Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud...
Transcript of Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud...
![Page 1: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/1.jpg)
Cloud Security
It’s Not Black and White
Nigel Hawthorn, EMEA Spokesperson
[email protected] +44 7801 487987 @wheresnigel
![Page 2: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/2.jpg)
2McAFEE CONFIDENTIAL
SaaS
Cloud—Shared Responsibility Model
SaaSPaaSIaaS
Service Provider Responsibility
Customer Responsibility
IaaS
![Page 3: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/3.jpg)
3McAFEE CONFIDENTIAL
McAfee Comprehensive Cloud Shared Responsibility Model
Data Classification & Accountability
Client & End-Point Protection
Identity & Access Management
Application Level Controls
Network Control
Host Infrastructure
Physical Security
SaaSPaaSIaaS
100% Service Provider Responsibility
Service Provider feature,
customer configuration
Customer Responsibility
User Responsibility
User/Device/Data control
Collaboration behavior
![Page 4: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/4.jpg)
4McAFEE CONFIDENTIAL
Data Taken From Two Reports
http://bit.ly/NavCloudSky
Published April 2018 – Survey Results Published October 2018 – Real Life Data
http://bit.ly/mcafeecarr
![Page 5: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/5.jpg)
5McAFEE CONFIDENTIAL
How Many Cloud Services Are We Using?
0
5
10
15
20
25
30
35
2013 2014 2015 2016 2017 2018
Estimated
![Page 6: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/6.jpg)
6McAFEE CONFIDENTIAL
Average Number of Cloud Services in Use
0
500
1000
1500
2000
2500
2013 2014 2015 2016 2017 2018
90% ?
5% High Risk
5% Low Risk
![Page 7: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/7.jpg)
7McAFEE CONFIDENTIAL
What are you most concerned about?
◆ Security/regulatory requirements
◆ Collaborative nature of cloud
◆ Lack of Visibility, multiple clouds
◆ Increasing external/internal threats targeting cloud
◆ Well intentioned employee error
◆ Cloud providers’ access to sensitive data
![Page 8: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/8.jpg)
![Page 9: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/9.jpg)
9McAFEE CONFIDENTIAL
![Page 10: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/10.jpg)
10McAFEE CONFIDENTIAL
Did We Just Push Our Users Here?
![Page 11: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/11.jpg)
11McAFEE CONFIDENTIAL
Security Controls Vary by Provider
![Page 12: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/12.jpg)
12McAFEE CONFIDENTIAL
Salesforce
Office 365
Google Docs
Slack
AWS
Custom Apps
Box
ServiceNow
High-
Risk
Shadow
Med/Low-
Risk
Shadow
31%
13%
11%
16%
8%
5%5%
7%
2%
2%
Where is enterprise sensitive data in the cloud?
![Page 13: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/13.jpg)
13McAFEE CONFIDENTIAL
File Sharing In The Cloud
%age of files shared in the cloud%age of cloud users sharing files
![Page 14: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/14.jpg)
14McAFEE CONFIDENTIAL
Who We Share Cloud Data With (externally)
![Page 15: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/15.jpg)
15McAFEE CONFIDENTIAL
Data Exposures in SaaS—Knock Knock
McAfee Discovers Knock Knock
Hacker Exploiting Compromised Admin
Account to hack into Office 365
![Page 16: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/16.jpg)
16McAFEE CONFIDENTIAL
![Page 17: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/17.jpg)
17McAFEE CONFIDENTIAL
Security Controls Vary by Provider (2)
![Page 18: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/18.jpg)
18McAFEE CONFIDENTIAL
IaaS and Custom Apps Fastest Growing Segment of Cloud
464 Custom
Apps
IaaS
38.4% CAGR
SaaS
20.3% CAGR
Source: Gartner
![Page 19: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/19.jpg)
19McAFEE CONFIDENTIAL
How Secure Is The Cloud?
![Page 20: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/20.jpg)
20McAFEE CONFIDENTIAL
Data Exposures in IaaS—Ghost Writer
McAfee Discovers Ghost Writer – S3 Buckets Configured for Write
Access open up Customers to Major Vulnerabilities
![Page 21: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/21.jpg)
21McAFEE CONFIDENTIAL
![Page 22: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/22.jpg)
22McAFEE CONFIDENTIAL
![Page 23: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/23.jpg)
23McAFEE CONFIDENTIAL
Cloud to Cloud Traffic
![Page 24: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/24.jpg)
24McAFEE CONFIDENTIAL
Read the EULA
![Page 25: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/25.jpg)
25McAFEE CONFIDENTIAL
Who’s Responsibility Is Cloud Security?
“Through 2022,
95% of cloud
security failures
will be the
customer’s fault”
![Page 26: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/26.jpg)
26McAFEE CONFIDENTIAL
Network security fails to protect all data in the cloud & mobile era
Data created natively
in cloud is invisible to
network security
Data uploaded to
cloud from mobile is
invisible to network
security
50% of cloud traffic is
cloud-to-cloud and
invisible to network
security
![Page 27: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/27.jpg)
27McAFEE CONFIDENTIAL
Cloud Context
This Can Be Hard – We Need Context
Unmanaged Devices
SaaS
IaaS/PaaS
Apps: Name, Configuration, Posture, Risk
Workloads: Details, Location, Posture
Data: Classification, Tagging, Metadata
Users: Role, Activity, Collaborators
Activities: Access, Read, Write, Download, Upload…
Device: Managed, Unmanaged
Location: Where, When
MVISION Cloud
![Page 28: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/28.jpg)
Cloud Configuration:Audit Trail, Threat Modelling
High Risk Sites:Visibility & Blocking / Coaching
User Behavior:Collaboration Controls / Coaching
Shadow Cloud Usage:Visibility, Control & Integration with SSO
Reduce Risk of Getting it Wrong:Forensic Activity Logging
Unmanaged Devices:Access Policies / DRM / Encryption
Rogue User Activity / Lost Credentials:User Behaviour Analytics& Policies
Confidential Data Sharing:DLP Policies, Access Policies,DRM, Encryption
![Page 29: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/29.jpg)
29McAFEE CONFIDENTIAL
MVISION Cloud: Cloud Access Security Broker
SaaS
IaaS/PaaS
MVISION Cloud
No User Friction
No new agents
API & proxy control
Complete Visibility
and Unified Policies
Across Multiple Cloud
Services
Real Time
Complete Coverage▪ Data at rest
▪ Data uploaded/downloaded
▪ Data created in cloud
▪ Shared Cloud-to-cloud
![Page 30: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/30.jpg)
30McAFEE CONFIDENTIAL
More Information Available In Analyst Reports
NOTE: As of January 2018, Skyhigh Networks is the now part of McAfee.
![Page 32: Cloud Security - McAfee · MVISION Cloud: Cloud Access Security Broker SaaS IaaS/PaaS MVISION Cloud No User Friction No new agents API & proxy control Complete Visibility and Unified](https://reader030.fdocuments.us/reader030/viewer/2022041023/5ed4fa458418162b2d0a477d/html5/thumbnails/32.jpg)
McAfee, the McAfee logo and [insert <other relevant McAfee Names>] are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the U.S. and/or other countries.
Other names and brands may be claimed as the property of others.
Copyright © 2019 McAfee, LLC.