Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares
-
Upload
adrian-sanabria -
Category
Technology
-
view
284 -
download
1
Transcript of Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares
![Page 1: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/1.jpg)
Hybrid Cloud Security:Potential to be the stuff of dreams, not nightmares…Adrian SanabriaSenior Analyst, Enterprise Security Practice
![Page 2: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/2.jpg)
2
Three critical IT changes
Photo Credits:”IBM PC-IMG 7271" by Rama & Musée Bolo
![Page 3: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/3.jpg)
3
Agenda
Opportunities
Challenges
Fear of the
unknown
1 2 3
![Page 4: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/4.jpg)
Why does cloud scare people?
![Page 5: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/5.jpg)
5
Rapid change - cloud is constantly evolving
![Page 6: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/6.jpg)
6
Cloud computing and security – feel the pain
31% 63%
![Page 7: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/7.jpg)
7
Cloud experience and security concerns
Databarracks Survey
RightScale Survey0%
10%20%30%40%50%60%70%80%
Little to no expe-rienceExperienced
% greatly concerned with security
![Page 8: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/8.jpg)
8
Agenda
Opportunities
Challenges
Fear of the
unknown
1 2 3
![Page 9: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/9.jpg)
9
New Challenges
Traditional IT Cloud
Containers,
DevOps
![Page 10: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/10.jpg)
10
Path from traditional to private cloud
Physical Infrastructure/Data Center
Applications
Operating System
Network
Hypervisor/Virtualization Layer
Man
agem
ent P
laneCustomer
Responsibility
Data
New challenges & opportunities
New Attack Surface
![Page 11: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/11.jpg)
11
Public IaaS: Provider vs. customer responsibilities
Physical Infrastructure/Data Center
Applications
Operating System
Network
Hypervisor/Virtualization Layer
Man
agem
ent
Plan
e
Customer Responsibility
Service ProviderResponsibility
Data
Encryption & Tokenization Opportunitie
s
New Attack Surface
![Page 12: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/12.jpg)
12
Containers – Cloud 2.0 already?
Physical Infrastructure/Data Center
Applications
Container Management
Network
Hypervisor/Virtualization Layer
Man
agem
ent P
lane
Customer Responsibility
Data
Cont
aine
r
Imag
e R
epos
itorie
s
Unvalidated Images
New Operating Systems
Breakout potential
![Page 13: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/13.jpg)
13
Case Study: Code Spaces
![Page 14: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/14.jpg)
14
Case Study: Code SpacesAWS Console
Rope
Data Center
Pit of data loss
Attacker
86%
![Page 15: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/15.jpg)
15
Agenda
Opportunities
Challenges
Fear of the
unknown
1 2 3
![Page 16: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/16.jpg)
16
Automation with APIs, SDN and NFVAutomation/Orchestration
Microsegmentation
Integration, on premises and off
VMware NSX
ForeScout Cloud APIs
![Page 17: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/17.jpg)
17
New perspective: Servers are like cattle, not pets
![Page 18: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/18.jpg)
18
Servers as pets: the old modelOld & Busted
Attackers
Users
Support Service
s
Admins
Hostname: JabbaUptime: 347 daysBuilt: Nov 2009Built by: BrandonMissing Patches: 49Unique configuration
R/W Filesystem
![Page 19: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/19.jpg)
19
Servers as cattle: the new modelNew & Shiny
Attackers
Users
Support Service
s
Admins
Hostname: SVR129Uptime: 9 hoursBuilt: YesterdayBuilt by: a scriptMissing Patches: 0Non-unique config
R/W Filesystem
R/O Filesystem
![Page 20: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/20.jpg)
20
Conclusions
![Page 21: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/21.jpg)
21
My Top RecommendationsProtect the management
plane
Multi-factor authentication
Principle of least privilege
123
![Page 22: Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares](https://reader031.fdocuments.net/reader031/viewer/2022030315/587c76451a28abd04e8b6be5/html5/thumbnails/22.jpg)
Thank You!
22