Weitere ähnliche Inhalte Ähnlich wie Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention (20) Mehr von IBM Security (20) Kürzlich hochgeladen (20) Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention1. 0© 2015 IBM Corporation
Enabling Secure
Use of Cloud
Applications
Dan Wolff,
Program Director, Cloud Security Product
Management
2. 1© 2015 IBM Corporation
Recent Security Timeline
1
614 reported breaches
91,982,172 records
2013
Host
Intrusion
Prevention
Endpoint
Sandboxing
Application
Whitelisting
Web
Filtering
Cloud-based
malware
detection
Network
Sandboxing
Next Gen
FW
Network
Intrusion
Prevention
Secure Web
Gateways
Web App FW
3. 2© 2015 IBM Corporation
Expansion of Cloud Services
2
External StakeholdersTraditional Enterprise IT
Public CloudPrivate Cloud
PaaS
Development
services
SaaS
Business
applications
IaaS
Infrastructure
services
100+ IBM
Offerings
HR,
CRM, SCM
Data
archive
App
development
100+ IBM
Offerings
Online
website
4. 3© 2015 IBM Corporation
Additional Cloud Threats and Vulnerabilities
Placement (co-tenancy);
exposure to data breach / loss
Configuration errors
Malicious insider
Software
vulnerabilities
Cloud is now integral part of many data breaches
5. 4© 2015 IBM Corporation
The “Secure” Cloud?
4
But isn’t the cloud already secure?
Even the experts can’t agree
Google
Microsoft
Information Week
HIPAA
6. 5© 2015 IBM Corporation
What you can expect from your provider
5
Vulnerabilities in the
platform
Intrusion monitoring
Widespread data theftDenial of service
Cloud Vendor
is Responsible
Network & Application
7. 6© 2015 IBM Corporation
What are you responsible for?
6
You are Responsible
Compliance Threat Prevention &
Visibility
Identity management
Credential theft
Insider misuse of data/
data sharing
8. 7© 2015 IBM Corporation
Customer Imperatives for Improving Security
Detect threats with
visibility across clouds
Govern the
usage of cloud
Protect workloads
and data in the cloud
How can I understand who
is accessing the cloud
from anywhere, at anytime?
How can I fix vulnerabilities
and defend against attacks
before they’re exploited?
How can I obtain a
comprehensive view of cloud
and traditional environments?
9. 8© 2015 IBM Corporation
Cloud is an opportunity to radically
transform security practices
Cloud-enhanced Security
Designed for elastic cloud
environments
Traditional Security
Designed for static devices
behind traditional network
protection
10. 9© 2015 IBM Corporation
Companies are Adopting Cloud Applications
EMPLOYEES IT OPERATIONS CISO
Using Cloud for:
• Cloud Storage
• Collaboration
• Much more
Using Cloud to:
Save money
Reduce complexity
Automate
Consolidate
Loses visibility/control
Risk of data loss
Web based threats
11. 10© 2015 IBM Corporation
Cloud Applications Mobile Employees
How Can You Protect What You Can’t See?
CASBs are an important
visibility tool for CISOs
CASBs collect cloud app usage
details on traffic going through
corporate gateways
Mobile users can go directly to
cloud apps – creating the “mobile
blind spot”
Cellular networks
• Both in and out of the office
Home WiFi or mobile hot spots
Adds risk of malware, risky behavior,
and corporate policy violations
On-Premise and Remote / VPN Employees
Web gateway,
Firewall, IPS, etc.
CASBs
But “Blind spots” still exist
for mobile usage
12. 11© 2015 IBM Corporation
Security and IT leaders face new challenges
“My team can’t manage
increased employee
usage of cloud”
Gain visibility of all cloud app usage
Simplify connecting to approved apps
Remove mobile blind spots
Stop risky user behavior
Quickly detect and react to threats
Ensure compliance/governance
How does my organization?
13. 12© 2015 IBM Corporation
IT Leaders are telling us they want to…
“We need to streamline the number of cloud
security technologies. My IT analysts need to
be more efficient and cut down on errors.”
State Government
Agency
“I have to simplify employee adoption of
approved cloud apps. It’s critical for us to
integrate identities with cloud discovery and
usage.”
Major
Retailer
“One of our biggest problems is visibility into
mobile device activity. We can’t enforce policy
if we can’t see the traffic.”
Major Financial
Services Organization
14. 13© 2015 IBM Corporation
MOBILE
BYOD
ON PREM
RISKY
APPS
APPROVED APPS
A new SaaS solution to help
securely deploy cloud services
EMPLOYEES
Identity and
Access Control
Threat
Prevention
Policy
Enforcement
Discovery
and Visibility
Cloud Event
Correlation
15. © 2015 IBM Corporation© 2015 IBM Corporation
Managing Cloud Usage
IT Admin view
17. 16© 2015 IBM Corporation
Respond to new threats,
in or out of the office
Integrated with threat
intelligence from
IBM X-Force
RESPONSE TO THREATS
18. 17© 2015 IBM Corporation
Block risky or
unsanctioned apps
on mobile devices
Coach safe employee
usage
PROTECT BY
LIMITING ACCESS
19. 18© 2015 IBM Corporation
Unified Cloud Security Platform
Identity and
Access Control
Threat
Prevention
Policy
Enforcement
Discovery
and Visibility
Cloud Event
Correlation
• X-Force Risk scoring
for 1000’s of apps
• 360 degree,
continuous stream
of cloud activity data
• Mobile integration to
uncover blind spots
• Federated cloud SSO
• Simplified quick
connectors to
popular cloud apps
• No programming
required
• Self-service catalogs
• Delegated
administration
• User activity and
traffic monitoring
• Behavioral analysis
and correlation to
company policies
• Alerting, reporting,
and auditing
• In-line Intrusion
Prevention for all
mobile traffic
• Threat signatures,
network analysis,
and zero-day
threat protection
• User coaching
• Redirection for
out-of-policy usage
• Policy and anomaly
rule implementation
20. 19© 2015 IBM Corporation
Key takeaways
Cloud is an opportunity to do security right
Cloud is an opportunity to increase IT efficiency
Cloud is an opportunity to protect against threats
Combine Visibility, Data Protection, Threat Prevention and
Access Management
1
2
3
4