Uploaded by daniel.garcia1

jul18security and cloud sase

advertisement
Gartner
Webinars
Gartner delivers actionable, objective
insight, guidance and tools to enable
stronger performance on your
organization’s mission critical priorities
Enhance your webinar experience
Ask a
Question
2
RESTRICTED DISTRIBUTION
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved.
Download
Attachments
Share This
Webinar
Gartner Outlook for Cloud Security
Neil MacDonald
Distinguished VP Analyst
3
RESTRICTED DISTRIBUTION
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved.
Connect with Gartner
Your data center is the cloud.
Your users, applications and data are everywhere.
And your network is the internet.
Are You Ready?
4
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
But cloud security is
still security …
… and the cloud is part
of every business
5
©©2022
2022Gartner,
Gartner,Inc.
Inc.and/or
and/oritsitsaffiliates.
affiliates.All
Allrights
rightsreserved.
reserved.Gartner
Gartnerisisaaregistered
registeredtrademark
trademarkofofGartner,
Gartner,Inc.
Inc.and
anditsitsaffiliates.
affiliates.
Polling Question 1 of 2
How to participate in our polling
Do you have a separate team for cloud
security?
If you are in full screen mode – click Esc
The poll question is on the “Vote” tab.
Please click the box to make your selection.
Upon voting you will see the results.
A. No, it's always been handled by the security team
Thank you!
B. No, but we recently recombined the teams
C. Yes, there’s a dedicated cloud security team
within the security organization
D. Yes, within our cloud center of excellence team
E. Yes, within the overall cloud architecture team
Q. Polling Question
(please choose 1 answer)
A. Answer
B. Answer
C. Answer
D. Answer
E. Answer
6
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Key Issues
1. New business models mean new risks!
2. Not all cloud are the same — don’t treat them as if they are
3. Bring the cloud success to the enterprise
4. Futures
7
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Key Issues
1. New business models mean new risks!
2. Not all cloud are the same — don’t treat them as if they are
3. Bring the cloud success to the enterprise
4. Futures
8
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Digital Transformation Creates New Exposures
• Cloud migration approaches
corelate to cloud-native
services adoption
Cloud Migration Approaches
• Lift and shift along with
security may work initially
Replace
• Application modernization
leveraging containers and
fPaaS will render some
security approaches obsolete
SaaS
Choose a
SaaS Provider
Lift and
Shift
Lift and
Optimize
Move and
Improve
Refactor
Application
Design
Development
Development
f(x)
IaaS
IaaS Cloud
Services
Containers
Application modernization
9
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
fPass
New Security Threats — Container Example
Threat Vector 4: Image Registry
Threat Vector 6:
Cloud Configuration
10
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Threat Vector 8:
Microservices Architecture
(MSA) Communication and
Network Segmentation
Evolving Security Approaches for Cloud Native
Applications
Cloud-native application protection
platforms needs to address:
– Runtime Protection
– Cloud Configuration
– Artifact Scanning
– DevSecOps Enablement
11
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Key Issue Take-Away:
Born in the cloud enterprises and
their security investments can be a
guide to the future state of security
12
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Key Issues
1. New business models mean new risks!
2. Not all cloud are the same — don’t treat them as if they are
3. Bring the cloud success to the enterprise
4. Futures
13
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
The Nuances of Split Responsibility
Customer Responsibility
Shared or Contingent on Deployment Pattern
Private/
On-Prem
Business Continuity
Identity and Access Management
Data
Configuration
Application
Application API
Workload
Virtual Network
Service Orchestration
Virtualization/Cloud Infrastructure
Physical
14
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
IaaS
Cloud Provider Responsibility
CaaS
FaaS
PaaS
SaaS
Configuration
• Most breaches self-inflicted by configuration errors
• Massive complexity with identity and services
• SaaS is not “simple-as-a-service” – configuration complexities
•
•
•
•
15
Establish appropriate baseline configurations
Automate posture validation and management
Use xSPM as appropriate for your environment
Shift left and embrace Infrastructure as code
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Through 2025, more than 99 percent of cloud
breaches will have a root cause of a customer
misconfiguration or mistake.
Identity
• Control plane for security
• Fine-grained and increasingly complex
• Evolving users & workloads need to be validated
• Federate your identity sources
• Enforce MFA everywhere
• Automate complex auditing with CIEM
17
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Access Patterns Are Inverting, Changing
Network and Network Security Architectures
CIPS
CIPS
Branch
Branch
Inversion
Identity
Data Center
Internet
SaaS
Internet
SaaS
Data Center
Enable the “branch office of one” anywhere, anytime worker.
18
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Data
19
•
•
•
•
You own the data — what data is where?
Mesh of connections !
Assess data risk
Do not ignore business continuity
•
•
•
•
Protect data access in SaaS with CASB
Use ZTNA with data security for IaaS and on-premises
Encrypt your data and Hold Your Own Key
Backup — but be aware of limitations in SaaS
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
… and then there’s Multicloud
• Microservices vs. SaaS security
• Shift to the left
• Balance of provider-native vs. third party
• ‘x’ Security Posture Management (SaaS, Network,
Cloud, Kubernetes)
• Cloud Workload Protection Platforms
• Cloud-Native Application Protection Platforms
20
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Cloud Security Tool Coverage
Source: Gartner
21
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Key Issue Take-Away:
The cloud isn’t one thing.
Securing the cloud won’t be one thing either.
22
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Key Issues
1. New business models mean new risks!
2. Not all cloud are the same — don’t treat them as if they are
3. Bring the cloud success to the enterprise
4. Futures
23
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Learning From Cloud to Secure the Enterprise
As more enterprise systems migrate
to cloud:
• Assess cloud security successes
• Determine what can be brought back
to on-premises/data center systems
Cloud
On-Premises
• Look to control security from the cloud
• Seek to have as many common
controls as possible
24
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Enterprise Security Enhancements After Cloud
On-Premises
Cloud
Monitoring & Sec Ops
Application Security
Common monitoring
and identity fabric.
Infrastructure Security
Network Security
Identity & Access
Data Security
25
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Common security
tooling across all
enterprise systems.
Key Issue Take-Away:
Cloud security capabilities are likely newer
and more versatile. Apply these to your
on-premises systems where suitable.
26
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Good Security Practices — Everywhere!
Zero Trust
Security
Visibility
Application
Security
Infrastructure
Security
Identity
& Access
Network
Security
27
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Data
Security
Cloud as a Catalyst for Security Transformation
•
•
•
•
•
ZTNA for end-user access to apps
Identity-based segmentation by default
PAM/MFA for all administrative access
Full monitoring and analysis of all activities
Cloud-native applications offer opportunities:
– Scanning of all components in development
– Container admission control and process control
– Identity-based segmentation for service-to-service communications
– Immutable infrastructure adoption
Properly implemented, cloud-native applications deployed on cloud infrastructure will be
the most secure applications your organization has ever developed and deployed.
28
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Key Issues
1. New business models mean new risks!
2. Not all cloud are the same — don’t treat them as if they are
3. Bring the cloud success to the enterprise
4. Futures
29
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
The Future of Network Security Is SASE
30
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Kubernetes: The New Cloud You Have to Secure
• Has its own IAM system and namespace
• Supports RBAC
• Common Networking Interface
• Configuration via YAML, Helm
• Optional service mesh
• Optional policies via OPA
• CIS Hardening Guidelines
31
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Sovereign Clouds and Data Sovereignty
Secure Access to the Cloud
•
•
•
•
32
Geofencing of data
Geo-based routing
Country-specific logging
On-premises based
inspection
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Secure Usage in the Cloud
•
•
•
•
•
•
External key managers
Homomorphic encryption
Differential privacy
Bare metal as a service
Confidential computing
Distributed cloud
Distributed Cloud
76% of organizations prefer to have cloud
computing at a location of their choice.
Definition: The distribution of public
cloud services to different physical
locations while operation, governance,
and evolution of the services remain the
responsibility of the public cloud provider.
By 2025, more than 50% of enterprises will use a distributed cloud option at the location
of their choice.
33
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Immutable Infrastructure
Sec
Dev
Make all updates and changes here
Ops
Runtime infrastructure is immutable
Organizations adopting DevSecOps and immutable infrastructure practices will
reduce security incidents by more than 70%.
34
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Polling Question 2 of 2
How to participate in our polling
Which new cloud security tool are you
investing the most in over the next 12
months?
If you are in full screen mode – click Esc
The poll question is on the “Vote” tab.
Please click the box to make your selection.
Upon voting you will see the results.
A. SASE / (SSE) Security Service Edge
Thank you!
B. Cloud security posture management
C. Cloud access security broker
D. Cloud infrastructure and entitlements
management
E. SaaS security posture management
Q. Polling Question
(please choose 1 answer)
A. Answer
B. Answer
C. Answer
D. Answer
E. Answer
35
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Recommendations
Prepare for more clouds of different types, not less
Match your controls to your situation; SaaS, PaaS variants and IaaS
Own and tightly control identity and privilege — and monitor!
Automate configuration validation — across all clouds
Get visibility and control of data in — across all clouds
Shift left and work with your developers and in their world
Use the adoption of cloud as a catalyst to adopt zero trust by default
Seize opportunities to follow cloud approaches back to on-premises
36
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Final Thoughts: We Need to Change Too …
• Think of security as guiderails, not gates
• The single biggest impact on security over time will come with an
immutable infrastructure mindset combined with a zero-trust
security posture
• Using more security vendors is not defense in depth
• Be open to switching and consolidating security providers:
–
–
–
–
–
37
SaaS-based management consoles
Full cloud integration — IaaS, PaaS and Kubernetes
Fully API-enabled, ability to shift left as needed
Support for containers and serverless
Pricing models that make sense
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Ask your questions
Type your question here…
Send Question
38
RESTRICTED DISTRIBUTION
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved.
Gartner Security & Risk
Management Summit
21 – 22 June 2022 | Sydney, Australia
25 – 27 July 2022 | Tokyo, Japan
12 – 14 Sep 2022 | London, UK
Hear independent experts on what matters most
now and how to prepare for what’s ahead. You’ll
learn how to create the security and integrated
risk management plans you need to give your
organization the freedom to grow and innovate
with confidence.
At this year’s conference, you’ll learn how to:
Design secure architectures and technical
solutions to support digital business
objectives
Learn more: gartner.com/conf/security
Adapt your data privacy management
program to keep pace with rapidly developing
regulations
Register with code WEBINAR
for an exclusive discount.
Understand the latest trends in cybersecurity,
cloud security, application security, data security
and related technologies
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved.
The IT Roadmap for
Cybersecurity
Follow these best practices to create a
resilient, scalable, and agile cybersecurity
strategy.
Download the Roadmap
RESTRICTED DISTRIBUTION
40
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved.
Gartner can help you
achieve your mission
critical priorities
Strengthen and accelerate key decisions
with actionable insights and expert advice.
Learn More
41
RESTRICTED DISTRIBUTION
© 2020 Gartner, Inc. and/or its affiliates. All rights reserved.
Gartner for IT on Social Media
Want to stay in-the-know? Connect with us on
LinkedIn and Twitter to receive the latest
Gartner IT insights and updates across
research, events and more.
It’s all curated specifically for IT leaders and
decision-makers.
Follow us on
RESTRICTED DISTRIBUTION
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved.
Get more Gartner insights
Download the research slides
View upcoming and on-demand Gartner webinars
at gartner.com/webinars
Rate this webinar
43
RESTRICTED DISTRIBUTION
© 2022 Gartner, Inc. and/or its affiliates. All rights reserved.
Download