SlideShare a Scribd company logo

Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360 presentation 2016

Cohesive Networks
Cohesive Networks

The document discusses rethinking cloud application security in 2016. It argues that data center security models do not work for cloud security and that applications need security through network virtualization. Upcoming compliance regulations will emphasize network segmentation, application security, and isolation. The document recommends using application layer switches and network controls like micro-perimeters, encrypted overlays and traffic policies to build secure layers of access and control for cloud applications. This will help make 2016 a more secure year.

1 of 41
Download to read offline
Let’s rethink cloud application security in 2016
Tweet along: #Sec360 @pjktech @cohesivenet About me Patrick Kerpan CEO at Cohesive Networks @pjktech BANKS
Tweet along: #Sec360 @pjktech @cohesivenet About Cohesive Networks 2,000+ customers protect cloud- based applications User-controlled security & connectivity at the top of the cloud Cloud is creating demand for more connectivity and security honest approach to cloud security
Tweet along: #Sec360 @pjktech @cohesivenet Agenda • data center security is not cloud security • post-Snowden realities • application layer network security • upcoming security compliance regulations • here’s to a more secure 2016
Tweet along: #Sec360 @pjktech @cohesivenet data center security is not cloud security
Tweet along: #Sec360 @pjktech @cohesivenet modern apps business applications are collections of servers Database Tier AppServer Tier Web Tier
Tweet along: #Sec360 @pjktech @cohesivenet enterprise data center enterprise data centers are filled with these applications
Tweet along: #Sec360 @pjktech @cohesivenet data center security: walls 80% of security spend is on perimeter, leaving only 20% for interior network security Perimeter Security
Tweet along: #Sec360 @pjktech @cohesivenet data center vulnerability Hacker Penetration Perimeter Security
Tweet along: #Sec360 @pjktech @cohesivenet Perimeter Security data center vulnerability Vulnerabilities go undetected for an average of 234 days!
Tweet along: #Sec360 @pjktech @cohesivenet post-Snowden realities
Tweet along: #Sec360 @pjktech @cohesivenet target: governments
Tweet along: #Sec360 @pjktech @cohesivenet target: retail
Tweet along: #Sec360 @pjktech @cohesivenet target: healthcare
Tweet along: #Sec360 @pjktech @cohesivenet target: social media
Tweet along: #Sec360 @pjktech @cohesivenet application layer network security
Tweet along: #Sec360 @pjktech @cohesivenet application segmentation micro-perimeter around critical apps in any environment
Tweet along: #Sec360 @pjktech @cohesivenet limit server interactions server traffic must go through a secure app-layer switch
Tweet along: #Sec360 @pjktech @cohesivenet control network flow traffic only flows in permitted directions, from permitted locations
Tweet along: #Sec360 @pjktech @cohesivenet security for each app Tweet along: #Sec360 @pjktech
Tweet along: #Sec360 @pjktech @cohesivenet upcoming security compliance regulations
Tweet along: #Sec360 @pjktech @cohesivenet practical, compelling needs PR.AC-5 NIST Cyber Security Framework “Network integrity is protected, incorporating network segregation where appropriate”
Tweet along: #Sec360 @pjktech @cohesivenet practical, compelling needs PCI DSS Payment Card Industry Data Security Standard v3.0 “adequate network segmentation isolates systems that store, process, or transmit cardholder data from those that do not"
Tweet along: #Sec360 @pjktech @cohesivenet practical, compelling needs US DHS Guidelines National Cyber Security Division Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies
Tweet along: #Sec360 @pjktech @cohesivenet upcoming security compliance regulations
Tweet along: #Sec360 @pjktech @cohesivenet EU Data Protection Directive: 2018 • data processors responsible for data protection • tougher penalties: up to €20M • impacts every entity that holds or uses European personal data both inside and outside of EU • controllers must meet ”reasonable expectations” of data privacy = tokenised, encrypted or anonomised data
Tweet along: #Sec360 @pjktech @cohesivenet Safe Harbor/EU-US Privacy Shield: June • original agreement between US and EU to adhere to EU laws & standards when handling EU citizen’s data • US companies can self-certify they are storing customer data properly • voided in October 2015, new voted expected June 2016
Tweet along: #Sec360 @pjktech @cohesivenet industry-specific guidelines • Federal Information Security Management Act (FISMA) • North American Electric Reliability Corp. (NERC) standards • Title 21 of the Code of Federal Regulations (21 CFR Part 11) Electronic Records • Health Insurance Portability and Accountability Act (HIPAA) • The Health Information Technology for Economic and Clinical Health Act (HITECH) • Patient Safety and Quality Improvement Act (PSQIA, Patient Safety Rule) • H.R. 2868: The Chemical Facility Anti-Terrorism Standards Regulation
Tweet along: #Sec360 @pjktech @cohesivenet broadly applicable laws and regulations • Sarbanes-Oxley Act (SOX) • Payment Card Industry Data Security Standard (PCI DSS) • Gramm-Leach-Bliley Act (GLB) Act • Electronic Fund Transfer Act • Regulation E (EFTA) • Customs-Trade Partnership Against Terrorism (C- TPAT) • Free and Secure Trade Program (FAST) • Children's Online Privacy Protection Act (COPPA) • Fair and Accurate Credit Transaction Act (FACTA) • Federal Rules of Civil Procedure (FRCP)
Tweet along: #Sec360 @pjktech @cohesivenet security takeaways most standards say: • encrypt sensitive data in motion and at rest whenever it is “reasonable and appropriate” • ”reasonable expectation” of companies to provide data security
Tweet along: #Sec360 @pjktech @cohesivenet here’s to a more secure 2016
Tweet along: #Sec360 @pjktech @cohesivenet segment and isolate apps
Tweet along: #Sec360 @pjktech @cohesivenet enforce traffic policies with firewalls
Tweet along: #Sec360 @pjktech @cohesivenet detect malicious traffic with NIDS ! !! !
Tweet along: #Sec360 @pjktech @cohesivenet limit intra-app network traffic with WAF
Tweet along: #Sec360 @pjktech @cohesivenet create logical subnets Example app network Subnet - 172.31.1.0/26 VNS3 Controllers 172.31.1.56/29 unassigned 172.31.1.8/29 Web 172.31.1.0/29 App 172.31.1.16/29 unassigned 172.31.1.24/29 MQ 172.31.1.40/29 DB 172.31.1.32/29 unassigned 172.31.1.48/29 Define smaller subnets within an app network range along with firewall rules
Tweet along: #Sec360 @pjktech @cohesivenet monitor traffic with app-layer switches
Tweet along: #Sec360 @pjktech @cohesivenet build layers of control and access Provider Owned/Provider Controlled Provider Owned/User Controlled VNS3 - User Owned/User Controlled User Owned/User Controlled Key security elements must be controlled 
 by the customer, but separate from 
 the provider Cloud Edge Protection Cloud Isolation Cloud VLAN Cloud Network Firewall Cloud Network Service VNS3 Virtual Firewall VNS3 Encrypted Overlay N etwork VNS3 NIDS, WAF, e tc. Instance OS Port Filtering Encrypted Disk
Tweet along: #Sec360 @pjktech @cohesivenet use encrypted overlay networks • use unique X.509 credentials for each Overlay IP address • create a secure TLS VPN tunnel between networks • encrypt all data in motion end-to-end VNS3 Controller 1 VNS3 Controller 2 VNS3 Controller 3 VNS3 Overlay Network - 172.31.1.0/24 Public IP: 52.1.108.23 Public IP: 54.15.88.193 Public IP: 52.22.100.95 Peered Peered Overlay IP: 172.31.1.1 Cloud Server A Overlay IP: 172.31.1.2 Cloud Server B Overlay IP: 172.31.1.3 Cloud Server C Overlay IP: 172.31.1.4 Primary DB Overlay IP: 172.31.1.5 Backup DB
Tweet along: #Sec360 @pjktech @cohesivenet Conclusions • data center security does not work for cloud security • everyone is liable for weak security - including your customers • applications need security via network virtualization • compliance regulations emphasize network segmentation, app security and isolation • app layer switches and network controls can make for a more secure 2016
Tweet along: #Sec360 @pjktech @cohesivenet Q&A Stay in touch: @pjktech @cohesivenet contactme@cohesive.net

Recommended

The 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationThe 1% Who Can Take Down your Organization
The 1% Who Can Take Down your Organization
CloudLock
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
CloudLock
 
The Riskiest Industries in the Cloud
The Riskiest Industries in the CloudThe Riskiest Industries in the Cloud
The Riskiest Industries in the Cloud
CloudLock
 
Infographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud SecurityInfographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud Security
Intronis MSP Solutions by Barracuda
 
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor AgreementsNTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
North Texas Chapter of the ISSA
 
ThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
ThinAir Endpoint Visibility Security HIMSS2018 Brian_ReedThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
ThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
ThinAir
 
CASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceCASBs and Office 365: The Security Menace
CASBs and Office 365: The Security Menace
Bitglass
 
June 2016 EMEA Netskope Cloud Report
June 2016 EMEA Netskope Cloud Report June 2016 EMEA Netskope Cloud Report
June 2016 EMEA Netskope Cloud Report
Netskope
 

Recommended

The 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationThe 1% Who Can Take Down your Organization
The 1% Who Can Take Down your Organization
CloudLock
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
CloudLock
 
The Riskiest Industries in the Cloud
The Riskiest Industries in the CloudThe Riskiest Industries in the Cloud
The Riskiest Industries in the Cloud
CloudLock
 
Infographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud SecurityInfographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud Security
Intronis MSP Solutions by Barracuda
 
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor AgreementsNTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
North Texas Chapter of the ISSA
 
ThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
ThinAir Endpoint Visibility Security HIMSS2018 Brian_ReedThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
ThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
ThinAir
 
CASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceCASBs and Office 365: The Security Menace
CASBs and Office 365: The Security Menace
Bitglass
 
June 2016 EMEA Netskope Cloud Report
June 2016 EMEA Netskope Cloud Report June 2016 EMEA Netskope Cloud Report
June 2016 EMEA Netskope Cloud Report
Netskope
 
Garantice la continuidad de su negocio Damian Prieto
Garantice la continuidad de su negocio Damian PrietoGarantice la continuidad de su negocio Damian Prieto
Garantice la continuidad de su negocio Damian Prieto
Cristian Garcia G.
 
CASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudCASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the Cloud
Bitglass
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than Ever
Ping Identity
 
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
North Texas Chapter of the ISSA
 
Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬
Allot Communications
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking Apps
Wultra
 
Data Discovery Automation: How to Save Time & Protect Customer Data
Data Discovery Automation: How to Save Time & Protect Customer DataData Discovery Automation: How to Save Time & Protect Customer Data
Data Discovery Automation: How to Save Time & Protect Customer Data
TrustArc
 
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat Security Conference
 
What you will take away from this session
What you will take away from this sessionWhat you will take away from this session
What you will take away from this session
Digital Transformation EXPO Event Series
 
Why Cisco-for-Security
Why Cisco-for-SecurityWhy Cisco-for-Security
Why Cisco-for-Security
E.S.G. JR. Consulting, Inc.
 
20180120 spsbre - we are moving to the cloud what about security
20180120 spsbre - we are moving to the cloud what about security20180120 spsbre - we are moving to the cloud what about security
20180120 spsbre - we are moving to the cloud what about security
Arjan Cornelissen
 
ISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
ISC(2) Security Briefing Part 2 - CASBs: Real-world use casesISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
ISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
Bitglass
 
Retain Social Presentation 2015
Retain Social Presentation 2015Retain Social Presentation 2015
Retain Social Presentation 2015
GWAVA Man
 
Watch Guard Firebox T10 Infographic
Watch Guard Firebox T10 InfographicWatch Guard Firebox T10 Infographic
Watch Guard Firebox T10 Infographic
Randolph Novino
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec
 
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
SrikanthRaju7
 
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
North Texas Chapter of the ISSA
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in Mind
Gosia Fraser
 
Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)
Cloudflare
 
The Top Data Privacy Trends to Watch For in 2022
The Top Data Privacy Trends to Watch For in 2022The Top Data Privacy Trends to Watch For in 2022
The Top Data Privacy Trends to Watch For in 2022
TrustArc
 
App Deployment on Cloud
App Deployment on CloudApp Deployment on Cloud
App Deployment on Cloud
Ajey Pratap Singh
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment
Alert Logic
 

More Related Content

What's hot

Garantice la continuidad de su negocio Damian Prieto
Garantice la continuidad de su negocio Damian PrietoGarantice la continuidad de su negocio Damian Prieto
Garantice la continuidad de su negocio Damian Prieto
Cristian Garcia G.
 
CASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudCASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the Cloud
Bitglass
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than Ever
Ping Identity
 
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
North Texas Chapter of the ISSA
 
Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬
Allot Communications
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking Apps
Wultra
 
Data Discovery Automation: How to Save Time & Protect Customer Data
Data Discovery Automation: How to Save Time & Protect Customer DataData Discovery Automation: How to Save Time & Protect Customer Data
Data Discovery Automation: How to Save Time & Protect Customer Data
TrustArc
 
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat Security Conference
 
What you will take away from this session
What you will take away from this sessionWhat you will take away from this session
What you will take away from this session
Digital Transformation EXPO Event Series
 
Why Cisco-for-Security
Why Cisco-for-SecurityWhy Cisco-for-Security
Why Cisco-for-Security
E.S.G. JR. Consulting, Inc.
 
20180120 spsbre - we are moving to the cloud what about security
20180120 spsbre - we are moving to the cloud what about security20180120 spsbre - we are moving to the cloud what about security
20180120 spsbre - we are moving to the cloud what about security
Arjan Cornelissen
 
ISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
ISC(2) Security Briefing Part 2 - CASBs: Real-world use casesISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
ISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
Bitglass
 
Retain Social Presentation 2015
Retain Social Presentation 2015Retain Social Presentation 2015
Retain Social Presentation 2015
GWAVA Man
 
Watch Guard Firebox T10 Infographic
Watch Guard Firebox T10 InfographicWatch Guard Firebox T10 Infographic
Watch Guard Firebox T10 Infographic
Randolph Novino
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec
 
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
SrikanthRaju7
 
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
North Texas Chapter of the ISSA
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in Mind
Gosia Fraser
 
Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)
Cloudflare
 
The Top Data Privacy Trends to Watch For in 2022
The Top Data Privacy Trends to Watch For in 2022The Top Data Privacy Trends to Watch For in 2022
The Top Data Privacy Trends to Watch For in 2022
TrustArc
 

What's hot (20)

Garantice la continuidad de su negocio Damian Prieto
Garantice la continuidad de su negocio Damian PrietoGarantice la continuidad de su negocio Damian Prieto
Garantice la continuidad de su negocio Damian Prieto
 
CASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudCASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the Cloud
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than Ever
 
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
 
Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking Apps
 
Data Discovery Automation: How to Save Time & Protect Customer Data
Data Discovery Automation: How to Save Time & Protect Customer DataData Discovery Automation: How to Save Time & Protect Customer Data
Data Discovery Automation: How to Save Time & Protect Customer Data
 
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
 
What you will take away from this session
What you will take away from this sessionWhat you will take away from this session
What you will take away from this session
 
Why Cisco-for-Security
Why Cisco-for-SecurityWhy Cisco-for-Security
Why Cisco-for-Security
 
20180120 spsbre - we are moving to the cloud what about security
20180120 spsbre - we are moving to the cloud what about security20180120 spsbre - we are moving to the cloud what about security
20180120 spsbre - we are moving to the cloud what about security
 
ISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
ISC(2) Security Briefing Part 2 - CASBs: Real-world use casesISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
ISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
 
Retain Social Presentation 2015
Retain Social Presentation 2015Retain Social Presentation 2015
Retain Social Presentation 2015
 
Watch Guard Firebox T10 Infographic
Watch Guard Firebox T10 InfographicWatch Guard Firebox T10 Infographic
Watch Guard Firebox T10 Infographic
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
 
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in Mind
 
Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)
 
The Top Data Privacy Trends to Watch For in 2022
The Top Data Privacy Trends to Watch For in 2022The Top Data Privacy Trends to Watch For in 2022
The Top Data Privacy Trends to Watch For in 2022
 

Viewers also liked

App Deployment on Cloud
App Deployment on CloudApp Deployment on Cloud
App Deployment on Cloud
Ajey Pratap Singh
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment
Alert Logic
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through Automation
Amazon Web Services
 
Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay CompliantCloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Blancco
 
CISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesCISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studies
EnterpriseGRC Solutions, Inc.
 
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
Shannon Lietz
 
Implementing the Top 10 AWS Security Best Practices
Implementing the Top 10 AWS Security Best PracticesImplementing the Top 10 AWS Security Best Practices
Implementing the Top 10 AWS Security Best Practices
Sebastian Taphanel CISSP-ISSEP
 
Davitt Potter - CSA Arrow
Davitt Potter - CSA ArrowDavitt Potter - CSA Arrow
Davitt Potter - CSA Arrow
Trish McGinity, CCSK
 
The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in Practice
Alert Logic
 
CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...
CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...
CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...
Amazon Web Services
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
Alert Logic
 
Studie cloud security 2016
Studie cloud security 2016Studie cloud security 2016
Studie cloud security 2016
Andreas Pelka
 
Cloud for Service Providers - A Winning Combination
Cloud for Service Providers - A Winning CombinationCloud for Service Providers - A Winning Combination
Cloud for Service Providers - A Winning Combination
Manuel Daza
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
EnterpriseGRC Solutions, Inc.
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
EnterpriseGRC Solutions, Inc.
 
Create Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply ChainCreate Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply Chain
SeniorStoryteller
 
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services
Alert Logic
 
2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security
Tudor Damian
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon Lietz
SeniorStoryteller
 
Radware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF ServiceRadware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF Service
Radware
 

Viewers also liked (20)

App Deployment on Cloud
App Deployment on CloudApp Deployment on Cloud
App Deployment on Cloud
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through Automation
 
Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay CompliantCloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
 
CISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesCISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studies
 
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
 
Implementing the Top 10 AWS Security Best Practices
Implementing the Top 10 AWS Security Best PracticesImplementing the Top 10 AWS Security Best Practices
Implementing the Top 10 AWS Security Best Practices
 
Davitt Potter - CSA Arrow
Davitt Potter - CSA ArrowDavitt Potter - CSA Arrow
Davitt Potter - CSA Arrow
 
The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in Practice
 
CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...
CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...
CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
 
Studie cloud security 2016
Studie cloud security 2016Studie cloud security 2016
Studie cloud security 2016
 
Cloud for Service Providers - A Winning Combination
Cloud for Service Providers - A Winning CombinationCloud for Service Providers - A Winning Combination
Cloud for Service Providers - A Winning Combination
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
 
Create Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply ChainCreate Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply Chain
 
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services
 
2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon Lietz
 
Radware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF ServiceRadware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF Service
 

Similar to Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360 presentation 2016

Scot Cloud 2017
Scot Cloud 2017Scot Cloud 2017
Scot Cloud 2017
Ray Bugg
 
Accenture tech vision 2018 slideshare trend4_frictionless-biz_aw_a_mc
Accenture tech vision 2018 slideshare trend4_frictionless-biz_aw_a_mcAccenture tech vision 2018 slideshare trend4_frictionless-biz_aw_a_mc
Accenture tech vision 2018 slideshare trend4_frictionless-biz_aw_a_mc
Julien Francois
 
Trends in IoT 2017
Trends in IoT 2017Trends in IoT 2017
Trends in IoT 2017
Dr Ganesh Iyer
 
IT Security News & Case Studies
IT Security News & Case StudiesIT Security News & Case Studies
IT Security News & Case Studies
Dani Wannous
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud
Ulf Mattsson
 
Blockchain for industry 4.0 HMI 2018
Blockchain for industry 4.0 HMI 2018Blockchain for industry 4.0 HMI 2018
Blockchain for industry 4.0 HMI 2018
Mark Mueller-Eberstein
 
[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vn
[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vn[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vn
[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vn
Nur Shiqim Chok
 
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Cohesive Networks
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
Ulf Mattsson
 
Cisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnCisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vn
NetworkCollaborators
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the Cloud
RapidScale
 
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...
Prasanna Hegde
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
Ulf Mattsson
 
IDC FutureScape : Worldwide Internet of Things 2017 Predictions.
IDC FutureScape : Worldwide Internet of Things 2017 Predictions.IDC FutureScape : Worldwide Internet of Things 2017 Predictions.
IDC FutureScape : Worldwide Internet of Things 2017 Predictions.
Dean Bonehill ♠Technology for Business♠
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Cohesive Networks
 
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeNew regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscape
Ulf Mattsson
 
GDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & CyberquestGDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & Cyberquest
Adrian Dumitrescu
 
Superfast Business - Technology Trends for Business
Superfast Business - Technology Trends for BusinessSuperfast Business - Technology Trends for Business
Superfast Business - Technology Trends for Business
Superfast Business
 
In-Memory Computing Driving Edge Computing and Blockchain Technologies
In-Memory Computing Driving Edge Computing and Blockchain TechnologiesIn-Memory Computing Driving Edge Computing and Blockchain Technologies
In-Memory Computing Driving Edge Computing and Blockchain Technologies
dsapps
 
2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian
ITCamp
 

Similar to Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360 presentation 2016 (20)

Scot Cloud 2017
Scot Cloud 2017Scot Cloud 2017
Scot Cloud 2017
 
Accenture tech vision 2018 slideshare trend4_frictionless-biz_aw_a_mc
Accenture tech vision 2018 slideshare trend4_frictionless-biz_aw_a_mcAccenture tech vision 2018 slideshare trend4_frictionless-biz_aw_a_mc
Accenture tech vision 2018 slideshare trend4_frictionless-biz_aw_a_mc
 
Trends in IoT 2017
Trends in IoT 2017Trends in IoT 2017
Trends in IoT 2017
 
IT Security News & Case Studies
IT Security News & Case StudiesIT Security News & Case Studies
IT Security News & Case Studies
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud
 
Blockchain for industry 4.0 HMI 2018
Blockchain for industry 4.0 HMI 2018Blockchain for industry 4.0 HMI 2018
Blockchain for industry 4.0 HMI 2018
 
[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vn
[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vn[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vn
[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vn
 
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
Cisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnCisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vn
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the Cloud
 
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
 
IDC FutureScape : Worldwide Internet of Things 2017 Predictions.
IDC FutureScape : Worldwide Internet of Things 2017 Predictions.IDC FutureScape : Worldwide Internet of Things 2017 Predictions.
IDC FutureScape : Worldwide Internet of Things 2017 Predictions.
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
 
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeNew regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscape
 
GDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & CyberquestGDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & Cyberquest
 
Superfast Business - Technology Trends for Business
Superfast Business - Technology Trends for BusinessSuperfast Business - Technology Trends for Business
Superfast Business - Technology Trends for Business
 
In-Memory Computing Driving Edge Computing and Blockchain Technologies
In-Memory Computing Driving Edge Computing and Blockchain TechnologiesIn-Memory Computing Driving Edge Computing and Blockchain Technologies
In-Memory Computing Driving Edge Computing and Blockchain Technologies
 
2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian
 

More from Cohesive Networks

CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
Cohesive Networks
 
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Cohesive Networks
 
Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)
Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)
Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)
Cohesive Networks
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
Cohesive Networks
 
Comparison: VNS3 vs Vyatta
Comparison: VNS3 vs VyattaComparison: VNS3 vs Vyatta
Comparison: VNS3 vs Vyatta
Cohesive Networks
 
Comparison: VNS3 and Openswan
Comparison: VNS3 and OpenswanComparison: VNS3 and Openswan
Comparison: VNS3 and Openswan
Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 Administration
Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks Support Docs: VNS3 Configuration Guide Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 ClassicCohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic
Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC
Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 Configuration in Azure
Cohesive Networks Support Docs: VNS3 Configuration in Azure Cohesive Networks Support Docs: VNS3 Configuration in Azure
Cohesive Networks Support Docs: VNS3 Configuration in Azure
Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 Configuration for IBM Softlayer
Cohesive Networks Support Docs: VNS3 Configuration for IBM SoftlayerCohesive Networks Support Docs: VNS3 Configuration for IBM Softlayer
Cohesive Networks Support Docs: VNS3 Configuration for IBM Softlayer
Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 Configuration for GCE
Cohesive Networks Support Docs: VNS3 Configuration for GCE Cohesive Networks Support Docs: VNS3 Configuration for GCE
Cohesive Networks Support Docs: VNS3 Configuration for GCE
Cohesive Networks
 
Cohesive Networks Support Docs: Welcome to VNS3 3.5
Cohesive Networks Support Docs: Welcome to VNS3 3.5 Cohesive Networks Support Docs: Welcome to VNS3 3.5
Cohesive Networks Support Docs: Welcome to VNS3 3.5
Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide
Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide
Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide
Cohesive Networks
 
Cohesive networks Support Docs: VNS3 3.5 Upgrade Guide
Cohesive networks Support Docs: VNS3 3.5 Upgrade GuideCohesive networks Support Docs: VNS3 3.5 Upgrade Guide
Cohesive networks Support Docs: VNS3 3.5 Upgrade Guide
Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 3.5 Container System Add-Ons
Cohesive Networks Support Docs: VNS3 3.5 Container System Add-OnsCohesive Networks Support Docs: VNS3 3.5 Container System Add-Ons
Cohesive Networks Support Docs: VNS3 3.5 Container System Add-Ons
Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 version 3.5+ API Guide
Cohesive Networks Support Docs: VNS3 version 3.5+ API Guide Cohesive Networks Support Docs: VNS3 version 3.5+ API Guide
Cohesive Networks Support Docs: VNS3 version 3.5+ API Guide
Cohesive Networks
 

More from Cohesive Networks (20)

CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
 
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
 
Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)
Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)
Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
 
Comparison: VNS3 vs Vyatta
Comparison: VNS3 vs VyattaComparison: VNS3 vs Vyatta
Comparison: VNS3 vs Vyatta
 
Comparison: VNS3 and Openswan
Comparison: VNS3 and OpenswanComparison: VNS3 and Openswan
Comparison: VNS3 and Openswan
 
Cohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 Administration
 
Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks Support Docs: VNS3 Configuration Guide Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks Support Docs: VNS3 Configuration Guide
 
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 ClassicCohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic
 
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC
 
Cohesive Networks Support Docs: VNS3 Configuration in Azure
Cohesive Networks Support Docs: VNS3 Configuration in Azure Cohesive Networks Support Docs: VNS3 Configuration in Azure
Cohesive Networks Support Docs: VNS3 Configuration in Azure
 
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
 
Cohesive Networks Support Docs: VNS3 Configuration for IBM Softlayer
Cohesive Networks Support Docs: VNS3 Configuration for IBM SoftlayerCohesive Networks Support Docs: VNS3 Configuration for IBM Softlayer
Cohesive Networks Support Docs: VNS3 Configuration for IBM Softlayer
 
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
 
Cohesive Networks Support Docs: VNS3 Configuration for GCE
Cohesive Networks Support Docs: VNS3 Configuration for GCE Cohesive Networks Support Docs: VNS3 Configuration for GCE
Cohesive Networks Support Docs: VNS3 Configuration for GCE
 
Cohesive Networks Support Docs: Welcome to VNS3 3.5
Cohesive Networks Support Docs: Welcome to VNS3 3.5 Cohesive Networks Support Docs: Welcome to VNS3 3.5
Cohesive Networks Support Docs: Welcome to VNS3 3.5
 
Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide
Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide
Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide
 
Cohesive networks Support Docs: VNS3 3.5 Upgrade Guide
Cohesive networks Support Docs: VNS3 3.5 Upgrade GuideCohesive networks Support Docs: VNS3 3.5 Upgrade Guide
Cohesive networks Support Docs: VNS3 3.5 Upgrade Guide
 
Cohesive Networks Support Docs: VNS3 3.5 Container System Add-Ons
Cohesive Networks Support Docs: VNS3 3.5 Container System Add-OnsCohesive Networks Support Docs: VNS3 3.5 Container System Add-Ons
Cohesive Networks Support Docs: VNS3 3.5 Container System Add-Ons
 
Cohesive Networks Support Docs: VNS3 version 3.5+ API Guide
Cohesive Networks Support Docs: VNS3 version 3.5+ API Guide Cohesive Networks Support Docs: VNS3 version 3.5+ API Guide
Cohesive Networks Support Docs: VNS3 version 3.5+ API Guide
 

Recently uploaded

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 

Recently uploaded (20)

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 

Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360 presentation 2016

  • 2. Tweet along: #Sec360 @pjktech @cohesivenet About me Patrick Kerpan CEO at Cohesive Networks @pjktech BANKS
  • 3. Tweet along: #Sec360 @pjktech @cohesivenet About Cohesive Networks 2,000+ customers protect cloud- based applications User-controlled security & connectivity at the top of the cloud Cloud is creating demand for more connectivity and security honest approach to cloud security
  • 4. Tweet along: #Sec360 @pjktech @cohesivenet Agenda • data center security is not cloud security • post-Snowden realities • application layer network security • upcoming security compliance regulations • here’s to a more secure 2016
  • 5. Tweet along: #Sec360 @pjktech @cohesivenet data center security is not cloud security
  • 6. Tweet along: #Sec360 @pjktech @cohesivenet modern apps business applications are collections of servers Database Tier AppServer Tier Web Tier
  • 7. Tweet along: #Sec360 @pjktech @cohesivenet enterprise data center enterprise data centers are filled with these applications
  • 8. Tweet along: #Sec360 @pjktech @cohesivenet data center security: walls 80% of security spend is on perimeter, leaving only 20% for interior network security Perimeter Security
  • 9. Tweet along: #Sec360 @pjktech @cohesivenet data center vulnerability Hacker Penetration Perimeter Security
  • 10. Tweet along: #Sec360 @pjktech @cohesivenet Perimeter Security data center vulnerability Vulnerabilities go undetected for an average of 234 days!
  • 11. Tweet along: #Sec360 @pjktech @cohesivenet post-Snowden realities
  • 12. Tweet along: #Sec360 @pjktech @cohesivenet target: governments
  • 13. Tweet along: #Sec360 @pjktech @cohesivenet target: retail
  • 14. Tweet along: #Sec360 @pjktech @cohesivenet target: healthcare
  • 15. Tweet along: #Sec360 @pjktech @cohesivenet target: social media
  • 16. Tweet along: #Sec360 @pjktech @cohesivenet application layer network security
  • 17. Tweet along: #Sec360 @pjktech @cohesivenet application segmentation micro-perimeter around critical apps in any environment
  • 18. Tweet along: #Sec360 @pjktech @cohesivenet limit server interactions server traffic must go through a secure app-layer switch
  • 19. Tweet along: #Sec360 @pjktech @cohesivenet control network flow traffic only flows in permitted directions, from permitted locations
  • 20. Tweet along: #Sec360 @pjktech @cohesivenet security for each app Tweet along: #Sec360 @pjktech
  • 21. Tweet along: #Sec360 @pjktech @cohesivenet upcoming security compliance regulations
  • 22. Tweet along: #Sec360 @pjktech @cohesivenet practical, compelling needs PR.AC-5 NIST Cyber Security Framework “Network integrity is protected, incorporating network segregation where appropriate”
  • 23. Tweet along: #Sec360 @pjktech @cohesivenet practical, compelling needs PCI DSS Payment Card Industry Data Security Standard v3.0 “adequate network segmentation isolates systems that store, process, or transmit cardholder data from those that do not"
  • 24. Tweet along: #Sec360 @pjktech @cohesivenet practical, compelling needs US DHS Guidelines National Cyber Security Division Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies
  • 25. Tweet along: #Sec360 @pjktech @cohesivenet upcoming security compliance regulations
  • 26. Tweet along: #Sec360 @pjktech @cohesivenet EU Data Protection Directive: 2018 • data processors responsible for data protection • tougher penalties: up to €20M • impacts every entity that holds or uses European personal data both inside and outside of EU • controllers must meet ”reasonable expectations” of data privacy = tokenised, encrypted or anonomised data
  • 27. Tweet along: #Sec360 @pjktech @cohesivenet Safe Harbor/EU-US Privacy Shield: June • original agreement between US and EU to adhere to EU laws & standards when handling EU citizen’s data • US companies can self-certify they are storing customer data properly • voided in October 2015, new voted expected June 2016
  • 28. Tweet along: #Sec360 @pjktech @cohesivenet industry-specific guidelines • Federal Information Security Management Act (FISMA) • North American Electric Reliability Corp. (NERC) standards • Title 21 of the Code of Federal Regulations (21 CFR Part 11) Electronic Records • Health Insurance Portability and Accountability Act (HIPAA) • The Health Information Technology for Economic and Clinical Health Act (HITECH) • Patient Safety and Quality Improvement Act (PSQIA, Patient Safety Rule) • H.R. 2868: The Chemical Facility Anti-Terrorism Standards Regulation
  • 29. Tweet along: #Sec360 @pjktech @cohesivenet broadly applicable laws and regulations • Sarbanes-Oxley Act (SOX) • Payment Card Industry Data Security Standard (PCI DSS) • Gramm-Leach-Bliley Act (GLB) Act • Electronic Fund Transfer Act • Regulation E (EFTA) • Customs-Trade Partnership Against Terrorism (C- TPAT) • Free and Secure Trade Program (FAST) • Children's Online Privacy Protection Act (COPPA) • Fair and Accurate Credit Transaction Act (FACTA) • Federal Rules of Civil Procedure (FRCP)
  • 30. Tweet along: #Sec360 @pjktech @cohesivenet security takeaways most standards say: • encrypt sensitive data in motion and at rest whenever it is “reasonable and appropriate” • ”reasonable expectation” of companies to provide data security
  • 31. Tweet along: #Sec360 @pjktech @cohesivenet here’s to a more secure 2016
  • 32. Tweet along: #Sec360 @pjktech @cohesivenet segment and isolate apps
  • 33. Tweet along: #Sec360 @pjktech @cohesivenet enforce traffic policies with firewalls
  • 34. Tweet along: #Sec360 @pjktech @cohesivenet detect malicious traffic with NIDS ! !! !
  • 35. Tweet along: #Sec360 @pjktech @cohesivenet limit intra-app network traffic with WAF
  • 36. Tweet along: #Sec360 @pjktech @cohesivenet create logical subnets Example app network Subnet - 172.31.1.0/26 VNS3 Controllers 172.31.1.56/29 unassigned 172.31.1.8/29 Web 172.31.1.0/29 App 172.31.1.16/29 unassigned 172.31.1.24/29 MQ 172.31.1.40/29 DB 172.31.1.32/29 unassigned 172.31.1.48/29 Define smaller subnets within an app network range along with firewall rules
  • 37. Tweet along: #Sec360 @pjktech @cohesivenet monitor traffic with app-layer switches
  • 38. Tweet along: #Sec360 @pjktech @cohesivenet build layers of control and access Provider Owned/Provider Controlled Provider Owned/User Controlled VNS3 - User Owned/User Controlled User Owned/User Controlled Key security elements must be controlled 
 by the customer, but separate from 
 the provider Cloud Edge Protection Cloud Isolation Cloud VLAN Cloud Network Firewall Cloud Network Service VNS3 Virtual Firewall VNS3 Encrypted Overlay N etwork VNS3 NIDS, WAF, e tc. Instance OS Port Filtering Encrypted Disk
  • 39. Tweet along: #Sec360 @pjktech @cohesivenet use encrypted overlay networks • use unique X.509 credentials for each Overlay IP address • create a secure TLS VPN tunnel between networks • encrypt all data in motion end-to-end VNS3 Controller 1 VNS3 Controller 2 VNS3 Controller 3 VNS3 Overlay Network - 172.31.1.0/24 Public IP: 52.1.108.23 Public IP: 54.15.88.193 Public IP: 52.22.100.95 Peered Peered Overlay IP: 172.31.1.1 Cloud Server A Overlay IP: 172.31.1.2 Cloud Server B Overlay IP: 172.31.1.3 Cloud Server C Overlay IP: 172.31.1.4 Primary DB Overlay IP: 172.31.1.5 Backup DB
  • 40. Tweet along: #Sec360 @pjktech @cohesivenet Conclusions • data center security does not work for cloud security • everyone is liable for weak security - including your customers • applications need security via network virtualization • compliance regulations emphasize network segmentation, app security and isolation • app layer switches and network controls can make for a more secure 2016
  • 41. Tweet along: #Sec360 @pjktech @cohesivenet Q&A Stay in touch: @pjktech @cohesivenet contactme@cohesive.net