the less known risks of running the enterprise at …...cloud native iaas/paas lift & shift apps...
TRANSCRIPT
The Less Known Risks of Running the Enterprise at Cloud Speed
Sekhar Sarukkai
VP & Fellow, Cloud BU, McAfee
of companies experience business
acceleration from their use of cloud
services.
Source: McAfee Cloud Adoption Report: Business Growth Edition, June 2019
87%
3
Customer Drivers for Cloud Adoption
Shadow SaaSApproved SaaS IaaS/PaaS
Faster Collaboration
Faster Time to Market
Higher Employee Satisfaction
4
Mapping ECC To Cloud Computing
• Domain 4 Specifically Covers Cloud Computing
• Other Domains Also Relevant
• You Need Control of Data
• To Clouds
• From Clouds
• Between Clouds
• Cloud Configuration
• Cloud Security Is A Shared Responsibility
5
59%Higher-
performance IT Infrastructure
57%IT Cost
Reduction
52%Improved Security
How Companies Benefit from the Cloud
The three most common benefits:
What benefits does your organization experience from its overall use of cloud services?
6
59%Higher-
performance IT Infrastructure
57%IT Cost
Reduction
52%Improved Security
How Companies Benefit from the Cloud
The three most common benefits:
What benefits does your organization experience from its overall use of cloud services?
7
44%
How Companies Benefit from the Cloud
Business acceleration measures:
43% 41% 37% 33% 30% 29%
More Efficient Collaboration
Improved Employee
Productivity
Business Growth
Faster Time to Market
Higher Employee
Satisfaction
Ability to Launch New
Products
Expansion to New Markets
What benefits does your organization experience from its overall use of cloud services?
8
36%37%36%43%46%47%51%
How Companies Benefit from the Cloudwith Infrastructure-as-a-Service (IaaS)
Business acceleration measures:
More Efficient Collaboration
Improved Employee
Productivity
Business Growth
Faster Time to Market
Higher Employee
Satisfaction
Ability to Launch New
Products
Expansion to New Markets
What benefits does your organization experience from its overall use of cloud services?
9
Companies do more with the cloud when they protect their data with a CASB
Source: McAfee Cloud Adoption Report: Business Growth Edition, June 2019
Excluding Shadow IT
10
Where is enterprise
sensitive data in the
cloud?
Salesforce
Office 365
Google Docs
Slack
AWS
Custom Apps
Box
ServiceNow
High-Risk
Shadow
Med/Low-Risk
Shadow
31%
13%
11%
16%
8%
5%5%
7%
2%
2%
11
2. Traditional Solutions don’t Work
Traditional ways of identifying threats
and breaches are not sufficient
Cloud Data Breaches - Why 1. Not Malware
Cloud based data breaches are not
typically due to Malware
3. Data Loss
Cloud Speed Attacks Result in Cloud
Scale Data Loss
Collaboration
SaaS,
42%
12
The Cloud (First) Enterprise Challenges
Data Creation and Access in
the Cloud Bypasses Existing
Network Security
Infrastructure
1
Network Controls
SaaS IaaS/PaaS
Cloud-to-Cloud traffic
95
% o
f N
etw
ork
Tra
ffic
13
Data Classification & Accountability
Client & End-Point Protection
Identity & Access Management
Application Level Controls
Network Control
Host Infrastructure
Physical Security
SaaSPaaSIaaS
The Cloud (First) Enterprise Challenges
Service Provider Responsibility
Customer Responsibility
Customers Are Still
Responsible for Security2
Cloud Shared Responsibility Model
14
Data Classification & Accountability
End-Point Protection
Identity & Access Management
Application Level Controls
Network Control
Host Infrastructure
Physical Security & Connectivity
SaaSPaaSIaaS
Cloud Security 3600 Shared Responsibility Model
Service Provider Responsibility
Service Provider feature, enterprise
configuration
Enterprise Responsibility
User Responsibility
User/Device/Data control
Collaboration control
© McAfee 2019. OK for reuse if unedited
“Through 2020, 95% of cloud security
failures will be the customer’s fault.”Gartner Magic Quadrant for CASB—2017
How Data Exfiltrate from the CloudSome Examples
17
Partner Office 365
Maria—Sharing and Collaboration
GetItDone Office 365
Collaboration puts
confidential data
at risk
18
Sensitive Data in the Cloud – When Sharing isn’t Caring
17%
18%
22%
16%
17%
18%
19%
20%
21%
22%
23%
2016 2017 2018
22% of cloud users share files
19
Sensitive Data in the Cloud – When Sharing isn’t Caring
43%
47%
48%
40%
41%
42%
43%
44%
45%
46%
47%
48%
49%
2016 2017 2018
48% of all files in the cloud are shared with at least one other person
20
2. Advanced Threat Protection
Detect Malware, compromised
accounts, insider/privileged threats
Collab SaaS Use Cases1. Data Protection
Prevent sensitive data from being
stored and shared externally
3. Contextual Access Control
Block sync/download of corporate
O365 data to personal devices
31%
13%
11%
16%
8%
5%5%
7%
2%
2%
Collaboration
SaaS,
42%
21
Maria—Using Connected Apps
Connected Apps are potential vehicles for
Data Leaks
EasyCast
22
Business SaaS Use Cases
31%
13%
11%
16%
8%
5%5%
7%
2%
2%
2. Data Exfiltration
Protect report data from being
exfiltrated and enable encryption
with customer managed keys
1. Compliance Management
Discover where your confidential
data is inside structured
applications
Business
SaaS, 24%
3. Threat Protection
Identify insider and external
threats
23
Sam—Shadow IaaS
IaaS/PaaS
Account 1,2 3Account 4,5
Account 6,7,8
Account drift as
developers create dev and test accounts over time
24
The average company has 70 custom apps running in IaaS
Please estimate how many applications your organization runs in IaaS
25
Sam—Unsecure IaaS/PaaS Configuration
IaaS/PaaS
Configuration drift as developers
misconfigure their IaaS/PaaS instaces
Storage Bucket Encrypted
Storage Bucket Closed
Port Configuration
Firewall rules
…
26
Sam— Top 10 Unsecure IaaS/PaaS Configuration Problems
IaaS/PaaS
1. EBS Data encryption is not turned on
2. There’s unrestricted outbound access
3. Access to resources is not provisioned using IAM roles
4. EC2 security group port misconfigured
5. EC2 security group inbound access misconfigured
6. Unencrypted AMI
7. Unused security groups
8. VPC Flow logs disabled
9. Multi-factor authentication not enabled for IAM users
10. S3 bucket encryption not turned on
Average organization has 14 misconfigured IaaS
services running at a given time
Source: McAfee Cloud Adoption Report, Nov 2018
28
3. Advanced Threat Protection
Detect compromised accounts,
privileged user threats, malware
IaaS Security Use Cases
31%
13%
11%
16%
8%
5%5%
7%
2%
2%
2. Visibility of Confidential Data
Visibility of regulated/high-value
data stored in S3/Azure Blobs
1. Managing Drift
Identify IaaS resources with
security settings that are non-
compliant
IaaS,
24%
29
Shadow IT Use Cases
31%
13%
11%
16%
8%
5%5%
7%
2%
2%
Shadow
IT
1. Discover & Govern
Discover & Coach on use of high
risk
3. Data Loss Prevention
Prevent data exfiltration to
medium risk services
2. Conditional Access Control
Activity and Instance based
access control
30
MVISION Cloud—
100% Cloud Security
Coverage
Source: McAfee Cloud Adoption Report, Nov 2018
5%5%Shadow
IT, 10%
Business
SaaS, 24%
Collaboration
SaaS,
42%
IaaS,
24%
31
McAfee MVISION Cloud protects ALL customer data in the cloud
MVISION Cloud
Enterprise SaaS
Long Tail SaaS
32
McAfee MVISION Cloud protects ALL customer data in the cloud
Common Security Services
Compliance & Risk Assessment
ShadowApps
Reporting Orchestration
DLP
Access Control Encryption
Config Audit Classification
Data Protection
Activity Monitoring
Malware ProtectionUEBA
Threat Protection
Enterprise SaaS
Long Tail SaaS
CASB Connect APIs
Cloud Native IaaS/PaaS
Lift & Shift Apps
CASB Reverse Proxy
33
Unified Cloud Edge
Unified Data and Threat Protection
DLP
SWG CASB
MVISION ePO
DEVICES
FEATURES
CLOUD
DATA
BENEFITS
Centralized Policy Definition
For threat prevention and data protection
Unified Incident Management
Access Control
Over managed and unmanaged devices
Cloud Data and Permission Controls
Via APIs integrations
Acceptable Use Policy Enforcement
With advanced malware protection.
Other names and brands may be claimed as the property of others.
34
MVISION Cloud
Unmanaged Managed
SaaS IaaS/PaaS Shadow
▪ Data Security
▪ Threat Protection
Control
▪ What: Data, Device, App
▪ Who
▪ Where
▪ When
Visibility
Adopt a CASB Platform
35
Companies are more likely to experience business acceleration when they protect their data with a CASB
Source: McAfee Cloud Adoption Report: Business Growth Edition, June 2019
+15%+11%
+32%
+36%+45%
+40%+38%
With CASB
Without CASB
36
Mapping ECC To Cloud Computing – Paper Available
37
Cloud Security Recap
Cloud require new thinking and platform
for data security
Embrace a cloud native approach
Do it now!! Get a cloud security
assessment done
1
2
4
McAfee, the McAfee logo and are trademarks or registered trademarks of McAfee LLC or its subsidiaries in the U.S. and/or other countries. Other names and brands may be claimed as the property of others.
Copyright © 2018 McAfee, LLC.