a journey towards effective cloud security · cloud security tom fonteyn –solution specialist 1...

Safely Enabling Business www.securelink.net

A Journey Towards EffectiveCloud Security

Tom Fonteyn – Solution Specialist

2019-03-181


SAFELY ENABLING BUSINESS


WHY CLOUD SECURITY?

2019-03-183

PROTECT BUSINESS CRITICAL INFORMATION AND PROCESSES

– WITHOUT CONSTRAINING INNOVATION AND GROWTH.

IT ISN'T ABOUT WHETHER THE CLOUD IS SECURE, IT’S ABOUT HOW

SECURELY YOU ARE USING IT.

JOURNEY SOLUTIONCHALLENGE

Jay Heiser, Gartner, 2018

Safely Enabling Business www.securelink.net2019-03-184

AGENDA

CHALLENGE JOURNEY SOLUTIONS


A CHALLENGING LANDSCAPE

2019-03-185

Business opportunity

TECHNICAL EVOLUTION

Business value goes online

DIGITAL TRANSFORMATION

Supply chain interconnectivity

OPENNESS AS BASELINE

Increased risk

SOPHISTICATED MALICIOUS

ACTORS



A CHANGING APPROACH

2019-03-186

Disrupted business processesLoss of critical data

INSUFFICIENT SECURITY OVERLY STRINGENT CONTROLS“Workarounds” for security controls

Hindering business


BALANCE

Safely Enabling Business www.securelink.net3/18/20197


ENTERPRISE WORKLOADS IaaS & PaaS

Platform, Apps, Data, Identity Data, Identity

ENTERPRISE SANCTIONED APPLICATIONS

SaaS

GENERIC INTERNET & TOLERATED SaaS

HQ Branch #1

WAN Secure Interconnect Service

Branch #2 OT/IoT Home Remote

PRIVATE CLOUD

WHERE IS MY DATA?

Home RemoteHQ

HOW DO I MANAGE IDENTITIES? HOW DO I ENABLE SECURE CONNECTIVITY?

Branch #1 Branch #2 OT/IoT


A CHANGING APPROACH

2019-03-188



THE NEED TO MAKE APPROPRIATE TRADE-OFFS

BETWEEN BUSINESS OPPORTUNITY AND RISK.



SECURELINK IS THE MARKET LEADINGPROVIDER OF CYBER SECURITY IN EUROPE.


THE JOURNEYDeveloping Cloud Security Maturity

2019-03-1810


WHAT DOES YOUR JOURNEY LOOK LIKE?

2019-03-1811


IAAS/PAAS

LIFT & SHIFT01

REPLACE02

REFACTOR/REVISE/REBUILD03

PERHAPS YOU FIND YOURSELF USING MULTIPLE PATHS.

REGARDLESS, THERE ARE WAYS TO STAY SECURE.

SAAS


A PROVEN APPROACH

2019-03-1812



WORK ACROSS YOUR ORGANIZATION.

AUTOMATE & ORCHESTRATE.

ZERO TRUST – “NEVER TRUST, ALWAYS VERIFY”.

• LIMIT ACCESS BETWEEN COMPONENTS

• LOCK DOWN IDENTITY MANAGEMENT

• SECURE YOUR DATA AND STORAGE

EMBRACE THE SHARED RESPONSIBILITY MODEL FOR CLOUD.



SHARED RESPONSIBILITY MODEL

2019-03-1813


IaaS PaaS SaaS

CUSTOMER CONTENT

GLOBAL INFRASTRUCTURE

Compute Storage Database Networking

OS & Application Security

Network Security

Application Level Controls

Identity & Access Management

Data

YOUR RESPONSIBILITY

THEIR RESPONSIBILITY


EVERYTHING CHANGES – NOTHING IS NEW.

2019-03-1814


KEY DOMAINS TO SECURE

Data

Identity

Applications

Endpoint

Access

SECURITY CONCEPTS

Confidentiality

Integrity

Availability

SECURITY LIFECYCLE

Insight

Prevent

Detect

Respond


CLOUD SECURITY MATURITY ASSESSMENT – OVERVIEW

COMPLETE AN ASSESSMENTFoundation for strategic

planning

Measure progress over time

UNDERSTAND THE BENEFITSModel based on industry

benchmarks:• CSA Cloud Control Matrix• CIS• SANS• ISO

Understand yourcurrent position, with absolute ratings

FIVE DISTINCT STAGES

Expert

Advanced

Standard

Essential

Basic


CLOUD SECURITY MATURITY MODEL

2019-03-1816

Detection and Response

Endpoint

Infrastructure

Data

Applications

Identity & Access

Risk, Governance, Awareness

CSMA Basic Essential Standard Advanced Expert

7 maturity DOMAINS 5 maturity LEVELS

01 02 03 04 05


CLOUD SECURITY MATURITY MODEL – DOMAIN EXAMPLE

2019-03-1817


Endpoint

Infrastructure

Data

Applications

Identity & Access


CSMA Basic Essential Standard Advanced Expert


01 02 03 04 05

TECHNOLOGYPROCESSPEOPLE

Basic Standard


CLOUD SECURITY MATURITY MODEL

2019-03-1818


Endpoint

Infrastructure

Data

Applications

Identity & Access


CSMA Basic Essential Advanced Expert


01 02 04 05

Standard

03

Domain maturity aggregates to overall CSMA score & level.


THE MATURITY LIFECYCLEVISUALIZE WHERE YOU ARE

SET THE DESIRED LEVELIMPLEMENT &

IMPROVE CONTROLS

PRIORITIZE ACTIVITIES


SECURELINK CSMA - KEY BENEFITS

2019-03-1820

Based on standards & frameworks

& SecureLink expertise Actionable advice Expert guidance Documented progression


SECURELINK CLOUD SOLUTIONS

3/18/201921

MANAGE & CONTROL SAAS SECURITY MULTI-CLOUD

Adapt security policy for cloud Adaptive Cloud Security Instruction

Automate & orchestrate Cloud Security Orchestration

Manage increasing complexity Security Reference Architecture

Secure email & collaboration Securing Office 365

Data protection & IAM SaaS Security

Manage the cloud journey Cloud Security Maturity Assessment

Secure access to/from all resources Secure Workspace


PAST PRESENT

TREND: REDEFINING “PERIMETER”


• No longer bound by:

• Location

• Traditional Working Hours

• Work-Life Balance

• “Always Connected”

23

TREND: WORKFORCE MOBILITY


Corporate Devices

CompanyApplication

PUSH

ConsumerApplication PULL

Personal Devices

TREND: ENDPOINT EVOLUTION


Devices handling Corporate Data

TREND: ENDPOINT EVOLUTION


SOLUTION:SECUREWORKSPACE

18/03/201926


Secure Workspace

Solution

18/03/201927


SecureWorkspaceFramework

18/03/201928

Secure Remote

Application Access

Data Security (Insider Threat

Prevention )

Endpoint Security

Identity & Access

Management

Data and Infromation

Collaboration

Enterprise Mobile Device

Management

User Environment Management

(UEM)

Application Virtualization and Layering

Application and Desktop Virtualization

Hyper Converged

Infrastructure (HCI)

Availability ConfidentialityIntegrity


Centralized Data Security

18/03/201929

Decentralized Data


CHALLENGES WITH TRADITIONAL APPROACHES

2019-03-1830

Alternative approaches result in policy/protection inconsistencies

Global deployments are complex and cumbersome to manage

Backhauling, or hair-pinning, is expensive and performs poorly

MPLS/IPSEC




ENTERPRISE WORKLOADS IaaS & PaaS

ENTERPRISE SANCTIONED APPLICATIONS

SaaS

GENERIC INTERNET & TOLERATED SaaS

HQ Branch #1 Branch #2 OT/IoT Home Remote

PRIVATE CLOUD

DATA

Home RemoteHQ

IDENTITIES SECURE CONNECTIVITY

Branch #1 Branch #2 Branch #3

SecureWorkspace(SECURE INTERCONNECT SERVICE)


SECUREWORKSPACE

3/18/201932


Powered By:

• Workspace ONE• Horizon on VMware Cloud• Horizon Cloud

Any Device

From/To Anywhere

Any Time


Vmware Workspace ONE: Unified Digital Workspace

User / End Point Experience

WIN 10 / MAC / ChromebookiOS / Android Rugged/Connected Things

All AppsExperienceModern

ManagementInsights Automation


AWS Global InfrastructureCustomer data Center

vSphere vSAN

On-prem NativeAWS services

VMware CloudTM on AWSPowered by VMware Cloud Foundation

End user

VMware Horizon® 7

NSX

VMware Horizon® 7

vCenter vCenter

Architecture: Horizon 7 on VMware Cloud

CPA


SECUREWORKSPACE– KEY BENEFITS

3/18/201935

Centralized control, regardless of location

(data, application, end-user)

Threat prevention byleveraging zero-trust, cloud-

deliveredVisibility and control of data & applications (incl. SaaS)

Easy and flexible to deploy (access to)

applications and manage


SECURELINK CLOUD SOLUTIONS

3/18/201936

MANAGE & CONTROL SAAS SECURITY MULTI-CLOUD

Adapt security policy for cloud Adaptive Cloud Security Instruction

Automate & orchestrate Cloud Security Orchestration

Manage increasing complexity Security Reference Architecture

Secure email & collaboration Securing Office 365

Data protection & IAM SaaS Security

Manage the cloud journey Cloud Security Maturity Assessment

Secure access to/from all resources Secure Workspace


WE SECURE YOU. Private Cloud Hybrid Cloud Public Cloud

EVERYWHERE.

Booth B112


Thank you!SecureLink

Safely Enabling Business Tom FonteynSolution Specialist – Cloud Security

[email protected]

a journey towards effective cloud security · cloud security tom fonteyn –solution specialist 1...

Documents