Embed Size (px)
DESCRIPTION
90% of cloud apps in the enterprise are being used without IT’s knowledge. Whether brought in by individuals or lines of business, there’s an average of 508 apps per enterprise and more than 5,000 in the world from which people can choose. Where things get even more interesting is when cloud and mobile combine and the opportunity for data loss and breaches multiply. These slides are from a webinar where leading identity management, cloud security, and fraud management expert Andras Cser from Forrester and Netskope’s Sr. Director of Product Marketing Bob Gilbert talk about the importance of understanding which employees are using which cloud apps and from where they’re accessing them. View the on-demand webinar here: http://www.netskope.com/webinars/securing-cloud-users-left-devices/
Citation preview
Securing The Cloud When
Users Are Left To Their Own
Devices
November 2014
© 2014 Netskope. All Rights Reserved.
Today’s Speakers
2
› Andras Cser, VP and Principal Analyst
› Bob Gilbert, Sr. Director Product Marketing
© 2014 Forrester Research, Inc. Reproduction Prohibited 3
Source: Forrsights Developer Survey, Q1 2013
“Which of the following cloud-based services have you employed on a regular basis?"
2%
3%
14%
16%
18%
21%
23%
23%
26%
31%
33%
33%
37%
42%
49%
50%
Other
Don't know
Nonrelational database
BPM
Mobile back end
Content delivery network
Application-level caching
Integration (e.g., Dell Boomi, IBM Cast Iron)
Message queuing
Content management
Messaging
Social (e.g., Salesforce Chatter)
Development tools/IDE (e.g. Cloud9, Cloud Foundry)
Relational database (e.g. SQL Azure)
Storage
Compute (e.g., Amazon EC2, Microsoft Azure VM Role)
Sample Size = 175 software developers from companies with 1,000 or more employees
Cloud-based Services Employed Regularly
© 2014 Forrester Research, Inc. Reproduction Prohibited 4
Source: Forrester Software Survey, Q4 2012
“Which of the following initiatives are likely to be your IT organization's top project
and organizational priorities over the next 12 months?”
-- Increase our use of software-as-a-service (cloud applications)
Base: 1,176 North American and European IT decision-makers at firms with 1,000 or more employees
1%
15%
35%
48%
Don't know
Not on our agenda
Low priority
Critical or High priority
© 2013 Forrester Research, Inc. Reproduction Prohibited 5
Cloud Pulls the CISO in Many Directions
CISO and
Security
Organization
Changes, aka
Uneven
Handshake
2. LOB
procures
cloud
services
1. Cloud
Offers
Irresistible
Benefits
5. Security
Struggles to
Reduce Cloud
Security Risks
4. Data Center
Is Loosely
Coupled
3. CISO
Can’t Say No
All the Time
Cloud Security Prepositions
© 2013 Forrester Research, Inc. Reproduction Prohibited 7
A: The Cloud is not just a new delivery platform
B: Cloud Security is NOT just continuing security and extending it to the cloud
Why Cloud Security is like a two component “explosive”, a unique blend:
© 2014 Forrester Research, Inc. Reproduction Prohibited
We’re moving to a single mobile form factor
Screen
Projector
E-ink
Smartboard
Docking station
Wearable glasses
Retina projectionFlexible display
KeyboardMouse
Touch
3D finger tracking
Gesture tracking
Body motionVoice commands
© 2014 Forrester Research, Inc. Reproduction Prohibited
Source: Google - The New Multi-screen World: Understanding Cross-platform Consumer Behavior, August 2014
Customers cross devices to accomplish a single goal
© 2013 Forrester Research, Inc. Reproduction Prohibited 10
Access to Apps Runs the Gamut
› You don’t control your users’ devices
› You don’t control your users’ devices
› You don’t control your users’ devices
› But you have to take inventory of apps they use
› And you have to control the apps they use
› And you have to protect the data they use
© 2013 Forrester Research, Inc. Reproduction Prohibited 11
Cloud Security Top Threats Move to Data
© 2013 Forrester Research, Inc. Reproduction Prohibited 12
Cloud Does NOT Shift the Responsibility of Data Protection
› “When data is transferred to a cloud, the responsibility for protecting and securing the data typically remains with the collector or custodian of that data.”
Cloud Security Alliance, Guidance v3.0
13
General Challenges with Cloud Security› Ease of Use for End Users (you can’t control end users)
• Cloud security should not require users to change behaviors or
tools
› Inconsistent Control (you don’t own everything)
• The only thing you can count on is guest VM ownership
› Elasticity (not all servers are steady-state)
• Cloudbursting, stale servers, dynamic provisioning
› Scalability (highly variable server counts)
• May have one dev server or 1,000 production web servers
› Portability (same controls work anywhere)
• Nobody wants multiple tools or IaaS provider lock-in
© 2013 Forrester Research, Inc. Reproduction Prohibited 14
Technology Challenges with Cloud Security
› Data protection
› Workload separation and multi tenancy
› Information Rights Management
› SaaS providers don’t help much with security related
concerns
› Network Security
› Identity and Access Management (IAM) and Privileged
Identity Management (PIM)
› Business Continuity and Disaster Recovery (BCDR)
› Log Management (SIEM)
© 2013 Forrester Research, Inc. Reproduction Prohibited 15
Network perimeter is gone
© 2013 Forrester Research, Inc. Reproduction Prohibited 16
Consciously Building the Cloud Data Protection Onion
Discovery and Tagging
Risk Assessment
Encryption on Premise
DLP on premise and in the cloud
Behavioral Patterns
Identity Context
Encryption at Cloud Vendor
© 2013 Forrester Research, Inc. Reproduction Prohibited 18
