Upload
nguyenkiet
View
221
Download
2
Embed Size (px)
Citation preview
Re-Think Security
Kirk House
Cloud Security Alliance - SDP Enterprise Working Group Global Director, Enterprise Architecture - The Coca Cola Company
2
If Only I Could… Reduce cyber risk Traditional point products are not stopping malicious cyberattacks
Improve business agility IT security needs to find a way to say “yes” to new business initiatives and secure business agility
3
Cross Enterprise
Contractors
Remote Workers
Third-Party Vendors
Supply Chain
Corporate Employees
Enterprise Perimeter
4
5
App2
App5
App1
App4 App3
App6
Traditional Data Center App1
App2
App3
App3
Associate
Partner
Security
Security
Security
Security
Security
Security
Security
Associate Partner
6
How are attackers
getting in?
What is going on?
Where is my risk?
What am I doing?
7
App
1. Isolate each application, so it’s invisible to everyone 2. Verify user authenticity and authorization, and device and software integrity 3. Connect the authorized user and trusted device to only the protected applications
Trusted Device
8
App
BYOD
Ecosystem Collaborators
Internal App Isolation
Any App, Anywhere
Any User, Anywhere
Any Device, Managed or Not
Managed
App
Cloud App Protection
Internal Employees
Un Managed
Any Network
Dedicated Network Internet
9
KOOfficeorExternalLocation
Internet
VPN
IdentityProvider/Siteminder
EnterpriseWAN
App
App
App
DBase
Storage
App
App
Public*aaS
KODataCenter
User
IdentityProvider
RED Lines are Vulnerable
Common Attacks • Cyber Attack Server exploitation:
constant attacks Misconfigurations Vulnerabilities Injections Denial of Service
• Credential theft: ⅔ of Verizon
DBIR Phishing Keyloggers Brute force
• Connection hijacking: stealthiest
Man-in-the-Middle Certificate forgery DNS poisoning
10
Common Attacks • Cyber Attack Server exploitation:
constant attacks Misconfigurations Vulnerabilities Injections Denial of Service
• Credential theft: ⅔ of Verizon
DBIR Phishing Keyloggers Brute force
• Connection hijacking: stealthiest
Man-in-the-Middle Certificate forgery DNS poisoning
KOOfficeorExternalLocation
Internet
SoftwareDefinedPerimeter
VPN
IdentityProvider/Siteminder
EnterpriseWAN
App
App
App
DBase
Storage
App
App
Public*aaSOrOtherExternal
KODataCenter
User
SAML
IdentityProvider
11
1 Device verification Identity
System
2 Identity & role verification
Business Solutions
3 Approved access
4 TLS Tunnel Config
5 Application Access
SDP Client
SDP Gateway
SDP Controller
12
1 Device verification Identity
System
2 Identity & role verification
Business Solutions
3 Approved access
4 TLS Tunnel Config
5 Application Access
SDP Client
SDP Gateway
SDP Controller
13