STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform,...
Transcript of STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform,...
![Page 1: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/1.jpg)
1©2018 Check Point Software Technologies Ltd. ©2018 Check Point Software Technologies Ltd.
Konstantina Koukou | Security Engineer
What is your Security Cloud Strategy?
STAIRWAY TO CLOUD OR HIGHWAY TO HELL?
[Internal Use] for Check Point employees
![Page 2: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/2.jpg)
2©2019 Check Point Software Technologies Ltd.
A START OF A JOURNEY
![Page 3: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/3.jpg)
3©2019 Check Point Software Technologies Ltd.
SHARED RESPONSIBILITY MODEL
CustomerResponsible for security “IN” the cloud
Cloud Platform responsible security “OF” the cloud
Customer data
Platform, applications, identity and access management
Operating system, network & firewall configuration
Client-side data encryption and data
integrity authentication
Server-side encryption (file system and/or data) Network traffic protection
Compute Storage Database Networking
AWS global infrastructure
Available zones
Regions
Edge locations
![Page 4: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/4.jpg)
4©2019 Check Point Software Technologies Ltd.
Dec 2016 July 2017 Dec 2017 Apr 2018 May 2018
CUSTOMER CONTROL PLANE & DATA PLANE SECURITY
Customer Data Plane
Customer Control Plane
Cloud Provider Services
VulnerabilitiesThrough 2022, 95% of cloud security failures will be the customer’s fault
Cryptomining Compromised Credentials
Insider Threat Misconfiguration
![Page 5: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/5.jpg)
5©2019 Check Point Software Technologies Ltd.
3 PATHS 1 TARGET
Lift & ShiftCloud Native
Re-Architect
CLOUDSECURITY
![Page 6: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/6.jpg)
6©2019 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees
Let’s Start our Journey
![Page 7: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/7.jpg)
©2019 Check Point Software Technologies Ltd.
LIFT & SHIFT
![Page 8: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/8.jpg)
8©2019 Check Point Software Technologies Ltd.
• Actually Lifting & Shifting• The perimeter has changed• Protecting your old workloads in
the new environment
CHALLENGES & BENEFITS
• Reducing infrastructure costs• Fit to size compute• Built in agility & Services
LIFT & SHIFT
RE-ARCHITECT
CLOUD NATIVE
Chal
leng
es
Bene
fits
![Page 9: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/9.jpg)
9©2019 Check Point Software Technologies Ltd.
Network & workload security
blueprint
DATA PLANE BEGINNINGS SECURITY NEEDS
LIFT & SHIFT
RE-ARCHITECT
CLOUD NATIVE
Protection between and within cloud
environments
Using Basic Native Controls
Active Security guardrails for the
cloud
![Page 10: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/10.jpg)
©2019 Check Point Software Technologies Ltd.
CLOUD NATIVE
![Page 11: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/11.jpg)
11©2019 Check Point Software Technologies Ltd.
CHALLENGES:
Perimeter Data Perimeters• Allowing unauthorized users to read /
modify or delete your private data
Compute Perimeters• Allowing external entities to run
code in your environment
Messaging Perimeters• Allowing external entities to receive /
send messages to private systems
Identity Perimeter• Allowing external entities full control
over your virtualized data center
01
04
03
02
LIFT & SHIFT
CLOUD NATIVE
RE-ARCHITECT
THE PERIMETER IS DEAD
![Page 12: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/12.jpg)
12©2019 Check Point Software Technologies Ltd.
LIFT & SHIFT
CLOUD NATIVE
RE-ARCHITECT
Leveraging the platform native security controls
01
Security posture understanding
03
Security intelligence
05Visibility into
your cloud assets
02
Compliance and auto remediation
04
CONTROL PLANE BEGINNINGS SECURITY NEEDS
![Page 13: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/13.jpg)
©2019 Check Point Software Technologies Ltd.
RE-ARCHITECT
![Page 14: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/14.jpg)
14©2019 Check Point Software Technologies Ltd.
CHALLENGES: EVERYTHING CHANGED
CI / CD
LIFT & SHIFT
CLOUD NATIVE
RE-ARCHITECT
Code
Build
Test
Deploy
Operate
Monitor
New development paradigm
No control of the data flow
No Visibility
Perimeter is gone
Enhanced Automation
Using Open Source
![Page 15: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/15.jpg)
15©2019 Check Point Software Technologies Ltd.
THE ACTUAL SITUATION
Lift & Shift Cloud Native Re-architect
![Page 16: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/16.jpg)
©2019 Check Point Software Technologies Ltd.
THE CHECK POINT SOLUTION
![Page 17: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/17.jpg)
17©2019 Check Point Software Technologies Ltd.
IaaS network security CLOUDGUARD IAAS
ACI
Private and publiccloud security01
02Automated SecurityBlueprint
03Agility & Elasticity that goes along your cloud journey
04 Native Security controls integration
05North/South and East/West Network Security
![Page 18: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/18.jpg)
18©2019 Check Point Software Technologies Ltd.
SaaS platform for security and compliance automation
CLOUDGUARD DOME9
Visibility into cloud assets, networks and configurations’ security posture
01 02 Consistent securityacross multiple accounts, regions and cloud platforms
03 Baselining and continuous enforcement of security best practices and compliance
04 Preventionof security configuration drift
![Page 19: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/19.jpg)
19©2019 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees
CloudGuard – The Next Generation
Container Security
ServerlessSecurity NSaaS MaaS
S3 & Blob Threat
Extraction
![Page 20: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/20.jpg)
20©2019 Check Point Software Technologies Ltd.
SUMMARY
02 Aspire to be Native
03 CloudGuard Will Protect You in Every Step of the Way
Cloud Security is a Journey
01
![Page 21: STAIRWAY TO CLOUD OR HIGHWAY TO HELL? · security “OF” the cloud. Customer data. Platform, applications, identity and access management ... public 01. cloud security. 02. Automated](https://reader036.fdocuments.us/reader036/viewer/2022071214/60423c0007e26c55727aea05/html5/thumbnails/21.jpg)
21©2018 Check Point Software Technologies Ltd. ©2018 Check Point Software Technologies Ltd.
Konstantina Koukou
THANK YOU
[Internal Use] for Check Point employees