+ All Categories
Home > Documents > STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform,...

STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform,...

Date post: 11-Oct-2020
Category:

Documents
Upload: others
View: 1 times
Download: 0 times
Download Report this document
Share this document with a friend
21
1 ©2018 Check Point Software Technologies Ltd. ©2018 Check Point Software Technologies Ltd. Konstantina Koukou | Security Engineer What is your Security Cloud Strategy? STAIRWAY TO CLOUD OR HIGHWAY TO HELL? [Internal Use] for Check Point employees
Transcript
Page 1: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

1©2018 Check Point Software Technologies Ltd. ©2018 Check Point Software Technologies Ltd.

Konstantina Koukou | Security Engineer

What is your Security Cloud Strategy?

STAIRWAY TO CLOUD OR HIGHWAY TO HELL?

[Internal Use] for Check Point employees

Page 2: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

2©2019 Check Point Software Technologies Ltd.

A START OF A JOURNEY

Page 3: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

3©2019 Check Point Software Technologies Ltd.

SHARED RESPONSIBILITY MODEL

CustomerResponsible for security “IN” the cloud

Cloud Platform responsible security “OF” the cloud

Customer data

Platform, applications, identity and access management

Operating system, network & firewall configuration

Client-side data encryption and data

integrity authentication

Server-side encryption (file system and/or data) Network traffic protection

Compute Storage Database Networking

AWS global infrastructure

Available zones

Regions

Edge locations

Page 4: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

4©2019 Check Point Software Technologies Ltd.

Dec 2016 July 2017 Dec 2017 Apr 2018 May 2018

CUSTOMER CONTROL PLANE & DATA PLANE SECURITY

Customer Data Plane

Customer Control Plane

Cloud Provider Services

VulnerabilitiesThrough 2022, 95% of cloud security failures will be the customer’s fault

Cryptomining Compromised Credentials

Insider Threat Misconfiguration

Page 5: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

5©2019 Check Point Software Technologies Ltd.

3 PATHS 1 TARGET

Lift & ShiftCloud Native

Re-Architect

CLOUDSECURITY

Page 6: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

6©2019 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees

Let’s Start our Journey

Page 7: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

©2019 Check Point Software Technologies Ltd.

LIFT & SHIFT

Page 8: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

8©2019 Check Point Software Technologies Ltd.

• Actually Lifting & Shifting• The perimeter has changed• Protecting your old workloads in

the new environment

CHALLENGES & BENEFITS

• Reducing infrastructure costs• Fit to size compute• Built in agility & Services

LIFT & SHIFT

RE-ARCHITECT

CLOUD NATIVE

Chal

leng

es

Bene

fits

Page 9: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

9©2019 Check Point Software Technologies Ltd.

Network & workload security

blueprint

DATA PLANE BEGINNINGS SECURITY NEEDS

LIFT & SHIFT

RE-ARCHITECT

CLOUD NATIVE

Protection between and within cloud

environments

Using Basic Native Controls

Active Security guardrails for the

cloud

Page 10: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

©2019 Check Point Software Technologies Ltd.

CLOUD NATIVE

Page 11: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

11©2019 Check Point Software Technologies Ltd.

CHALLENGES:

Perimeter Data Perimeters• Allowing unauthorized users to read /

modify or delete your private data

Compute Perimeters• Allowing external entities to run

code in your environment

Messaging Perimeters• Allowing external entities to receive /

send messages to private systems

Identity Perimeter• Allowing external entities full control

over your virtualized data center

01

04

03

02

LIFT & SHIFT

CLOUD NATIVE

RE-ARCHITECT

THE PERIMETER IS DEAD

Page 12: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

12©2019 Check Point Software Technologies Ltd.

LIFT & SHIFT

CLOUD NATIVE

RE-ARCHITECT

Leveraging the platform native security controls

01

Security posture understanding

03

Security intelligence

05Visibility into

your cloud assets

02

Compliance and auto remediation

04

CONTROL PLANE BEGINNINGS SECURITY NEEDS

Page 13: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

©2019 Check Point Software Technologies Ltd.

RE-ARCHITECT

Page 14: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

14©2019 Check Point Software Technologies Ltd.

CHALLENGES: EVERYTHING CHANGED

CI / CD

LIFT & SHIFT

CLOUD NATIVE

RE-ARCHITECT

Code

Build

Test

Deploy

Operate

Monitor

New development paradigm

No control of the data flow

No Visibility

Perimeter is gone

Enhanced Automation

Using Open Source

Page 15: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

15©2019 Check Point Software Technologies Ltd.

THE ACTUAL SITUATION

Lift & Shift Cloud Native Re-architect

Page 16: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

©2019 Check Point Software Technologies Ltd.

THE CHECK POINT SOLUTION

Page 17: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

17©2019 Check Point Software Technologies Ltd.

IaaS network security CLOUDGUARD IAAS

ACI

Private and publiccloud security01

02Automated SecurityBlueprint

03Agility & Elasticity that goes along your cloud journey

04 Native Security controls integration

05North/South and East/West Network Security

Page 18: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

18©2019 Check Point Software Technologies Ltd.

SaaS platform for security and compliance automation

CLOUDGUARD DOME9

Visibility into cloud assets, networks and configurations’ security posture

01 02 Consistent securityacross multiple accounts, regions and cloud platforms

03 Baselining and continuous enforcement of security best practices and compliance

04 Preventionof security configuration drift

Page 19: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

19©2019 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees

CloudGuard – The Next Generation

Container Security

ServerlessSecurity NSaaS MaaS

S3 & Blob Threat

Extraction

Page 20: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

20©2019 Check Point Software Technologies Ltd.

SUMMARY

02 Aspire to be Native

03 CloudGuard Will Protect You in Every Step of the Way

Cloud Security is a Journey

01

Page 21: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated

21©2018 Check Point Software Technologies Ltd. ©2018 Check Point Software Technologies Ltd.

Konstantina Koukou

THANK YOU

[Internal Use] for Check Point employees


Recommended
Navigating the Changing Cloud Security Landscape · Navigating the Changing Cloud Security Landscape Dell cloud security white paper | September 2013 As cloud security threat levels

Navigating the Changing Cloud Security Landscape · Navigating the Changing Cloud Security Landscape Dell cloud security white paper | September 2013 As cloud security threat levels

Documents

Cloud security: Accelerating cloud adoption

Cloud security: Accelerating cloud adoption

Technology

SXSW Music Panel: Stairway to Heaven and Cloud Music

SXSW Music Panel: Stairway to Heaven and Cloud Music

Art & Photos

Transforming Security Part 1: Cloud & Virtualization · Transforming Security Part 1: Cloud ... Practitioners Vendors Cloud Infrastructure ... Transforming Security Part 1: Cloud

Transforming Security Part 1: Cloud & Virtualization · Transforming Security Part 1: Cloud ... Practitioners Vendors Cloud Infrastructure ... Transforming Security Part 1: Cloud

Documents

Helical Stairway

Helical Stairway

Documents

National Cyber Security Centre (NCSC) Cloud Security ... · Cloud Security Principle 4: Governance 23 Cloud Security Principle 5: Operational Security 25 Cloud Security Principle

National Cyber Security Centre (NCSC) Cloud Security ... · Cloud Security Principle 4: Governance 23 Cloud Security Principle 5: Operational Security 25 Cloud Security Principle

Documents

Moving your social collaboration infrastructure to the Cloud. Stairway to Heaven or Highway to Hell?

Moving your social collaboration infrastructure to the Cloud. Stairway to Heaven or Highway to Hell?

Technology

Cloud Security & Cloud Encryption Explained

Cloud Security & Cloud Encryption Explained

Technology

Enterprise Cloud Security option · Enterprise Cloud Security option ... waf

Enterprise Cloud Security option · Enterprise Cloud Security option ... waf

Documents

Stairway to the cloud or can we take the highway? Taivo Liik.

Stairway to the cloud or can we take the highway? Taivo Liik.

Documents

Cloud Security

Cloud Security

Technology

Professional Cloud security Manager - wiselearner.com Cloud Security Manager.pdf · Understanding Cloud Computing Vulnerabilities Vulnerability Vulnerabilities and Cloud Risk Cloud

Professional Cloud security Manager - wiselearner.com Cloud Security Manager.pdf · Understanding Cloud Computing Vulnerabilities Vulnerability Vulnerabilities and Cloud Risk Cloud

Documents

Cloud Security - Security Aspects of Cloud Computing

Cloud Security - Security Aspects of Cloud Computing

Technology

Google Cloud Security Whitepapersservices.google.com/fh/files/misc/security_whitepapers_march2018.pdf1 Google Cloud Security Whitepapers Google Cloud Infrastructure Security Design

Google Cloud Security Whitepapersservices.google.com/fh/files/misc/security_whitepapers_march2018.pdf1 Google Cloud Security Whitepapers Google Cloud Infrastructure Security Design

Documents

CLOUD STORAGE SECURITY INTRODUCTION - SNIA Security Concerns with Cloud Understanding how Cloud services provide for the ... cloud computing environment, ... Cloud Storage Security

CLOUD STORAGE SECURITY INTRODUCTION - SNIA Security Concerns with Cloud Understanding how Cloud services provide for the ... cloud computing environment, ... Cloud Storage Security

Documents

Federated Cloud Security Architecture for Secure and … · Federated Cloud Security Architecture 171 2 Cloud Security We briefly review cloud security [40] and related prior work

Federated Cloud Security Architecture for Secure and … · Federated Cloud Security Architecture 171 2 Cloud Security We briefly review cloud security [40] and related prior work

Documents

Cloud Security Certification - Certified Cloud Security ...

Cloud Security Certification - Certified Cloud Security ...

Documents

Cloud Insights Security : Cloud Insights...Cloud Insights Security Product and customer data security is of utmost importance at NetApp. Cloud Insights follows security best practices

Cloud Insights Security : Cloud Insights...Cloud Insights Security Product and customer data security is of utmost importance at NetApp. Cloud Insights follows security best practices

Documents