The RSA conference for 2016 offered plenty of insights from all sides of the security debate. Including what some have remarked as the most thorough and in-depth conversation concerning the future of cloud security by Symantec Senior Vice President, Information Protection, Nicolas Popp.
Without much delay, Popp launched into a fun, informative discussion for a standing-room-only crowd in his session, Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security, dealing with the ever-expanding issues surrounding the transformation of SaaS, IaaS and Sec-aaS against a backdrop of increased threats.
Popp is no stranger to cloud-based issues as Senior Vice President, Information Protection at Symantec, and prior to that, as CTO of VeriSign Security Services, so his talk was indeed informative as many commented afterward. His primary focus dealt with 3 main areas: SaaS security, IaaS security, and Security as a Service.
The short version?
SaaS Security is about the data, not the network. Popp suggested that SaaS security use cases are identity and data centric, signaling a shift from traditional security. Cloud application security will be best served by a single security control point, called the Cloud Access Security Broker (CASB). CASBs will be responsible to provide access control, data protection, and threat protection across all Enterprise SaaS applications. And when you think about it, it makes sense. Organizations need to know where their data sits, who has access, and where it’s going. To do that, having the right viewpoint to help simplify the analysis should be a top priority. The impact to both the customer and the industry? Reframing the conversation to a more awareness-focused strategy is going to save organizations millions of dollars in preventing lost or compromised data. Companies looking for security for their cloud apps will be interested in getting further perspective.
Popp then shifted the discussion to IaaS Security (micro-perimeter security), showing how protecting workloads across clouds, primarily public clouds like Amazon AWS, Microsoft Azure, private and hybrid clouds offers significant challenges. He emphasized the need for a workload-centric security agent. These agents are added to the image in order to harden the operating system, white list processes, provide app-level controls, automate the management of vulnerabilities, and manage East-West traffic across workloads.
With Amazon AWS certain to be a continued area of interest, organizations will undoubtedly be looking toward solutions that encompass workload and virtual network security agents to beef-up their ability to protect their fast growing cloud workloads in 2016. The new perimeters? Popp noted that the perimeter is far from dead. Instead, the perimeter is transforming. He suggests that because an enterprise no longer controls the physical network, security will shift to a world of many perimeters: workload, process, micro-segment, data, perimeters everywhere!
The Cloud Security Operations Center
Popp suggested that the management of security is also shifting to the cloud. He noted that traditional SIEM are not scaling to the cloud. Instead, the SOC architecture needs to evolve towards big data security analytics. In that new architecture, identity and data become the new threat planes. Analysts must now chase bad IDs in addition to bad IPs. Indeed even the SIEM is moving to the cloud.
Where does this all lead us? Popp indicated that cloud security is an evolution, and that organizations would do well to develop a holistic cloud security strategy that includes the protection of corporate SaaS applications, corporate workloads and systems running in public or private IaaS, new security management and monitoring services in the cloud, and to formulate a plan for a new Cloud Access Security Broker.
The key is understanding IaaS workloads security, including the workload and SDN-centric security controls that compliance and security will require, should be a part of the mix, and to consider big data security analytics, with integration of big data architectures and machine learning, as part of any SIEM/SOC strategy.
For more information, see Popp's presentation: Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security. For additional Information Protection resources, please visit: https://www.symantec.com/products/information-protection.