Presentation is loading. Please wait.

Presentation is loading. Please wait.

Is your deployment in pants-down mode?

Published byJean-Paul Chevalier Modified over 6 years ago

Similar presentations

Presentation on theme: "Is your deployment in pants-down mode?"— Presentation transcript:

1 Is your deployment in pants-down mode?
Jason Rouault, CTO Cloudvisory

2 Pants Down Mode?

3 © 2018 Cloudvisory - Confidential
The Problem: Incomplete Security Governance in Hybrid Multi-Cloud Environments Risks & Challenges in Public/Private Cloud Providers and Legacy Infrastructure Cloud environments are “black boxes”. How can I gain visibility and improve my security posture? Cloud-native security controls are often misconfigured. How can I detect, alert and remediate configuration errors? Cloud and legacy workloads are left too “opened”. How can I consistently enforce least privilege security and decrease the attack surface? Attacks in both cloud and legacy environments are often undetected until it is too late. How can I detect/alert, block and quarantine these attacks? Cloud self-service brings agility to the business, but introduces new risks. How can devops, security, audit, risk and compliance teams maintain control without slowing-down the digital transformation? Visibility Do you have a visual representation today of your entire cloud infrastructure (Providers, workloads, security groups, data flows, etc.)? Things get complex quickly when dealing with multiple environments (dev, test, prod, regions) and multiple providers (data center, OpenStack AWS, Azure…) Black Box for security teams. If an application were down because of improper policy, do you have a way to visualize and identify in real-time? Key is maintaining the agility and flexibility that a self service cloud provides, but also providing the necessary security controls Multiple environments (test, dev, production) Multiple providers (datacenter, AWS, Azure, GCE, and OpenStack) Control Security controls can be complex to the uninitiated, and then can be easy to get wrong Since security controls are applied per VM, it can be quite a daunting task to manage them for large deployments Ideally security policies would get dynamically applied their workloads, rather than the current staticly. Who deploys cloud security controls (Native UI or Scripts) today? DevOps, Security? And how is this enforced Compliance If policies are accidently or maliciously altered, impacting risk or applications, could you detect and how long would it take to repair? If malware compromised a virtual instance today how long would it take to identify the issue and remediate back to compliant state? “Lift and Shift” of legacy security tools to the Cloud will NOT improve Security Visibility, Compliance and Enforcement © Cloudvisory - Confidential

4 Start with a Secure Configuration
OpenStack Security Checklist © Cloudvisory - Confidential

5 Automated OpenStack Security Checks
Continuous checks and reporting are needed Compliance Check Automation © Cloudvisory - Confidential

6 Compliance is not a one time event
Demonstrate Compliance over time Historical Perspective © Cloudvisory - Confidential

7 Tailored Views into Compliance
Example OpenStack Security Checklist © Cloudvisory - Confidential

8 Tailored Views into Compliance
Example CIS Kubernetes Benchmark © Cloudvisory - Confidential

9 © 2018 Cloudvisory - Confidential
Ad-hoc Audit Queries Single Pane of Glass to Manage Risk: Audit, Check and Enforce Compliance Policies © Cloudvisory - Confidential

10 Create Guardrails for your self service users
Custom Compliance Checks Auto Notification Auto Remediation Full Audit Trails © Cloudvisory - Confidential

11 Visualize Your Hybrid, Multi-Cloud Environment
Automate cloud-native micro-segmentation © Cloudvisory - Confidential

12 Least-Privilege Enforcement
Cloudvisory Security Platform (CSP) © Cloudvisory - Confidential Hybrid, Multi-Cloud Security Governance Lifecycle Management Actionable Audit Auto-Discovery of workloads, network flows, meta-data and cloud-native firewall rules Ad-hoc auditing and reporting Diagnosis of network security issues Discovery of least privilege rules needed for micro-segmentation Compliance Assurance Continuous monitoring to detect and alert on cloud-native & operating systems firewalls misconfigurations Continuous monitoring to detect and alert on lateral moving attacks Custom, Network & CIS Compliance check monitoring, alerting & reporting Least-Privilege Enforcement Hybrid multi-cloud micro-segmentation policy orchestration & enforcement Push button and automatic compliance policy remediation © Cloudvisory - Confidential

13 © 2018 Cloudvisory - Confidential
The Journey: Hybrid Multi-Cloud Security Governance Non-Intrusive Cloud Security Audit, Compliance & Enforcement © Cloudvisory - Confidential

14 Cloudvisory Security Platform
Current Release Hybrid Cloud Security Governance Audit, Compliance & Enforcement © Cloudvisory - Confidential

Download ppt "Is your deployment in pants-down mode?"

Similar presentations

Your Data Any Place, Any Time Manageability. SQL Server 2008 Manageability Challenges Challenges face database administrators today : Managing complex.

Your Data Any Place, Any Time Manageability. SQL Server 2008 Manageability Challenges Challenges face database administrators today : Managing complex.
System Center 2012 R2 Overview

System Center 2012 R2 Overview
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
The Business Value of CA Solutions Ovidiu VALEANU Senior Consultant DNA Software – CA Regional Representative.

The Business Value of CA Solutions Ovidiu VALEANU Senior Consultant DNA Software – CA Regional Representative.
Microsoft Operations Management Suite

Microsoft Operations Management Suite
DevOps and Private Cloud Automation 23 April 2015 Hal Clark.

DevOps and Private Cloud Automation 23 April 2015 Hal Clark.
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
DNN LOVES JENKINS FOR CONTINUOUS INTEGRATION

DNN LOVES JENKINS FOR CONTINUOUS INTEGRATION
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 Buying factors – HP.

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 Buying factors – HP.
UI and Data Entry UI and Data Entry Front-End Business Logic Mid-Tier Data Store Back-End.

UI and Data Entry UI and Data Entry Front-End Business Logic Mid-Tier Data Store Back-End.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
©2009 Check Point Software Technologies Ltd. All rights reserved. [Confidential]—For Check Point users and approved third parties SmartWorkflow Change.

©2009 Check Point Software Technologies Ltd. All rights reserved. [Confidential]—For Check Point users and approved third parties SmartWorkflow Change.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 Automate your way to.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 Automate your way to.
A way to develop software that emphasizes communication, collaboration, and integration between development and IT operations teams.

A way to develop software that emphasizes communication, collaboration, and integration between development and IT operations teams.
Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.

Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.
- Company Confidential - Corporate Overview March 2015.

- Company Confidential - Corporate Overview March 2015.
Banjot Chanana Sr Director of Product Docker for the Enterprise with Containers as a Service.

Banjot Chanana Sr Director of Product Docker for the Enterprise with Containers as a Service.
1 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Defense Orchestrator Effective security policy management made simple.

1 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Defense Orchestrator Effective security policy management made simple.
Check Point vSEC STORY [Protected] Non-confidential content.

Check Point vSEC STORY [Protected] Non-confidential content.

Similar presentations

Ads by Google