enabling secure use of cloud applications
TRANSCRIPT
0 © 2015 IBM Corporation
Enabling Secure Use of Cloud Applications
Dan Wolff,
Program Director, Cloud Security Product
Management
1 © 2015 IBM Corporation
Recent Security Timeline
1
614 reported breaches
91,982,172 records 2013
Host
Intrusion
Prevention
Endpoint
Sandboxing
Application
Whitelisting
Web
Filtering
Cloud-based
malware
detection
Network
Sandboxing
Next Gen
FW
Network
Intrusion
Prevention
Secure Web
Gateways
Web App FW
2 © 2015 IBM Corporation
Expansion of Cloud Services
2
External Stakeholders Traditional Enterprise IT
Public Cloud Private Cloud
PaaS Development
services
SaaS Business
applications
IaaS Infrastructure
services
100+ IBM Offerings
HR, CRM, SCM
Data archive
App development
100+ IBM Offerings
Online website
3 © 2015 IBM Corporation
Additional Cloud Threats and Vulnerabilities
Placement (co-tenancy);
exposure to data breach / loss
Configuration errors
Malicious insider
Software
vulnerabilities
Cloud is now integral part of many data breaches
4 © 2015 IBM Corporation
The “Secure” Cloud?
4
But isn’t the cloud already secure?
Even the experts can’t agree
Microsoft
Information Week
HIPAA
5 © 2015 IBM Corporation
What you can expect from your provider
5
Vulnerabilities in the
platform Intrusion monitoring
Widespread data theft Denial of service
Cloud Vendor
is Responsible
Network & Application
6 © 2015 IBM Corporation
What are you responsible for?
6
You are Responsible
Compliance Threat Prevention &
Visibility
Identity management
Credential theft
Insider misuse of data/
data sharing
7 © 2015 IBM Corporation
Customer Imperatives for Improving Security
Detect threats with visibility across clouds
Govern the usage of cloud
Protect workloads and data in the cloud
How can I understand who is accessing the cloud
from anywhere, at anytime?
How can I fix vulnerabilities and defend against attacks before they’re exploited?
How can I obtain a comprehensive view of cloud and traditional environments?
8 © 2015 IBM Corporation
Cloud is an opportunity to radically transform security practices
Cloud-enhanced Security Designed for elastic cloud
environments
Traditional Security Designed for static devices
behind traditional network
protection
9 © 2015 IBM Corporation
Companies are Adopting Cloud Applications
EMPLOYEES IT OPERATIONS CISO
Using Cloud for:
• Cloud Storage
• Collaboration
• Much more
Using Cloud to:
Save money
Reduce complexity
Automate
Consolidate
Loses visibility/control
Risk of data loss
Web based threats
10 © 2015 IBM Corporation
Cloud Applications Mobile Employees
How Can You Protect What You Can’t See?
CASBs are an important
visibility tool for CISOs
CASBs collect cloud app usage
details on traffic going through
corporate gateways
Mobile users can go directly to
cloud apps – creating the “mobile
blind spot”
Cellular networks
• Both in and out of the office
Home WiFi or mobile hot spots
Adds risk of malware, risky behavior, and corporate policy violations
On-Premise and Remote / VPN Employees
Web gateway,
Firewall, IPS, etc.
CASBs
But “Blind spots” still exist
for mobile usage
11 © 2015 IBM Corporation
Security and IT leaders face new challenges
“My team can’t manage
increased employee
usage of cloud”
Gain visibility of all cloud app usage
Simplify connecting to approved apps
Remove mobile blind spots
Stop risky user behavior
Quickly detect and react to threats
Ensure compliance/governance
How does my organization?
12 © 2015 IBM Corporation
IT Leaders are telling us they want to…
“We need to streamline the number of cloud security technologies. My IT analysts need to be more efficient and cut down on errors.”
State Government
Agency
“I have to simplify employee adoption of approved cloud apps. It’s critical for us to integrate identities with cloud discovery and usage.”
Major
Retailer
“One of our biggest problems is visibility into mobile device activity. We can’t enforce policy if we can’t see the traffic.”
Major Financial
Services Organization
13 © 2015 IBM Corporation
MOBILE
BYOD
ON PREM
RISKY
APPS
APPROVED APPS
A new SaaS solution to help securely deploy cloud services
EMPLOYEES
Identity and Access Control
Threat Prevention
Policy Enforcement
Discovery and Visibility
Cloud Event Correlation
© 2015 IBM Corporation © 2015 IBM Corporation
Managing Cloud Usage IT Admin view
15 © 2015 IBM Corporation
16 © 2015 IBM Corporation
Respond to new threats,
in or out of the office
Integrated with threat
intelligence from
IBM X-Force
RESPONSE TO THREATS
17 © 2015 IBM Corporation
Block risky or
unsanctioned apps
on mobile devices
Coach safe employee
usage
PROTECT BY
LIMITING ACCESS
18 © 2015 IBM Corporation
Unified Cloud Security Platform
Identity and Access Control
Threat Prevention
Policy Enforcement
Discovery and Visibility
Cloud Event Correlation
• X-Force Risk scoring for 1000’s of apps
• 360 degree, continuous stream of cloud activity data
• Mobile integration to uncover blind spots
• Federated cloud SSO
• Simplified quick connectors to popular cloud apps
• No programming required
• Self-service catalogs
• Delegated administration
• User activity and traffic monitoring
• Behavioral analysis and correlation to company policies
• Alerting, reporting, and auditing
• In-line Intrusion Prevention for all mobile traffic
• Threat signatures, network analysis, and zero-day threat protection
• User coaching
• Redirection for out-of-policy usage
• Policy and anomaly rule implementation
19 © 2015 IBM Corporation
Key takeaways
Cloud is an opportunity to do security right
Cloud is an opportunity to increase IT efficiency
Cloud is an opportunity to protect against threats
Combine Visibility, Data Protection, Threat Prevention and Access Management
1
2
3
4
Thank You