Downloaded 12 times
Uploaded byOutpost24
Outpost24 webinar : how to secure your data in the cloud - 06-2018
The document discusses the essential strategies for securing data in cloud environments, emphasizing the need for security automation due to traditional solutions' inadequacy in dynamic cloud settings. It outlines a three-step plan for data security in major platforms like AWS and Azure, highlighting shared responsibilities and the necessity for continuous assessment and vulnerability management. Additionally, it addresses customer challenges associated with hybrid cloud infrastructure and container security, providing recommendations for effective cloud workload protection.
More Related Content
Similar to Outpost24 webinar : how to secure your data in the cloud - 06-2018
![[BDD 2025 - Mobile Development] Exploring Apple’s On-Device FoundationModels](https://cdn.slidesharecdn.com/ss_thumbnails/md-exploringappleson-devicefoundationmodels-251124030840-d690542c-thumbnail.jpg?width=640&height=640&fit=bounds)
![[DevFest Strasbourg 2025] - NodeJs Can do that !!](https://cdn.slidesharecdn.com/ss_thumbnails/devfeststrasbourg2025-nodejscandothat-251127142731-da65b6fd-thumbnail.jpg?width=640&height=640&fit=bounds)
![[BDD 2025 - Artificial Intelligence] Building AI Systems That Users (and Comp...](https://cdn.slidesharecdn.com/ss_thumbnails/ai-buildingaisystemsthatusersandcompanieslove-251124030845-038f7732-thumbnail.jpg?width=640&height=640&fit=bounds)
Outpost24 webinar : how to secure your data in the cloud - 06-2018
- 1. How to secureyour data in the cloud Sergio Loureiro, Director Product Management 1
- 2. Objective 2 • The lackof visibility and control in hybrid and multi-cloud environment • Why security automation is mandatory for agile environments? • Why traditional solutions do not cope with cloud and containers? • 3 steps plan for data security in AWS, Azure and Docker
- 3. Shared Responsibility betweenProviders and Enterprises 3
- 4.
- 5. Workloads are Enterprise’sResponsibility 5 Most common cases Strategic cases
- 6. First Headline backin 2011
- 7. Fast forward to2018
- 8. Securing the MigrationJourney to IaaS 8 source: https://www.rightscale.com/lp/state-of-the-cloud Customer Challenges - Assess a different kind of infrastructure - Time consuming permission process - Evaluate configurations for all instances and storage
- 9. Growth of ContainerAdoption with DevOps Trend 9 Customer Challenges - Evaluate containers environments - Evaluate container configurations and management source: https://www.docker.com/what-container
- 10. Security Automation isMandatory for DevOps • Auto-Discovery of assets by API • Security checks automatically launched • Agentless is less costly to manage and works with Serverless • DevOps is changing when, who and how security management is done
- 11. Why traditional solutionsdo not cope with cloud? • Shared responsibility and new cloud services every week • Elasticity and Agile • Changing IPs • License model • Cloud Shadow IT • APIs for everything • Publicly accessible • New layer of configuration (and misconfigurations)
- 12. Overview of AWSand Azure security capabilities 12 AWS - Security Groups (firewall) - Trusted Advisor (high level) - Inspector (assessment) - Key Management Service - Identity and Access Management - Macie (DLP) - GuardDuty (threat detection) - Shield (DoS) - WAF (WAF) Azure - Azure Security Center - Security Groups (firewall) - Key Vault - Endpoint Protection - VM agent - … + Integration with security partner solutions
- 13. What’s missing fromAWS and Azure? 13 1. Putting all security services together and assessing that continuous changes are not bringing added risk 2. Workloads (Applications + Data) security, your own stuff
- 14. Cloud Workload ProtectionControls - Top 3 Approaches Operations Hygiene Core Additional • CIS AWS benchmark • CIS Azure benchmark • CIS Docker benchmark • CIS Kubernetes bench.
- 15. EWP Features Source: GartnerMarket Guide to Cloud Workload Protection Platform 2017
- 16. Let’s draw aplan 16 - 1st step: workload security assessment + cloud configuration assessment - 2nd step: security automation for continuous assessment - 3rd step: extend to new services
- 17. 1. Comprehensive Solution 17 VulnerabilityManagement identifies vulnerabilities Application Security evaluates applications Cloud & Container Security assesses configurations and workloads Combines all 3 into one solution
- 18. 2. Continuous WorkloadAnalytics • Implementation of CIS benchmarks: AWS, Azure, Docker and Kubernetes • Using the IaaS Provider or Hypervisors APIs • Auto-discovery for elastic scenarios, zero configuration • Real-time alerts on configuration issues
- 19. 3. Extend tonew cloud services • Orchestration possible by API • Integration on CI/CD setups for containers • Virtual appliances available for Azure and AWS for private assets • Managed Services, Snapshot and Professional Services plans available
- 20. Examples of CISAWS and CIS Azure Controls
- 21. Use Case withAWS Elastic Map Reduce (EMR)
- 22. Use Case withAWS Elastic Map Reduce (EMR)
- 23. Use Case withAWS Elastic Map Reduce (EMR)
- 24. Supporting Material • EWPweb: https://outpost24.com/cloud-security • EWP white paper - https://marketing.outpost24.com/cloud-security-whitepaper • AWS best practices white paper - https://marketing.outpost24.com/aws-security- whitepaper Looking for more? • Gartner Cloud Workload Protection Platform (CWPP) research • Cloud Security Alliance Security Guidance version 4 • Latest CIS benchmarks for Amazon AWS 1.1.0 and Microsoft Azure 1.0.0 • Demo accounts available on request
- 25.
- 26. Outpost24 EWP executiveoverview
- 27. Outpost24 EWP cloudprovider status view
- 28. Outpost24 EWP instancesstatus view
- 29. Outpost24 EWP workloadfindings view
Editor's Notes
- #3 Customer uncertainty is your entry point “How quickly are you moving workloads to the cloud?” “How quickly will your DevOps team migrate to containers?” “How are you handling security assessments in the cloud?” “What makes you confident with your cloud provider’s security capabilities?”
- #4 Note: this is a Microsoft slide and over-simplified the “security box means basic protections like AV
- #5 Note: this is a Microsoft slide and over-simplified the “security box means basic protections like AV
- #6 Workloads = applications + security + data + OS
- #12 Misconfiguration will give access to data, every service can give access to your data
- #13 New infrastructure, new security pains, new knowledge In 2010, AWS was a 200M$ business, last year they did 17B$, Azure is catching up, so currently we are focusing on the top 2
- #14 New infrastructure, new security pains, new knowledge In 2010, AWS was a 200M$ business, last year they did 17B$, Azure is catching up, so currently we are focusing on the top 2
- #15 In Gartner’s terms – Outpost24 covers the Core workload protection strategies In CIS terms – Outpost24 addresses benchmarks for required technologies In CSA terms – Outpost 24 covers Essential characteristics, PaaS and IaaS service models, and Public-Private-Hybrid deployment models Outpost24 acquired SecludIT in January 2018, a cloud security pioneer and founding member of CSA
- #18 Put data in perspective, all ways of getting to your data
- #20 Data sovereignty scenarios, data do not leave customer premises - Regional or country-specific clouds, data never leaves customer cloud account, etc.
- #21 Data sovereignty scenarios, data do not leave customer premises - Regional or country-specific clouds, data never leaves customer cloud account, etc.
- #22 Data sovereignty scenarios, data do not leave customer premises - Regional or country-specific clouds, data never leaves customer cloud account, etc.
- #23 Data sovereignty scenarios, data do not leave customer premises - Regional or country-specific clouds, data never leaves customer cloud account, etc.
- #24 Data sovereignty scenarios, data do not leave customer premises - Regional or country-specific clouds, data never leaves customer cloud account, etc.