This session was 1st given at theCSA Summit in San Francisco 29–Feb–2016

Defending The Whole IaaS, PaaS, and SaaS

Mark Nunnikhoven Vice President, Cloud Research @marknca

Builder UserSympathy Roadmap

Understanding Tactics

Problems

# of services

# of services

# of controls

# of services # of controls

No. of Cloud Services In Use

AllNone

Lots

AllNone

No. of Cloud Services In Use

Reported numbers vary widely depending You can be confident saying, ‘more then a couple’

AllNone

No. of Cloud Services In Use

Lots

# of services # of controls

Shared Responsibility Model

Physical

Infrastructure

Network

Virtualization

Operating System

ApplicationData

Service Configuration

Cloud Provider Cloud Consumer

Shared Responsibility Model

Physical

Infrastructure

Network

Virtualization

Operating System

ApplicationData

Service Configuration

IaaS

Shared Responsibility Model

Physical

Infrastructure

Network

Virtualization

Operating System

ApplicationData

Service Configuration

IaaS

Physical

Infrastructure

Network

Virtualization

Operating System

ApplicationData

Service Configuration

PaaS

Shared Responsibility Model

Physical

Infrastructure

Network

Virtualization

Operating System

ApplicationData

Service Configuration

IaaS

Physical

Infrastructure

Network

Virtualization

Operating System

ApplicationData

Service Configuration

Physical

Infrastructure

Network

Virtualization

Operating System

ApplicationData

Service Configuration

PaaS SaaS

Shared Responsibility Model

Physical

Infrastructure

Network

Virtualization

Operating System

ApplicationData

Service Configuration

IaaS

Physical

Infrastructure

Network

Virtualization

Operating System

ApplicationData

Service Configuration

Physical

Infrastructure

Network

Virtualization

Operating System

ApplicationData

Service Configuration

PaaS SaaS

Consumer Controls

IDS/IPS

Anti-malware

Integrity monitoring

Access control

Content filtering

…

IaaS

CASB

Secure designAnti-malware

Access control

…

CASB

Education program

…

PaaS SaaS

Pace of Uptake

FastSlow

Security Tools

Cloud Services

Pace of Uptake

FastSlow

Security Tools

Cloud Services

This is hard to keep up with

How do you manage security for all of these services?

Where We’re Heading

Cloud Control Matrix

Cloud Security Open API

Better Tools

Where We Are

VMs ERP Docs Files Files [ other ]

IaaS PaaS SaaS

VMs ERP Docs Files Files [ other ]

IaaS PaaS SaaS

Unique controls for each SPI

VMs ERP Docs Files Files [ other ]

IaaS PaaS SaaS

Unique controls for each SPI

Tactics

P P P

Successful Security

People Process Products

Successful Security

VMs ERP Docs Files Files [ other ]

IaaS PaaS SaaS

VMs ERP Docs Files Files [ other ]

IaaS PaaS SaaS

Reduce ExposureEducation and awareness Strong policy (CCM) Responsive internal IT services

VMs ERP Docs Files Files [ other ]

IaaS PaaS SaaS

Centralized MonitoringLowest common denominator Spit, glue, and hope Manual follow-ups

VMs ERP Docs Files Files [ other ]

IaaS PaaS SaaS

Smart Service ChoicesEasy to get data in and out Supports standard APIs Strong reputation

VMs ERP Docs Files Files [ other ]

IaaS PaaS SaaS

Realizing you’re unlikely to influence

Smart Service ChoicesEasy to get data in and out Supports standard APIs Strong reputation

Wins

VMs ERP Docs Files Files [ other ]

IaaS PaaS SaaS

Where is my data?Is it adequately secured?

Reduce exposure

Centralized monitoring

Smart service choices

VMs ERP Docs Files Files [ other ]

IaaS PaaS SaaS

Thank YouFollow Mark @marknca