Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Today’s Multi-Dimensional Cloud

Published byKerry Lee Modified over 6 years ago

Similar presentations

Presentation on theme: "Securing Today’s Multi-Dimensional Cloud"— Presentation transcript:

1 Securing Today’s Multi-Dimensional Cloud
Matthew Kuan, Solutions Director APAC 24-25 May 2017

2 This might just happen to you….it has already happened to Yahoo…

3 Does Security Differ From “Traditional” to Cloud?
NO : Cloud is part of the enterprise and enterprises SHOULD have: Security Strategy Security Objective Security Posture 1 Security implementation is “multi-flavored”, dependent on: technology, purpose, location, environment, scalability, etc. Cloud Security is just more security “flavors”.

4 Types of Cloud Services & Models…
Data Center Enterprise Software Defined Data Center Private Public There are 4 types of cloud options that the organization can adopt: Private Cloud – cloud computing that delivers similar services to other public cloud types but dedicated to a single organization, unlike other public clouds, which deliver services to multiple organizations. Infrastructure as a Service (IaaS) - provides virtualized computing resources over the Internet. Eg. Amazon Web Services (AWS), Windows Azure, Google Compute Engine, Rackspace Open Cloud, and IBM SmartCloud Enterprise Software as a Service (SaaS) – delivers the use of applications in the likes of Eg. Salesforce.com, Oracle, SAP and Microsoft Office 365 over the internet. Platform as a Service (PaaS) – delivers computing resources over the internet that facilitates the development, running, and management of applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app. PaaS platforms for software development and management include Eg. Amazon Web Services (AWS), Appear IQ, Mendix, Elastic Beanstalk, Google App Engine and Heroku. Hybrid cloud is a cloud computing environment which uses a mix of on-premises, private cloud and third-party, public cloud services with orchestration between the two platforms.

5 Cloud Security is NOT an Island
DC Public Cloud SDDC Internet HQ / Campus Wireless Access Branch Office Regional Office Multi-dimensional cloud

6 51% 1 2 3 4 5 85% Time to detect breach*
OF ENTERPRISES BREACHED IN THE LAST 12 MONTHS* 51% More than 1 hour for 85% Time to detect breach* Areas of greatest concern for security* Cloud Vulnerability in IT systems Inside Threats BYOD IoT 1 2 3 4 5 The number of successful breaches is increasing and it’s taking longer and longer to detect when a breach has happened. According to the survey conducted on behalf of Fortinet earlier this year, it took more than an hour – 61+ minutes to day, weeks, months and years – for 85% of the companies surveyed to detect that they had been breached. IoT is only adding to the issues that the enteprise network is already trying to deal with and without addressing those issues first, adding IoT to the mix just puts them further and further behind the cyber criminal or hacker. Also, it is not surprising when we look at the areas of greatest security concern for an enterprise, Cloud Security turns up right at the top of the 5 that is listed. * Source: Fortinet-sponsored Lightspeed GMI survey

7 Data Center & Cloud – A Brief History…
Private Cloud Virtualization Hypervisor Automation East-West North-South Flow Connector API Hybrid Public Cloud IaaS/PaaS Cloud NGFW WAF Management Reporting APT SaaS Cloud Data Center As the data center has evolved and the migration to Cloud has started gathering pace, security has to adapt its “flavor” to these changing environment with 4 steps to this process: Virtualization – with the adaptation of security appliances in a virtualized form or VM (for example, FortiGate-VM) Private Cloud – with the addition of automation to compute virtualization, enterprises have started to build their own private clouds. Security needed to adopt and integrate in that automated and orchestrated environment. Public Cloud – Enterprises are using public cloud offerings from the likes of AWS and Microsoft Azure in an ever growing rate. There applications and data that resides in the public cloud need to be protected and therefor specific security virtual appliances needed to be available for implementation and deployment in these environments. Hybrid Cloud – is the combined cloud made up of the enterprise private and public cloud data and applications. These are not two separated entities – and should be secured in a similar way allowing for an overall enterprise-wide security posture and compliance. Proxy CASI Broker API

8 Security OF and IN the Cloud
Security OF the Data Center East West Public Cloud Private Cloud North Data Center Hybrid Cloud Cloud - private, public and hybrid - creates two types of traffic flows that correlate to the security OF and IN the cloud: Traffic entering and exiting the data center is known as North South traffic. This traffic is visible to physical security appliances, such as Firewalls, that are used to inspect it and thus provide security of the data center and therefor of the cloud (as the private cloud resides in the data center) South Client Devices

9 Security OF and IN the Cloud
Security IN the Data Center East West Public Cloud Private Cloud North Data Center Hybrid Cloud Traffic traversing the data center without leaving it is known as East-West traffic and today it consist the total majority of traffic in the data center (75%). This traffic is mostly traffic between virtual machines and therefore not visible to physical security appliances. In this environment, virtual security appliances are used to achieve visibility and security enforcement IN the cloud. East-west traffic is not limited to only the public cloud or the private cloud. Therefore, when using an hybrid cloud environment, it is important to secure the traffic in the cloud throughout and in the same manner. For example, if web application are deployed on both the private and public clouds, FortiWeb-VMs should be deployed in both clouds to provide the same security level, posture and compliance throughout. South Client Devices

10 Cloud Security Responsibilities – Who owns what now?
It is more often than not that the enterprise are usually unclear as to where the lines are drawn and may make the assumption that the service providers are responsible for all aspect of security when adopting cloud. This is a chart that shows the areas of responsibility (see responsibility column for detail) in the area of security when adopting the various type of cloud with different service providers in respect to the cloud stack and its components.

11 Security Implementation – Best of Breed
Security Gaps Lack of Integration & Automation Network Security Wireless Security Device Security Apps. Security Unknown Security Cloud Security

12 The Current Security Strategy…The Usual Approach…
It is BROKEN! "doing the same thing over and over again and expecting different results"? = INSANITY - Albert Einstein

13 Fortinet Security Fabric – Foundation of Holistic Security
Broad Powerful Automated Fortinet is of the opinion that in regard to security in all aspect, the Security Fabric is the vision to adopt in order to avoid a fragmented security deployment model, where exploitable gaps are created due to the lack of collaboration and cooperation to drive an intelligent security posture. As in the case of cloud, the security solution should be one that enables organizations to securely and elastically scale protection to their private, public and hybrid cloud infrastructure and workloads, and to segment both within the cloud and between endpoints, enterprise networks, and the cloud. It is characterize by 3 pillars: Broad, Powerful & Automated. Enables organizations to securely and elastically scale protection to their private, public and hybrid cloud infrastructure and workloads, and to segment between endpoints, enterprise networks, and the cloud.

14 BROAD - Containing the Borderless
ONE Security Application Security Cloud Security Client/IoT Security Access Security Network Security Visibility Flexible/Open The Fabric is BROAD, not only having the ability to secure a dynamic attack surface — where security are applied to the Endpoints, Access, Network, Applications and Cloud through the visibility that is available across the entire network, closing any potential security gap that may be exploited. The security fabric can be further extended to other vendor solutions through our Open API to both protect current investments and embrace complimentary niche solutions to strengthen the fabric.

15 POWERFUL - Eliminating Compromises
Security Processors Scalable Range Auto Scaling Accelerates Network Traffic High End Accelerates Content Inspection Mid Range Optimized Performance for Entry Level Entry Level The Fabric is POWERFUL with Fortinet’s pioneering development of specialized Security Processors or Security Processing Units (SPU’s). The analogy here is the GPU or Graphical Processing Unit which are designed from the ground up to help CPU’s accelerate graphics features. This is simply is not possible with generic Software/CPU-only-based products from competition. Instead Fortinet has pioneered SPU’s that: Accelerates Network traffic (Network Processor – NP6) Accelerates Content Inspection (Content Processor – CP9) System on a Chip (SoC3) along with the CPU, providing the combined performance of NP and CP for small deployment in a single cost-effective package The performance is further enhanced on larger configurations with the use of Parallel Path Processing to speed specific types of traffic Today’s Firewall deployment requirements are extensive, from UTM to NGFW to ISFW to DCFW. Fortinet is the only Network security Vendor to provide a product portfolio is capable of scaling across all of these segments from entry level

16 AUTOMATED - Eliminating Complexity, Increasing Efficacy
Known & Unknown Known Threats FortiGuard Unknown Threats FortiSandbox Audit & Recommend ISFW-PRI Demo_ISFW-Sales Demo_ISFW-Finance Demo_ISFW-ENG FP320C3X 2.62 GB Coordinated AUTOMATION is key to the security system of the future. First, “Threat Intelligence” needs to be be available Globally (known - FortiGuard) and locally (unknown - FortiSandbox) to all security elements. The threat intelligence and mitigation information can to be shared for a coordinated response deployed in real time amongst all security elements. 16

17 Common Threat Intelligence – From Device to Cloud
Antivirus Service Application Control Service Anti-spam Security Service Intrusion Prevention Service Web Security Service Web Filtering Service Database Security Service Vulnerability Management Service IP Reputation Service FORTIGUARD

18 Take Away Cloud is NOT an Island
Cloud Security is one with Enterprise Security Cloud Security does not differ from “traditional” security Same Network Security must be implemented as Cloud Security Implementation changes based on cloud “flavor” Network-Cloud Security automation is crucial Active & coordinated security to combat threats Close security gaps Reduce time to detection

19

Download ppt "Securing Today’s Multi-Dimensional Cloud"

Similar presentations

What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.

What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.
Cloud Computing 1100101 (101).

Cloud Computing (101).
SaaS, PaaS & TaaS By: Raza Usmani

SaaS, PaaS & TaaS By: Raza Usmani
1 Introduction to Cloud Computing Jian Tang 01/19/2012.

1 Introduction to Cloud Computing Jian Tang 01/19/2012.
Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.

Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.
Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over the Internet. Cloud is the metaphor for.

Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over the Internet. Cloud is the metaphor for.
Cloud Computing Kwangyun Cho v=8AXk25TUSRQ.

Cloud Computing Kwangyun Cho v=8AXk25TUSRQ.
M.A.Doman 2011. Short video intro Model for enabling the delivery of computing as a SERVICE.

M.A.Doman Short video intro Model for enabling the delivery of computing as a SERVICE.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
What is the cloud ? IT as a service Cloud allows access to services without user technical knowledge or control of supporting infrastructure Best described.

What is the cloud ? IT as a service Cloud allows access to services without user technical knowledge or control of supporting infrastructure Best described.
Network security Product Group 2 McAfee Network Security Platform.

Network security Product Group 2 McAfee Network Security Platform.
HUSKY CONSULTANTS FRANKLIN VALENCIA WIOLETA MILCZAREK ANTHONY GAGLIARDI JR. BRIAN CONNERY.

HUSKY CONSULTANTS FRANKLIN VALENCIA WIOLETA MILCZAREK ANTHONY GAGLIARDI JR. BRIAN CONNERY.
3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.

3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.
Web Technologies Lecture 13 Introduction to cloud computing.

Web Technologies Lecture 13 Introduction to cloud computing.
Cloud Architecture. SPI Model Cloud Computing Classification Model – SPI Cloud Computing Classification Model – SPI - SaaS: (Software as a Service) -

Cloud Architecture. SPI Model Cloud Computing Classification Model – SPI Cloud Computing Classification Model – SPI - SaaS: (Software as a Service) -
1 TCS Confidential. 2 Objective : In this session we will be able to learn:  What is Cloud Computing?  Characteristics  Cloud Flavors  Cloud Deployment.

1 TCS Confidential. 2 Objective : In this session we will be able to learn:  What is Cloud Computing?  Characteristics  Cloud Flavors  Cloud Deployment.
New cloud services demand new security solutions. The evolving cloud landscape is paving the way for modern and more sophisticated technology. Among the.

New cloud services demand new security solutions. The evolving cloud landscape is paving the way for modern and more sophisticated technology. Among the.
Designing Cisco Data Center Unified Fabric 642-996.

Designing Cisco Data Center Unified Fabric
Introduction to Enterprise Systems. Slide 2 Objectives Review the enterprise ecosystem.

Introduction to Enterprise Systems. Slide 2 Objectives Review the enterprise ecosystem.
Agenda  What is Cloud Computing?  Milestone of Cloud Computing  Common Attributes of Cloud Computing  Cloud Service Layers  Cloud Implementation.

Agenda  What is Cloud Computing?  Milestone of Cloud Computing  Common Attributes of Cloud Computing  Cloud Service Layers  Cloud Implementation.

Similar presentations

Ads by Google