Make Cloud the Most Secure Environment for Business
Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)
2
The average organization now uses 1,935 cloud apps
457638
8541018
11691353
169
259
333
409
513
582
626
897
1187
1427
1682
1935
2013 2014 2015 2016 2017 2018
Enterpr ise cloud apps Consumer cloud apps
an increase of 15% over last year
Source: McAfee Cloud Adoption Report, Nov 2018
3Source: Business @ Work Finance 2018, Okta
The average Financial Services organization uses 1,545 cloud apps
4Source: McAfee Cloud Adoption Report, Nov 2018
Most Cloud Apps are not Enterprise-ready
Office365, Workday, AWS, Azure?
Most Organizations:
38 days to patch a vulnerability regardless of security level
34 days to patch most critical CVEs
Source: Tcell Report on Security Patching
Mature Cloud Providers:
Weekly planned patching modelCritical vulnerabilities patched in 24 hours
Source: Tcell Report on Security Patching
Through 2020, public cloud infrastructure-as-a-service (IaaS) workloads will suffer at
least 60% fewer security incidents than those in traditional data centers
Source: Gartner
Microsoft’s annual security budget: $1bn
Source: Microsoft
Through 2022, at least 95% of cloud security failures will be the customer’s fault
Source: Gartner
Cloud security is a shared responsibility
12
Data Classification & Accountability
Client & End-Point Protection
Identity & Access Management
Application Level Controls
Network Control
Host Infrastructure
Physical Security
SaaSPaaSIaaS
Service Provider Responsibility
Customer Responsibility
Shared Responsibility
Shared Responsibility Model for Cloud
13
Client & End-Point Protection
Identity & Access Management
Data Classification & Accountability
Shared Responsibility Model for SaaS
14
Unmanageddevices
Collaboration Malware
Rogue Employee
Compromised Accounts
Shared Responsibility Model for SaaS
87% companies permit employees to use unmanaged devices to access business
apps
Source: McAfee Cloud Adoption Report, Nov 2018
21% of cloud data is sensitive
Source: McAfee Cloud Adoption Report, Nov 2018
83% of organizations worldwide admit that they store sensitive data in the cloud
Source: McAfee Cloud Adoption Report, Nov 2018
48.3% of files in the cloud are shared
19
12% of shared files are accessible to anyone with a link
14% of files shared with a personalemail address
Source: McAfee Cloud Adoption Report, Nov 2018
20
Cloud is the new favorite target of threat actors
Source: McAfee Cloud Adoption Report, Nov 2018
81% of all hacking-related breaches leveraged either stolen and/or weak passwords
Source: Verizon Data Breach Investigation Report 2018
Of All Organizations, Every Month
94%: at least 1 insider threat80%: at least 1 compromised account threat92%: stolen cloud credentials on dark web
Source: Verizon Data Breach Investigation Report 2018
23
Persistent Login AttackBrute Force Logins’ Distant Cousin
Attack MOEnumerate usernames (using first, middle and last names)§ 5-60 different username combinations attempted per User§ Number of attempts vary proportionally, to the value of the
User
Attempt logins for each of the usernames§ Multiple IPs used, one attempt by one IP using one password
Threat Objectives
Assess the organization’s O365 authentication framework (username validation, SSO, MFA etc)
Identify valid usernames, system accounts etc; and if they federate to an SSO/MFA
Compromise O365 accounts
24
KnockKnock Attack
Attack MOTarget system accounts, that do not have MFA or federate to an SSO
Target admins & accounts that have higher privileged access (non-federated authaccounts like *.onmicrosoft.com for O365)
Threat Objectives Compromise high privilege system accountsWiden a breach using malware or phishing leading to deep-set infiltration
Rogue Machines
Originating Geos& Networks
LargeEnterprises
Service Accounts
25
Identifying cloud threats is like finding a needle in the “CloudStack”
100M:1 events:threats
Source: McAfee Cloud Adoption Report, Nov 2018
26
16%
31%
8%7%
13%
11%
5%5%
Salesforce
Office 365Google Docs2%
Slack2%
AWS
CustomApps
BoxServiceNow
High-RiskShadow
Med/Low-RiskShadow
Office 365 contains the most sensitive data, at 31%
Source: McAfee Cloud Adoption Report, Nov 2018
Threats in Office365 have grown 63% in past two years
28
Shared Responsibility Model for IaaS/PaaS
Data Classification & Accountability
Client & End-Point Protection
Identity & Access Management
Application Level Controls
Network Control
Host Infrastructure
Physical Security
29
Compromised Accounts
MalwareMisconfiguration
Provisioning Sprawl
Containers and Workloads
Rogue Use
Workload to Workload Communication
Shared Responsibility Model for IaaS/PaaS
30
AWS dominates in terms of user access count
Source: McAfee Cloud Adoption Report, Nov 2018
31
Most organizations have a multi-cloud strategy
Source: McAfee Cloud Adoption Report, Nov 2018
Average organization has 14 misconfigured IaaS services running at a given time
Source: McAfee Cloud Adoption Report, Nov 2018
33
Top 10 most commonly misconfigured AWS services
1. EBS Data encryption is not turned on2. There’s unrestricted outbound access3. Access to resources is not provisioned using IAM roles4. EC2 security group port misconfigured5. EC2 security group inbound access misconfigured6. Unencrypted AMI 7. Unused security groups 8. VPC Flow logs disabled9. Multi-factor authentication not enabled for IAM users10.S3 bucket encryption not turned on
Source: McAfee Cloud Adoption Report, Nov 2018
34Source: McAfee Cloud Adoption Report, Nov 2018
35
Attack MOIdentify publicly readable, writeable or AWS user readable, writeable buckets
Identify publicly modifiable or AWS user modifiable ACLs
Plant malware in the publicly accessible AWS buckets
Threat ObjectivesLeak hundreds of thousands of records from misconfigured S3 buckets
Distribute malware using trusted-IaaS instances
GhostWriter Threat
Average organization experiences 1,527 DLP incidents in IaaS/PaaS per month
Source: McAfee Cloud Adoption Report, Nov 2018
In 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience 33%
fewer security failures
Source: Gartner
Security of the past is inadequate
Source: Gartner
39
EnterpriseData center
Network
Enterprise Data and Applications wereSecured by Locking Everything Down
Devices
Security of the Past was Network-centric
40
SaaS
IaaS/PaaS
Enterprise Data Creation and Access in the Cloud Bypasses Existing Network Security Infrastructure
Security of the Cloud has to be Cloud-native
41
SaaS
IaaS/PaaS
Security of the Cloud has to be Cloud-native
… and has to be convenient enough!
42
Cloud-native Security – Regaining Visibility w/o Friction
Devices
IaaS/PaaS
Cloud-native Security Platform
Connect and Regain Visibility
SaaS
43
Devices
Cloud-native Security Platform
Connect and Regain Visibility
Enforce Threat and Data Protection Policies
IaaS/PaaS
SaaS
Cloud-native Security – Enforcing Control w/o Friction
44
Managed and Unmanaged
Devices
SaaS
IaaS/PaaS
Apply persistent protection to sensitive data and take real-time action to correct policy violations
Control
Gain complete visibility into data, workloads, containers
and user behavior in the cloud
Visibility
Cloud-native Security Platform
45
Cloud increasingly is home to sensitive enterprise data
Data sharing in the cloud is increasing
Data loss and threat vectors span SaaS and IaaS/PaaS
Cloud security is a shared responsibility
Making Cloud the Most Secure Environment for Business
Deploy cloud-native security platform
Thank you!