際際滷

際際滷Share a Scribd company logo

Get ahead of cloud network security trends and practices in 2020

C
Cynthia Hsieh

The document discusses cloud network security trends and practices as presented in a webinar led by Richard Stiennon and other experts from Amazon Web Services. It emphasizes the evolution of security models with digital transformation in cloud environments, the need for automation and visibility, and the unique challenges posed by cloud infrastructure. Key takeaways include the importance of adopting cloud-native security solutions and the benefits of using AWS services for comprehensive security management.

Technology
1 of 31
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
1 GET AHEAD OF CLOUD NETWORK SECURITY TRENDS AND PRACTICES FEB 12, 2020 WEBINAR
RICHARD STIENNON CEO and Co-Founder Valtix ROHIT GUPTA Global Segment Leader Security, Amazon Web Services SPEAKER PANEL VISHAL JAIN Chief Research Analyst, IT-Harvest
- Cloud security is just security. An evolution - 3 Stages of Digital Transformation - A new security model - Security model in AWS - Automate with integrated services - AWS security solutions AGENDA - Barriers and common seen practices - Unboxing cloud network security - Cloud-Native Network Security Service - Q&A
4 An evolution, NOT a new layer Endpoint for cloud (VMs, containers) IAM for cloud Network security for cloud DIGITAL TRANSFORMATION IS MOVING TO THE CLOUD
THREE STAGES OF DIGITAL TRANSFORMATION Software as a Service Refactoring Lift & Shift Partial, and Full Cloud-First & Cloud Native
MOVING TO THE CLOUD INTRODUCED NETWORK BOTTLENECKS Traffic destined for cloud apps is forced through the corporate network
7 BACKHAULING CLOUD NETWORK SECURITY TO DATACENTER HAS GOT TO GO
A NEW SECURITY MODEL: CLOUD NETWORK SECURITY SERVICE Service centric Controller based Co-resident Highly automated Continuous awareness
IS CLOUD SECURITY REALLY A NEW SECTOR OF THE SECURITY INDUSTRy? Or, are there just network, endpoint, and access controls applied to cloud properties?
NO NEED FOR A NEW CLOUD SECURITY CATEGORY Number of vendors in each category (2,336 total)
ROHIT GUPTA GLOBAL SEGMENT LEADER AMAZON WEB SERVICES
息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Why is security traditionally so hard? Low degree of automation Lack of visibility
息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential O RMove fast Stay secure Before
息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential O RMove fast Stay secure AN D BeforeNow
息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Shared responsibility model AWS Security OF the Cloud AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud Security IN the Cloud Customer responsibility will be determined by the AWS Cloud services that a customer selects Customer
息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential I have come to realize that as a relatively small organization, we can be far more secure in the cloud and achieve a higher level of assurance at a much lower cost, in terms of effort and dollars invested. We determined that security in AWS is superior to our on- premises data center across several dimensions, including patching, encryption, auditing and logging, entitlements, and compliance. Looks for fraud, abuse, and insider trading over nearly 6 billion shares traded in U.S. equities markets every day Processes approximately 6 terabytes of data and 37 billion records on an average day Went from 34 weeks for server hardening to 34 minutes DevOps teams focus on automation and tools to raise the compliance bar and simplify controls Achieved incredible levels of assurance for consistencies of builds and patching via rebooting with automated deployment scripts John Brady, CISO FINRA Financial industry regulatory authority
息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Automate with comprehensive, integrated security services Inherit global security and compliance controls Highest standards for privacy and data security Largest network of security partners and solutions Scale with superior visibility and control Elevate your security with the AWS Cloud
息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Inherit global security and compliance controls SOC 1 SOC 2 SOC 3 CJI S Gx P MPA A My Number Act VPAT Section 508 G-Cloud DoD SRG FERP A SEC Rule 17a-4(f)
息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Encryption at scale with keys managed by our AWS Key Management Service (KMS) or managing your own encryption keys with AWS CloudHSM using FIPS 140-2 Level 3 validated HSMs Meet data residency requirements Choose an AWS Region and AWS will not replicate it elsewhere unless you choose to do so Access services and tools that enable you to build compliant infrastructure on top of AWS Comply with local data privacy laws by controlling who can access content, its lifecycle, and disposal Highest standards for privacy
息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Threat remediation and response Securely deploy business critical applications Operational efficiencies to focus on critical issues Continuous monitoring and protection Automate with integrated services Comprehensive set of APIs and security tools
息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential AWS Identity & Access Management (IAM) AWS Single Sign-On AWS Directory Service Amazon Cognito AWS Organizations AWS Secrets Manager AWS Resource Access Manager AWS Security Hub Amazon GuardDuty* AWS Config AWS CloudTrail Amazon CloudWatch VPC Flow Logs AWS Detective* AWS Systems Manager AWS Shield AWS WAF Web application firewall AWS Firewall Manager Amazon Inspector Amazon Virtual Private Cloud (VPC) AWS Key Management Service (KMS) AWS CloudHSM AWS Certificate Manager Amazon Macie Server-Side Encryption AWS Config Rules AWS Lambda Identity & access management Detective controls Infrastructure protection Incident response Data protection Integrated AWS security solutions
VISHAL JAIN CEO & CO-FOUNDER, VALTIX
The data center and the cloud may look similar but peeling back the covers will reveal 2 entirely different infrastructures Cloud Security is just Security but the cloud has different plumbing Defy Barriers Lift-and-shift is NOT cloud-native, Cloud ops complexity, and lack of awareness of whats active in the cloud Cloud is very programmatic as opposed to rack and stack Cloud Security Needs a Cloud Mindset
Lessons Learned from the Field Cloud Sprawl is increasing (lack of visibility - also is a cause of increased costs) Lack of situational awareness - adding risk and affecting intended security posture Operational deficiencies hindering agility to focus on critical issues Retrofitting VM appliances slowing security deployments Non optimized architectures (still backhauling)
Unbox your Network Security with Valtix Cloud Network Security Services Delivered Focus on Security NOT Device Management Break free of appliance management Hitless upgrades and updates are managed by the service Increase Agility Automated security, Fully API integrated Continuous awareness and automated remediation of cloud risks Consistent Security Seamless integration across regions Discover across regions, unified policies Dynamic security follows the apps across clouds Automate Security Operations No scripts, No agents, No sizing Resiliency and Scalability are baked-in
Cloud Native Network Security Service Continuous discovery & automated deployment Single-pass NGFW+WAF as a service Consistent security across regions & accounts Valtix Cloud Controller Region Region Valtix Security Service
Valtix Cloud Security Service Solution Cloud security requires a new mindset Unbox your network security Ship policies NOT packets Where third-party network security controls are used, favor cloud-native approaches. Vendors that simply take their on-premises physical appliance into a virtual appliance dont provide a cloud-native experience.Cloud-native security offerings offer built-in automated resiliency, scale- out architectures, ease of insertion into the programmable network fabric of the cloud provider and support for transit virtual private cloud (VPC)-like constructs. Neil MacDonald Distinguished VP Analyst, Gartner
29 RMove fast Stay secureAND Achieving Now
Getting Started http://bit.ly/valtixservice
Q&A
THANK YOU 3 2

More Related Content

Similar to Get ahead of cloud network security trends and practices in 2020 (20)

PPTX
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
Alert Logic
PPTX
Pitt Immersion Day Module 5 - security overview
EagleDream Technologies
PPTX
Building Bulletproof Infrastructure on AWS
2nd Watch
PPTX
Cloud Security.pptx
Reena Harnal
PDF
1. aws security and compliance wwps pre-day sao paolo - markry
Amazon Web Services LATAM
PDF
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Marcela C叩rdenas Hidalgo
PDF
Oas un llamado a la accion
Marcela C叩rdenas Hidalgo
PDF
The AWS Shared Responsibility Model: Presented by Amazon Web Services
Alert Logic
PDF
AWS Enterprise Summit - 企殊磯 覲伎 - 豪
Amazon Web Services Korea
PPTX
Ryan Smith's talk from the AWS Chicago user group May 22 - Security
AWS Chicago
PDF
Security and Compliance Better on AWS_John Hildebrandt
Helen Rogers
PPTX
shared-responsibilitysecurity-roadshowlondon-160317131610.pptx
aalshrif
PDF
How to protect your IoT data on AWS
Lahav Savir
PDF
Security best practices on AWS cloud
Martin Yan
PDF
AWS - Security & Compliance
Amazon Web Services LATAM
PPTX
LIFT OFF 2017: AWS and Cloud Computing
Robert Herjavec
PDF
The AWS Shared Responsibility Model in Practice
Alert Logic
PPTX
Cloud Security, Risk and Compliance on AWS
Karim Hopper
PPTX
AWS Cloud Security
AWS Riyadh User Group
PDF
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
James Strong
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
Alert Logic
Pitt Immersion Day Module 5 - security overview
EagleDream Technologies
Building Bulletproof Infrastructure on AWS
2nd Watch
Cloud Security.pptx
Reena Harnal
1. aws security and compliance wwps pre-day sao paolo - markry
Amazon Web Services LATAM
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Marcela C叩rdenas Hidalgo
Oas un llamado a la accion
Marcela C叩rdenas Hidalgo
The AWS Shared Responsibility Model: Presented by Amazon Web Services
Alert Logic
AWS Enterprise Summit - 企殊磯 覲伎 - 豪
Amazon Web Services Korea
Ryan Smith's talk from the AWS Chicago user group May 22 - Security
AWS Chicago
Security and Compliance Better on AWS_John Hildebrandt
Helen Rogers
shared-responsibilitysecurity-roadshowlondon-160317131610.pptx
aalshrif
How to protect your IoT data on AWS
Lahav Savir
Security best practices on AWS cloud
Martin Yan
AWS - Security & Compliance
Amazon Web Services LATAM
LIFT OFF 2017: AWS and Cloud Computing
Robert Herjavec
The AWS Shared Responsibility Model in Practice
Alert Logic
Cloud Security, Risk and Compliance on AWS
Karim Hopper
AWS Cloud Security
AWS Riyadh User Group
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
James Strong

Recently uploaded (20)

PPTX
MARTSIA: A Tool for Confidential Data Exchange via Public Blockchain - Poster...
Michele Kryston
PDF
Scaling i.MX Applications Processors Native Edge AI with Discrete AI Accele...
Edge AI and Vision Alliance
PDF
Why aren't you using FME Flow's CPU Time?
Safe Software
PPTX
Curietech AI in action - Accelerate MuleSoft development
shyamraj55
PDF
My Journey from CAD to BIM: A True Underdog Story
Safe Software
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
PDF
How to Visualize the Spatio-Temporal Data Using CesiumJS
SANGHEE SHIN
PPTX
Practical Applications of AI in Local Government
OnBoard
PPTX
reInforce 2025 Lightning Talk - Scott Francis.pptx
ScottFrancis51
PPTX
叶Wondershare Filmora Crack 14.0.7 + Key Download 2025
sebastian aliya
PDF
Redefining Work in the Age of AI - What to expect? How to prepare? Why it mat...
Malinda Kapuruge
DOCX
Daily Lesson Log MATATAG ICT TEchnology 8
LOIDAALMAZAN3
PPTX
Enabling the Digital Artisan keynote at ICOCI 2025
Alan Dix
PDF
Salesforce Summer '25 Release Frenchgathering.pptx.pdf
yosra Saidani
PDF
ArcGIS Utility Network Migration - The Hunter Water Story
Safe Software
PDF
EIS-Webinar-Engineering-Retail-Infrastructure-06-16-2025.pdf
Earley Information Science
PDF
2025_06_18 - OpenMetadata Community Meeting.pdf
OpenMetadata
PDF
MPU+: A Transformative Solution for Next-Gen AI at the Edge, a Presentation...
Edge AI and Vision Alliance
PDF
Database Benchmarking for Performance Masterclass: Session 1 - Benchmarking F...
ScyllaDB
PDF
Open Source Milvus Vector Database v 2.6
Zilliz
MARTSIA: A Tool for Confidential Data Exchange via Public Blockchain - Poster...
Michele Kryston
Scaling i.MX Applications Processors Native Edge AI with Discrete AI Accele...
Edge AI and Vision Alliance
Why aren't you using FME Flow's CPU Time?
Safe Software
Curietech AI in action - Accelerate MuleSoft development
shyamraj55
My Journey from CAD to BIM: A True Underdog Story
Safe Software
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
How to Visualize the Spatio-Temporal Data Using CesiumJS
SANGHEE SHIN
Practical Applications of AI in Local Government
OnBoard
reInforce 2025 Lightning Talk - Scott Francis.pptx
ScottFrancis51
叶Wondershare Filmora Crack 14.0.7 + Key Download 2025
sebastian aliya
Redefining Work in the Age of AI - What to expect? How to prepare? Why it mat...
Malinda Kapuruge
Daily Lesson Log MATATAG ICT TEchnology 8
LOIDAALMAZAN3
Enabling the Digital Artisan keynote at ICOCI 2025
Alan Dix
Salesforce Summer '25 Release Frenchgathering.pptx.pdf
yosra Saidani
ArcGIS Utility Network Migration - The Hunter Water Story
Safe Software
EIS-Webinar-Engineering-Retail-Infrastructure-06-16-2025.pdf
Earley Information Science
2025_06_18 - OpenMetadata Community Meeting.pdf
OpenMetadata
MPU+: A Transformative Solution for Next-Gen AI at the Edge, a Presentation...
Edge AI and Vision Alliance
Database Benchmarking for Performance Masterclass: Session 1 - Benchmarking F...
ScyllaDB
Open Source Milvus Vector Database v 2.6
Zilliz
Ad

Get ahead of cloud network security trends and practices in 2020

  • 1. 1 GET AHEAD OF CLOUD NETWORK SECURITY TRENDS AND PRACTICES FEB 12, 2020 WEBINAR
  • 2. RICHARD STIENNON CEO and Co-Founder Valtix ROHIT GUPTA Global Segment Leader Security, Amazon Web Services SPEAKER PANEL VISHAL JAIN Chief Research Analyst, IT-Harvest
  • 3. - Cloud security is just security. An evolution - 3 Stages of Digital Transformation - A new security model - Security model in AWS - Automate with integrated services - AWS security solutions AGENDA - Barriers and common seen practices - Unboxing cloud network security - Cloud-Native Network Security Service - Q&A
  • 4. 4 An evolution, NOT a new layer Endpoint for cloud (VMs, containers) IAM for cloud Network security for cloud DIGITAL TRANSFORMATION IS MOVING TO THE CLOUD
  • 5. THREE STAGES OF DIGITAL TRANSFORMATION Software as a Service Refactoring Lift & Shift Partial, and Full Cloud-First & Cloud Native
  • 6. MOVING TO THE CLOUD INTRODUCED NETWORK BOTTLENECKS Traffic destined for cloud apps is forced through the corporate network
  • 7. 7 BACKHAULING CLOUD NETWORK SECURITY TO DATACENTER HAS GOT TO GO
  • 8. A NEW SECURITY MODEL: CLOUD NETWORK SECURITY SERVICE Service centric Controller based Co-resident Highly automated Continuous awareness
  • 9. IS CLOUD SECURITY REALLY A NEW SECTOR OF THE SECURITY INDUSTRy? Or, are there just network, endpoint, and access controls applied to cloud properties?
  • 10. NO NEED FOR A NEW CLOUD SECURITY CATEGORY Number of vendors in each category (2,336 total)
  • 11. ROHIT GUPTA GLOBAL SEGMENT LEADER AMAZON WEB SERVICES
  • 12. 息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Why is security traditionally so hard? Low degree of automation Lack of visibility
  • 13. 息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential O RMove fast Stay secure Before
  • 14. 息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential O RMove fast Stay secure AN D BeforeNow
  • 15. 息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Shared responsibility model AWS Security OF the Cloud AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud Security IN the Cloud Customer responsibility will be determined by the AWS Cloud services that a customer selects Customer
  • 16. 息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential I have come to realize that as a relatively small organization, we can be far more secure in the cloud and achieve a higher level of assurance at a much lower cost, in terms of effort and dollars invested. We determined that security in AWS is superior to our on- premises data center across several dimensions, including patching, encryption, auditing and logging, entitlements, and compliance. Looks for fraud, abuse, and insider trading over nearly 6 billion shares traded in U.S. equities markets every day Processes approximately 6 terabytes of data and 37 billion records on an average day Went from 34 weeks for server hardening to 34 minutes DevOps teams focus on automation and tools to raise the compliance bar and simplify controls Achieved incredible levels of assurance for consistencies of builds and patching via rebooting with automated deployment scripts John Brady, CISO FINRA Financial industry regulatory authority
  • 17. 息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Automate with comprehensive, integrated security services Inherit global security and compliance controls Highest standards for privacy and data security Largest network of security partners and solutions Scale with superior visibility and control Elevate your security with the AWS Cloud
  • 18. 息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Inherit global security and compliance controls SOC 1 SOC 2 SOC 3 CJI S Gx P MPA A My Number Act VPAT Section 508 G-Cloud DoD SRG FERP A SEC Rule 17a-4(f)
  • 19. 息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Encryption at scale with keys managed by our AWS Key Management Service (KMS) or managing your own encryption keys with AWS CloudHSM using FIPS 140-2 Level 3 validated HSMs Meet data residency requirements Choose an AWS Region and AWS will not replicate it elsewhere unless you choose to do so Access services and tools that enable you to build compliant infrastructure on top of AWS Comply with local data privacy laws by controlling who can access content, its lifecycle, and disposal Highest standards for privacy
  • 20. 息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Threat remediation and response Securely deploy business critical applications Operational efficiencies to focus on critical issues Continuous monitoring and protection Automate with integrated services Comprehensive set of APIs and security tools
  • 21. 息 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential AWS Identity & Access Management (IAM) AWS Single Sign-On AWS Directory Service Amazon Cognito AWS Organizations AWS Secrets Manager AWS Resource Access Manager AWS Security Hub Amazon GuardDuty* AWS Config AWS CloudTrail Amazon CloudWatch VPC Flow Logs AWS Detective* AWS Systems Manager AWS Shield AWS WAF Web application firewall AWS Firewall Manager Amazon Inspector Amazon Virtual Private Cloud (VPC) AWS Key Management Service (KMS) AWS CloudHSM AWS Certificate Manager Amazon Macie Server-Side Encryption AWS Config Rules AWS Lambda Identity & access management Detective controls Infrastructure protection Incident response Data protection Integrated AWS security solutions
  • 22. VISHAL JAIN CEO & CO-FOUNDER, VALTIX
  • 23. The data center and the cloud may look similar but peeling back the covers will reveal 2 entirely different infrastructures Cloud Security is just Security but the cloud has different plumbing Defy Barriers Lift-and-shift is NOT cloud-native, Cloud ops complexity, and lack of awareness of whats active in the cloud Cloud is very programmatic as opposed to rack and stack Cloud Security Needs a Cloud Mindset
  • 24. Lessons Learned from the Field Cloud Sprawl is increasing (lack of visibility - also is a cause of increased costs) Lack of situational awareness - adding risk and affecting intended security posture Operational deficiencies hindering agility to focus on critical issues Retrofitting VM appliances slowing security deployments Non optimized architectures (still backhauling)
  • 25. Unbox your Network Security with Valtix Cloud Network Security Services Delivered Focus on Security NOT Device Management Break free of appliance management Hitless upgrades and updates are managed by the service Increase Agility Automated security, Fully API integrated Continuous awareness and automated remediation of cloud risks Consistent Security Seamless integration across regions Discover across regions, unified policies Dynamic security follows the apps across clouds Automate Security Operations No scripts, No agents, No sizing Resiliency and Scalability are baked-in
  • 26. Cloud Native Network Security Service Continuous discovery & automated deployment Single-pass NGFW+WAF as a service Consistent security across regions & accounts Valtix Cloud Controller Region Region Valtix Security Service
  • 27. Valtix Cloud Security Service Solution Cloud security requires a new mindset Unbox your network security Ship policies NOT packets Where third-party network security controls are used, favor cloud-native approaches. Vendors that simply take their on-premises physical appliance into a virtual appliance dont provide a cloud-native experience.Cloud-native security offerings offer built-in automated resiliency, scale- out architectures, ease of insertion into the programmable network fabric of the cloud provider and support for transit virtual private cloud (VPC)-like constructs. Neil MacDonald Distinguished VP Analyst, Gartner
  • 28. 29 RMove fast Stay secureAND Achieving Now
  • 30. Q&A
About
息 2025 際際滷