Cloud 360 Shared Responsibility Model - Vi bygger Danmark ... · Technologies Required - Cloud 3600...
Transcript of Cloud 360 Shared Responsibility Model - Vi bygger Danmark ... · Technologies Required - Cloud 3600...
![Page 1: Cloud 360 Shared Responsibility Model - Vi bygger Danmark ... · Technologies Required - Cloud 3600 Shared Responsibility Model Link control, domain check, email controls, encryption](https://reader035.fdocuments.us/reader035/viewer/2022071016/5fcead30bdbf40048a6bae89/html5/thumbnails/1.jpg)
Cloud 3600 Shared Responsibility Model
Dave Messett
Head of Product & Solutions Marketing, EMEA, McAfee
@DaveMessett
September 2019
![Page 2: Cloud 360 Shared Responsibility Model - Vi bygger Danmark ... · Technologies Required - Cloud 3600 Shared Responsibility Model Link control, domain check, email controls, encryption](https://reader035.fdocuments.us/reader035/viewer/2022071016/5fcead30bdbf40048a6bae89/html5/thumbnails/2.jpg)
”Mum, Dad – Can I go to a party?”
CONTEXT IS KING
![Page 3: Cloud 360 Shared Responsibility Model - Vi bygger Danmark ... · Technologies Required - Cloud 3600 Shared Responsibility Model Link control, domain check, email controls, encryption](https://reader035.fdocuments.us/reader035/viewer/2022071016/5fcead30bdbf40048a6bae89/html5/thumbnails/3.jpg)
3
Everyone Is Going To The Cloud – All That
Differs Is Speed
… and How Safely
![Page 4: Cloud 360 Shared Responsibility Model - Vi bygger Danmark ... · Technologies Required - Cloud 3600 Shared Responsibility Model Link control, domain check, email controls, encryption](https://reader035.fdocuments.us/reader035/viewer/2022071016/5fcead30bdbf40048a6bae89/html5/thumbnails/4.jpg)
4
Employees
Partners
Customers
Vendors
Managed
Unmanaged
Mass migration to the cloud?
On-Network Off-Network
![Page 5: Cloud 360 Shared Responsibility Model - Vi bygger Danmark ... · Technologies Required - Cloud 3600 Shared Responsibility Model Link control, domain check, email controls, encryption](https://reader035.fdocuments.us/reader035/viewer/2022071016/5fcead30bdbf40048a6bae89/html5/thumbnails/5.jpg)
5
How Many Cloud Services Are We Using?
0
5
10
15
20
25
30
35
2013 2014 2015 2016 2017 2018
Estimated
![Page 6: Cloud 360 Shared Responsibility Model - Vi bygger Danmark ... · Technologies Required - Cloud 3600 Shared Responsibility Model Link control, domain check, email controls, encryption](https://reader035.fdocuments.us/reader035/viewer/2022071016/5fcead30bdbf40048a6bae89/html5/thumbnails/6.jpg)
6
How Many Cloud Services Are We Using?
0
500
1000
1500
2000
2500
2013 2014 2015 2016 2017 2018
Reality (McAfee Cloud Adoption & Risk Report – April 2019)
![Page 7: Cloud 360 Shared Responsibility Model - Vi bygger Danmark ... · Technologies Required - Cloud 3600 Shared Responsibility Model Link control, domain check, email controls, encryption](https://reader035.fdocuments.us/reader035/viewer/2022071016/5fcead30bdbf40048a6bae89/html5/thumbnails/7.jpg)
7
Salesforce
Office 365
Google Docs
Slack
AWS
Custom Apps
Box
ServiceNow
High-Risk
Shadow
Med/Low-Risk
Shadow
31%
13%
11%
16%
8%
5%5%
7%
2%
2%
Where is enterprise sensitive data in the cloud?
![Page 8: Cloud 360 Shared Responsibility Model - Vi bygger Danmark ... · Technologies Required - Cloud 3600 Shared Responsibility Model Link control, domain check, email controls, encryption](https://reader035.fdocuments.us/reader035/viewer/2022071016/5fcead30bdbf40048a6bae89/html5/thumbnails/8.jpg)
8
Who’s Responsible For Cloud Security?
CASB Magic Quadrant 2018
“Through 2023, 99% of cloud
security failures will be the
customer’s fault”
![Page 9: Cloud 360 Shared Responsibility Model - Vi bygger Danmark ... · Technologies Required - Cloud 3600 Shared Responsibility Model Link control, domain check, email controls, encryption](https://reader035.fdocuments.us/reader035/viewer/2022071016/5fcead30bdbf40048a6bae89/html5/thumbnails/9.jpg)
9
So, Is Security Better or Worse?
Source: Cloud Adoption & Risk Report, April 2019, McAfee
![Page 10: Cloud 360 Shared Responsibility Model - Vi bygger Danmark ... · Technologies Required - Cloud 3600 Shared Responsibility Model Link control, domain check, email controls, encryption](https://reader035.fdocuments.us/reader035/viewer/2022071016/5fcead30bdbf40048a6bae89/html5/thumbnails/10.jpg)
The 3600 Shared Responsibility Model
![Page 11: Cloud 360 Shared Responsibility Model - Vi bygger Danmark ... · Technologies Required - Cloud 3600 Shared Responsibility Model Link control, domain check, email controls, encryption](https://reader035.fdocuments.us/reader035/viewer/2022071016/5fcead30bdbf40048a6bae89/html5/thumbnails/11.jpg)
11
Insurance (General & Add-On)
Seat belts for passengers
Up to date servicing (brakes, tyres etc.)
Seat Belts
Airbags
Build quality - Handling, won’t fall apart at first corner
The Car Rental Shared Responsibility Model
Manufacturer
Manufacturer Feature, driver responsibility
Owner (Rental Co.)
Driver / Renter
Safely tie in packages
Speed /Quality of driving
Fuel, Oil, Water
![Page 12: Cloud 360 Shared Responsibility Model - Vi bygger Danmark ... · Technologies Required - Cloud 3600 Shared Responsibility Model Link control, domain check, email controls, encryption](https://reader035.fdocuments.us/reader035/viewer/2022071016/5fcead30bdbf40048a6bae89/html5/thumbnails/12.jpg)
12
Data Classification & Accountability
End-Point Protection
Identity & Access Management
Application Level Security
Network Control
Host Infrastructure
Physical Security & Connectivity
SaaSPaaSIaaS
Cloud 3600 Shared Responsibility Model
Service Provider Responsibility
Service Provider feature, enterprise configuration
Enterprise Responsibility
User Responsibility
User/Device/Data control
Collaboration control
© McAfee 2019. OK for reuse if unedited
![Page 13: Cloud 360 Shared Responsibility Model - Vi bygger Danmark ... · Technologies Required - Cloud 3600 Shared Responsibility Model Link control, domain check, email controls, encryption](https://reader035.fdocuments.us/reader035/viewer/2022071016/5fcead30bdbf40048a6bae89/html5/thumbnails/13.jpg)
13
Example: Identity & Access Management
• Check all cloud applications
• Communicate to all owners
• Are they integrated with SSO? Data Classification & Accountability
End-Point Protection
Identity & Access Management
Application Level Security
Network Control
Host Infrastructure
Physical Security & Connectivity
SaaSPaaSIaaS
Service Provider Responsibility
Service Provider feature, enterprise configuration
Enterprise Responsibility
User Responsibility
User/Device/Data control
Collaboration control
© McAfee 2019. OK for reuse if unedited
![Page 14: Cloud 360 Shared Responsibility Model - Vi bygger Danmark ... · Technologies Required - Cloud 3600 Shared Responsibility Model Link control, domain check, email controls, encryption](https://reader035.fdocuments.us/reader035/viewer/2022071016/5fcead30bdbf40048a6bae89/html5/thumbnails/14.jpg)
14
Data Classification & Accountability
End-Point Protection
Identity & Access Management
Application Level Controls
Network Control
Host Infrastructure
Physical Security
SaaSPaaSIaaSTechnologies Required - Cloud 3600 Shared Responsibility Model
Link control, domain check, email controls, encryption
User/Device/Data control
Collaboration control
User Behavior analytics, user & device policies
DLP, on demand scan
Compromised account detection, malware scanning
SSO integration
Configuration audit
Audit of cloud configurations
CIS benchmarking
© McAfee 2019. OK for reuse if unedited
![Page 15: Cloud 360 Shared Responsibility Model - Vi bygger Danmark ... · Technologies Required - Cloud 3600 Shared Responsibility Model Link control, domain check, email controls, encryption](https://reader035.fdocuments.us/reader035/viewer/2022071016/5fcead30bdbf40048a6bae89/html5/thumbnails/15.jpg)
15
Key Takeaways
Cloud environments can be more secure than traditional infrastructures BUT
• You need to ensure you’re asking the right questions
• You need the context about the applications, the CSP, the user and the data
• You need to know who is responsible for what across the entire model
![Page 17: Cloud 360 Shared Responsibility Model - Vi bygger Danmark ... · Technologies Required - Cloud 3600 Shared Responsibility Model Link control, domain check, email controls, encryption](https://reader035.fdocuments.us/reader035/viewer/2022071016/5fcead30bdbf40048a6bae89/html5/thumbnails/17.jpg)
17
Still not convinced?
Office 365
Salesforce (CRM)
Workday (HR)
Webex
Box
Concur (Expenses)
Okta / Sailpoint (Identity)
Jira, Atlassian (Development)
Trello (Collaboration)
Zoom
Slack (Discussions)
PowerBI (Business Intelligence)
Marketo
Hoovers
Adobe Marketing Suite
Ariba (Purchasing)
Hoot (Legal)
Mindtouch (Manuals & Training)
Loopio (Database to answer Qs)
YouTube
ServiceNow (IT Support)
Clari
Digideck
BriefingEdge (Meeting Arranger)
Smartsheet (Shared Spreadsheet)
Yammer (Communications)
Skype (Communications)
Skype for Business (Communications)