a journey towards effective cloud security · cloud security tom fonteyn –solution specialist 1...
TRANSCRIPT
Safely Enabling Business www.securelink.net
A Journey Towards EffectiveCloud Security
Tom Fonteyn – Solution Specialist
2019-03-181
Safely Enabling Business www.securelink.net
SAFELY ENABLING BUSINESS
Safely Enabling Business www.securelink.net
WHY CLOUD SECURITY?
2019-03-183
PROTECT BUSINESS CRITICAL INFORMATION AND PROCESSES
– WITHOUT CONSTRAINING INNOVATION AND GROWTH.
IT ISN'T ABOUT WHETHER THE CLOUD IS SECURE, IT’S ABOUT HOW
SECURELY YOU ARE USING IT.
JOURNEY SOLUTIONCHALLENGE
Jay Heiser, Gartner, 2018
Safely Enabling Business www.securelink.net2019-03-184
AGENDA
CHALLENGE JOURNEY SOLUTIONS
Safely Enabling Business www.securelink.net
A CHALLENGING LANDSCAPE
2019-03-185
Business opportunity
TECHNICAL EVOLUTION
Business value goes online
DIGITAL TRANSFORMATION
Supply chain interconnectivity
OPENNESS AS BASELINE
Increased risk
SOPHISTICATED MALICIOUS
ACTORS
JOURNEY SOLUTIONCHALLENGE
Safely Enabling Business www.securelink.net
A CHANGING APPROACH
2019-03-186
Disrupted business processesLoss of critical data
INSUFFICIENT SECURITY OVERLY STRINGENT CONTROLS“Workarounds” for security controls
Hindering business
JOURNEY SOLUTIONCHALLENGE
BALANCE
Safely Enabling Business www.securelink.net3/18/20197
JOURNEY SOLUTIONCHALLENGE
ENTERPRISE WORKLOADS IaaS & PaaS
Platform, Apps, Data, Identity Data, Identity
ENTERPRISE SANCTIONED APPLICATIONS
SaaS
GENERIC INTERNET & TOLERATED SaaS
HQ Branch #1
WAN Secure Interconnect Service
Branch #2 OT/IoT Home Remote
PRIVATE CLOUD
WHERE IS MY DATA?
Home RemoteHQ
HOW DO I MANAGE IDENTITIES? HOW DO I ENABLE SECURE CONNECTIVITY?
Branch #1 Branch #2 OT/IoT
Safely Enabling Business www.securelink.net
A CHANGING APPROACH
2019-03-188
PROTECT BUSINESS CRITICAL INFORMATION AND PROCESSES
– WITHOUT CONSTRAINING INNOVATION AND GROWTH.
THE NEED TO MAKE APPROPRIATE TRADE-OFFS
BETWEEN BUSINESS OPPORTUNITY AND RISK.
JOURNEY SOLUTIONCHALLENGE
Safely Enabling Business www.securelink.net
SECURELINK IS THE MARKET LEADINGPROVIDER OF CYBER SECURITY IN EUROPE.
Safely Enabling Business www.securelink.net
THE JOURNEYDeveloping Cloud Security Maturity
2019-03-1810
Safely Enabling Business www.securelink.net
WHAT DOES YOUR JOURNEY LOOK LIKE?
2019-03-1811
JOURNEY SOLUTIONCHALLENGE
IAAS/PAAS
LIFT & SHIFT01
REPLACE02
REFACTOR/REVISE/REBUILD03
PERHAPS YOU FIND YOURSELF USING MULTIPLE PATHS.
REGARDLESS, THERE ARE WAYS TO STAY SECURE.
SAAS
Safely Enabling Business www.securelink.net
A PROVEN APPROACH
2019-03-1812
PROTECT BUSINESS CRITICAL INFORMATION AND PROCESSES
– WITHOUT CONSTRAINING INNOVATION AND GROWTH.
WORK ACROSS YOUR ORGANIZATION.
AUTOMATE & ORCHESTRATE.
ZERO TRUST – “NEVER TRUST, ALWAYS VERIFY”.
• LIMIT ACCESS BETWEEN COMPONENTS
• LOCK DOWN IDENTITY MANAGEMENT
• SECURE YOUR DATA AND STORAGE
EMBRACE THE SHARED RESPONSIBILITY MODEL FOR CLOUD.
JOURNEY SOLUTIONCHALLENGE
Safely Enabling Business www.securelink.net
SHARED RESPONSIBILITY MODEL
2019-03-1813
JOURNEY SOLUTIONCHALLENGE
IaaS PaaS SaaS
CUSTOMER CONTENT
GLOBAL INFRASTRUCTURE
Compute Storage Database Networking
OS & Application Security
Network Security
Application Level Controls
Identity & Access Management
Data
YOUR RESPONSIBILITY
THEIR RESPONSIBILITY
Safely Enabling Business www.securelink.net
EVERYTHING CHANGES – NOTHING IS NEW.
2019-03-1814
JOURNEY SOLUTIONCHALLENGE
KEY DOMAINS TO SECURE
Data
Identity
Applications
Endpoint
Access
SECURITY CONCEPTS
Confidentiality
Integrity
Availability
SECURITY LIFECYCLE
Insight
Prevent
Detect
Respond
Safely Enabling Business www.securelink.net
CLOUD SECURITY MATURITY ASSESSMENT – OVERVIEW
COMPLETE AN ASSESSMENTFoundation for strategic
planning
Measure progress over time
UNDERSTAND THE BENEFITSModel based on industry
benchmarks:• CSA Cloud Control Matrix• CIS• SANS• ISO
Understand yourcurrent position, with absolute ratings
FIVE DISTINCT STAGES
Expert
Advanced
Standard
Essential
Basic
Safely Enabling Business www.securelink.net
CLOUD SECURITY MATURITY MODEL
2019-03-1816
Detection and Response
Endpoint
Infrastructure
Data
Applications
Identity & Access
Risk, Governance, Awareness
CSMA Basic Essential Standard Advanced Expert
7 maturity DOMAINS 5 maturity LEVELS
01 02 03 04 05
Safely Enabling Business www.securelink.net
CLOUD SECURITY MATURITY MODEL – DOMAIN EXAMPLE
2019-03-1817
Detection and Response
Endpoint
Infrastructure
Data
Applications
Identity & Access
Risk, Governance, Awareness
CSMA Basic Essential Standard Advanced Expert
7 maturity DOMAINS 5 maturity LEVELS
01 02 03 04 05
TECHNOLOGYPROCESSPEOPLE
Basic Standard
Safely Enabling Business www.securelink.net
CLOUD SECURITY MATURITY MODEL
2019-03-1818
Detection and Response
Endpoint
Infrastructure
Data
Applications
Identity & Access
Risk, Governance, Awareness
CSMA Basic Essential Advanced Expert
7 maturity DOMAINS 5 maturity LEVELS
01 02 04 05
Standard
03
Domain maturity aggregates to overall CSMA score & level.
Safely Enabling Business www.securelink.net
THE MATURITY LIFECYCLEVISUALIZE WHERE YOU ARE
SET THE DESIRED LEVELIMPLEMENT &
IMPROVE CONTROLS
PRIORITIZE ACTIVITIES
Safely Enabling Business www.securelink.net
SECURELINK CSMA - KEY BENEFITS
2019-03-1820
Based on standards & frameworks
& SecureLink expertise Actionable advice Expert guidance Documented progression
Safely Enabling Business www.securelink.net
SECURELINK CLOUD SOLUTIONS
3/18/201921
MANAGE & CONTROL SAAS SECURITY MULTI-CLOUD
Adapt security policy for cloud Adaptive Cloud Security Instruction
Automate & orchestrate Cloud Security Orchestration
Manage increasing complexity Security Reference Architecture
Secure email & collaboration Securing Office 365
Data protection & IAM SaaS Security
Manage the cloud journey Cloud Security Maturity Assessment
Secure access to/from all resources Secure Workspace
Safely Enabling Business www.securelink.net18/03/201922
PAST PRESENT
TREND: REDEFINING “PERIMETER”
Safely Enabling Business www.securelink.net18/03/2019
• No longer bound by:
• Location
• Traditional Working Hours
• Work-Life Balance
• “Always Connected”
23
TREND: WORKFORCE MOBILITY
Safely Enabling Business www.securelink.net18/03/201924
Corporate Devices
CompanyApplication
PUSH
ConsumerApplication PULL
Personal Devices
TREND: ENDPOINT EVOLUTION
Safely Enabling Business www.securelink.net18/03/201925
Devices handling Corporate Data
TREND: ENDPOINT EVOLUTION
Safely Enabling Business www.securelink.net
SOLUTION:SECUREWORKSPACE
18/03/201926
Safely Enabling Business www.securelink.net
Secure Workspace
Solution
18/03/201927
Safely Enabling Business www.securelink.net
SecureWorkspaceFramework
18/03/201928
Secure Remote
Application Access
Data Security (Insider Threat
Prevention )
Endpoint Security
Identity & Access
Management
Data and Infromation
Collaboration
Enterprise Mobile Device
Management
User Environment Management
(UEM)
Application Virtualization and Layering
Application and Desktop Virtualization
Hyper Converged
Infrastructure (HCI)
Availability ConfidentialityIntegrity
Safely Enabling Business www.securelink.net
Centralized Data Security
18/03/201929
Decentralized Data
Safely Enabling Business www.securelink.net
CHALLENGES WITH TRADITIONAL APPROACHES
2019-03-1830
Alternative approaches result in policy/protection inconsistencies
Global deployments are complex and cumbersome to manage
Backhauling, or hair-pinning, is expensive and performs poorly
MPLS/IPSEC
JOURNEY SOLUTIONCHALLENGE
Safely Enabling Business www.securelink.net3/18/201931
JOURNEY SOLUTIONCHALLENGE
ENTERPRISE WORKLOADS IaaS & PaaS
ENTERPRISE SANCTIONED APPLICATIONS
SaaS
GENERIC INTERNET & TOLERATED SaaS
HQ Branch #1 Branch #2 OT/IoT Home Remote
PRIVATE CLOUD
DATA
Home RemoteHQ
IDENTITIES SECURE CONNECTIVITY
Branch #1 Branch #2 Branch #3
SecureWorkspace(SECURE INTERCONNECT SERVICE)
Safely Enabling Business www.securelink.net
SECUREWORKSPACE
3/18/201932
JOURNEY SOLUTIONCHALLENGE
Powered By:
• Workspace ONE• Horizon on VMware Cloud• Horizon Cloud
Any Device
From/To Anywhere
Any Time
Safely Enabling Business www.securelink.net
Vmware Workspace ONE: Unified Digital Workspace
User / End Point Experience
WIN 10 / MAC / ChromebookiOS / Android Rugged/Connected Things
All AppsExperienceModern
ManagementInsights Automation
Safely Enabling Business www.securelink.net
AWS Global InfrastructureCustomer data Center
vSphere vSAN
On-prem NativeAWS services
VMware CloudTM on AWSPowered by VMware Cloud Foundation
End user
VMware Horizon® 7
NSX
VMware Horizon® 7
vCenter vCenter
Architecture: Horizon 7 on VMware Cloud
CPA
Safely Enabling Business www.securelink.net
SECUREWORKSPACE– KEY BENEFITS
3/18/201935
Centralized control, regardless of location
(data, application, end-user)
Threat prevention byleveraging zero-trust, cloud-
deliveredVisibility and control of data & applications (incl. SaaS)
Easy and flexible to deploy (access to)
applications and manage
Safely Enabling Business www.securelink.net
SECURELINK CLOUD SOLUTIONS
3/18/201936
MANAGE & CONTROL SAAS SECURITY MULTI-CLOUD
Adapt security policy for cloud Adaptive Cloud Security Instruction
Automate & orchestrate Cloud Security Orchestration
Manage increasing complexity Security Reference Architecture
Secure email & collaboration Securing Office 365
Data protection & IAM SaaS Security
Manage the cloud journey Cloud Security Maturity Assessment
Secure access to/from all resources Secure Workspace
Safely Enabling Business www.securelink.net
WE SECURE YOU. Private Cloud Hybrid Cloud Public Cloud
EVERYWHERE.
Booth B112
Safely Enabling Business www.securelink.net
Thank you!SecureLink
Safely Enabling Business Tom FonteynSolution Specialist – Cloud Security