Improving Cloud Visibility, Accountability & Security

Copyright © 2017 Forcepoint. All rights reserved.
Cloudy with a Chance of ...
Visibility, Accountability & Security
Doug Copley
Deputy CISO; Sr. Security & Privacy Strategist
March 16, 2016

CMO: Big board meeting in an hour
Need latest customer data from Rita
Her office is dark… Uh ohhh…
Where is Rita?

Copyright © 2017 Forcepoint. All rights reserved. | 3
WHY CLOUD?
1. Salesforce.com – “Why Move To The Cloud? 10 Benefits Of Cloud Computing” (11/15)
1. Time to Market
2. Scale, Cost Flexibility
3. Work From Anywhere
4. Automatic Updates/Patches
5. Focus on Mission
6. BC/DR
7. Competitiveness
8. Security

THE CLOUD IS CHANGING IT AND SECURITY MUST EVOLVE
Cloud adoption is
growing and it’s not
slowing down
▸ Cloud now 40% of IT budgets1
▸ 78% of organizations indicate that their budget for cloud services will
increase by 2017, with 29% expecting significant increases1
SaaS adoption
exploding
Organizations now
have a “Cloud First”
mentality
▸ SaaS (Software as a Service) spend is projected to grow to $75B by
2020 at a 19.2% compound annual growth rate2
▸ Of those Gartner surveyed who use or plan to use cloud services,
88% have a “Cloud First” strategy for technology initiatives1
1. Gartner – “Market Trends: Cloud Adoption Trends Favor Public Cloud With a Hybrid Twist (08/16)
2. Gartner – Forecast Analysis: Public Cloud Services Worldwide, 4Q16 Update (01/17)
There’s no turning back, but how do you keep your business secure?

BARRIERS TO
CLOUD ADOPTION

Budget
Organization
Enablement
Project Delivery
Lifecycle
Security
Architecture
Governance, Risk
& Compliance
Legal & Human
Resources
Threat Prevention,
Detection & Response
Identity
Management
Risk Management

CONTROL QUESTIONS FOR CLOUD COMPUTING
“How do I know if departments are using
unsanctioned cloud applications?”
“How to we protect web usage without a
proxy on site?”
“How can we protect email when it’s in
Office365 or GMail? What about sandboxing?”
“Everyone can get to the cloud. How can I make sure only authorized
users access our data?” (Authentication/Authorization)
“How do I inspect cloud traffic (for data loss) when it
never traverses our network? What if it’s TLS traffic?”

DATA-CENTRIC CONTEXT AWARE MODEL
What are my
critical assets?
Where are they? How much protection
is needed?
General
Email
Meeting
Notes
Source
Code
Product
Designs
HR
Data
Marketing
Materials
Telephone
Directory
Product
Manuals
Public
Presentations
Internal Repository
And ??? GitHub?
PCs?
Department
OneDrive
ADP Cloud
Application
Server
Inventory
In ServiceNow

ADDRESSING SECURITY
IN THE CLOUD

Corporate Environment
Cloud
Security
Vendor/AWS/Azure
Web Proxy
Email GW
Sandbox
DLP
CASB

Users from Anywhere
Cloud Access Security
Broker (CASB)
WHAT IS A CLOUD ACCESS SECURITY BROKER (CASB)?
Users From
the Office
Users from Home
Cloud
Provides a Layer
of Visibility
and Control
or

IMPROVE VISIBILITY
Discover Shadow IT & Risk
Effective CASBs:
1. Eliminate blind spots
2. Discover what cloud apps are
being used by your workforce
3. Risk rank those cloud apps so IT
teams know what usage has the
highest risk

VISIBILITY – WHO, WHAT (DATA), WHEN, WHERE, WHAT (DEVICE)
Unusual Access
Detect access anomalies that may
indicate an external or insider
threat targeting your data
Audit Trails
ID, department, location, time, device,
actions and data accessed
Admin Activity
Track, monitor, and report all administrative and privileged user activity:
data accesses, configuration changes and permission modifications

ACCOUNTABILITY
Identification of Excess Privileges
• Users may have excess privileges. You
could be overlooking unauthorized
access to sensitive corporate or
customer information.
Secure Access From Managed and Unmanaged Devices
• Force multi-factor authentication based on user, device,
mobile app, location or risk profile
• Limit access or ability to download information for
unmanaged devices
• Restrict access or permissions from outside the country

SECURITY AND COMPLIANCE
Detection of Compliance Gaps
Get notified when cloud app security settings
change and compare them to industry best
practices or standards (e.g., HIPAA, PCI DSS,
ISO, CSA) to highlight deficiencies that require
immediate attention.
Identify Exposed Sensitive Information
Scan corporate files and data stored in file-
sharing services such as OneDrive, Box, Dropbox
and Google Drive for sensitive information and
initiate a remediation workflow, if necessary.

Security and compliance
Prevent Leaks of Sensitive Data
Inspect files and cloud content in real-time to
prevent the malicious or unintentional
leakage of confidential information.
Identify and analyze sensitive or regulated
data stored in cloud file-sync services to
understand sharing permissions exposure
and ensure compliance with regulations such
as PCI, SOX, and HIPAA.

BEHAVIOR AND INTENT
Optimize Detection of Anomalies and
Threats
Forcepoint CASB is the only cloud access
security broker out there that protects
enterprise data from theft and loss due to
compromised, malicious, and careless
users and that correlates activity anomalies
with risky IP addresses.

NEED FOR
OPERATIONAL EFFICIENCY

DRIVES OPERATIONAL EFFICIENCIES
Identifying Security Gaps
CASB APIs can analyze your cloud tenants,
helping IT review users and admins to
detect dormant accounts, external users,
and ex-employees that might still have
access to your cloud apps.
In addition, it inspects your tenant security
configurations to detect deficiencies and to
recommend best-practice settings for
effective cloud governance.

ANALYZING BEHAVIOR TO UNDERSTAND INTENT
Detect & Block Cyber Attacks
CASB monitors all user activity and
analyzes usage patterns to rapidly detect
anomalies that can indicate an account
takeover (much more efficient)
The dashboard provides a wealth of cloud
analytics, highlighting suspicious activities
and attempts to compromise accounts

CLOUD CONVERGENCE & GOVERNANCE
Common Tools Across Platforms
Mature vendors can offer integrated
tool sets that work on premise and in
the cloud (no separate tools
necessary)
Cloud App Metrics
Automate cloud app metrics - number of
users, activity level, traffic volume and
usage hours for each app.
Identification of Overspend
Review the entitlements of your users. You
could be overlooking potential areas of risk
or possibly cost savings opportunities.

CRITICAL CAPABILITIES FOR
CLOUD SECURITY PROVIDERS

THEY SHOULD HAVE BROAD GLOBAL PRESENCE
USA-NA
Toronto
San Jose
Dallas
Miami
Ashburn
Chicago
New York
Los Angeles
CALA
Sao Paulo
AFRICA
Johannesburg
EMEA
Amsterdam
Dusseldorf
Frankfurt
Geneva
Istanbul
London (3)
Paris
Stockholm
Warsaw
Milan
APAC
Tokyo
Hong Kong
Sydney
Singapore
Mumbai

DON’T ACCEPT LATENCY
 Multiple Tier-1 ISPs
 Maintain our own ASNs
 Present at peering exchanges
 Content providers and Network providers

THEY SHOULD BE CERTIFIED (THEIR ENTIRE CAPABILITY)
Forcepoint certifications cover
complete operations and staff
 Architecture
 Development
 Deployment
 Operations
 Data Center
 Services
 SOC
In Process:
 FedRAMP
 GDPR (ISO 27018 supports)
 ISO 27017 (Cloud Security)
 ISO 22301 (Bus Continuity)
Forcepoint Compliance Standards
Star Gold Award

THE CLOUD SECURITY FOGLIGHT
1. Can identify cloud services being used and
risk-rank them
2. Can provide detailed usage activity – even for
administrators
3. Can trigger adaptive authentication
4. Can help identify unauthorized access activity
5. Can identify user access anomalies and
correlate that with cloud apps
6. Can discover sensitive data in cloud apps
and assess risk

THE CLOUD SECURITY FOGLIGHT
7. Can identify when non-compliant
changes are made
8. Can identify users with excess
privileges
9. Can limit functionality for unmanaged
devices (and managed ones too!)
10. Can integrate with DLP and web
gateways for comprehensive security
11. Can analyze user behavior to
understand anomalies and user intent
12. Can ease information security workload

Where information is most valuable
– and most vulnerable
PROTECTING
THE HUMAN POINT
Doug Copley
Deputy CISO; Sr. Security & Privacy Strategist
LinkedIn: linkedin.com/in/dcopley
Twitter: @hcare_security

Improving Cloud Visibility, Accountability & Security

More Related Content

What's hot (20)

Similar to Improving Cloud Visibility, Accountability & Security (20)

More from Doug Copley (7)

Recently uploaded (20)

Improving Cloud Visibility, Accountability & Security