How APIs Turned Cloud on Security on Its Head

Similar documents

APERTURE. Safely enable your SaaS applications.

The Netskope Active Platform

BYOD How-To Guide. How do I securely deliver my company s applications and data to BYOD?

Assessment & Monitoring

RSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively

The 5 Steps to Cloud Confidence

SAFELY ENABLING MICROSOFT OFFICE 365: THREE MUST-DO BEST PRACTICES

Top. Enterprise Reasons to Select kiteworks by Accellion

Enabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media

Top. Reasons Federal Government Agencies Select kiteworks by Accellion

Data Integration Hub

How To Protect Your Mobile Device From Attack

Replacing Microsoft Forefront Threat Management Gateway with F5 BIG-IP. Dennis de Leest Sr. Systems Engineer Netherlands

State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1

Introduction to the Mobile Access Gateway

Choosing a File Sync & Share Solution. PRESENTATION TITLE GOES HERE Darryl Pace Optimal Computer Solutions

Egnyte Cloud File Server. White Paper

Managing PHI in the Cloud Best Practices

The Cloud App Visibility Blindspot

Embracing BYOD with MDM and NAC. Chris Isbrecht, Fiberlink Gil Friedrich, ForeScout

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Qsync Install Qsync utility Login the NAS The address is :8080 bfsteelinc.info:8080

The deployment of OHMS TM. in private cloud

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

CA Technologies Data Protection

MobileIron for ios. Our Mobile IT Platform: Purpose-Built for Next Gen Mobility. MobileIron Platform: Accelerating ios Adoption in the Enterprise

MobileIron Cloud Pricing Packaging

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Securing Office 365 with MobileIron

Workspot Enables Spectrum of Trust. Photo by Marc_Smith - Creative Commons Attribution License

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Securing and Monitoring Access to Office 365

Top Five Security Must-Haves for Office 365. Frank Cabri, Vice President, Marketing Shan Zhou, Senior Director, Security Engineering

Securing enterprise collaboration through and file sharing on a unified platform

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Welcome! Thank you! mobco about mobile samsung about devices mobileiron about mobile IT accellion on mobile documents hands-on devices and race karts

Axway API Portal. Putting APIs first for your developer ecosystem

Putting Web Threat Protection and Content Filtering in the Cloud

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

How To Secure Your Mobile Device

Advanced Configuration Steps

A Buyer's Guide to Data Loss Protection Solutions

Securing SharePoint 101. Rob Rachwald Imperva

Securing Content: The Core Currency of Your Business. Brian Davis President, Net Generation

Introduction to Mobile Access Gateway Installation

tibbr Now, the Information Finds You.

Where in the Cloud are You? Session Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle)

Total Enterprise Mobility

Tableau Online Security in the Cloud

Modern App Architecture for the Enterprise Delivering agility, portability and control with Docker Containers as a Service (CaaS)

Patrick Desbrow VP, Engineering

Cloud Data Security. Sol Cates

Uila SaaS Installation Guide

Splunk Company Overview

Top 10 Reasons Enterprises are Moving Security to the Cloud

Rethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization

ALERT LOGIC FOR HIPAA COMPLIANCE

Quick Start 5: Introducing and configuring Websense Cloud Web Security solution

How To Secure Shareware Kiteworks By Accellion

Electronic Document Workflow Platform for KBA Customers

Microsoft SharePoint Architectural Models

Citrix ShareFile Enterprise technical overview

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Cloud Access Security Broker. Ted Hendriks HP Atalla Pre-Sales Consultant, APJ Region HP Enterprise Security Products

SaaS Security Best Practices: Minimizing Risk in the Cloud

Citrix ShareFile Enterprise: a technical overview citrix.com

Uila Management and Analytics System Installation and Administration Guide

Features of AnyShare

Mimecast Large File Send

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

Data Protection: From PKI to Virtualization & Cloud

MobileIron. Hendrik Van De Velde Exclusive Mobile Eco-system

Windows Server 2012 R2 The Essentials Experience

Building a SaaS Application. ReddyRaja Annareddy CTO and Founder

Securely. Mobilize Any Business Application. Rapidly. The Challenge KEY BENEFITS

ObserveIT User Activity Monitoring software meets the complex compliance and security challenges related to user activity auditing.

Modern Application Architecture for the Enterprise

Generating leads with Meraki's Systems Manager. Partner Training"

Junos Space for Android: Manage Your Network on the Go

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

CASE STUDY SOFTWARE. Zendesk s Cloud-Based Customer Ser vice Platform Lives in RagingWire s Mission Critical Data Centers

SourceFireNext-Generation IPS

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Transcription:

SEC-R09 How APIs Turned Cloud on Security on Its Head Rajneesh Chopra, VP of Products, Netskope @rajnchop

How APIs Turned Cloud Security on Its Head What happened to the perimeter? APIs make us move fast But they turned cloud security on its head Here are some how-tos 2

Perimeters and Unicorns Two things that only exist in IT fairyland

5

APIs Expose Conceptually Simple Services 6

Challenging at Scale 7

Making Complex Services Simple Content Services Platform (APIs, SDKs) Search Security Acceleration Storage Rules Conversion Collaboration Logging 8

Native Apps Third Party ISV Custom Apps Cluster of servers running SOLR (strip text, format) All flash and solid state disks Collaboration Editing/Creation Enterprise SaaS OneCloud Mobile Enterprise IT Systems Integrators Content Services Platform (APIs, SDKs) Search Search Security Acceleration Storage Rules Conversion Collaboration Logging 9

10

50% of salesforce.com revenue comes from their app ecosystem 11

5 Reasons Why APIs Turned Security on Its Head 12

WE CAN T LIVE WITH OUT WE CAN T KICK THEM OUT

1. Data is easy to share 14

2. Data is no longer owned by the app 15

What Else APIs Can Tell You Meet Gary Gary got a new job Along the way, Gary took a detour BIGGEST COMPETITOR, INC. Sales Rep 16

3. The gateway is dead VPN 17

4. Your app ecosystem is only strong as its weakest link 18

19 5. Activity-level Detail through Rich APIs Identity App Activity Data Summary * Login as: mary@acme * Box ID: mary@gmail * Using: Macbook/Safari * From: Mtn View, CA * Destination: Box site located in Germany * To user: sharing a doc with John@Newco * App: Box * Category: Cloud Storage * CCL: High * Risk: High Login Upload Download Share Logout Invite Edit View.. PII/PCI/PHI data Other sensitive classifications App session end App: Box Using: Macbook, Safari 6.0 From: Mountain View, CA Activities: Create Folder, Move Files (4), Share Folder w/ John@NewCo Anomalies: Downloaded a PII doc from SFDC and uploaded to box

Let s take a look at this in practice.. 20

Healthcare Case Study Global Healthcare organization Founded in 1945 One of the nation s largest not-for profit health plans Serve approximately 9.5 million members 21

Use Case #1 Protect PHI content in files 22 Real time detection of sensitive data from mobile or laptops Dynamic quarantine allows further review by compliance administrator 22

Deployment Architecture Cloud DLP for cloud apps With On-Prem DLP Validation All Devices: PC, Mobile and BYOD All locations: On-premise and remote All Cloud Coverage: Sanctioned & Unsanctioned SSL Internet ANALYTICS & REAL-TIME POLICY ENGINE ICAP Forwarder On-premise ICAP Workflow Cloud DLP screens cloud bound content DLP violation results in content quarantine to on-prem Secure Forwarder On-prem Secure Forwarder ICAPs content to Ent DLP solution Action taken on DLP verdict using Netskope APIs Enterprise

Customize Quarantine, Remediation Workflow with REST API End User Netskope DLP Engine 1 File upload attempted User notified of quarantine File upload denied Quarantine Folder Email to Quarantine Approver 3 Quarantine Alert 2 File sent to Quarantine Folder Quarantine Approver 7 Email user outcome and next steps Netskope Mgmt Plane 8 Install DLP bypass rule if Permit REST API 4 Ent DLP File pulled by Ent DLP for secondary inspection 5 Permit or Block 6 24

Quarantine workflow Data Upload Quarantine Repository 25 User

Use Case #2: Protect sensitive content when employees and contractors store it in the cloud 26

Workflows for DLP 27 27

Summary Ecosystems are the life-blood Be mindful of data ownership is it your data at the end of the day? Apps are designed to share data you can t avoid this reality The app is the perimeter now asserting control from the data center is no longer viable Only strong as your weakest link the ecosystem matters Get activity-level detail + metadata in order to be the master of this new frontier 28

How to Secure Cloud App Usage 1: Discover the cloud apps running in your enterprise 4: Enact a cloud app policy that people can get behind 2: Understand the context of usage at a deeper level 5: Monitor usage, detect anomalies, conduct forensics and prevent sensitive data loss 3: Plot your course of action based on risk, usage, criticality 6: Don t leave users in the dark. Coach them on safe usage.

Let s stay connected Rajneesh Chopra, VP of Products, Netskope @rajnchop @netskope www.netskope.com rajneesh@netskope.com 30