The New Approach to Security leveraging channel resources · Legacy, perimeter-based security...
Transcript of The New Approach to Security leveraging channel resources · Legacy, perimeter-based security...
The New Approach to Securityleveraging channel resources
CYXTERA TECHNOLOGIES |
Meet TBI
Jeff NewtonVice President of Enterprise Saleslinkedin.com/in/jeffmnewton/
Joe FizorSolutions Engineerlinkedin.com/in/joefizor/
CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA3
Founded in 1991Established as a Master Agency (technology distributor)225 employeesChicago HQ, International SalesBest-in-class technology solution for complete connectivityAll we know is B2B
Agnostic consultation on data, network, voice, cloud, mobility and security
TBI as a Resource
CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA4
As a Master Agent. A technology consultant.
Direct agreements with 100+ solution providers
For channel partners: supplying organizations a recurring revenue modelConsultantsValue-added Resellers (VARs)Managed Service Providers (MSPs)Software DevelopersSystem Integrators
For end-users: SMB, Mid and Enterprise consultation and sales for telecommunications and cloud technologies
TBI as a Resource
CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA
Empowering selling partners to solve their customers’ technology needs through:
Training
• TBI University - certification program, partner experience liaison, training events and stewardship
Marketing
• Sales enablement tools, white label solutions, collateral, case studies, promotions
Back-office, sales support and operations
• Back-office, operational support, highly technical Telco, Cable and Cloud pre- and post- sales support, provisioning, installation and commissioning
Finance
• Transparent commission tracking, proactive management and troubleshooting
CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA
Our Partners’ Security Appetite
6
Recently we conducted a research study of our partners business needs, investments in education, portfolio additions, etc.
• 50% of respondents citing security as having the greatest potential for industry influence, transformative power and revenue generation.
• Virtually all respondent companies (95%) are currently investing in emerging technologies. By 2020, more than three-quarters of respondents will be investing in security, and more than half in private cloud solutions.
• Security is included in more than two-thirds of respondents’ portfolios, followed by hybrid cloud solutions, which are part of nearly half of respondents’ respective portfolios, and one in three currently offer SDN/SD-WAN and/or IoT solutions. By 2020, more than three-quarters of respondents will be investing in security, and more than half in private cloud.
How a Software-Defined Perimeter Prevents
Malicious Insiders, Over Privileged-Users and
Compromised Third Party Access
CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA
The Threat is REAL…Percentage of data breaches due to insider threat vary…
10
…but regardless of the number, the threat is real!
Celent (2008)60%
36% CSO Online (2013)
39% Forrester (2012)
Ponemon Institute/Symantec (2012) 39%
Online Trust Alliance (2015) 29%
Central European University's Center for Media, Data and Society (2014)
57%
How are Networks Vulnerable Today?
CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA
Yesterday’s network security doesn’t address today’s IT reality
12
Perimeter security has remained largely unchanged for the past 2 decades.
1996 2017
CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA
VPN - It Isn’t Working…
13
• VPNs Do NOT Equal Secure• Over-Privileged and Off To The Races
“60% of enterprises will phase out network VPNs by 2021.” - Gartner
VPNs – It Isn’t Working…
KEY ISSUES:
• Lateral Movement• Horrible User Experience• Not Built for Cloud
CHALLENGES CREATED:
CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA14
Firewalls - It Isn’t Working…Traditional Firewalls – It Isn’t Working...
• Static - Configure and Forget• Ports and Addresses, Not Users
KEY ISSUES:
• Over-Privileged Users • Exceptions Proliferation• Complex, Difficult to Manage• Not Designed for Cloud Architectures
CHALLENGES CREATED:
CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA
Its ComplicatedComplicated setup and management
Show Me The MoneyGenerally very expensive and proprietary solutions.
It Takes a VillageLOTS of components and add-on solutions for it to work.
Network Access Control
15
NAC
NAC – It Isn’t Working...
CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA
Common Weaknesses of Current Solutions…
16
Users are NOT IP Addresses or Devices
Connect First, Authenticate Second
Static Controls for Dynamic Environments
The Perimeter has Changed…and Continues to Change
The Bad Guys are Not Just on the Outside…
1
2
3
4
5
We Need a New Approach…
CYXTERA TECHNOLOGIES | 18
A better approach to network security:Software-Defined Perimeter
1Identity-centric
User- or device- based access control
Integrates with directory services and IAM
Context sensitive
Zero-trust model
Authentication before connection
Dynamically-provisioned 1:1 connectivity
Unauthorized resources completely dark
2Built like cloud, for cloud
Distributed, stateless and highly scalable
Programmable and adaptive
Dynamic and on demand
3 Colocation
CYXTERA TECHNOLOGIES | 19
SDP: An industry consensus
SDP enables organizations to provide people-centric, manageable, secure and agile access to networked systems. It is easier and less costly to deploy than firewalls, VPN concentrators and other bolt-in technologies.”
“
Legacy, perimeter-based security models are ineffective against attacks. Security and risk pros must make security ubiquitous throughout the ecosystem.”“
BeyondCorp doesn’t gate access to services and tools based on a user’s physical location or the originating network; instead, access policies are based on information about a device, its state, and its associated user.”
“
The SDP security model has been shown to stop all forms of network attacks including DDoS, Man-in-the-Middle, Server Query (OWASP10) as well as Advanced Persistent Threat.”
“
CYXTERA TECHNOLOGIES |
How Does a SDP Work?
Software-Defined Perimeter
Traditional TCP/IP
Not Identity Centric – Allows Anyone Access
Identity-Centric – Only Authorized Users
“Connect First,Authenticate Second”
“Authenticate First,Connect Second”
CYXTERA TECHNOLOGIES |
The Application View
21
Executives
Marketing
Human Resources
Research & Development
Sales
CYXTERA TECHNOLOGIES |
The Network View
22
Executives
Marketing
Human Resources
Research & Development
Sales
Users have too much network access…
Need to eliminate the gap between network
and application security
CYXTERA TECHNOLOGIES |
What Does a SDP Look Like?
Individualized perimeter for
each user
Fine-grained authorization for on-premises and
cloud
Contextual awareness drives
access and authentication
Simplify firewall and
security group rules
Dynamically adjusts to new
cloud server instances
Consistent access policies across heterogeneous environments
23
CYXTERA TECHNOLOGIES |
Why Deploy Software Defined Perimeter
24
Secure High Risk Usersand Assets
Alternative to Traditional Network Security
Secure and CompliantCloud Deployments
• Simplify network
• Reduce firewall rules
• Eliminate NACs or VPNs
• “Crown Jewels”
• Third-party access
• Privileged users
• Extend to AWS & Azure
• Manage users, not IP addresses
• Improved compliance reporting
CYXTERA TECHNOLOGIES |
Operational Benefits of SDP
25
Social healthcare site reduced the number of firewall rules
by 90%
Multinational retailer reduced the FTEs managing firewall rules from 52 to 13
Governmental agency reducedFTEs managing access to key systems
from 8 to 1 for over 15,000 users
Financial services reporting body reduced audit prep time from
2.5 months to 17 days
Cyber security consulting firm eliminated redundant firewalls and VPNs into remote offices
Global 50 financial replaced Cisco ISE to avoid $20K per
switch upgrades as they expand
90%8 1
SUMMARY
CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA
Summary
27
Insider threats are in your Network
• The perimeter is not a unbreakable wall, as it was in the past. It is fuzzy (at best) and constantly changing.
• At least a quarter of all data breaches are due to an insider threat.
• The threats are not just on the outside anymore.
Today’s Solutions Do Not Work
• Firewalls, VPNs and NAC solutions are yesterday’s technology, and unable to meet today’s insider threats.
• The dynamic nature of users and cloud infrastructures demand an easier to manage, more flexible, and scalable solution.
A Software-Defined Perimeter Solves!
• Creates a dynamic, individualized perimeter for each user and user-session –a network “segment of one”.
• Entitlements can be modified dynamically as necessary to meet environmental changes.
• One solution to address security and compliance challenges – on premise and in the cloud.
CYXTERA TECHNOLOGIES |
TBI is an Agnostic Resource
We offer several vendor-agnostic resources on security including our:
SDWAN Comparison GuideSecurity EBookVendor-Agnostic Security Training