designing trust and confidence into the...
TRANSCRIPT
Steve Martino
VP, Chief Information Security Officer
June 10, 2015
Designing Trust and Confidence into the Cloud
The Cloud is Driving Business Transformation
McKinsey & Company
By 2025, enterprise productivity
improvements from the cloud
estimated to reach
$500 - $700B annually
Gartner
By 2017, half of large
enterprises will leverage
"hybrid" cloud computing
Worldwide cloud-based security
services market estimated to
rise to $3.1B in 2015
IDC
By 2017, public IT cloud
services will drive 17% of
IT spend
The fastest growing categories
will be PaaS and Infrastructure
as a service (IaaS)
Market
GrowthCost
SavingsProductivity
PublicPrivate
SaaS
Hybrid
And…We Now live in a World of Many Clouds
The Cloud Spectrum
Business Imperatives
New
Revenue
Streams
Accelerated
Deployment
Dynamic,
Efficient,
Agile
SecurityAssured
ExperienceITaaS
and only 17.9% of organizations
less than five years old have
an optimized cloud strategySource: IDC
By 2020, there will be approximately
50 billion objects connected to the Internet.
Cloud will be the EnablerSource: IDC
Worldwide Cloud Security Market
Source: Gartner
GAGR = 14%
2013 $2.13B
2014 $2.63B
2015 $3.17B
2016 $3.65B
2017 $4.1B
Concerns about Hosting Cloud
Security is of Highest Concern
Level of
Concern
8%19%
31%
20%24%
32%37%
23%
35%31%
53% 51% 44%46%
69% 45% 38% 27% 25% 23% 17%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Security Compliance Loss ofControl
Complexity Cost Lack ofExpertise
ImmatureTechnology
High
Medium
Low
The Comprehensive Cloud
HCS
MicrosoftSuite aaS
DRaaS
PaaS
IaaS Intercloud
EnterprisePrivateClouds
Public Clouds
Partner Clouds Cloud Services
and ApplicationsIntercloud Fabric
APIs
Portal
APIs
APIs
Collaborationand Video
Big Dataand Analytics
Native CloudApplications
Meraki
Security
Analytics
vDesktop aaS
WebEx
HANA aaS
IOE aaS
EnterpriseWorkloads
Cloud Security Requires a Continuous Lifecycle
Policy and Compliance
Transparency to Enable Customers
Secure Cloud Supply Chain
Application Layer Data & Event Monitoring
Security Standards and Architectures
Threat Analysis and Protection
Quality Management
Common Secure Services Data Encryption & Protection
Assessment Activities
Intrusion Detection & Prevention Systems
Security Governance
Trust
Security Differentiation is the Key Promise
Security (Automation)
Hardened Configurations
Hardened Base Images
Continuous Assessment
Service Evolution
Monitoring as a Service
Security Intelligence
Real-time Metrics
MonitorOperateBuild
Transparency Trust
Security Dashboard
Cisco Customers Threats
Counterfeiting
Fraud/Account Hijacking
Web Application Attacks
Denial of Service
Hypervisor Escapes
Data Theft
Unauthorized Access
Recon
Malware/Botnets
Fraud & Abuse
Addressing Threats: A Shared Responsibility
Core
ServicesCompute StorageNetworking
Resource
availability
Isolation
Fault Tolerance
Platform
security
Incident
Response
Hosts
Apps
3rd party vulnerabilities
Secure coding
Encrypt/Manage PII
Hardened base OS
Image integrity
Default ACLs
Infra Physical Security
Management Network
Supply chain
Availability
Static Analysis
App Log Analysis
Threat detection
Log Aggregation
Service Hardening
Vuln Identification
Incident Response
Access Control
Firewall
Compliance/Config
Secure Deployment
Identity Management
Application Firewall
Pla
tform
Tenants
Shared
Services ImageIdentity Telemetry Orch.
API resiliency
Role based access control
Usage monitoring
CSE
CSE
Cisco: Cloud Security Engine
Vulnerability
Scanning
Module
Hardening
Module
Security
Logging
Module
Security Baseline
(CSA, NIST)
Module
Security
Intelligence
Module
Discovery Module
Qualys
Nessus Puppet/Chef
Splunk Industry ComplianceHardening.io Advisories
Private Clouds (Cisco) Public Clouds (AWS, Rackspace)
Log Analysis (Cisco Incident Response Team)Threat
Intelligence
Cloud Security Engine
Security Dashboard
Security
Baseline
(NIST,ISO)
Vulnerability Scanning
SecuritySecurity
Logging
Security
Intel