Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares
22
Hybrid Cloud Security: Potential to be the stuff of dreams, not nightmares… Adrian Sanabria Senior Analyst, Enterprise Security Practice
-
Upload
adrian-sanabria -
Category
Technology
-
view
280 -
download
1
Transcript of Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares
Hybrid Cloud Security:Potential to be the stuff of dreams, not nightmares…Adrian SanabriaSenior Analyst, Enterprise Security Practice
2
Three critical IT changes
Photo Credits:”IBM PC-IMG 7271" by Rama & Musée Bolo
3
Agenda
Opportunities
Challenges
Fear of the
unknown
1 2 3
Why does cloud scare people?
5
Rapid change - cloud is constantly evolving
6
Cloud computing and security – feel the pain
31% 63%
7
Cloud experience and security concerns
Databarracks Survey
RightScale Survey0%
10%20%30%40%50%60%70%80%
Little to no expe-rienceExperienced
% greatly concerned with security
8
Agenda
Opportunities
Challenges
Fear of the
unknown
1 2 3
9
New Challenges
Traditional IT Cloud
Containers,
DevOps
10
Path from traditional to private cloud
Physical Infrastructure/Data Center
Applications
Operating System
Network
Hypervisor/Virtualization Layer
Man
agem
ent P
laneCustomer
Responsibility
Data
New challenges & opportunities
New Attack Surface
11
Public IaaS: Provider vs. customer responsibilities
Physical Infrastructure/Data Center
Applications
Operating System
Network
Hypervisor/Virtualization Layer
Man
agem
ent
Plan
e
Customer Responsibility
Service ProviderResponsibility
Data
Encryption & Tokenization Opportunitie
s
New Attack Surface
12
Containers – Cloud 2.0 already?
Physical Infrastructure/Data Center
Applications
Container Management
Network
Hypervisor/Virtualization Layer
Man
agem
ent P
lane
Customer Responsibility
Data
Cont
aine
r
Imag
e R
epos
itorie
s
Unvalidated Images
New Operating Systems
Breakout potential
13
Case Study: Code Spaces
14
Case Study: Code SpacesAWS Console
Rope
Data Center
Pit of data loss
Attacker
86%
15
Agenda
Opportunities
Challenges
Fear of the
unknown
1 2 3
16
Automation with APIs, SDN and NFVAutomation/Orchestration
Microsegmentation
Integration, on premises and off
VMware NSX
ForeScout Cloud APIs
17
New perspective: Servers are like cattle, not pets
18
Servers as pets: the old modelOld & Busted
Attackers
Users
Support Service
s
Admins
Hostname: JabbaUptime: 347 daysBuilt: Nov 2009Built by: BrandonMissing Patches: 49Unique configuration
R/W Filesystem
Adrian Sanabria
Could use animation here to just reveal the right-hand side of the slide - reveal a little at a time - he calls this dramatic differences
19
Servers as cattle: the new modelNew & Shiny
Attackers
Users
Support Service
s
Admins
Hostname: SVR129Uptime: 9 hoursBuilt: YesterdayBuilt by: a scriptMissing Patches: 0Non-unique config
R/W Filesystem
R/O Filesystem
Adrian Sanabria
Could use animation here to just reveal the right-hand side of the slide - reveal a little at a time - he calls this dramatic differences
20
Conclusions
Adrian Sanabria
Watch use of jargon like MFA/2FA
Adrian Sanabria
Maybe use an image of a token, or soft-token
21
My Top RecommendationsProtect the management
plane
Multi-factor authentication
Principle of least privilege
123
Thank You!
22
