csv f03 secure innovation in public cloud myth or reality
登录发表评论
文字内容
1. SESSION ID: CSV-F03 Secure Innovation in Public Cloud, Myth or Reality? Rehman Khan Brajesh Moni Director, Cloud & Data Security TD Ameritrade @cryptorak https://www.linkedin.com/in/rehmankhan/ Sr. Security Consultant, Cloud & Data Security TD Ameritrade https://www.linkedin.com/in/brajeshmoni/ #RSAC
2. #RSAC Innovation in Public Cloud External Drivers Businesses continue to find ways to move at a rapid pace due to competition, and new business models Aspirations of social integration, digital innovation, agility, and scale rapidly Acquisitions continue to pressure the markets demanding agility Business efficiency, reliability and margins Presenter’s Company Logo – replace or delete on master slide 2
3. #RSAC Innovation in Public Cloud Internal Drivers Access to information anywhere from any device by authorized users Developers wanting to experiment with new technologies such as voice, AI, Analytics, and chat. Reduce IT cost – transform technology spend from capital expenditure to operational expenditure. Leverage cloud’s agility to address internal customer needs through rapid prototyping, development and deployment product services Disrupt legacy competitors using public cloud economy of scale Presenter’s Company Logo – replace or delete on master slide 3
4. Impediments for Innovation in Public Cloud Default answer is “No” Organizations culture; fear of unknown Lack of knowledge; public, hybrid, private, IaaS, PaaS, SaaS. Without understanding the business usecases, you can’t understand what are real threats and risks to the use-case. Security teams are not equipped with technical skills that provide developers, data scientists with confidence. Presenter’s Company Logo – replace or delete on master slide 4 #RSAC
5. Innovation in Public Cloud – Use Cases Business Use-cases Analytics in the cloud – Speech to text Mechanical Turk - Outsourced Data Annotation Artificial Intelligence & ML - knowledge base, Data classification IOTs - Alexa WeChat, Apple Pay - Expanded sales Channel Presenter’s Company Logo – replace or delete on master slide 5 #RSAC
6. Foundational Components: Deliverable #1 #RSAC Get Executive Buy-in First because Cloud Security is Job Zero Step 1: Present to Executive leadership such as CRO, CPO, CLO, CFO and even sometimes CEO about the basics of Cloud Computing Story Step 2: Be transparent about current realities, there are already cloud applications being used Step 3: Share what you are going to do to manage risk about it in the short and long term. Step 4: Walk-through your capability roadmap and execution delivery plan Step 5: Go back and present iterative progress or lack thereof Presenter’s Company Logo – replace or delete on master slide 6
7. Foundational Components: Deliverable #2 #RSAC Establish a Cloud Security Department Bring in talent with cloud, security and technical (development) skills. Understand the actual business problem & use-cases, opens up the communications. Build relationship with Key stakeholders – Innovation, development and procurement teams. Establish clarity on what data is being worked on and how to protect it Focus on security controls that apply to usecases instead of blanket controls Presenter’s Company Logo – replace or delete on master slide 7
8. Foundational Components: Deliverable #3 Create & Communicate Cloud Security Product Goals 1. Reduce Risk: Establish an effective cloud security product to protect data and provide lite governance using complementary set of best-in-class tools and methods. 2. Agile Transformation: Enable, automate and integrate security controls day zero. Make it easy for business and developers to go fast securely in the cloud. 3. Left-Shift with Partnerships : Innovate securely with teams and make cloud secure from day zero 4. Technology specific solutions: Accelerate security solution deployment (e.g. Public Cloud workload, Mobile, SaaS and Vendor applications) 5. Create a nimble cloud security roadmap 8
9. Foundational Components: Deliverable #4 Cloud Security Engagement Model • • • • Presenter’s Company Logo – replace or delete on master slide 9 #RSAC Identify and build relationships with innovation teams Build partnership with Supply management. Augment Vendor assessment with Cloud Security Specific Questionnaire. Communicate proactively • Monthly Cloud Security Tech Talks • Cloud Security Immersion Day • Create a collaborative channels for innovators and developers.
10. Foundational Components: Deliverable #5 Cloud Security Policy and Standards Set high level cloud security policy statement. Create Cloud Security Standards, includes – Identity and Access Management – Cloud Data security and information lifecycle. – Encryption and Key Management – Audit logging and log management – Security alerting and monitoring Presenter’s Company Logo – replace or delete on master slide Leverage existing security standards 10 #RSAC
11. Technical Components: Deliverable #6 #RSAC Deploy Cloud native security Platforms & security as code capabilities Create your own pipeline and agile practice Don’t boil the security tools ocean to address the risks – start with low hanging CSP native security tools – e.g.: tenant restrictions, IP whitelisting Focus on key risk attributes, access flow and data elements - (Restricted, PII, PCI). – Scrub, tokenize/mask restricted/confidential data Don’t try to integrate security to the mothership for all security capabilities Presenter’s Company Logo – replace or delete on master slide 11
12. Technical Components: Deliverable #7 Deploy secure account/subscription model • Adopt a secure account/subscription model. • Focus on Blast radius reduction model. Presenter’s Company Logo – replace or delete on master slide 12 #RSAC
13. Technical Components: Deliverable #8 Establish strong Cloud Identity and Access Management • Identity is the security perimeter and the control plane • Establish all cloud workload authentication and authorization through enterprise identity store. • Enable CSP native Identity protection capabilities Presenter’s Company Logo – replace or delete on master slide 13 #RSAC
14. Technical Components: Deliverable #9 #RSAC Establish strong encryption and key management solutions Enable Cloud Native Key Management Solutions – Azure Key Vault – AWS Key Management Service (KMS) Bring Your Own Key (BYOK) – Protect keys using Hardware Security Modules (HSMs) Automate the rotation of keys – Develop a process/timeline for rotating keys in and out of management solutions Enable Data At Rest / Data In Transit Encryption – At Rest – Virtual Disks, Databases, Storage – In Transit – SSL/TLS Presenter’s Company Logo – replace or delete on master slide 14
15. Technical Components: Deliverable #10 Establish ML enabled data classification Enable Cloud Native Data Classification solutions – Azure Information Protection (AIP) – Amazon Macie Presenter’s Company Logo – replace or delete on master slide – Classify o Automate data classification(AIP, Macie) – Label o Automate data labeling – Protect o Apply policies based on the data risk level. 15 #RSAC
16. Technical Components: Deliverable #11 #RSAC Cloud logging & Monitoring Presenter’s Company Logo – replace or delete on master slide • Centralize & Ingest Cloud Log Data • Explore the data – for critical operational & security insight. • Define alerts, security events • – categorize & Score risk events • – collaborate and provide visibility to Incident response and Vulnerability teams. • Enable native logging and monitoring dashboards – Azure Security, AWS Security • Automate event response and apply ML by enabling native CSP and SIEM tool sets. • Evaluate the results and iterate logging and monitoring deployment model. 16
17. #RSAC Technical Components: Deliverable #12 Cloud Access Security Broker Presenter’s Company Logo – replace or delete on master slide 17 • Discovery & Visibility • Granular Identity access control. • Tighten integration with on-perm tools • Threat Protection • Data Loss Prevention
18. Cloud Security Insights Matter Presenter’s Company Logo – replace or delete on master slide 18 #RSAC
19. #RSAC Putting it all Together Cloud Security Platform ! Cloud Security Governance, Policies & Standards DevSecOps SaaS Security PaaS Security IaaS Security API Security Cloud Identity & Access Services Cloud Access Security Broker Cloud Security Logging, Analytics, Artificial Intel & Monitoring Virtual Private Cloud Tagging & Config Rules Security Groups Event Auditing Incident Response Workload Security Automated Metrics Traditional Security Engineering Services Presenter’s Company Logo – replace or delete on master slide Certificate Mgmt. Endpoint DLP Database Monitoring Network DLP Endpoint AV Endpoint APT Network Firewall Network APT 19
20. Leverage Cloud based Security solutions Key Benefits: Cloud Service and Application Providers are fast, better equipped with advanced security tools, automation and security engineering resources than traditional IT organizations • Builds trust model with the business results into more engagements • Remove traditional IT obstacles by partnering early with infrastructure organizations • Enable Automated Cloud management security solution. • Start integrating with enterprise solutions such as aggregated Cloud logging solution or SIEM Integration. • Risk Information sharing across the Security organization for visibility and actions/exceptions that are required for an innovation Presenter’s Company Logo – replace or delete on master slide 20 #RSAC
21. #RSAC Reality Checklist Get Executive Buy-in First Establish a Cloud Security Organization with a Governance program Deploy secure account/subscription model Communicate Cloud Security Product Goals Establish strong Cloud Identity and Access Management Establish strong encryption and key management solutions Establish ML enabled data classification Cloud logging & Monitoring Cloud Access Security Broker(CASB) Cloud security engagement model Cloud Security Policy and Standards Deploy Cloud native security Platforms & security as code capabilities Presenter’s Company Logo – replace or delete on master slide 21
22. #RSAC Useful Links Cloud Security https://aws.amazon.com/products/security/?nc2=h_m1 https://azure.microsoft.com/en-us/product-categories/security/ https://cloud.google.com/security/ https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf Data Monitoring & Protection: – Azure Information Protection – https://azure.microsoft.com/en-us/services/information-protection/ – GCP StackDriver – https://cloud.google.com/monitoring/ – AWS Macie – https://aws.amazon.com/macie/ Presenter’s Company Logo – replace or delete on master slide 22
23. #RSAC APPENDIX Presenter’s Company Logo – replace or delete on master slide 23
-
1
csv t09 security at t...
白帽子
-
2
asd r03 stop that rel...
白帽子
-
3
spo1 t09 https is pri...
白帽子
-
4
mlai t08 ai hacking w...
白帽子
-
5
sem m06e cybersecurit...
白帽子
-
6
law w08 cybersecurity...
白帽子
-
7
sem m01i rethinking a...
白帽子
-
8
idy f01 4g to 5g evol...
白帽子
-
9
sem m07c from abstrac...
白帽子
-
10
sbx1 w2 shadow iot ha...
白帽子
-
11
csfp w12 you ve predi...
白帽子
-
12
spo1 t06 cybersecurit...
白帽子
-
13
key t08s security at ...
白帽子
-
14
grc r09 how to measur...
白帽子
-
15
bac t07 blockchainifi...
白帽子
-
16
bac r09 using high en...
白帽子
-
17
prv t06 privacy essen...
白帽子
-
18
sbx1 w1 internet of f...
白帽子
-
19
mbs t08 mobile securi...
白帽子
-
20
sbx5 w1 engaging the ...
白帽子
-
21
cryp f02 secure compu...
白帽子
-
22
mash r09 investigativ...
白帽子
-
23
tech r03 protect your...
白帽子
-
24
sem m03b cryptojackin...
白帽子
-
25
grc t07 the metrics m...
白帽子
-
26
sem m03c the industry...
白帽子
-
27
mbs r09 engineering o...
白帽子
-
28
tech w10 lost boys ho...
白帽子
-
29
sem m03e lessons lear...
白帽子
-
30
pdac f02 blockchain a...
白帽子
-
31
idy t08 more than vau...
白帽子
-
32
sem m06 opening
白帽子
-
33
sem m02d old school p...
白帽子
-
34
prof r03 women in cyb...
白帽子
-
35
sbx4 w4 safety system...
白帽子
-
36
sem m03a putin is pos...
白帽子
-
37
prv w10 the nist priv...
白帽子
-
38
sem m06a the why the ...
白帽子
-
39
csv f01 securely depl...
白帽子
-
40
cryp r02 mac and auth...
白帽子
-
41
spo2 t08 using the cl...
白帽子
-
42
pdac t08 your datas i...
白帽子
-
43
mbs r11 why industria...
白帽子
-
44
mash f03 cybersecurit...
白帽子
-
45
spo3 t09 you can t ma...
白帽子
-
46
sem m03f exploit kits...
白帽子
-
47
cryp w03 foundation a...
白帽子
-
48
law t07 elections at ...
白帽子
-
49
spo3 t07 playing with...
白帽子
-
50
csv f02 democratizing...
白帽子
-
51
bac w03 demystifying ...
白帽子
-
52
idy t07 studies of 2f...
白帽子
-
53
idy t09 delivering au...
白帽子
-
54
pdac w03 multiparty v...
白帽子
-
55
idy w10 no more firew...
白帽子
-
56
law t08 dhs hackers a...
白帽子
-
57
key t06s top 10 ways ...
白帽子
-
58
hum w02 the rise of t...
白帽子
-
59
hum r03 don t hand me...
白帽子
-
60
mbs f03 changing the ...
白帽子
-
61
sem m03l ransomware t...
白帽子
-
62
sem m03j bitcoin por ...
白帽子
-
63
str r03 security lear...
白帽子
-
64
air r11 incident resp...
白帽子
-
65
pdac r11 how understa...
白帽子
-
66
key t09s lessons lear...
白帽子
-
67
cryp t07 id based and...
白帽子
-
68
law w15 into the brea...
白帽子
-
69
grc r11 math is hard ...
白帽子
-
70
cryp t07 id based and...
白帽子
-
71
asd w02 will your app...
白帽子
-
72
mbs w03 attack vector...
白帽子
-
73
cryp t08 homomorphic ...
白帽子
-
74
cryp r11 block cipher...
白帽子
-
75
sbx4 w2 debunking the...
白帽子
-
76
str f02 introduction ...
白帽子
-
77
sem m03i cutting the ...
白帽子
-
78
grc w02 data breach o...
白帽子
-
79
idy w10 no more firew...
白帽子
-
80
prv t09 what should a...
白帽子
-
81
asd f01 threat modeli...
白帽子
-
82
idy r09 blockchain ba...
白帽子
-
83
law w10 ransom a real...
白帽子
-
84
pdac t09 due diligenc...
白帽子
-
85
pdac t07 when the one...
白帽子
-
86
spo2 t09 making secur...
白帽子
-
87
csfp w03 building a d...
白帽子
-
88
key w02s hacking expo...
白帽子
-
89
grc t09 we re not in ...
白帽子
-
90
mbs w02 japans new cy...
白帽子
-
91
mbs t06 hindsight and...
白帽子
-
92
sem m06c the who is t...
白帽子
-
93
sem m07d take action ...
白帽子
-
94
prof f03 retaining an...
白帽子
-
95
csv w03 securing clou...
白帽子
-
96
idy w02 zero knowledg...
白帽子
-
97
cryp r09 block cipher...
白帽子
-
98
hum w03 democratizing...
白帽子
-
99
sem m03k addressing b...
白帽子
-
csv f03 secure innova...
白帽子
-
101
grc t08 finding the r...
白帽子
-
102
sem m07a dynamic spea...
白帽子
-
103
sbx4 w3 cybersecurity...
白帽子
-
104
grc w10 barney fife m...
白帽子
-
105
tech w02 getting prac...
白帽子
-
106
air r02 how cti can p...
白帽子
-
107
asd r02 container sec...
白帽子
-
108
hum t06 humans are aw...
白帽子
-
109
sem m01g the quest fo...
白帽子
-
110
sem m06b the how reta...
白帽子
-
111
sem m03i cutting the ...
白帽子
-
112
asd f02 devsecops for...
白帽子
-
113
cryp w03 foundation wood
白帽子
-
114
mbs t07 evolution of ...
白帽子
-
115
cryp f02 secure compu...
白帽子
-
116
grc w03 gdpr how to w...
白帽子
-
117
csfp w03 building a d...
白帽子
-
118
spo3 t06 harnessing t...
白帽子
-
119
cryp w12 post quantum...
白帽子
-
120
bac w02 automated fau...
白帽子
-
121
prof t07 roadmap to e...
白帽子
-
122
csv r11 the advantage...
白帽子
-
123
hum r11 automation vs...
白帽子
-
124
csv w02 protecting th...
白帽子
-
125
law w05 what you need...
白帽子
-
126
sem m05a how to start...
白帽子
-
127
idy r02 securing inte...
白帽子
-
128
sem m01h humanistic m...
白帽子
-
129
sem m01d making priva...
白帽子
-
130
grc f03 imf case stud...
白帽子
-
131
idy f03 are spoof pro...
白帽子
-
132
sem m05d how to find ...
白帽子
-
133
sem m01f privacy in t...
白帽子
-
134
sbx1 w3 yet another i...
白帽子
-
135
idy f02 12 ways to ha...
白帽子
-
136
csfp w05 how to elimi...
白帽子
-
137
sem m02c games apps a...
白帽子
-
138
prv w12 global regula...
白帽子
-
139
idy t07 studies of 2f...
白帽子
-
140
grc f02 what does cyb...
白帽子
-
141
sem m01e security and...
白帽子
-
142
bac r11 how bad incen...
白帽子
-
143
csv r02 kubernetes ru...
白帽子
-
144
grc r03 nist cybersec...
白帽子
-
145
mbs f02 aviation cybe...
白帽子
-
146
sem m03g ransom a rea...
白帽子
-
147
prv t08 use of facial...
白帽子
-
148
sem m03h combatting t...
白帽子
-
149
spo3 t08 how to apply...
白帽子
-
150
mbs t09 achieving ope...
白帽子
-
151
sem m01c measuring th...
白帽子
-
152
tech f01 soc automati...
白帽子
-
153
sem m01a how to infer...
白帽子
-
154
spo1 t07 accelerate a...
白帽子
-
155
tech f02 intelligence...
白帽子
-
156
law w03 the eu genera...
白帽子
-
157
sem m02e panel q a
白帽子
-
158
hum t08 cyber influen...
白帽子
-
159
law w02 ai and machin...
白帽子
-
160
law t06 hot topics in...
白帽子
-
161
hum r02 cheaper by th...
白帽子
-
162
air t07 att ck in pra...
白帽子
-
163
cryp r03 side channel...
白帽子
-
164
sem m03d profiting fr...
白帽子
-
165
cryp t09 functional e...
白帽子
-
166
csv w12 red team view...
白帽子
-
167
bac t08r mechanical b...
白帽子
-
168
grc w12 virtual pen t...
白帽子
-
169
sbx1 w4 the emerging ...
白帽子
-
170
grc t06 superforecast...
白帽子
-
171
law w12 cryptocurrenc...
白帽子
-
172
law t09 blockchain an...
白帽子
-
173
grc w03r gdpr how to ...
白帽子
-
174
sbx3 w1 hunting and t...
白帽子
-
175
sem m07b playing to w...
白帽子
-
176
idy w03 important thi...
白帽子
-
177
grc t09r we re not in...
白帽子
-
178
bac t09 cryptojacking...
白帽子
-
179
mlai w10 machine lear...
白帽子
-
180
sem m05b how to get t...
白帽子
-
181
idy t06 building iden...
白帽子
-
182
spo2 t07 99 security ...
白帽子
-
183
mbs r02 manufacturers...
白帽子
-
184
pdac t07r when the on...
白帽子
-
185
sem m01 security priv...
白帽子
-
186
law t10 navigating to...
白帽子
-
187
prof f02 why the role...
白帽子
-
188
air f01 use model to ...
白帽子
-
189
sem m01 opening remarks
白帽子
-
190
pdac w12 what lurks w...
白帽子
-
191
bac t08 mechanical ba...
白帽子
-
192
idy w12 how the h ck ...
白帽子
-
193
sem m01b folk theorie...
白帽子
-
194
spo1 t08 machine lear...
白帽子
-
195
key t07s a cloud secu...
白帽子
-
196
grc f01 do you know y...
白帽子
-
197
prv t07 new rules com...
白帽子
-
198
sem m05 opening remar...
白帽子
-
199
sem m05c how to rise ...
白帽子
-
200
cryp t09 functional e...
白帽子
-
201
prof f01 five secrets...
白帽子
-
202
csv t06 building a le...
白帽子
-
203
pdac f01 infecting th...
白帽子
-
204
hum f02 why data driv...
白帽子
-
205
tech f03 passwords an...
白帽子
-
206
sbx4 w1 ics scada att...
白帽子
-
207
csfp w10 cybersecurit...
白帽子
-
208
csv w10 treating clou...
白帽子
-
209
hum r09 awareness at ...
白帽子
-
210
csv w02r protecting t...
白帽子
-
211
prv w02 lesson learne...
白帽子
-
212
sem m02a what kids ar...
白帽子
-
213
sem m04e identity and...
白帽子
-
214
mash r11 election hac...
白帽子
-
215
hum t07 the art of th...
白帽子
-
216
sem m06d release of i...
白帽子
-
217
sem m02b psychology o...
白帽子
-
218
sbx3 w2 first steps i...
白帽子
-
219
asd w10 practical app...
白帽子
分享











