SlideShare a Scribd company logo

Risks of Running Enterprise at Cloud Speed & How CASB Helps

A
AndreBolo1

McAfee Cloud Enterprise

Technology
1 of 38
Download to read offline
The Less Known Risks of Running the Enterprise at Cloud Speed Sekhar Sarukkai VP & Fellow, Cloud BU, McAfee
of companies experience business acceleration from their use of cloud services. Source: McAfee Cloud Adoption Report: Business Growth Edition, June 2019 87%
3 Customer Drivers for Cloud Adoption Shadow SaaS Approved SaaS IaaS/PaaS Faster Collaboration Faster Time to Market Higher Employee Satisfaction
4 Mapping ECC To Cloud Computing • Domain 4 Specifically Covers Cloud Computing • Other Domains Also Relevant • You Need Control of Data • To Clouds • From Clouds • Between Clouds • Cloud Configuration • Cloud Security Is A Shared Responsibility
5 59% Higher- performance IT Infrastructure 57% IT Cost Reduction 52% Improved Security How Companies Benefit from the Cloud The three most common benefits: What benefits does your organization experience from its overall use of cloud services?
6 59% Higher- performance IT Infrastructure 57% IT Cost Reduction 52% Improved Security How Companies Benefit from the Cloud The three most common benefits: What benefits does your organization experience from its overall use of cloud services?
7 44% How Companies Benefit from the Cloud Business acceleration measures: 43% 41% 37% 33% 30% 29% More Efficient Collaboration Improved Employee Productivity Business Growth Faster Time to Market Higher Employee Satisfaction Ability to Launch New Products Expansion to New Markets What benefits does your organization experience from its overall use of cloud services?
8 36% 37% 36% 43% 46% 47% 51% How Companies Benefit from the Cloud with Infrastructure-as-a-Service (IaaS) Business acceleration measures: More Efficient Collaboration Improved Employee Productivity Business Growth Faster Time to Market Higher Employee Satisfaction Ability to Launch New Products Expansion to New Markets What benefits does your organization experience from its overall use of cloud services?
9 Companies do more with the cloud when they protect their data with a CASB Source: McAfee Cloud Adoption Report: Business Growth Edition, June 2019 Excluding Shadow IT
10 Where is enterprise sensitive data in the cloud? Salesforce Office 365 Google Docs Slack AWS Custom Apps Box ServiceNow High-Risk Shadow Med/Low-Risk Shadow 31% 13% 11% 16% 8% 5% 5% 7% 2% 2%
11 2. Traditional Solutions don’t Work Traditional ways of identifying threats and breaches are not sufficient Cloud Data Breaches - Why 1. Not Malware Cloud based data breaches are not typically due to Malware 3. Data Loss Cloud Speed Attacks Result in Cloud Scale Data Loss Collaboration SaaS, 42%
12 The Cloud (First) Enterprise Challenges Data Creation and Access in the Cloud Bypasses Existing Network Security Infrastructure 1 Network Controls SaaS IaaS/PaaS Cloud-to-Cloud traffic 95% of Network Traffic
13 Data Classification & Accountability Client & End-Point Protection Identity & Access Management Application Level Controls Network Control Host Infrastructure Physical Security SaaS PaaS IaaS The Cloud (First) Enterprise Challenges Service Provider Responsibility Customer Responsibility Customers Are Still Responsible for Security 2 Cloud Shared Responsibility Model
14 Data Classification & Accountability End-Point Protection Identity & Access Management Application Level Controls Network Control Host Infrastructure Physical Security & Connectivity SaaS PaaS IaaS Cloud Security 3600 Shared Responsibility Model Service Provider Responsibility Service Provider feature, enterprise configuration Enterprise Responsibility User Responsibility User/Device/Data control Collaboration control © McAfee 2019. OK for reuse if unedited
“Through 2020, 95% of cloud security failures will be the customer’s fault.” Gartner Magic Quadrant for CASB—2017
How Data Exfiltrate from the Cloud Some Examples
17 Partner Office 365 Maria—Sharing and Collaboration GetItDone Office 365 Collaboration puts confidential data at risk
18 Sensitive Data in the Cloud – When Sharing isn’t Caring 17% 18% 22% 16% 17% 18% 19% 20% 21% 22% 23% 2016 2017 2018 22% of cloud users share files
19 Sensitive Data in the Cloud – When Sharing isn’t Caring 43% 47% 48% 40% 41% 42% 43% 44% 45% 46% 47% 48% 49% 2016 2017 2018 48% of all files in the cloud are shared with at least one other person
20 2. Advanced Threat Protection Detect Malware, compromised accounts, insider/privileged threats Collab SaaS Use Cases 1. Data Protection Prevent sensitive data from being stored and shared externally 3. Contextual Access Control Block sync/download of corporate O365 data to personal devices 31% 13% 11% 16% 8% 5% 5% 7% 2% 2% Collaboration SaaS, 42%
21 Maria—Using Connected Apps Connected Apps are potential vehicles for Data Leaks EasyCast
22 Business SaaS Use Cases 31% 13% 11% 16% 8% 5% 5% 7% 2% 2% 2. Data Exfiltration Protect report data from being exfiltrated and enable encryption with customer managed keys 1. Compliance Management Discover where your confidential data is inside structured applications Business SaaS, 24% 3. Threat Protection Identify insider and external threats
23 Sam—Shadow IaaS IaaS/PaaS Account 1,2 3 Account 4,5 Account 6,7,8 Account drift as developers create dev and test accounts over time
24 The average company has 70 custom apps running in IaaS Please estimate how many applications your organization runs in IaaS
25 Sam—Unsecure IaaS/PaaS Configuration IaaS/PaaS Configuration drift as developers misconfigure their IaaS/PaaS instaces Storage Bucket Encrypted Storage Bucket Closed Port Configuration Firewall rules …
26 Sam— Top 10 Unsecure IaaS/PaaS Configuration Problems 1. EBS Data encryption is not turned on 2. There’s unrestricted outbound access 3. Access to resources is not provisioned using IAM roles 4. EC2 security group port misconfigured 5. EC2 security group inbound access misconfigured 6. Unencrypted AMI 7. Unused security groups 8. VPC Flow logs disabled 9. Multi-factor authentication not enabled for IAM users 10. S3 bucket encryption not turned on
Average organization has 14 misconfigured IaaS services running at a given time Source: McAfee Cloud Adoption Report, Nov 2018
28 3. Advanced Threat Protection Detect compromised accounts, privileged user threats, malware IaaS Security Use Cases 31% 13% 11% 16% 8% 5% 5% 7% 2% 2% 2. Visibility of Confidential Data Visibility of regulated/high-value data stored in S3/Azure Blobs 1. Managing Drift Identify IaaS resources with security settings that are non- compliant IaaS, 24%
29 Shadow IT Use Cases 31% 13% 11% 16% 8% 5% 5% 7% 2% 2% Shadow IT 1. Discover & Govern Discover & Coach on use of high risk 3. Data Loss Prevention Prevent data exfiltration to medium risk services 2. Conditional Access Control Activity and Instance based access control
30 MVISION Cloud— 100% Cloud Security Coverage Source: McAfee Cloud Adoption Report, Nov 2018 5% 5% Shadow IT, 10% Business SaaS, 24% Collaboration SaaS, 42% IaaS, 24%
31 McAfee MVISION Cloud protects ALL customer data in the cloud MVISION Cloud Enterprise SaaS Long Tail SaaS
32 McAfee MVISION Cloud protects ALL customer data in the cloud Common Security Services Compliance & Risk Assessment Shadow Apps Reporting Orchestration DLP Access Control Encryption Config Audit Classification Data Protection Activity Monitoring Malware Protection UEBA Threat Protection Enterprise SaaS Long Tail SaaS CASB Connect APIs Cloud Native IaaS/PaaS Lift & Shift Apps CASB Reverse Proxy
33 Unified Cloud Edge Unified Data and Threat Protection DLP SWG CASB MVISION ePO DEVICES FEATURES CLOUD DATA BENEFITS Centralized Policy Definition For threat prevention and data protection Unified Incident Management Access Control Over managed and unmanaged devices Cloud Data and Permission Controls Via APIs integrations Acceptable Use Policy Enforcement With advanced malware protection. Other names and brands may be claimed as the property of others.
34 MVISION Cloud Unmanaged Managed SaaS IaaS/PaaS Shadow ▪ Data Security ▪ Threat Protection Control ▪ What: Data, Device, App ▪ Who ▪ Where ▪ When Visibility Adopt a CASB Platform
35 Companies are more likely to experience business acceleration when they protect their data with a CASB Source: McAfee Cloud Adoption Report: Business Growth Edition, June 2019 +15% +11% +32% +36% +45% +40% +38% With CASB Without CASB
36 Mapping ECC To Cloud Computing – Paper Available
37 Cloud Security Recap Cloud require new thinking and platform for data security Embrace a cloud native approach Do it now!! Get a cloud security assessment done 1 2 4
McAfee, the McAfee logo and are trademarks or registered trademarks of McAfee LLC or its subsidiaries in the U.S. and/or other countries. Other names and brands may be claimed as the property of others. Copyright © 2018 McAfee, LLC.

Recommended

Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --SymantecAbhishek Sood
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESHappiest Minds Technologies
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranGSTF
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security GovernanceShankar Subramaniyan
 
Softchoice & Microsoft: Public Cloud Security Webinar
Softchoice & Microsoft: Public Cloud Security WebinarSoftchoice & Microsoft: Public Cloud Security Webinar
Softchoice & Microsoft: Public Cloud Security WebinarSoftchoice Corporation
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Every cloud cloud risk assessment 2018
Every cloud cloud risk assessment 2018Every cloud cloud risk assessment 2018
Every cloud cloud risk assessment 2018soniamcpherson11
 

Recommended

Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --SymantecAbhishek Sood
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESHappiest Minds Technologies
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranGSTF
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security GovernanceShankar Subramaniyan
 
Softchoice & Microsoft: Public Cloud Security Webinar
Softchoice & Microsoft: Public Cloud Security WebinarSoftchoice & Microsoft: Public Cloud Security Webinar
Softchoice & Microsoft: Public Cloud Security WebinarSoftchoice Corporation
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Every cloud cloud risk assessment 2018
Every cloud cloud risk assessment 2018Every cloud cloud risk assessment 2018
Every cloud cloud risk assessment 2018soniamcpherson11
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
 
Cloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack OverviewCloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack OverviewValdez Ladd MBA, CISSP, CISA,
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAmazon Web Services
 
Strengthen Cloud Security
Strengthen Cloud SecurityStrengthen Cloud Security
Strengthen Cloud SecurityLora O'Haver
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Amazon Web Services
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAmazon Web Services
 
CIO Cloud Summit nyc_backupify
CIO Cloud Summit nyc_backupifyCIO Cloud Summit nyc_backupify
CIO Cloud Summit nyc_backupifyDatto
 
Presentation.pptx
Presentation.pptxPresentation.pptx
Presentation.pptxDeepP7
 
Cloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfErikHof4
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfTechugo
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfTechugo
 
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxWhy 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxlior mazor
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportIftikhar Ali Iqbal
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

More Related Content

Similar to Risks of Running Enterprise at Cloud Speed & How CASB Helps

Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAmazon Web Services
 
Strengthen Cloud Security
Strengthen Cloud SecurityStrengthen Cloud Security
Strengthen Cloud SecurityLora O'Haver
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Amazon Web Services
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAmazon Web Services
 
CIO Cloud Summit nyc_backupify
CIO Cloud Summit nyc_backupifyCIO Cloud Summit nyc_backupify
CIO Cloud Summit nyc_backupifyDatto
 
Presentation.pptx
Presentation.pptxPresentation.pptx
Presentation.pptxDeepP7
 
Cloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfErikHof4
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfTechugo
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfTechugo
 
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxWhy 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxlior mazor
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportIftikhar Ali Iqbal
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 

Similar to Risks of Running Enterprise at Cloud Speed & How CASB Helps (20)

Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
Cloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack OverviewCloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack Overview
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App Security
 
Strengthen Cloud Security
Strengthen Cloud SecurityStrengthen Cloud Security
Strengthen Cloud Security
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
 
CIO Cloud Summit nyc_backupify
CIO Cloud Summit nyc_backupifyCIO Cloud Summit nyc_backupify
CIO Cloud Summit nyc_backupify
 
Presentation.pptx
Presentation.pptxPresentation.pptx
Presentation.pptx
 
Cloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdf
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxWhy 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
 

Recently uploaded

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 

Recently uploaded (20)

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 

Risks of Running Enterprise at Cloud Speed & How CASB Helps

  • 1. The Less Known Risks of Running the Enterprise at Cloud Speed Sekhar Sarukkai VP & Fellow, Cloud BU, McAfee
  • 2. of companies experience business acceleration from their use of cloud services. Source: McAfee Cloud Adoption Report: Business Growth Edition, June 2019 87%
  • 3. 3 Customer Drivers for Cloud Adoption Shadow SaaS Approved SaaS IaaS/PaaS Faster Collaboration Faster Time to Market Higher Employee Satisfaction
  • 4. 4 Mapping ECC To Cloud Computing • Domain 4 Specifically Covers Cloud Computing • Other Domains Also Relevant • You Need Control of Data • To Clouds • From Clouds • Between Clouds • Cloud Configuration • Cloud Security Is A Shared Responsibility
  • 5. 5 59% Higher- performance IT Infrastructure 57% IT Cost Reduction 52% Improved Security How Companies Benefit from the Cloud The three most common benefits: What benefits does your organization experience from its overall use of cloud services?
  • 6. 6 59% Higher- performance IT Infrastructure 57% IT Cost Reduction 52% Improved Security How Companies Benefit from the Cloud The three most common benefits: What benefits does your organization experience from its overall use of cloud services?
  • 7. 7 44% How Companies Benefit from the Cloud Business acceleration measures: 43% 41% 37% 33% 30% 29% More Efficient Collaboration Improved Employee Productivity Business Growth Faster Time to Market Higher Employee Satisfaction Ability to Launch New Products Expansion to New Markets What benefits does your organization experience from its overall use of cloud services?
  • 8. 8 36% 37% 36% 43% 46% 47% 51% How Companies Benefit from the Cloud with Infrastructure-as-a-Service (IaaS) Business acceleration measures: More Efficient Collaboration Improved Employee Productivity Business Growth Faster Time to Market Higher Employee Satisfaction Ability to Launch New Products Expansion to New Markets What benefits does your organization experience from its overall use of cloud services?
  • 9. 9 Companies do more with the cloud when they protect their data with a CASB Source: McAfee Cloud Adoption Report: Business Growth Edition, June 2019 Excluding Shadow IT
  • 10. 10 Where is enterprise sensitive data in the cloud? Salesforce Office 365 Google Docs Slack AWS Custom Apps Box ServiceNow High-Risk Shadow Med/Low-Risk Shadow 31% 13% 11% 16% 8% 5% 5% 7% 2% 2%
  • 11. 11 2. Traditional Solutions don’t Work Traditional ways of identifying threats and breaches are not sufficient Cloud Data Breaches - Why 1. Not Malware Cloud based data breaches are not typically due to Malware 3. Data Loss Cloud Speed Attacks Result in Cloud Scale Data Loss Collaboration SaaS, 42%
  • 12. 12 The Cloud (First) Enterprise Challenges Data Creation and Access in the Cloud Bypasses Existing Network Security Infrastructure 1 Network Controls SaaS IaaS/PaaS Cloud-to-Cloud traffic 95% of Network Traffic
  • 13. 13 Data Classification & Accountability Client & End-Point Protection Identity & Access Management Application Level Controls Network Control Host Infrastructure Physical Security SaaS PaaS IaaS The Cloud (First) Enterprise Challenges Service Provider Responsibility Customer Responsibility Customers Are Still Responsible for Security 2 Cloud Shared Responsibility Model
  • 14. 14 Data Classification & Accountability End-Point Protection Identity & Access Management Application Level Controls Network Control Host Infrastructure Physical Security & Connectivity SaaS PaaS IaaS Cloud Security 3600 Shared Responsibility Model Service Provider Responsibility Service Provider feature, enterprise configuration Enterprise Responsibility User Responsibility User/Device/Data control Collaboration control © McAfee 2019. OK for reuse if unedited
  • 15. “Through 2020, 95% of cloud security failures will be the customer’s fault.” Gartner Magic Quadrant for CASB—2017
  • 16. How Data Exfiltrate from the Cloud Some Examples
  • 17. 17 Partner Office 365 Maria—Sharing and Collaboration GetItDone Office 365 Collaboration puts confidential data at risk
  • 18. 18 Sensitive Data in the Cloud – When Sharing isn’t Caring 17% 18% 22% 16% 17% 18% 19% 20% 21% 22% 23% 2016 2017 2018 22% of cloud users share files
  • 19. 19 Sensitive Data in the Cloud – When Sharing isn’t Caring 43% 47% 48% 40% 41% 42% 43% 44% 45% 46% 47% 48% 49% 2016 2017 2018 48% of all files in the cloud are shared with at least one other person
  • 20. 20 2. Advanced Threat Protection Detect Malware, compromised accounts, insider/privileged threats Collab SaaS Use Cases 1. Data Protection Prevent sensitive data from being stored and shared externally 3. Contextual Access Control Block sync/download of corporate O365 data to personal devices 31% 13% 11% 16% 8% 5% 5% 7% 2% 2% Collaboration SaaS, 42%
  • 21. 21 Maria—Using Connected Apps Connected Apps are potential vehicles for Data Leaks EasyCast
  • 22. 22 Business SaaS Use Cases 31% 13% 11% 16% 8% 5% 5% 7% 2% 2% 2. Data Exfiltration Protect report data from being exfiltrated and enable encryption with customer managed keys 1. Compliance Management Discover where your confidential data is inside structured applications Business SaaS, 24% 3. Threat Protection Identify insider and external threats
  • 23. 23 Sam—Shadow IaaS IaaS/PaaS Account 1,2 3 Account 4,5 Account 6,7,8 Account drift as developers create dev and test accounts over time
  • 24. 24 The average company has 70 custom apps running in IaaS Please estimate how many applications your organization runs in IaaS
  • 25. 25 Sam—Unsecure IaaS/PaaS Configuration IaaS/PaaS Configuration drift as developers misconfigure their IaaS/PaaS instaces Storage Bucket Encrypted Storage Bucket Closed Port Configuration Firewall rules …
  • 26. 26 Sam— Top 10 Unsecure IaaS/PaaS Configuration Problems 1. EBS Data encryption is not turned on 2. There’s unrestricted outbound access 3. Access to resources is not provisioned using IAM roles 4. EC2 security group port misconfigured 5. EC2 security group inbound access misconfigured 6. Unencrypted AMI 7. Unused security groups 8. VPC Flow logs disabled 9. Multi-factor authentication not enabled for IAM users 10. S3 bucket encryption not turned on
  • 27. Average organization has 14 misconfigured IaaS services running at a given time Source: McAfee Cloud Adoption Report, Nov 2018
  • 28. 28 3. Advanced Threat Protection Detect compromised accounts, privileged user threats, malware IaaS Security Use Cases 31% 13% 11% 16% 8% 5% 5% 7% 2% 2% 2. Visibility of Confidential Data Visibility of regulated/high-value data stored in S3/Azure Blobs 1. Managing Drift Identify IaaS resources with security settings that are non- compliant IaaS, 24%
  • 29. 29 Shadow IT Use Cases 31% 13% 11% 16% 8% 5% 5% 7% 2% 2% Shadow IT 1. Discover & Govern Discover & Coach on use of high risk 3. Data Loss Prevention Prevent data exfiltration to medium risk services 2. Conditional Access Control Activity and Instance based access control
  • 30. 30 MVISION Cloud— 100% Cloud Security Coverage Source: McAfee Cloud Adoption Report, Nov 2018 5% 5% Shadow IT, 10% Business SaaS, 24% Collaboration SaaS, 42% IaaS, 24%
  • 31. 31 McAfee MVISION Cloud protects ALL customer data in the cloud MVISION Cloud Enterprise SaaS Long Tail SaaS
  • 32. 32 McAfee MVISION Cloud protects ALL customer data in the cloud Common Security Services Compliance & Risk Assessment Shadow Apps Reporting Orchestration DLP Access Control Encryption Config Audit Classification Data Protection Activity Monitoring Malware Protection UEBA Threat Protection Enterprise SaaS Long Tail SaaS CASB Connect APIs Cloud Native IaaS/PaaS Lift & Shift Apps CASB Reverse Proxy
  • 33. 33 Unified Cloud Edge Unified Data and Threat Protection DLP SWG CASB MVISION ePO DEVICES FEATURES CLOUD DATA BENEFITS Centralized Policy Definition For threat prevention and data protection Unified Incident Management Access Control Over managed and unmanaged devices Cloud Data and Permission Controls Via APIs integrations Acceptable Use Policy Enforcement With advanced malware protection. Other names and brands may be claimed as the property of others.
  • 34. 34 MVISION Cloud Unmanaged Managed SaaS IaaS/PaaS Shadow ▪ Data Security ▪ Threat Protection Control ▪ What: Data, Device, App ▪ Who ▪ Where ▪ When Visibility Adopt a CASB Platform
  • 35. 35 Companies are more likely to experience business acceleration when they protect their data with a CASB Source: McAfee Cloud Adoption Report: Business Growth Edition, June 2019 +15% +11% +32% +36% +45% +40% +38% With CASB Without CASB
  • 36. 36 Mapping ECC To Cloud Computing – Paper Available
  • 37. 37 Cloud Security Recap Cloud require new thinking and platform for data security Embrace a cloud native approach Do it now!! Get a cloud security assessment done 1 2 4
  • 38. McAfee, the McAfee logo and are trademarks or registered trademarks of McAfee LLC or its subsidiaries in the U.S. and/or other countries. Other names and brands may be claimed as the property of others. Copyright © 2018 McAfee, LLC.