codeless security for the apps you buy & build on aws
TRANSCRIPT
Codeless Security for the Apps You Buy & Build on AWS
Russell MillerDirector, Product Marketing
Ari LeedsSenior Product Manager
1
Continuing Professional Education (CPE) Credits
Claim your CPE credit for attending this webinarhttps://www.isc2.org/
For more information or questions please contact [email protected]
2
Agenda
02
SaaS & IaaS Markets: Why are we here?
Security Requirements for IaaS
01
3
03
The CloudLock Approach to IaaS & AWS Security
“ 2016 Market Growth:● SaaS: 20.3%● IaaS: 38.4%
“IaaS continues to be the strongest-growing segment as enterprises move away from data center build-outs and move their infrastructure needs to the public cloud.”
4
SaaS vs. IaaS Market Growth
http://www.gartner.com/newsroom/id/3188817
- Sid Nag, Gartner Research Director
"Forecast: Public Cloud Services, Worldwide, 2013-2019, 4Q15 Update"
IaaS spending is skyrocketing
5
© Statista 2016
Apps on IaaS MORE critical than SaaS Apps
6
1. Internal & Partner-facing IaaS apps2. Customer-facing IaaS apps
Platformas a Service (PaaS)
People
Data
Applications
Runtime
Middleware
Operating System
Virtual Network
Hypervisor
Servers
Storage
Physical Network
Cloud Shared Responsibility - SaaS/PaaS/IaaS
7Gartner, Mind the SaaS Security Gaps, Craig Lawson and Sid Deshpande, May 19, 2016
Infrastructureas a Service (IaaS)
Hypervisor
Servers
Storage
Physical Network
SaaS
People
Data
Applications
Runtime
Middleware
Operating System
Virtual Network
Hypervisor
Servers
Storage
Physical Network
CSPResponsibility
CustomerResponsibility
People
Data
Applications
People
Data
Applications
People
Data
Applications
Runtime
Middleware
Operating System
Virtual Network
Amazon’s View: “The Shared Responsibility Model”
8Source: https://aws.amazon.com/compliance/shared-responsibility-model/
Let’s Talk About Bees (No Birds Needed)
9Source: http://www.ForestWander.com
Connections in AWS
EC2 Instance
S3 Bucket
User
App
10
Connections in AWS
EC2 Instance
S3 Bucket
S3 Bucket
Log File Log File Log File Log File
S3 Bucket
S3 Bucket
S3 Bucket
Employee
Customer AttackerPartner Admin
11
03 The CloudLock Approach to IaaS & AWS Security
12
CloudLock Coverage & Use Cases
Admin Console
Custom Apps
Data Loss PreventionCompliance
Forensics
Configuration Security
Visibility & User Behavior Analytics
13
AWS Use Case #1: Forensics
14
AWS Use Case #2A: Visibility & Behavior (Sec Admin)
15
AWS Use Case #2B: Suspicious Behavior (AWS Admin)
**********
16
AWS Use Case #3: Data Compliance & Auditing
17
AWS Use Case #4: Data Leak Protection (DLP)
18
AWS Use Case #5: Configuration Security
19
CloudLock Platform
Protect the usage of business apps in
the cloud
CASB for SaaS
Protect the usage of critical infrastructure
in the cloud
CASB for IaaS/PaaS
Include the cloud in security workflows
Cloud Security Orchestration
20
CloudLock Platform
DLP User
Behavior Analytics
CentralAuditing
Configuration
SecurityEncryption
ManagementApps
Firewall
Protect the usage of business apps in
the cloud
Protect the usage of critical infrastructure
in the cloud
CASB for SaaS
CASB for IaaS/PaaS
Include the cloud in security workflows
Cloud Security Orchestration
21
Questions
Russ MillerDirector, Product Marketing
Ari LeedsSenior Product Manager
23