Cloud Security

Presented by Richard Brown

AbstractAs a Service model is delivering:

• Better and constant innovation

• Ability to adopt new technologies faster

• Lowering cost (especially up front capital costs)

• Less vendor lock-in (in some cases)

• No waiting for an upgrade cycle

• Lowering your configuration and change management burden

Agenda• Rapidly changing face of cyber security

• As a Service Model

• Addressing Security in the Cloud• Case Studies:

• AWS

• O365

• New Zealand Government Telecommunications as a Service model (TaaS)

• Jellyfish

Rapidly changing face of cyber security

Cyber Security Shopping List• Next Generation Firewalls• Identity Management• Access Control• Authentication• Multi-Factor Authentication• Encryption• SIEM• Application Whitelisting• Traditional controls are less effective than they were but still matter (eg AV)

Costs• Sounds great, but sounds expensive:

• Huge capital outlay

• Large time to implement

• Have to evolve with the threats, so capital outlay is potentially every year and whenevera new threat is identified.

So I need a massive budget that I can’t determine in advance? Are you crazy?

All this can be accessed ‘as a Service’• As a Service Model brings substantial benefits an Organisation

• But keep in control of the keys:

• The trusted cloud service providers host the data, but

have no access to the information.

• On-premises administrators don’t need to see the data to perform their roles

• You decide who has access to the information

Case Study: AWS

• Cost• No capex

• Pay only for what you use

• No lock in. Reduce cost again by turning things off

• Ability to provision quickly

• Ability to quickly scale• Elastic growth

• Easy to set up load balancing

• Multiple geographic locations

Amazon Web Services Benefits

AWS Challenges• Data sovereignty

• Security

• Privacy

• Industry specific compliance requirements for above

• Legal (subpoenas), privacy laws, ability to take legal action against a real entity.

• Location of datacentres to meet data sovereignty retention laws or customer requirements.

• Insider threats still exist

Further Securing AWS• Automated provisioning and deprovisioning

• Single Sign On (SSO)

• Encrypted data stores

• Encrypted Virtual Machines

• Encrypted DB components

• Protect Apps

• Cost:• Reduced Capex

• Pay only for what you use

• Bundled licences for end user tools included as part of subscription

• Access to familiar tools in the cloud

• 99.9% uptime guarantee

Case Study: Office 365Office 365 Benefits

• More control over your data security and compliance with built-in privacy, transparency and refined user controls

• Conforms to ISO/IEC 27018 which prohibits use of personal data for marketing

• Keeps data secure and protected both in transit and at rest.

• Multiple levels of approval and just-in time access with limited and time-bound authorisation

Office 365 keep data safeTrusted cloud security

Office 365 Challenges• Data sovereignty

• Security

• Privacy

• Industry specific compliance requirements for above

• Legal (subpoenas), privacy laws, ability to take legal action against a real entity.

• Location of datacentres to meet data sovereignty retention laws or customer requirements.

• Insider threats still exist

• Email encryption

• Onedrive, Sharepoint encryption

• SSO to avoid password use by users

• MFA

Further Securing Office 365Trusted cloud security

• Radically changed the way services are delivered, managed and used

• Delivers a catalogue that is supplied and managed by a panel of service providers.

• Services will transcend agency boundaries and allow agencies to easily connect with each other and with customers.

TaaS is a service first approach to allow agencies to easily connect with each other and with their customers which in turn make it easier to securely deliver more citizen-centric and cross-agency services

Case Study : NZ TaaS New Zealand All of Government Telecommunications as a Service

• aggregation to allow one vendor to manage the operations of all telecommunications providers for an agency

• Agencies sharing services, buildings and data centres

• Government application and content providers to have a single connection point for all agencies (Government Net or Gnet)

• legacy connect services that allow current networks to be joined to GNet, enabling an easy transition to a full TaaS model.

• Vendors able to leverage government prices.

A new radical approachNew Service provision approaches:

Benefits• Volume discounts (one government customer) that can also be leveraged by

vendors that are supplying to Government, this drives costs down.

• Only best services available - most up-to-date technology.

• Services are fit-for-purpose and offered from a range of suppliers allowing agencies to choose which supplier and service best fits their business needs.

• The ‘utility’ consumption model frees agencies up to focus their investment and energy on solutions for New Zealand citizens, rather than investing in technology.

• No minimum term or volumes

• Open panel – it will evolve as new technology emerges

Benefits for YOUR organisation• Cost is less and has one way to go. Down!

• Keep up with latest security innovation

• Ease of transition

• Best protection available at a fraction of capital outlay

• Multiple security providers can be combined and replaced as need to maintain best of breed

• Business service management vs patch and upgrade management.

• Cogito Group are running the All of Government (AoG) Root CA and the GNet policy CA for the New Zealand Government.

• Cogito Group selected to run Identity Brokerage services for All of Government

Authentication: PKI and IdM as a Service for NZ Government

JellyfishR

Problems• Systems not talking to one another:

• Legacy and new systems/applications• No linkages/workflow• Costly ad-hoc approach• Allows gaps in security• No one talks about the cloud providers

trusted insider

Jellyfish can solve these problemsR

• Integrated Cyber Security Command And Control System

• One interface to connect disparate components like: IdM, PKI, OTP, SSO, Password Management, LACS, PACS, LDAP, DB, MDM, Monitoring, Audit etc.

• True power is making systems more

Jellyfish R

• Works with existing/future systems

• Improve end user productivity

• Do more with less

• Reduce capex/opex costs

• Automate

• Modular

The Benefits

• Cross system workflow and communications

• Systems can:

• Share data seamlessly

• Make dynamic decisions

• Example is Logical talking to Physical:

• Provision/De-provision from either affects other

• Event on one affects another

Enhanced Security and Control

Thank You

www.cogitogroup.com.aucogitogroup

Cogito Group Pty Ltd@CogitoGroup1

Thanks for listening.

Please direct any further questions to:

Richard BrownCEO, Cogito Group

sales@cogitogroup.com.au