Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
©2017 AKAMAI | FASTER FORWARDTM©2016 AKAMAI | FASTER FORWARDTM
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
Convergencia digital, seguridad de información
y las mejores prácticas
Greivin Viquez
Ingeniero Preventa LATAM
©2017 AKAMAI | FASTER FORWARDTM
Agenda
1. ¿Qué es Convergencia Digital?
2. ¿Relación de Convergencia Digital y seguridad de la información?
3. ¿Cuáles son las mejores prácticas?
©2017 AKAMAI | FASTER FORWARDTM
©2017 AKAMAI | FASTER FORWARDTM
©2017 AKAMAI | FASTER FORWARDTM
Sus usuarios son ÚNICOS !
©2017 AKAMAI | FASTER FORWARDTM
49%Espera <4 segundos
“page load times”
30%Espera <3 segundos
“page load times”
18%Espera milisegs. en“page load times”
La experiencia de los consumidores esprioridad
©2017 AKAMAI | FASTER FORWARDTM
©2017 AKAMAI | FASTER FORWARDTM
EL INTERNET ES UBIQUO,
MULTI DISPOSITIVO Y PERSONALIZADO
©2017 AKAMAI | FASTER FORWARDTM
SOBREVIVIR EN LA NUBE
DE INTERNET ES DIFICIL !
Rendimiento Disponibi l idad Escalar Seguridad
©2017 AKAMAI | FASTER FORWARDTM©2016 AKAMAI | FASTER FORWARDTM
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
http://i.imgur.com/DoSasxE.jp
g
RUTEOINTERNET HEREDA PROBLEMAS DE
Internet
©2015 AKAMAI | Global Partner Enablement
©2017 AKAMAI | FASTER FORWARDTM©2016 AKAMAI | FASTER FORWARDTM
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
CONGESTIONINTERNET HEREDA PROBLEMAS DE
©2015 AKAMAI | Global Partner Enablement
©2017 AKAMAI | FASTER FORWARDTM©2016 AKAMAI | FASTER FORWARDTM
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
http://i.imgur.com/DoSasxE.jp
g
SEGURIDADINTERNET HEREDA PROBLEMAS DE
©2015 AKAMAI | Global Partner Enablement
©2017 AKAMAI | FASTER FORWARDTM©2016 AKAMAI | FASTER FORWARDTM
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
©2015 AKAMAI | Global Partner Enablement
¿COMO RESOLVER LOS PROBLEMAS
HEREDADOS DE INTERNET?
©2017 AKAMAI | FASTER FORWARDTM
©2017 AKAMAI | FASTER FORWARDTM
Los APIs representan
nuevos vectores de ataques
RDBMSServidor de
Aplicación
Web Page
API
Ataques a través de aplicaciones Web
Ataques a través de APIs
Ataques al Origin
Ataques tipo DDoS
DOWN
Consecuencias: Perdida de ingresos, robo de datos, daño a la imagen/reputación
DOWN
©2017 AKAMAI | FASTER FORWARDTM
©2017 AKAMAI | FASTER FORWARDTM
©2017 AKAMAI | FASTER FORWARDTM
¿Que es Zero Trust?
Arquitectura de red basado en un
modelo de seguridad originado por el
analista de Forrester John Kindervag
Zero Trust ahora se enfoca en:
● No distinguir entre interno y externo
● Nunca confíe por lo que solo entregue
contenido a usuarios y dispositivos
autenticados y autorizados.
● Siempre verifique ingresos con “logs”,
analíticos y corelacionadores
©2017 AKAMAI | FASTER FORWARDTM
….referencias de “Zero Trust”
©2017 AKAMAI | FASTER FORWARDTM
Estadísticas asociadas a “Zero Trust”
©2017 AKAMAI | FASTER FORWARDTM
El perímetro de seguridad DEBE evolucionar
App #2
App #1
App #3
● Usuarios y applicaciones internos
● Interno = Confiar
● Las paredes definian perímetro
● Las amenazas eras externas
©2017 AKAMAI | FASTER FORWARDTM
Usuarios se mueven hacia afuera
App #2
App #1
App #3
● Móviles
● Ecosistema digital
● Distribución Global
● Trabajadores remotos (WFH)
©2017 AKAMAI | FASTER FORWARDTM
Aplicaciones se mueven hacia afuera
App #2
App #1
App #3
● IaaS y SaaS
● Arquitecturas híbridas
● Visibilidad inconsistente relacionado con seguridad y sus controles
● Experiencia de consumidor es confusa
©2017 AKAMAI | FASTER FORWARDTM
Amenazas se mueven hacia lo interno
App #1
App #2
App #3
● Vulnerabilidades apalancadas en ataques complejos
● Malware, phishing y filtración de datos
● Robo de Credenciales
● “Single Factor authentication”
©2017 AKAMAI | FASTER FORWARDTM
Zero trust
Users & apps anywhere
Verify & never trust
Application access
App #1
App #2
App #3
There is no inside...
Una transformación exitosa requiere “Zero Trust”
App #2
App #1
App #3
Inside = trusted
Users & apps inside
Trust but verify
Full network access
©2017 AKAMAI | FASTER FORWARDTM
App #1
App #2
App #3
…..¿Se puede ser más específico?
1. VPN
2. Autenticar conexiones salientes
3. 2FA
4. Mayor visibilidad
©2017 AKAMAI | FASTER FORWARDTM
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
Conceptos Claves....!
©2017 AKAMAI | FASTER FORWARDTM
Solo entregar
apps/datos a
usuarios/dispositivos
adecuadamente
authN & authZ
Proactivamente
prevenir malware &
filtración en todo
momento y todo
lugar
z
Nunca confíe.
Verifique siempre
con completa
visibilidad
Siempre verifique el
rendimiento de las
aplicaciones a través
de todo Internet
Conceptos claves..!
©2017 AKAMAI | FASTER FORWARDTM
Resumen o “Key Takeaways”
1. Es tiempo de un modelo de seguridad “Zero Trust”
2. El modelo "Zero Trust” se aplica en fases…empezando donde se pudiera tener mayor impacto en el corto plazo
3. Acceso a recursos basado en “menor privilegio”
4. Protección proactiva contra “malware”
5. Se requiere visibilidad de cada acción y solicitud.
6. Utilizar las capacidades de Internet
©2017 AKAMAI | FASTER FORWARDTM
Arquitectura Zero Trust
©2017 AKAMAI | FASTER FORWARDTM
¿Preguntas?
©2017 AKAMAI | FASTER FORWARDTM©2016 AKAMAI | FASTER FORWARDTM
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
Gracias !
Greivin Viquez
Ingeniero Preventa LATAM
©2017 AKAMAI | FASTER FORWARDTM
• Akamai Zero Trust
https://www.akamai.com/us/en/solutions/zero-trust-security-model.jsp
• Akamai Enterprise Application Access (EAA)
https://www.akamai.com/us/en/products/cloud-security/enterprise-
application-access.jsp
• Akamai Enterprise Threat Protector (ETP)
https://www.akamai.com/us/en/products/cloud-security/enterprise-
threat-protector.jsp
Referencias
©2017 AKAMAI | FASTER FORWARDTM
Secure Application Access Capabilities
What to Look For:
Keep users off the corporate
network Lock down your firewall or security group to all
inbound traffic while making your infrastructure
invisible on the Internet.
Centralize security & access controlDetermine access rights for users as well as the
specific apps they are authorized to use, across
cloud and on-prem.
Multi-factor auth for enterprise appsFurther minimize unauthorized access by
authenticating users using MFA across email, SMS
or TOTP.
Local server load balancingBalance traffic across internal infrastructure using
a variety of load balancing algorithms.
Single sign-on for all enterprise
appsSeamlessly access on-prem, IaaS and SaaS
applications including Office 365 and
salesforce.comComplete auditing of user activityLog all users’ client information and actions taken,
as well as geolocation to help ensure HIPAA and
PCI compliance.
Dynamic AccelerationRealize improvements through protocol optimizations,
including modern web protocols like HTTP/2 and
WebSockets.
Fast and reliable experiencesAutomatically accelerate content with caching while
routing around Internet congestion and outages by
balancing traffic load globally with SureRoute.
©2017 AKAMAI | FASTER FORWARDTM
Dynamic AccelerationRealize improvements through protocol optimizations,
including modern web protocols like HTTP/2 and
WebSockets.
Fast and reliable user experienceAutomatically accelerate content with caching while
routing around Internet congestion and outages by
balancing traffic load globally with SureRoute.
Application Delivery Capabilities
to Look For:
Offload WAN trafficReduce the amount of traffic traveling over WAN
connections and need to backhaul traffic to the corporate
network.
Operational Efficiencies Leverage Akamai’s Intelligent Platform to deliver
business applications over the Internet, helping to reduce
support tickets and costs associated with poor
performance.
ScalabilityScale for every situation or activity with the largest
delivery platform available on the market.
Ability to Add Best-in-Class
SecurityShield network infrastructure and protect
applications. Lock down the network to all inbound
traffic and make only authorized applications
available behind the firewall.