Research Analyst,
IT-Harvest

- Cloud security is just security. An evolution
- 3 Stages of Digital Transformation
- A new security model
- Security model in AWS
- Automate with integrated services
- AWS security solutions
AGENDA
- Barriers and common seen practices
- “Unboxing” cloud network security
- Cloud-Native Network Security Service
- Q&A

4
● An evolution, NOT a new
layer
● Endpoint for cloud (VMs,
containers)
● IAM for cloud
● Network security for cloud
DIGITAL TRANSFORMATION IS MOVING TO THE CLOUD

THREE STAGES OF DIGITAL TRANSFORMATION
Software as a
Service
Refactoring
Lift & Shift
Partial, and Full
Cloud-First
& Cloud Native

MOVING TO THE CLOUD INTRODUCED NETWORK BOTTLENECKS
Traffic destined for cloud
apps is forced through
the corporate network

7
BACKHAULING CLOUD NETWORK SECURITY TO DATACENTER HAS GOT TO GO

A NEW SECURITY MODEL: CLOUD NETWORK SECURITY SERVICE
● Service centric
● Controller based
● Co-resident
● Highly automated
● Continuous awareness

IS CLOUD SECURITY REALLY A NEW SECTOR OF THE SECURITY INDUSTRy?
Or, are there just network, endpoint, and
access controls applied to cloud properties?

NO NEED FOR A NEW CLOUD SECURITY CATEGORY
Number of vendors in each category (2,336 total)

ROHIT GUPTA
GLOBAL SEGMENT LEADER
AMAZON WEB SERVICES

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
Why is security traditionally so hard?
Low degree
of automation
Lack of
visibility

O
RMove fast Stay secure
Before…

O
RMove fast Stay secure
AN
D
Before…Now…

Shared responsibility model
AWS
Security OF
the Cloud
AWS is responsible for
protecting the infrastructure
that runs all of the services
offered in the AWS Cloud
Security IN
the Cloud
Customer responsibility will be
determined by the AWS Cloud
services that a customer selects
Customer

“I have come to realize that as a relatively
small organization, we can
be far more secure in the cloud and
achieve a higher level of assurance at a
much lower cost, in terms of effort and
dollars invested. We determined that
security in AWS is superior to our on-
premises data center across several
dimensions, including patching,
encryption, auditing and logging,
entitlements, and compliance.”
• Looks for fraud, abuse, and insider trading
over nearly 6 billion shares traded in U.S.
equities markets every day
• Processes approximately 6 terabytes of data
and 37 billion records on an average day
• Went from 3–4 weeks for server hardening
to 3–4 minutes
• DevOps teams focus on automation and
tools to raise the compliance bar and
simplify controls
• Achieved incredible levels of assurance
for consistencies of builds and patching
via rebooting with automated
deployment scripts
—John Brady, CISO
FINRA
Financial industry
regulatory authority

Automate
with comprehensive,
integrated
security services
Inherit
global
security and
compliance
controls
Highest
standards
for privacy
and data
security
Largest
network
of security
partners and
solutions
Scale with
superior visibility
and control
Elevate your security with the AWS Cloud

Inherit global security and compliance controls
SOC
1
SOC
2
SOC
3
CJI
S
Gx
P
MPA
A
My Number
Act
VPAT
Section 508
G-Cloud
DoD
SRG
FERP
A
SEC
Rule
17a-4(f)

Encryption at scale with
keys managed by
our AWS Key Management
Service (KMS) or
managing your own
encryption keys with AWS
CloudHSM using
FIPS 140-2 Level 3
validated HSMs
Meet data
residency requirements
Choose an AWS Region
and AWS will not replicate it
elsewhere unless you
choose to do so
Access services and tools
that enable you to
build compliant
infrastructure
on top of AWS
Comply with local
data privacy laws
by controlling who
can access content, its
lifecycle, and disposal
Highest standards for privacy

Threat remediation
and response
Securely deploy business
critical applications
Operational efficiencies to
focus on critical issues
Continuous monitoring
and protection
Automate with integrated services
Comprehensive set of APIs
and security tools

AWS Identity & Access
Management (IAM)
AWS Single Sign-On
AWS Directory Service
Amazon Cognito
AWS Organizations
AWS Secrets Manager
AWS Resource Access
Manager
AWS Security Hub
Amazon GuardDuty*
AWS Config
AWS CloudTrail
Amazon
CloudWatch
VPC Flow Logs
AWS Detective*
AWS Systems Manager
AWS Shield
AWS WAF – Web
application firewall
AWS Firewall Manager
Amazon Inspector
Amazon Virtual Private
Cloud (VPC)
AWS Key Management
Service (KMS)
AWS CloudHSM
AWS Certificate Manager
Amazon Macie
Server-Side Encryption
AWS Config Rules
AWS Lambda
Identity &
access
management
Detective
controls
Infrastructure
protection
Incident
response
Data
protection
Integrated AWS security solutions

VISHAL JAIN
CEO & CO-FOUNDER, VALTIX

The data center and
the cloud may look
similar but peeling back
the covers will reveal 2
entirely different
infrastructures
Cloud Security is just
Security but the cloud
has different plumbing
Defy Barriers
Lift-and-shift is NOT
cloud-native,
Cloud ops complexity, and
lack of awareness of
what’s active in the cloud
Cloud is very
programmatic as
opposed to rack and
stack
Cloud Security Needs a Cloud Mindset

Lessons Learned from the Field
Cloud Sprawl is increasing
(lack of visibility - also is a
cause of increased costs)
Lack of situational awareness
- adding risk and affecting
intended security posture
Operational deficiencies
hindering agility
to focus on critical issues
Retrofitting VM appliances
slowing security
deployments
Non optimized architectures
(still backhauling)

Unbox your Network Security with Valtix
Cloud Network Security Services Delivered
Focus on Security
NOT Device
Management
Break free of appliance
management
Hitless upgrades and
updates are managed
by the service
Increase Agility
Automated security,
Fully API integrated
Continuous
awareness and
automated
remediation of cloud
risks
Consistent
Security
Seamless integration
across regions
Discover across
regions, unified policies
Dynamic security
follows the apps across
clouds
Automate
Security
Operations
No scripts, No agents,
No sizing
Resiliency and
Scalability are baked-in

Cloud Native Network Security Service
● Continuous discovery &
automated deployment
● Single-pass NGFW+WAF
as a service
● Consistent security across
regions & accounts
Valtix Cloud
Controller
Region Region
Valtix
Security
Service

Valtix Cloud Security Service Solution
● Cloud security requires a
new mindset
● Unbox your network security
● Ship policies NOT packets
Where third-party network security controls are
used, favor cloud-native approaches. Vendors that
simply take their on-premises physical appliance
into a virtual appliance don’t provide a cloud-native
experience.Cloud-native security offerings
offer built-in automated resiliency, scale-
out architectures, ease of insertion into
the programmable network fabric of the
cloud provider and support for transit
virtual private cloud (VPC)-like
constructs.
“
”
Neil MacDonald
Distinguished VP Analyst, Gartner

29
RMove fast Stay secureAND
Achieving
Now

Getting Started
http://bit.ly/valtixservice

Get ahead of cloud network security trends and practices in 2020

More Related Content

Similar to Get ahead of cloud network security trends and practices in 2020

Recently uploaded

Get ahead of cloud network security trends and practices in 2020