Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec...
Transcript of Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec...
![Page 1: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/1.jpg)
![Page 2: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/2.jpg)
www.cloudsec.com | #cloudsec
Data Protection Strategies with CloudJeff Chen, CISSPSecurity Consultant, GCKThales CPL
![Page 3: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/3.jpg)
#cloudsec
The business environment is changing
![Page 4: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/4.jpg)
#cloudsec
Challenge: Compliance in a Cloudy World
![Page 5: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/5.jpg)
#cloudsec
APAC is MORE ready than most !!
Source: Asia Cloud Computing Association
Are we ready for Cloud?
![Page 6: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/6.jpg)
#cloudsec
Enterprise Cloud Strategy
Resource: (ISC)2 2018 Cloud Security Report
![Page 7: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/7.jpg)
#cloudsec
Thread Landscape
![Page 8: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/8.jpg)
No organization is immune from data security threats
![Page 9: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/9.jpg)
#cloudsec
Broad Cloud Security Concerns
![Page 10: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/10.jpg)
#cloudsec
Complex Environment is the Top Barrier to Data Security
Source: 2019 Thales Data Threat Report Survey, IDC, November 2018
![Page 11: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/11.jpg)
#cloudsec
It’s not that organizations don’t recognize the importance of data security; they clearly do. However, they realize that implementing data security is challenging and they need better, simpler solutions that allow them to address these challenges.”
“
![Page 12: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/12.jpg)
#cloudsec
Shared Responsibility Model for Cloud Data Security
![Page 13: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/13.jpg)
#cloudsec
You are responsible for data security.
What do you do?
![Page 14: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/14.jpg)
#cloudsec
What First Comes to Mind When Protecting Data?▪ Top six data security tools already deployed, or planned to
be deployed in the next year.
Source: 2019 THALES DATA THREAT REPORTGLOBAL EDITION
![Page 15: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/15.jpg)
#cloudsec
Enterprise Reality -- Islands of Encryption
![Page 16: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/16.jpg)
Edward Snowden:
“Encryption works. Properly implemented
strong crypto systems are one of the few things
that you can rely on. ”
![Page 17: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/17.jpg)
#cloudsec
IDC Recommendation: Encrypt Data and Control Your Keys
![Page 18: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/18.jpg)
#cloudsec
But Where To Put the Keys?
![Page 19: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/19.jpg)
www.cloudsec.com | #cloudsec
Bring Your Own Key (BYOK)
![Page 20: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/20.jpg)
#cloudsec
What is BYOK?
Local Key Store (KMS/HSM)
Utility for BYOK
Keys Generated by local key store
CSP KMSBYOK
wrappedData (key) with BYOK certificate
![Page 21: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/21.jpg)
#cloudsec
Cloud Key Management Pain Points
Encryption
Key
Visibility
Data
Loss
Vendor
Lock
Attaining
Compliance
Key
Lifecycle
Mgmt
![Page 22: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/22.jpg)
#cloudsec
CipherTrust Cloud Key Manager ▪ Centralized, multi-cloud
key control and management for IaaS and SaaS
▪ As a service or on-premises deployment
▪ Secure Key Storage
▪ Logging and Reporting for enhanced visibility and compliance
![Page 23: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/23.jpg)
#cloudsec
BUT…
![Page 24: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/24.jpg)
#cloudsec
Different environment has different encryption mechanisms…
Different Cloud Service Provider has different Key Management policies…
![Page 25: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/25.jpg)
www.cloudsec.com | #cloudsec
Bring Your Own Encryption (BYOE)
![Page 26: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/26.jpg)
#cloudsec
HSM
On-Premises HSM as Root of Trust
![Page 27: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/27.jpg)
#cloudsecStorage
Encryption Data at Rest –How to Protect Data Against Threat
Databases / SQL Layer
Users, Browsers, Mobiles, Apps
Data
Flow
Data Flow
File System Layer Files/Databases/Folders/Shares
Application Layer
Storage Admins
Sys Admins
DB Admins
AppAdmins
EndpointAdmin
![Page 28: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/28.jpg)
#cloudsec
Challenge
▪ Must support multi-cloud, hybrid cloud environment such as AWS, Azure, VMWare, IBM Softlayer
▪ Encryption keys must be centralize store and management. A unified key management policy. Encryption keys will never store in any application or devices.
▪ Requirement for high security, high availability, and future scalability. Provide security controls such as audit logs, access control.
▪ Must be able to integrate with third-party solutions such as cloud encryption gateway, database encryption, and storage encryption solutions.
![Page 29: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/29.jpg)
#cloudsec
Phase I– VM Disk Encryption
![Page 30: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/30.jpg)
#cloudsec
Phase II – Expand Usage
![Page 31: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/31.jpg)
#cloudsec
Phase III – Expand to Multi-Cloud
![Page 32: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/32.jpg)
#cloudsec
Future
![Page 33: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/33.jpg)
KEEP CALM
AND
ENCRYPT
![Page 34: Data Protection Strategies with - CLOUDSEC to Protect Your Cloud...Are we ready for Cloud? #cloudsec Enterprise Cloud Strategy Resource: (ISC)2 2018 Cloud Security Report #cloudsec](https://reader036.fdocuments.net/reader036/viewer/2022070112/605683408b6d48024a447060/html5/thumbnails/34.jpg)
www.cloudsec.com | #cloudsec
THANK YOU
Jeff Chen, CISSP
Security Consultant, GCK
Thales CPL