Andras Cser, VP Principal Analyst at Forrester Research and Carson Sweet, CEO at CloudPassage discussed a new enterprise security architecture that will:
-Apply elastic compute power, big data, and massively horizontal distribution of security controls and telemetry.
-Automate security and compliance monitoring in a scalable and portable manner across both traditional datacenter and cloud environments.
-Address both data at rest and in motion and create minimal resource impact across environments.
Automating Google Workspace (GWS) & more with Apps Script
Â
Comprehensive Cloud Security Requires an Automated Approach
1. Comprehensive Cloud Security
Requires an Automated Approach
Andras Cser, VP and Principal Analyst
Forrester Research
Carson Sweet, CEO and Co-founder
CloudPassage
November 12, 2013
2. Cloud Security: Automation and
Centralization Matters
Andras Cser, VP and Principal Analyst
November 12, 2013
16. When it comes to
responsibilitiesâŠ
How do we
avoid this?
17. Whoâs Responsible for IaaS Security?
AWS Shared Responsibility Model
ââŠthe customer should assume responsibility
and management of, but not limited to, the
guest operating system and associated
application software...â
App Code
App Framework
Operating System
Amazon Web Services: Overview of Security
Processes
Virtual Machine
Hypervisor
Compute & Storage
Shared Network
Physical Facilities
Provider Responsibility
âit is possible for customers to enhance security
and/or meet more stringent compliance
requirements with the addition of host based
firewalls, host based intrusion
detection/prevention, encryption and key
management.â
Customer Responsibility
Data
18. Think Security From the Cloud
Typical questions and
requirements:
âą How can you source security
services from MSSPs?
âą How can you protect security
and data at our cloud
providers?
âą In general: How do we
integrate on existing onpremise security with the
MSSPs security products?
23. Problem: Infrastructure Security Is Behind
âș
âș
âș
âș
Infrastructure more distributed and dynamic than ever
Current security models neither dynamic nor distributed
Perimeters, appliances, hardware reliance, stable
configurations, change control, endpoint security
solutions⊠all marginalized to worthless in new models
Without infrastructure security, all other security measures
are weak (castle on sand, not bedrock)
Security teams canât assure security or
compliance, being dragged behind business
24. The Old Model: everything behind firewall, low
rate of change, very few infrastructure stacks
25. The New Model: multiple stacks, broadly
distributed, legacy approaches fail
26. Security Buyer Challenges
âș Achieving compliance in cloud environments
âą PCI, HIPAA, ISO 27002, SOC2, SANS Top 20, NIST
âș Disparate systems & high rate of change
âą âDynamicâ is core to cloud, new mode of operation
âą Security orchestration & automation underserved needs
âș Existing products donât work well (if at all)
âą Technically designed for a different time
âą Do not match up to dynamic cloud operational models
27. Why Do Existing Solutions Fail?
Network &
hardware
dependencies
Cannot operate
across cloud
models
Lack of meteredusage licensing
Cannot handle
elasticity or wide
distribution
28. How we built high-scale
security & compliance
automation