Compliance in the Cloud - Netwrix · Agenda • Cloud security challenges • Cloud providers...
Transcript of Compliance in the Cloud - Netwrix · Agenda • Cloud security challenges • Cloud providers...
Compliance in the Cloud
How to Secure Identities and Meet Regulatory Requirements
Mason Takacs
Compliance and security expert
Agenda
• Cloud security challenges
• Cloud providers responsibility
• AWS, Google, Microsoft Azure
• Compliance in the cloud
• Netwrix Auditor functionality
Cloud Security Challenges
* RedLock CSI Report 2018
CLOUD SECURITY INCIDENTS
Did your organization experience a cloud related security incident in the last 12 months?*
YES
18%
NO
64%
NOT SURE
18%
YES NO NOT SURE
Cloud Security Holes
Hacked interfaces
and APIs
Exploited system
vulnerabilities
Cloud service
abuses
DoS attacks Cryptojacking
Compromised Credentials and Broken Authentication
Enable multifactor authentication
Educate of your colleagues
Enable digital signatures
Disable inactive accounts
Audit for changes your IT environment
Qwerty123
Password invented in 2003
Stale accounts
Malicious Insiders
• Anomalous users’ behavior
• Suspicious activity:
? massive data deletions
? high number of access attempts
? numerous logon attempts
• Least-privilege principle
• Role-based access
Advanced Persistent Threat (APT) Parasite
Back door attacks
Outbound Traffic Cryptojacking
of resources do not restrict
outbound traffic at all*
85%
of organizations had cryptojacking
activity within their environments
25%
• Implement a “deny all” default outbound firewall policy
• Monitor network traffic to identify any suspicious activities including cryptojacking
• Monitor user activity for any unusual or abnormal behavior, such as unusual attempts to spin off new compute instances
Tips:
* RedLock CSI Report 2018
Cloud Providers Responsibility
Organization Cloud Service Provider
Responsible for
security in the cloud
Responsible for
security of the cloud
Cloud Providers Responsibility
Questions to the cloud provider:
• Where are the servers located?
• What policies for data storage and deletion does the cloud provider use?
• Which security and analytics tools are used to better safeguard customer data?
• How are security incidents, data breaches or service disruptions are going to be handled?
• What are the recovery procedures?
Before you sign a contract:
• What’s provider’s liability?
• How will the responsibility for security be divided between you and the provider?
• How often can you update the contract?
• Which audit and control processes should be applied?
• Do you have the permission to monitor provider’s compliance?
• How is the maintenance of data confidentiality organized?
Top Cloud Providers
* RedLock CSI Report 2018
What cloud IaaS provider(s) do you currently use or plan to use in the future?*
47%
50%
54%
67%
71%
72% 28%
29%
33%
46%
50%
53%
Cloud Providers Comparison
Elastic Compute Cloud
Elastic File System (EFS)
Storage Gateway
AWS Security Groups
Network ACLs
VPC Flow Logs
Virtual Servers
Shared File Storage
Backup-as-a-Service
Hybrid Storage
Cloud Security Groups –Subnet Level
Cloud Security Groups –VNIC Level
Subnet Access Lists
Traffic Tracking
Virtual Machines (VM)
File Storage
Backup
Avere, StoreSimple
Azure Network Security Groups
Azure Network Security Groups
Endpoint ACLs
Network Watcher
Google Compute Engine
Firewall Rules
VPC Flow Logs
Cloud Providers Comparison
Elastic MapReduce (EMR)
Kinesis
QuickSight
Elastic Search Service, Cloud Search
Glue
Simple Email Service (EMS)
Simple Notification Service
Big Data Processing
Analytics
Visualization
Search
Data Discovery
Notification
HD Insight
Stream Analytics, Data LakeAnalytics, Data Lake Store
PowerBI
Search
Data Factory, Data Catalog
Alerts
Cloud Dataproc
Cloud Dataflow
Cloud Datalab, Data Studio (Beta)
Cloud Dataflow
Stackdriver Notifications
Cloud Providers Comparison
Identity and Access Management (IAM)
Organizations
Key Management Service,CloudHSM
Web Application Firewall
Inspector
AWS GuardDuty
AD Connector, Simple AD, Microsoft AD
Authentication & Authorization
Multi-AccountManagement
Encryption
Firewall
Security Assessment
Threat Protection
Directory
Azure AD/Role-basedAccess Control
Management Groups
Key Vault
Application Gateway,Web Application Firewall
Security Center
Advanced Threat Protection
Azure AD, Azure AD B2C, Azure Ad Domain Services
Cloud Identity and Access Management
Cloud Key Management Service
Cloud Security Scanner
Cloud Security Command Center
Cloud Directory Sync
The Latest “Native” Cloud Security Services
2015 2016 2017 2018 2019
Azure Security Center
Azure Advanced Threat Detection
AWS Guard Duty
Google Cloud Security
Command Center
Missing Functionality
Ability to customize detection parameters
A detailed list of anomalous detection capabilities is not yet available
Potential delay in reporting from agent deployment
Сustom threat/IP feeds to aid in improving detection accuracy
Azure Security Center
Missing Functionality
AWS Guard Duty
Ability to adjust settings parameters
Custom detection capability in the native analytics engine/flow
API ability to create custom findings
Unified security dashboard and workflow for all AWS Security services
Missing Functionality
Google Cloud Security Command Center
Customization of settings and detections
Ability to add custom detections into the native flow
Security detections for all GCP services
Integrated native notifications and alerts
Compliance in the Cloud
of databases are not
encrypted
49%
of CIS compliance
checks fail
30%
* RedLock CSI Report 2018
of organizations fail NIST CSF
compliance assessments*
23%
Compliance in the Cloud
? Where is your data stored?
? Who is going to control access to it?
? Who has access to your sensitive date?
? Do you have employees that manage the infrastructure
for you?
? Is it internal or external personnel?
? If you use a public cloud how secure is that cloud
platform?
? Is the cloud going to be segregated from other
organizations' data?
Compliance in the Cloud
Implement access
controls properly
What data will be
moved to the cloud
CSP’s incident
response plan
Safeguards and
benchmarks
Data Discovery
and Classification
Netwrix AuditorVisibility platform for user behavior analysis
and risk mitigation
Useful links
Online TestDrive: experience Netwrix Auditor with no
download or installation required
https://www.netwrix.com/browser_demo.html
Live One-to-One Demo: product tour with Netwrix expert
netwrix.com/livedemo
Contact Sales to obtain more information:
netwrix.com/contactsales
If you want to learn more about Netwrix Auditor, register now for the upcoming product demo: netwrix.com/webinars.html
Questions?