SlideShare ist ein Scribd-Unternehmen logo

Enabling Secure Use of Cloud Applications

Sonia Baratas Alves
Sonia Baratas Alves

IBM cloud helps you to avoid data breaches and consequences as data theft, intrusions and vulnerabilities in the platform. Cloud can tranform your security practices. Respond to new threats in or out of the oficce, Cloud combines visibility, data protection, threat prevention and access management.

Technologie
1 von 21
Downloaden Sie, um offline zu lesen
0© 2015 IBM Corporation Enabling Secure Use of Cloud Applications Dan Wolff, Program Director, Cloud Security Product Management
1© 2015 IBM Corporation Recent Security Timeline 1 614 reported breaches 91,982,172 records 2013 Host Intrusion Prevention Endpoint Sandboxing Application Whitelisting Web Filtering Cloud-based malware detection Network Sandboxing Next Gen FW Network Intrusion Prevention Secure Web Gateways Web App FW
2© 2015 IBM Corporation Expansion of Cloud Services 2 External StakeholdersTraditional Enterprise IT Public CloudPrivate Cloud PaaS Development services SaaS Business applications IaaS Infrastructure services 100+ IBM Offerings HR, CRM, SCM Data archive App development 100+ IBM Offerings Online website
3© 2015 IBM Corporation Additional Cloud Threats and Vulnerabilities  Placement (co-tenancy); exposure to data breach / loss  Configuration errors  Malicious insider  Software vulnerabilities Cloud is now integral part of many data breaches
4© 2015 IBM Corporation The “Secure” Cloud? 4 But isn’t the cloud already secure? Even the experts can’t agree Google Microsoft Information Week HIPAA
5© 2015 IBM Corporation What you can expect from your provider 5 Vulnerabilities in the platform Intrusion monitoring Widespread data theftDenial of service Cloud Vendor is Responsible Network & Application
6© 2015 IBM Corporation What are you responsible for? 6 You are Responsible Compliance Threat Prevention & Visibility Identity management Credential theft Insider misuse of data/ data sharing
7© 2015 IBM Corporation Customer Imperatives for Improving Security Detect threats with visibility across clouds Govern the usage of cloud Protect workloads and data in the cloud How can I understand who is accessing the cloud from anywhere, at anytime? How can I fix vulnerabilities and defend against attacks before they’re exploited? How can I obtain a comprehensive view of cloud and traditional environments?
8© 2015 IBM Corporation Cloud is an opportunity to radically transform security practices Cloud-enhanced Security Designed for elastic cloud environments Traditional Security Designed for static devices behind traditional network protection
9© 2015 IBM Corporation Companies are Adopting Cloud Applications EMPLOYEES IT OPERATIONS CISO Using Cloud for: • Cloud Storage • Collaboration • Much more Using Cloud to:  Save money  Reduce complexity  Automate  Consolidate  Loses visibility/control  Risk of data loss  Web based threats
10© 2015 IBM Corporation Cloud Applications Mobile Employees How Can You Protect What You Can’t See? CASBs are an important visibility tool for CISOs CASBs collect cloud app usage details on traffic going through corporate gateways Mobile users can go directly to cloud apps – creating the “mobile blind spot”  Cellular networks • Both in and out of the office  Home WiFi or mobile hot spots  Adds risk of malware, risky behavior, and corporate policy violations On-Premise and Remote / VPN Employees Web gateway, Firewall, IPS, etc. CASBs But “Blind spots” still exist for mobile usage
11© 2015 IBM Corporation Security and IT leaders face new challenges “My team can’t manage increased employee usage of cloud”  Gain visibility of all cloud app usage  Simplify connecting to approved apps  Remove mobile blind spots  Stop risky user behavior  Quickly detect and react to threats  Ensure compliance/governance How does my organization?
12© 2015 IBM Corporation IT Leaders are telling us they want to… “We need to streamline the number of cloud security technologies. My IT analysts need to be more efficient and cut down on errors.” State Government Agency “I have to simplify employee adoption of approved cloud apps. It’s critical for us to integrate identities with cloud discovery and usage.” Major Retailer “One of our biggest problems is visibility into mobile device activity. We can’t enforce policy if we can’t see the traffic.” Major Financial Services Organization
13© 2015 IBM Corporation MOBILE BYOD ON PREM RISKY APPS APPROVED APPS A new SaaS solution to help securely deploy cloud services EMPLOYEES Identity and Access Control Threat Prevention Policy Enforcement Discovery and Visibility Cloud Event Correlation
© 2015 IBM Corporation© 2015 IBM Corporation Managing Cloud Usage IT Admin view
15© 2015 IBM Corporation
16© 2015 IBM Corporation  Respond to new threats, in or out of the office  Integrated with threat intelligence from IBM X-Force RESPONSE TO THREATS
17© 2015 IBM Corporation  Block risky or unsanctioned apps on mobile devices  Coach safe employee usage PROTECT BY LIMITING ACCESS
18© 2015 IBM Corporation Unified Cloud Security Platform Identity and Access Control Threat Prevention Policy Enforcement Discovery and Visibility Cloud Event Correlation • X-Force Risk scoring for 1000’s of apps • 360 degree, continuous stream of cloud activity data • Mobile integration to uncover blind spots • Federated cloud SSO • Simplified quick connectors to popular cloud apps • No programming required • Self-service catalogs • Delegated administration • User activity and traffic monitoring • Behavioral analysis and correlation to company policies • Alerting, reporting, and auditing • In-line Intrusion Prevention for all mobile traffic • Threat signatures, network analysis, and zero-day threat protection • User coaching • Redirection for out-of-policy usage • Policy and anomaly rule implementation
19© 2015 IBM Corporation Key takeaways Cloud is an opportunity to do security right Cloud is an opportunity to increase IT efficiency Cloud is an opportunity to protect against threats Combine Visibility, Data Protection, Threat Prevention and Access Management 1 2 3 4
Thank You

Empfohlen

Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?IBM Security
 
The Internet of Security Things (A Story about Change)
The Internet of Security Things (A Story about Change) The Internet of Security Things (A Story about Change)
The Internet of Security Things (A Story about Change) Lori MacVittie
 
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...IBM Security
 
Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"IBM Security
 
IBM Cloud Security Enforcer
IBM Cloud Security EnforcerIBM Cloud Security Enforcer
IBM Cloud Security EnforcerCamilo Fandiño Gómez
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the EnterpriseThe Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the EnterpriseSkyhigh Networks
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should KnowIBM Security
 

Empfohlen

Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?IBM Security
 
The Internet of Security Things (A Story about Change)
The Internet of Security Things (A Story about Change) The Internet of Security Things (A Story about Change)
The Internet of Security Things (A Story about Change) Lori MacVittie
 
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...IBM Security
 
Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"IBM Security
 
IBM Cloud Security Enforcer
IBM Cloud Security EnforcerIBM Cloud Security Enforcer
IBM Cloud Security EnforcerCamilo Fandiño Gómez
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the EnterpriseThe Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the EnterpriseSkyhigh Networks
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should KnowIBM Security
 
2014: The Year of the Data Breach
2014: The Year of the Data Breach2014: The Year of the Data Breach
2014: The Year of the Data BreachSkyhigh Networks
 
State of the Cloud in 2015
State of the Cloud in 2015State of the Cloud in 2015
State of the Cloud in 2015Skyhigh Networks
 
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...Skyhigh Networks
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityCloudLock
 
Improving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & SecurityImproving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & SecurityDoug Copley
 
Why you need to secure mobile apps - now
Why you need to secure mobile apps - nowWhy you need to secure mobile apps - now
Why you need to secure mobile apps - nowSymantec
 
Company presentation
Company presentationCompany presentation
Company presentationarunkuri
 
The Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and SequoiaThe Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and SequoiaSkyhigh Networks
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Management of all the devices using Microsoft 365 Business
Management of all the devices using Microsoft 365 BusinessManagement of all the devices using Microsoft 365 Business
Management of all the devices using Microsoft 365 BusinessRobert Crane
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Security
 
Competitive EDGE - Data Driven Differentiation
Competitive EDGE - Data Driven DifferentiationCompetitive EDGE - Data Driven Differentiation
Competitive EDGE - Data Driven DifferentiationAkamai Technologies
 
Ericom Connect datasheet
Ericom Connect datasheet Ericom Connect datasheet
Ericom Connect datasheet Ericom Software
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart ThemIBM Security
 
Cloud service providers in pune
Cloud service providers in puneCloud service providers in pune
Cloud service providers in puneAnshita Dixit
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security
 
The Dark Side of the Web
The Dark Side of the WebThe Dark Side of the Web
The Dark Side of the WebSkyhigh Networks
 
Webinar bitglass - complete deck-2
Webinar bitglass - complete deck-2Webinar bitglass - complete deck-2
Webinar bitglass - complete deck-2Bitglass
 
IBM MaaS360 with Watson
IBM MaaS360 with WatsonIBM MaaS360 with Watson
IBM MaaS360 with WatsonKillian Delaney
 
Summer 2015 EMEA Netskope Cloud Report
Summer 2015 EMEA Netskope Cloud ReportSummer 2015 EMEA Netskope Cloud Report
Summer 2015 EMEA Netskope Cloud ReportNetskope
 
IBM Cloud Security Enforcer
IBM Cloud Security EnforcerIBM Cloud Security Enforcer
IBM Cloud Security EnforcerFrancisco González Jiménez
 
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itCloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itIBM Security
 

Weitere ähnliche Inhalte

Was ist angesagt?

2014: The Year of the Data Breach
2014: The Year of the Data Breach2014: The Year of the Data Breach
2014: The Year of the Data BreachSkyhigh Networks
 
State of the Cloud in 2015
State of the Cloud in 2015State of the Cloud in 2015
State of the Cloud in 2015Skyhigh Networks
 
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...Skyhigh Networks
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityCloudLock
 
Improving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & SecurityImproving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & SecurityDoug Copley
 
Why you need to secure mobile apps - now
Why you need to secure mobile apps - nowWhy you need to secure mobile apps - now
Why you need to secure mobile apps - nowSymantec
 
Company presentation
Company presentationCompany presentation
Company presentationarunkuri
 
The Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and SequoiaThe Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and SequoiaSkyhigh Networks
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Management of all the devices using Microsoft 365 Business
Management of all the devices using Microsoft 365 BusinessManagement of all the devices using Microsoft 365 Business
Management of all the devices using Microsoft 365 BusinessRobert Crane
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Security
 
Competitive EDGE - Data Driven Differentiation
Competitive EDGE - Data Driven DifferentiationCompetitive EDGE - Data Driven Differentiation
Competitive EDGE - Data Driven DifferentiationAkamai Technologies
 
Ericom Connect datasheet
Ericom Connect datasheet Ericom Connect datasheet
Ericom Connect datasheet Ericom Software
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart ThemIBM Security
 
Cloud service providers in pune
Cloud service providers in puneCloud service providers in pune
Cloud service providers in puneAnshita Dixit
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security
 
Webinar bitglass - complete deck-2
Webinar bitglass - complete deck-2Webinar bitglass - complete deck-2
Webinar bitglass - complete deck-2Bitglass
 
Summer 2015 EMEA Netskope Cloud Report
Summer 2015 EMEA Netskope Cloud ReportSummer 2015 EMEA Netskope Cloud Report
Summer 2015 EMEA Netskope Cloud ReportNetskope
 

Was ist angesagt? (20)

2014: The Year of the Data Breach
2014: The Year of the Data Breach2014: The Year of the Data Breach
2014: The Year of the Data Breach
 
State of the Cloud in 2015
State of the Cloud in 2015State of the Cloud in 2015
State of the Cloud in 2015
 
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
 
Improving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & SecurityImproving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & Security
 
Why you need to secure mobile apps - now
Why you need to secure mobile apps - nowWhy you need to secure mobile apps - now
Why you need to secure mobile apps - now
 
Company presentation
Company presentationCompany presentation
Company presentation
 
The Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and SequoiaThe Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and Sequoia
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Management of all the devices using Microsoft 365 Business
Management of all the devices using Microsoft 365 BusinessManagement of all the devices using Microsoft 365 Business
Management of all the devices using Microsoft 365 Business
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
 
Competitive EDGE - Data Driven Differentiation
Competitive EDGE - Data Driven DifferentiationCompetitive EDGE - Data Driven Differentiation
Competitive EDGE - Data Driven Differentiation
 
Ericom Connect datasheet
Ericom Connect datasheet Ericom Connect datasheet
Ericom Connect datasheet
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them
 
Cloud service providers in pune
Cloud service providers in puneCloud service providers in pune
Cloud service providers in pune
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
 
The Dark Side of the Web
The Dark Side of the WebThe Dark Side of the Web
The Dark Side of the Web
 
Webinar bitglass - complete deck-2
Webinar bitglass - complete deck-2Webinar bitglass - complete deck-2
Webinar bitglass - complete deck-2
 
IBM MaaS360 with Watson
IBM MaaS360 with WatsonIBM MaaS360 with Watson
IBM MaaS360 with Watson
 
Summer 2015 EMEA Netskope Cloud Report
Summer 2015 EMEA Netskope Cloud ReportSummer 2015 EMEA Netskope Cloud Report
Summer 2015 EMEA Netskope Cloud Report
 

Ähnlich wie Enabling Secure Use of Cloud Applications

Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itCloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itIBM Security
 
6 major cyber security risks to cloud computing
6 major cyber security risks to cloud computing6 major cyber security risks to cloud computing
6 major cyber security risks to cloud computingTyrone Systems
 
Simple and secure mobile cloud access
Simple and secure mobile cloud accessSimple and secure mobile cloud access
Simple and secure mobile cloud accessAGILLY
 
Ibm mobile first protect (maas360)
Ibm mobile first protect (maas360)Ibm mobile first protect (maas360)
Ibm mobile first protect (maas360)gule mariam
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM Sverige
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?IBM Security
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinCloud Expo
 
Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --SymantecAbhishek Sood
 
8 Principales Raisons de Passer du MDM à l'EMM
8 Principales Raisons de Passer du MDM à l'EMM8 Principales Raisons de Passer du MDM à l'EMM
8 Principales Raisons de Passer du MDM à l'EMMAGILLY
 
Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Chris Pepin
 
Cloud - DC Poland Open Days
Cloud - DC Poland Open DaysCloud - DC Poland Open Days
Cloud - DC Poland Open DaysAndrzej Osmak
 
Akamai Intelligent Edge Security
Akamai Intelligent Edge SecurityAkamai Intelligent Edge Security
Akamai Intelligent Edge SecurityAkamai Technologies
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud ComputingAshish Patel
 
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)Glenn Ambler
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Zabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředíZabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředíMarketingArrowECS_CZ
 
Ibm fiberlink analyst presentation nov 13 final
Ibm fiberlink analyst presentation nov 13 finalIbm fiberlink analyst presentation nov 13 final
Ibm fiberlink analyst presentation nov 13 finalCleophas Kipruto
 

Ähnlich wie Enabling Secure Use of Cloud Applications (20)

IBM Cloud Security Enforcer
IBM Cloud Security EnforcerIBM Cloud Security Enforcer
IBM Cloud Security Enforcer
 
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itCloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
 
6 major cyber security risks to cloud computing
6 major cyber security risks to cloud computing6 major cyber security risks to cloud computing
6 major cyber security risks to cloud computing
 
Simple and secure mobile cloud access
Simple and secure mobile cloud accessSimple and secure mobile cloud access
Simple and secure mobile cloud access
 
Ibm mobile first protect (maas360)
Ibm mobile first protect (maas360)Ibm mobile first protect (maas360)
Ibm mobile first protect (maas360)
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and Trends
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny Heaberlin
 
Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --Symantec
 
8 Principales Raisons de Passer du MDM à l'EMM
8 Principales Raisons de Passer du MDM à l'EMM8 Principales Raisons de Passer du MDM à l'EMM
8 Principales Raisons de Passer du MDM à l'EMM
 
Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...
 
Cloud - DC Poland Open Days
Cloud - DC Poland Open DaysCloud - DC Poland Open Days
Cloud - DC Poland Open Days
 
Becoming an interconnected enterprise
Becoming an interconnected enterpriseBecoming an interconnected enterprise
Becoming an interconnected enterprise
 
Akamai Intelligent Edge Security
Akamai Intelligent Edge SecurityAkamai Intelligent Edge Security
Akamai Intelligent Edge Security
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Zabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředíZabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředí
 
Ibm fiberlink analyst presentation nov 13 final
Ibm fiberlink analyst presentation nov 13 finalIbm fiberlink analyst presentation nov 13 final
Ibm fiberlink analyst presentation nov 13 final
 

Mehr von Sonia Baratas Alves

How will IoT change the world as we know it?
How will IoT change the world as we know it?How will IoT change the world as we know it?
How will IoT change the world as we know it?Sonia Baratas Alves
 
What's coming in 2016? Cognitive Analytics
What's coming in 2016? Cognitive AnalyticsWhat's coming in 2016? Cognitive Analytics
What's coming in 2016? Cognitive AnalyticsSonia Baratas Alves
 
IBM Smarter Storage for Smarter Computing
IBM Smarter Storage for Smarter ComputingIBM Smarter Storage for Smarter Computing
IBM Smarter Storage for Smarter ComputingSonia Baratas Alves
 
Storwize 7000 Nueva era de almacenamiento
Storwize 7000 Nueva era de almacenamientoStorwize 7000 Nueva era de almacenamiento
Storwize 7000 Nueva era de almacenamientoSonia Baratas Alves
 

Mehr von Sonia Baratas Alves (14)

How will IoT change the world as we know it?
How will IoT change the world as we know it?How will IoT change the world as we know it?
How will IoT change the world as we know it?
 
Why attend IBM Amplify 2016
Why attend IBM Amplify 2016Why attend IBM Amplify 2016
Why attend IBM Amplify 2016
 
Cognitive Business
Cognitive BusinessCognitive Business
Cognitive Business
 
What is Big Data?
What is Big Data?What is Big Data?
What is Big Data?
 
IBM Bluemix Openwhisk
IBM Bluemix OpenwhiskIBM Bluemix Openwhisk
IBM Bluemix Openwhisk
 
IBM Cloud - Open by Design
IBM Cloud - Open by DesignIBM Cloud - Open by Design
IBM Cloud - Open by Design
 
What Watson can do for you
What Watson can do for youWhat Watson can do for you
What Watson can do for you
 
What's coming in 2016? Cognitive Analytics
What's coming in 2016? Cognitive AnalyticsWhat's coming in 2016? Cognitive Analytics
What's coming in 2016? Cognitive Analytics
 
Introducing Journey Analytics
Introducing Journey AnalyticsIntroducing Journey Analytics
Introducing Journey Analytics
 
IBM Smarter Storage for Smarter Computing
IBM Smarter Storage for Smarter ComputingIBM Smarter Storage for Smarter Computing
IBM Smarter Storage for Smarter Computing
 
Cyber threats
Cyber threatsCyber threats
Cyber threats
 
Ibm watson
Ibm watsonIbm watson
Ibm watson
 
Making the most of our data
Making the most of our dataMaking the most of our data
Making the most of our data
 
Storwize 7000 Nueva era de almacenamiento
Storwize 7000 Nueva era de almacenamientoStorwize 7000 Nueva era de almacenamiento
Storwize 7000 Nueva era de almacenamiento
 

Kürzlich hochgeladen

Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 

Kürzlich hochgeladen (20)

Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 

Enabling Secure Use of Cloud Applications

  • 1. 0© 2015 IBM Corporation Enabling Secure Use of Cloud Applications Dan Wolff, Program Director, Cloud Security Product Management
  • 2. 1© 2015 IBM Corporation Recent Security Timeline 1 614 reported breaches 91,982,172 records 2013 Host Intrusion Prevention Endpoint Sandboxing Application Whitelisting Web Filtering Cloud-based malware detection Network Sandboxing Next Gen FW Network Intrusion Prevention Secure Web Gateways Web App FW
  • 3. 2© 2015 IBM Corporation Expansion of Cloud Services 2 External StakeholdersTraditional Enterprise IT Public CloudPrivate Cloud PaaS Development services SaaS Business applications IaaS Infrastructure services 100+ IBM Offerings HR, CRM, SCM Data archive App development 100+ IBM Offerings Online website
  • 4. 3© 2015 IBM Corporation Additional Cloud Threats and Vulnerabilities  Placement (co-tenancy); exposure to data breach / loss  Configuration errors  Malicious insider  Software vulnerabilities Cloud is now integral part of many data breaches
  • 5. 4© 2015 IBM Corporation The “Secure” Cloud? 4 But isn’t the cloud already secure? Even the experts can’t agree Google Microsoft Information Week HIPAA
  • 6. 5© 2015 IBM Corporation What you can expect from your provider 5 Vulnerabilities in the platform Intrusion monitoring Widespread data theftDenial of service Cloud Vendor is Responsible Network & Application
  • 7. 6© 2015 IBM Corporation What are you responsible for? 6 You are Responsible Compliance Threat Prevention & Visibility Identity management Credential theft Insider misuse of data/ data sharing
  • 8. 7© 2015 IBM Corporation Customer Imperatives for Improving Security Detect threats with visibility across clouds Govern the usage of cloud Protect workloads and data in the cloud How can I understand who is accessing the cloud from anywhere, at anytime? How can I fix vulnerabilities and defend against attacks before they’re exploited? How can I obtain a comprehensive view of cloud and traditional environments?
  • 9. 8© 2015 IBM Corporation Cloud is an opportunity to radically transform security practices Cloud-enhanced Security Designed for elastic cloud environments Traditional Security Designed for static devices behind traditional network protection
  • 10. 9© 2015 IBM Corporation Companies are Adopting Cloud Applications EMPLOYEES IT OPERATIONS CISO Using Cloud for: • Cloud Storage • Collaboration • Much more Using Cloud to:  Save money  Reduce complexity  Automate  Consolidate  Loses visibility/control  Risk of data loss  Web based threats
  • 11. 10© 2015 IBM Corporation Cloud Applications Mobile Employees How Can You Protect What You Can’t See? CASBs are an important visibility tool for CISOs CASBs collect cloud app usage details on traffic going through corporate gateways Mobile users can go directly to cloud apps – creating the “mobile blind spot”  Cellular networks • Both in and out of the office  Home WiFi or mobile hot spots  Adds risk of malware, risky behavior, and corporate policy violations On-Premise and Remote / VPN Employees Web gateway, Firewall, IPS, etc. CASBs But “Blind spots” still exist for mobile usage
  • 12. 11© 2015 IBM Corporation Security and IT leaders face new challenges “My team can’t manage increased employee usage of cloud”  Gain visibility of all cloud app usage  Simplify connecting to approved apps  Remove mobile blind spots  Stop risky user behavior  Quickly detect and react to threats  Ensure compliance/governance How does my organization?
  • 13. 12© 2015 IBM Corporation IT Leaders are telling us they want to… “We need to streamline the number of cloud security technologies. My IT analysts need to be more efficient and cut down on errors.” State Government Agency “I have to simplify employee adoption of approved cloud apps. It’s critical for us to integrate identities with cloud discovery and usage.” Major Retailer “One of our biggest problems is visibility into mobile device activity. We can’t enforce policy if we can’t see the traffic.” Major Financial Services Organization
  • 14. 13© 2015 IBM Corporation MOBILE BYOD ON PREM RISKY APPS APPROVED APPS A new SaaS solution to help securely deploy cloud services EMPLOYEES Identity and Access Control Threat Prevention Policy Enforcement Discovery and Visibility Cloud Event Correlation
  • 15. © 2015 IBM Corporation© 2015 IBM Corporation Managing Cloud Usage IT Admin view
  • 16. 15© 2015 IBM Corporation
  • 17. 16© 2015 IBM Corporation  Respond to new threats, in or out of the office  Integrated with threat intelligence from IBM X-Force RESPONSE TO THREATS
  • 18. 17© 2015 IBM Corporation  Block risky or unsanctioned apps on mobile devices  Coach safe employee usage PROTECT BY LIMITING ACCESS
  • 19. 18© 2015 IBM Corporation Unified Cloud Security Platform Identity and Access Control Threat Prevention Policy Enforcement Discovery and Visibility Cloud Event Correlation • X-Force Risk scoring for 1000’s of apps • 360 degree, continuous stream of cloud activity data • Mobile integration to uncover blind spots • Federated cloud SSO • Simplified quick connectors to popular cloud apps • No programming required • Self-service catalogs • Delegated administration • User activity and traffic monitoring • Behavioral analysis and correlation to company policies • Alerting, reporting, and auditing • In-line Intrusion Prevention for all mobile traffic • Threat signatures, network analysis, and zero-day threat protection • User coaching • Redirection for out-of-policy usage • Policy and anomaly rule implementation
  • 20. 19© 2015 IBM Corporation Key takeaways Cloud is an opportunity to do security right Cloud is an opportunity to increase IT efficiency Cloud is an opportunity to protect against threats Combine Visibility, Data Protection, Threat Prevention and Access Management 1 2 3 4