The New Approach to Security leveraging channel resources · Legacy, perimeter-based security...

26
The New Approach to Security leveraging channel resources

Transcript of The New Approach to Security leveraging channel resources · Legacy, perimeter-based security...

Page 1: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

The New Approach to Securityleveraging channel resources

Page 2: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES |

Meet TBI

Jeff NewtonVice President of Enterprise Saleslinkedin.com/in/jeffmnewton/

Joe FizorSolutions Engineerlinkedin.com/in/joefizor/

Page 3: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA3

Founded in 1991Established as a Master Agency (technology distributor)225 employeesChicago HQ, International SalesBest-in-class technology solution for complete connectivityAll we know is B2B

Agnostic consultation on data, network, voice, cloud, mobility and security

TBI as a Resource

Page 4: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA4

As a Master Agent. A technology consultant.

Direct agreements with 100+ solution providers

For channel partners: supplying organizations a recurring revenue modelConsultantsValue-added Resellers (VARs)Managed Service Providers (MSPs)Software DevelopersSystem Integrators

For end-users: SMB, Mid and Enterprise consultation and sales for telecommunications and cloud technologies

TBI as a Resource

Page 5: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA

Empowering selling partners to solve their customers’ technology needs through:

Training

• TBI University - certification program, partner experience liaison, training events and stewardship

Marketing

• Sales enablement tools, white label solutions, collateral, case studies, promotions

Back-office, sales support and operations

• Back-office, operational support, highly technical Telco, Cable and Cloud pre- and post- sales support, provisioning, installation and commissioning

Finance

• Transparent commission tracking, proactive management and troubleshooting

Page 6: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA

Our Partners’ Security Appetite

6

Recently we conducted a research study of our partners business needs, investments in education, portfolio additions, etc.

• 50% of respondents citing security as having the greatest potential for industry influence, transformative power and revenue generation.

• Virtually all respondent companies (95%) are currently investing in emerging technologies. By 2020, more than three-quarters of respondents will be investing in security, and more than half in private cloud solutions.

• Security is included in more than two-thirds of respondents’ portfolios, followed by hybrid cloud solutions, which are part of nearly half of respondents’ respective portfolios, and one in three currently offer SDN/SD-WAN and/or IoT solutions. By 2020, more than three-quarters of respondents will be investing in security, and more than half in private cloud.

Page 7: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

How a Software-Defined Perimeter Prevents

Malicious Insiders, Over Privileged-Users and

Compromised Third Party Access

Page 8: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA

The Threat is REAL…Percentage of data breaches due to insider threat vary…

10

…but regardless of the number, the threat is real!

Celent (2008)60%

36% CSO Online (2013)

39% Forrester (2012)

Ponemon Institute/Symantec (2012) 39%

Online Trust Alliance (2015) 29%

Central European University's Center for Media, Data and Society (2014)

57%

Page 9: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

How are Networks Vulnerable Today?

Page 10: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA

Yesterday’s network security doesn’t address today’s IT reality

12

Perimeter security has remained largely unchanged for the past 2 decades.

1996 2017

Page 11: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA

VPN - It Isn’t Working…

13

• VPNs Do NOT Equal Secure• Over-Privileged and Off To The Races

“60% of enterprises will phase out network VPNs by 2021.” - Gartner

VPNs – It Isn’t Working…

KEY ISSUES:

• Lateral Movement• Horrible User Experience• Not Built for Cloud

CHALLENGES CREATED:

Page 12: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA14

Firewalls - It Isn’t Working…Traditional Firewalls – It Isn’t Working...

• Static - Configure and Forget• Ports and Addresses, Not Users

KEY ISSUES:

• Over-Privileged Users • Exceptions Proliferation• Complex, Difficult to Manage• Not Designed for Cloud Architectures

CHALLENGES CREATED:

Page 13: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA

Its ComplicatedComplicated setup and management

Show Me The MoneyGenerally very expensive and proprietary solutions.

It Takes a VillageLOTS of components and add-on solutions for it to work.

Network Access Control

15

NAC

NAC – It Isn’t Working...

Page 14: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA

Common Weaknesses of Current Solutions…

16

Users are NOT IP Addresses or Devices

Connect First, Authenticate Second

Static Controls for Dynamic Environments

The Perimeter has Changed…and Continues to Change

The Bad Guys are Not Just on the Outside…

1

2

3

4

5

Page 15: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

We Need a New Approach…

Page 16: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES | 18

A better approach to network security:Software-Defined Perimeter

1Identity-centric

User- or device- based access control

Integrates with directory services and IAM

Context sensitive

Zero-trust model

Authentication before connection

Dynamically-provisioned 1:1 connectivity

Unauthorized resources completely dark

2Built like cloud, for cloud

Distributed, stateless and highly scalable

Programmable and adaptive

Dynamic and on demand

3 Colocation

Page 17: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES | 19

SDP: An industry consensus

SDP enables organizations to provide people-centric, manageable, secure and agile access to networked systems. It is easier and less costly to deploy than firewalls, VPN concentrators and other bolt-in technologies.”

Legacy, perimeter-based security models are ineffective against attacks. Security and risk pros must make security ubiquitous throughout the ecosystem.”“

BeyondCorp doesn’t gate access to services and tools based on a user’s physical location or the originating network; instead, access policies are based on information about a device, its state, and its associated user.”

The SDP security model has been shown to stop all forms of network attacks including DDoS, Man-in-the-Middle, Server Query (OWASP10) as well as Advanced Persistent Threat.”

Page 18: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES |

How Does a SDP Work?

Software-Defined Perimeter

Traditional TCP/IP

Not Identity Centric – Allows Anyone Access

Identity-Centric – Only Authorized Users

“Connect First,Authenticate Second”

“Authenticate First,Connect Second”

Page 19: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES |

The Application View

21

Executives

Marketing

Human Resources

Research & Development

Sales

Page 20: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES |

The Network View

22

Executives

Marketing

Human Resources

Research & Development

Sales

Users have too much network access…

Need to eliminate the gap between network

and application security

Page 21: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES |

What Does a SDP Look Like?

Individualized perimeter for

each user

Fine-grained authorization for on-premises and

cloud

Contextual awareness drives

access and authentication

Simplify firewall and

security group rules

Dynamically adjusts to new

cloud server instances

Consistent access policies across heterogeneous environments

23

Page 22: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES |

Why Deploy Software Defined Perimeter

24

Secure High Risk Usersand Assets

Alternative to Traditional Network Security

Secure and CompliantCloud Deployments

• Simplify network

• Reduce firewall rules

• Eliminate NACs or VPNs

• “Crown Jewels”

• Third-party access

• Privileged users

• Extend to AWS & Azure

• Manage users, not IP addresses

• Improved compliance reporting

Page 23: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES |

Operational Benefits of SDP

25

Social healthcare site reduced the number of firewall rules

by 90%

Multinational retailer reduced the FTEs managing firewall rules from 52 to 13

Governmental agency reducedFTEs managing access to key systems

from 8 to 1 for over 15,000 users

Financial services reporting body reduced audit prep time from

2.5 months to 17 days

Cyber security consulting firm eliminated redundant firewalls and VPNs into remote offices

Global 50 financial replaced Cisco ISE to avoid $20K per

switch upgrades as they expand

90%8 1

Page 24: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

SUMMARY

Page 25: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES CONFIDENTIAL | PROVIDED UNDER NDA

Summary

27

Insider threats are in your Network

• The perimeter is not a unbreakable wall, as it was in the past. It is fuzzy (at best) and constantly changing.

• At least a quarter of all data breaches are due to an insider threat.

• The threats are not just on the outside anymore.

Today’s Solutions Do Not Work

• Firewalls, VPNs and NAC solutions are yesterday’s technology, and unable to meet today’s insider threats.

• The dynamic nature of users and cloud infrastructures demand an easier to manage, more flexible, and scalable solution.

A Software-Defined Perimeter Solves!

• Creates a dynamic, individualized perimeter for each user and user-session –a network “segment of one”.

• Entitlements can be modified dynamically as necessary to meet environmental changes.

• One solution to address security and compliance challenges – on premise and in the cloud.

Page 26: The New Approach to Security leveraging channel resources · Legacy, perimeter-based security models are ineffective against attacks. Security “ and risk pros must make security

CYXTERA TECHNOLOGIES |

TBI is an Agnostic Resource

We offer several vendor-agnostic resources on security including our:

SDWAN Comparison GuideSecurity EBookVendor-Agnostic Security Training