![Page 1: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/1.jpg)
Avoid repeating the on-prem security mistakes in the cloudBest practices, security framework and digital receipts
Cloud Security Summit, Stockholm, March 26th - 11:45
Göran Walles, CTO @ Radpoint
![Page 2: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/2.jpg)
About Göran?
1990 – v21
2000 – MFA/PKI
1995 - Internet
2009-2019 – CTO @ Radpoint
2005 – ”best of breed” security
2019
![Page 3: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/3.jpg)
About Radpoint
Decades of experience with Palo Alto Networks security platform
Part of NetNordic Group, 350 employees, 1000+ customers
Solutions and Managed Services within: ❑ Cybersecurity❑Network infrastructure❑ Smart datacenters (SDx) ❑Unified Communications
”The Best Companion”
![Page 4: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/4.jpg)
Fools say that they learn by experience. I prefer to profit by others experience. — Otto Von Bismarck
Otto Von Bismarck
![Page 5: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/5.jpg)
Fools say that they learn by experience. I prefer to profit by others experience. — Otto Von Bismarck
Others experience, valuable for cloud security
Security is Security
Profit from best practices using a holistic security frameworkOther organisations cloud incident and breaches
Profit from the mistakes of others– don´t let it happen to you+
![Page 6: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/6.jpg)
Four key dimensions of a holistic security framework
![Page 7: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/7.jpg)
Framework - Security Controls
Inventory and control over cloud assets (SaaS, IaaS objects)
Cloud Vulnerability Management
Secure ”best practice configuration” for cloud assets (SaaS, IaaS objects)
Maintenance, monitoring and analysis of log (system and user account events)
Malware and exploit defenses(cloud)
Authentication – Identity Mgt
ISO/IEC 27001CIS Center for Internet Security
Critical Security Controls
Measurable and Rateable
![Page 8: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/8.jpg)
Some examples of low hanging fruits
![Page 9: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/9.jpg)
Multi-Factor authentication for SaaS
Recommendations:
Evaluate security solution that also understand Identity Access Management (on-prem and cloud)
![Page 10: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/10.jpg)
Protect API´s
Recommendations:
Implement an API security strategy- Inventory, zero trust with vulnerability scan- Let DevOps follow OWASP REST API Cheat sheet- Evaluate tools and services for API protections
![Page 11: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/11.jpg)
Follow security best practices for cloud configurations
Recommendations:
Establish processes to continously monitor and verify configurations with established best practices
- evaluate using automation tools
![Page 12: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/12.jpg)
Visibility
Recommendations:
- Process/tool for asset inventory- IaaS: implement L7-network control with Threat prevention technologies and reporting- IaaS, PaaS, SaaS: system, application and account logging- Evaluate AI/ML services for anomaly detection and prevention
Users ApplicationsThreats
Systems Traffic
![Page 13: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/13.jpg)
Security requirements 2019
Security defenses, processes and activitiesneeds to be measured and confirmed. Security and risks need to be reported
Right level of security based uponbusiness need
Gartner: “By 2020, 100% of large enterprises will be asked to report to their board of directors on cybersecurity”
![Page 14: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/14.jpg)
14
IaaS & PaaS
YOUR CORPORATE NETWORK
INTERNET
ExpressRoute
BRANCH
Network layerPAN-OS FW
SaaS
Core security technologies
![Page 15: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/15.jpg)
15
IaaS & PaaS
SaaS
YOUR CORPORATE NETWORK
INTERNET
ExpressRoute
BRANCH
Operating system and application
layer
Traps
SaaS Cloud layer
Aperture
SaaS
IaaS PaaSCloud layers
Redlock
IaaSPaaS
Compliance monitoring and
security analytics.
Operating system and application
layer
Traps
Core security technologies
![Page 16: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/16.jpg)
16
IaaS & PaaS
SaaS
YOUR CORPORATE NETWORK
INTERNETBRANCH
Network layerPAN-OS FW
Operating system and application
layer
Traps
SaaS Cloud layer
Aperture
SaaS
IaaS PaaSCloud layers
Redlock
IaaSPaaS
Compliance monitoring and
security analytics.
Operating system and application
layer
Traps
Core security technologies
SaaS Cloud layer
Aperture
SaaS
![Page 17: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/17.jpg)
17
IaaS & PaaS
SaaS
YOUR CORPORATE NETWORK
INTERNETBRANCH
Network layerPAN-OS FW
Operating system and application
layer
Traps
SaaS Cloud layer
Aperture
SaaS
IaaS PaaSCloud layers
Redlock
IaaSPaaS
Compliance monitoring and
security analytics.
Operating system and application
layer
Traps
Core security technologies
SaaS Cloud layer
Aperture
SaaS
IaaS PaaSCloud layers
Redlock
IaaSPaaS
Compliance monitoring and
security analytics.
![Page 18: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/18.jpg)
CORTEX XDR: BREAKING SECURITY SILOS
CORTEX DATA LAKE
NETWORK
CORTEX XDRDETECTION & RESPONSE FOR
NETWORK, ENDPOINT AND CLOUD
ENDPOINT CLOUD
Automatically detect attacks
using rich data & cloud-
based behavioral analytics
Accelerate investigations
by stitching data together
to reveal root cause
Tightly integrate with
enforcement points to stop
Threats & Adapt defenses
![Page 19: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/19.jpg)
Secure Operations Managed Security Services
Managed Firewall – perimeter – datacenter - cloud
Managed Endpoint – workstations – servers – cloud servers
![Page 20: Avoid repeating the on-prem security mistakes in the cloud · Avoid repeating the on-prem security mistakes in the cloud Best practices, security framework and digital receipts Cloud](https://reader034.vdocument.in/reader034/viewer/2022042116/5e93b5c51c21b80fa83ea497/html5/thumbnails/20.jpg)
”The Best Companion”