ISSA Phoenix Chapter Meeting Topic: Security Enablement & Risk Reducing Best Practices for BYOD + SaaS Cloud Apps

Transcription

1 ISSA Phoenix Chapter Meeting Topic: Security Enablement & Risk Reducing Best Practices for BYOD + SaaS Cloud Apps

2 Agenda Security Enablement Concepts for BYOD & SaaS Cloud Apps! Intro and background! BYOD & SaaS and growth the risk: Users/devices VS SaaS CSP! Paradigm shik from No to Enablement! Security enablement concepts Discovery and Risk Assessment Access, and SSO Managed vs Unmanaged BYOD devices User monitoring, and Account Centric Threat Deployment Larger eco- system! Q&A

3 Data Proliferation Mobile/BYOD Corporate Applica6ons becoming SaaS Applica6ons Customer- Facing Applica6ons moving to IaaS or PaaS providers Data Data Data InfoSec paradigm shik from no to enablement Data Data What s driving cloud? Tradi6onal Data Center Cost effec6ve Collabora6ve Scalable Always on No hardware Accessibility

4 The horse has left the barn and it s not a bad thing for InfoSec Source: Everest Group

5 BYOD access to cloud has increased 20% in three years Source: Cisco

6 More of what you already know Source: Intel

7 Business execs want anywhere, anytime cloud app access Source: Cisco

8 Not surprisingly, Security is the concern for cloud enablement Source: Forbes survey

9 To encrypt or not to encrypt in the cloud(s) the risk: Users/devices VS Cloud Service Provider?

10 Where is the greater risk the CSP or your users? Corporate Users Users with have access to the apps! SaaS Cloud Service Provider (CSP) Roaming Users Hackers CSP admins Knee jerk reaction? Encrypt data going to the Cloud Provider What about your 20,000 Salesforce.com users w/acct credentials? Phishing, wireless hijacking, insiders All user/device focused Prioritize based on risk

11 Yes you can Enablement Cloud Applications Corporate Users Cloud Security Paradigm shik from No to Enablement

12 SaaS Security Landscape BYOD users are biggest risk Encryption Data Leakage Prevention Account Centric Threat Prevention User & Device Activity Monitoring SaaS Discovery! Data at rest at Cloud Svs Provider Highest Risk Areas! Cyber hackers & malicious employees are the biggest security threat! Discover & prioritize Shadow IT

13 Best Practice data risk and security rules do not change Risk & Compliance Threat Prevention Activity Monitoring & Analytics Cloud Apps Discovery & BYOD enrollment Automa6c Cyber- Intrusion Preven6on Consistent & Granular Data Access Logs Sensi6ve Data Access Reports Tracking Config. & User Permission Changes Automa6c Insider Threat Preven6on SIEM Enablement Ac6vity Analy6cs with Drill Down Privileged User Monitoring

14 So you want to enable, now what? Security enablement & risk reducing best Discovery and Risk Assessment Access, and SSO Managed vs Unmanaged BYOD devices User monitoring, and Account Centric Threat Deployment and larger eco- system

15 Risk and Compliance Risk & Compliance Cloud Apps Discovery & BYOD enrollment Sensi6ve Data Access Reports Tracking Config. & User Permission Changes

16 Your network firewall/web proxy logs are a good place to start Cloud apps in use on your network will help jus6fy managing BYOD access

17 Cloud Apps Discovery tool Select files / folders

18 Cloud App Discovery tool scan progress

19 SkyFence Manage discovered Cloud Apps

20 Access, Authentication, & SSO

21 Access, Authentication and Single Sign On (SSO)! Consider leveraging your existing AD environment Using Cloud SSO Providers such as Ping, Centrify, Okta, Symplified who provide pre-integrated AD based Single Sign on to 1000 s of cloud apps! Carrot and Stick approach Users get the SSO and ease of access they want IT gets centralized visibility, management and deprovisioning thru AD users and groups Some solutions synch to their cloud directory; some proxy to on-prem AD instance! Cloud Security Gateways integrate with leading SSO Providers For cloud-based access control and monitoring SSO Portals Corporate Users SSO Providers Skyfence Cloud Security Cloud Gateway

22 Managed vs Unmanaged BYOD Devices

23 Managed vs Unmanaged devices Push device agent sokware or agentless? User transparency - What assump@ons about device risk posture can be made if: It has already connected from the corporate network in the past? It has a correct MDM cer@ficate? It is connec@ng from a trusted IP range? If device is unmanaged: Prompt manual enrollment for unmanaged BYOD devices to connect to corporate cloud apps? Force two factor authen@ca@on? Allow limited access and ac@ons to the cloud app?

24 Examples of Managed/Unmanaged endpoints work flow

25 Endpoint Enrollment

26 Endpoint-based Policies

27 User Activity Monitoring

28 Activity Monitoring Activity Monitoring & Analytics Consistent & Granular Data Access Logs Corporate Users Cloud Applications Ac6vity Analy6cs with Drill Down Cloud Security Privileged User Monitoring

29 Activity Monitoring Cloud monitoring requirements should not have to differ from tradi6onal infrastructure Who- What- How- Where- When

30 Threat Prevention

31 In the news

32 Operationalize threat prevention Learn what s normal Ability to learn from past experience to apply improvements Threat Prevention Automa6c Cyber- Intrusion Preven6on Automa6c Insider Threat Preven6on SIEM Enablement Data Processing Fingerprint Creation Anomaly Detection Engine GEO Intelligence IP Intelligence Authorized devices Data restriction rules Identity-based Account Takeover Abnormal user activity (insider) Man-in-the-middle

33 Leveraging Your Existing Infrastructure in Deployment! Firewall, Web Proxies & Web Gateways! Use log files from perimeter devices as a primary source for app discovery Palo Alto Networks, Blue Coat, Websense and others! Forward cloud app traffic from these devices to a Cloud Security Gateway Most vendors offer both cloud and appliance (on premise) deployment options Some offer Endpoint agent approach! SIEM Tools! Integrate cloud app analytics for better insight! Correlate cloud activity! User Authentication! Active Directory integration for user and group info! Integration with SSO Portals! Mobile Device Management! Leverage certificates and existing device enrollment

34 Comprehensive Data Security: Imperva-Incapsula-Skyfence Cloud Apps www External Apps Amazon Web Services Data Center Databases File Servers Internal Apps

35 The Skyfence Advantage! Automated Scalable Secure! Intelligent endpoint fingerprinting! Automated behavioral profiling! Application intelligence and data aware! Scalable and flexible cloud +/- on premise deployment options! Accurate threat detection! Secures your data Scalable, Automatic Protection + Low TCO = Secure Cloud Enablement