CASB Workshop Part 2 (Technology Taxonomy for Cloud Security,Key Components of Cloud Security Architecture,Blue Print To Build Your Cloud Security Program,Basics of Cloud Security Access Brokers)

1. CASB – Architecture & Deployment
Gaurav Bhatia
gaurav@palerra.com
Palerra

2. Aug 2015
Full Lifecycle Approach to Security
Effective threat analytics is an
important element of the security
lifecycle
But it is ineffective without
incident response – the yin and
the yang
For security architectures to be
effective, threat analytics and
incident response must be tightly
coupled to prevent any gaps
Chase breach affects 76 million accounts, raises
questions about detection failure
SC Magazine – Oct 3, 2014
Target did not respond to FireEye security
alerts prior to breach, according to report
“We often see organizations ignoring alarms like this because they've
become numb to them, receiving too many false positives, or because
they're understaffed,” Chiu said. “You can have all the alarms you want, but
unless you put security in a prominent position in the company and have
enough staff to review them, those alarms don't mean anything.”

3. Aug 2015
The Yin: Threat Analytics for the Cloud
Challenges with performing threat analytics for cloud services
 Static threat models cannot be applied to on-demand cloud infrastructure
 Non-uniform transparency across cloud providers for event logs and security metadata
 Consolidation of security data across SaaS, PaaS and IaaS is required for a holistic view
 Correlation of data across all cloud services is challenging due to the sheer volume of cloud usage
A combination of approaches to threat analytics is required
 Detection: Define static rules and baselines to match known threats
 Prediction: Use data science and machine learning to discover unknown threats
Automation of threat detection and prediction is necessary to keep up
with the rapidly evolving threat landscape

4. Aug 2015
The Yang: Incident Response for the Cloud
Comprehensive incident response entails
 Logging: ensures that all incidents are tracked
 Remediation: ensures that all incidents are addressed
 Two approaches to remediation
 Changes are made directly to the cloud service
 Changes are made via integrations with existing IT investments
Automation of incident response is necessary to ensure that no
incidents are lost in the shuffle

5. Aug 2015
CASB Deployment models

6. Aug 2015
Forward Proxy

7. Aug 2015
Forward proxy
Pros
 Can be used for all app types, incl client-server with hard-coded host names
Cons
 Difficult to deploy especially for BYOD shops
 End-user privacy concerns as both corporate and personal traffic are sent via proxy
 Requires self-signed certificates at each point of use.
 CASB becomes SPOF

8. Aug 2015
Reverse Proxy

9. Aug 2015
Reverse proxy
Pros
 Works for any device (managed and unmanaged) and from any location
 End-user privacy is intact – only corporate traffic is proxied
 Simple deployment – no configuration on mobile devices or firewalls
Cons
 SSL/TLS is hard to handle
 CASB becomes SPOF

10. Aug 2015
API Mode

11. Aug 2015
API
Pros
 Non-intrusive & light touch solution
 Can provide content based controls
 Supports BYOD
 Reliable information on what data is in the cloud, its permissions and the activity logs
Cons
 Not all SaaS applications offer API support

12. Aug 2015
Thanks!