Defending the Whole, IaaS, PaaS, and SaaS
44
This session was 1st given at the CSA Summit in San Francisco 29–Feb–2016
-
Upload
mark-nunnikhoven -
Category
Internet
-
view
1.599 -
download
3
Transcript of Defending the Whole, IaaS, PaaS, and SaaS
This session was 1st given at theCSA Summit in San Francisco 29–Feb–2016
Defending The Whole IaaS, PaaS, and SaaS
Mark Nunnikhoven Vice President, Cloud Research @marknca
Builder UserSympathy Roadmap
Understanding Tactics
Problems
# of services
# of services
# of controls
# of services # of controls
No. of Cloud Services In Use
AllNone
Lots
AllNone
No. of Cloud Services In Use
Reported numbers vary widely depending You can be confident saying, ‘more then a couple’
AllNone
No. of Cloud Services In Use
Lots
# of services # of controls
Shared Responsibility Model
Physical
Infrastructure
Network
Virtualization
Operating System
ApplicationData
Service Configuration
Cloud Provider Cloud Consumer
Shared Responsibility Model
Physical
Infrastructure
Network
Virtualization
Operating System
ApplicationData
Service Configuration
IaaS
Shared Responsibility Model
Physical
Infrastructure
Network
Virtualization
Operating System
ApplicationData
Service Configuration
IaaS
Physical
Infrastructure
Network
Virtualization
Operating System
ApplicationData
Service Configuration
PaaS
Shared Responsibility Model
Physical
Infrastructure
Network
Virtualization
Operating System
ApplicationData
Service Configuration
IaaS
Physical
Infrastructure
Network
Virtualization
Operating System
ApplicationData
Service Configuration
Physical
Infrastructure
Network
Virtualization
Operating System
ApplicationData
Service Configuration
PaaS SaaS
Shared Responsibility Model
Physical
Infrastructure
Network
Virtualization
Operating System
ApplicationData
Service Configuration
IaaS
Physical
Infrastructure
Network
Virtualization
Operating System
ApplicationData
Service Configuration
Physical
Infrastructure
Network
Virtualization
Operating System
ApplicationData
Service Configuration
PaaS SaaS
Consumer Controls
IDS/IPS
Anti-malware
Integrity monitoring
Access control
Content filtering
…
IaaS
CASB
Secure designAnti-malware
Access control
…
CASB
Education program
…
PaaS SaaS
Pace of Uptake
FastSlow
Security Tools
Cloud Services
Pace of Uptake
FastSlow
Security Tools
Cloud Services
This is hard to keep up with
How do you manage security for all of these services?
Where We’re Heading
Cloud Control Matrix
Cloud Security Open API
Better Tools
Where We Are
VMs ERP Docs Files Files [ other ]
IaaS PaaS SaaS
VMs ERP Docs Files Files [ other ]
IaaS PaaS SaaS
Unique controls for each SPI
VMs ERP Docs Files Files [ other ]
IaaS PaaS SaaS
Unique controls for each SPI
Tactics
P P P
Successful Security
People Process Products
Successful Security
VMs ERP Docs Files Files [ other ]
IaaS PaaS SaaS
VMs ERP Docs Files Files [ other ]
IaaS PaaS SaaS
Reduce ExposureEducation and awareness Strong policy (CCM) Responsive internal IT services
VMs ERP Docs Files Files [ other ]
IaaS PaaS SaaS
Centralized MonitoringLowest common denominator Spit, glue, and hope Manual follow-ups
VMs ERP Docs Files Files [ other ]
IaaS PaaS SaaS
Smart Service ChoicesEasy to get data in and out Supports standard APIs Strong reputation
VMs ERP Docs Files Files [ other ]
IaaS PaaS SaaS
Realizing you’re unlikely to influence
Smart Service ChoicesEasy to get data in and out Supports standard APIs Strong reputation
Wins
VMs ERP Docs Files Files [ other ]
IaaS PaaS SaaS
Where is my data?Is it adequately secured?
Reduce exposure
Centralized monitoring
Smart service choices
VMs ERP Docs Files Files [ other ]
IaaS PaaS SaaS
