Outlook For Cloud Security PDF

Outlook for Cloud
Security 2019
Steve Riley
© 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form
without Gartner's prior written permission. It consists of the opinions of Gartner's research organization, which should not be construed as statements of fact. While the information contained in this
publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research
may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are
gov erned by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its res earch organization without input or
inf luence from any third party. For further information, see "Guiding Principles on Independence and Objectivity."
Cloud isn’t perfect, there have
been some big recent failures.
2 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Through 20___, >99%
of cloud security failures
will be the customer’s fault.
Our goal today …
Learn how to avoid
these common mistakes.
Introduction
Cloud Risk Control
Management Provider
Public and Hybrid

Cloud Security
Protect IaaS SaaS Protect

Workload Security Control Data
No automation No control
File sharing:
You’re doing it wrong!
Part 1:
Multitenancy Risk
Cloud Risk Control
Management Provider
Public and Hybrid

Cloud Security
IaaS SaaS
Security Control
Cloudsec is not for newbies
Does
not
scale
Part 2:
IaaS Security
Cloud Risk
Management
Public and Hybrid

Cloud Security
Protect IaaS SaaS

Workload Security Control
Lifetime
Physical Virtual
Servers Machines Containers
Serverless
Security Services
Workload Protection
Posture Management
Cloud-Native Mindset
Optional, but
should be
performed on file Important,
Cloud Antimalware
repositories but may be
Scanning
Threat Detection performed
outside
Extended HIPS With of the
Vulnerability Shielding workload
Data Protection
Server Workload EDR Behavioral
Application, PaaS and
Monitoring, Threat Detection and
API Security Response
Workload Security: Protection Exploit Prevention/Memory Protection
Application Control/Whitelisting
Workload Security: Patching and Configuration
System Integrity Assurance
Pervasive Visibility, Logging, Audit and Assessment
Network Firewalling, Microsegmentation and Visibility Core
workload
Continuous Cloud Security Posture Management protection
Hardening, Configuration and Vulnerability Management
strategies
Infrastructure Configuration
Cloud Workload Protection Hierarchy
Network Storage Compute PaaS
Identity and Access Management

Identity as MFA/PAM Granular RBAC Optimized
Perimeter Entitlements
Cloud Infrastructure and Platform Services Protection Hierarchy
Part 3:
SaaS Control
Cloud Risk
Management
Public and Hybrid

Cloud Security
IaaS SaaS Protect

Security Control Data
Discovery
Policies
Usually
needs more
attention
Requirements
End of Life
Analysis
Continuous Risk
Management Acceptance Most SaaS
implementations
concentrate here
Implementation
SecureAccess
Secure Access Threat
Threat Protection
Protection
• EDRM
Sensitive data Antispam
monitoring DLP Encryption
Content
Data (sensitive data and rights Malware
Classification sandboxing
control) management scanning
or labeling
Network Auditing,
Apps/ Usage Enterprise log
access logging,
Applications reporting integration
encryption alerting
• EBA
U
IAM/IDaaS MFA for
Users Adaptive
admins and
PAM access control
users
Visibility CASB or SSPM or SMP or APIs
Primary Controls Recommended Optional
Directory Integration SSO
Provisioning/Deprovisioning IDaaS/IAM MFA Integration
Roles
Adaptive Access Control
Cloud Access
Encryption Threat Intelligence
DLP
Security Broker
Advanced Threat
File Sharing Control Prevention
Activity Alerting
Native SaaS UEBA
Log Storage
SIEM Event Correlation
Investigation
Part 4:
Toe Dip to
Full Immersion
2016
Value Allow Assess Risk
Can’t
defend
Prohibit
Sensitivity
2020
Allow Assess Risk

with
defaults
Value
Can’t
defend
Prohibit
Sensitivity
2024
Allow Allow
with with
defaults extra
Value
Can’t
defend
Sensitivity
Part 5:
Conclusion
Cloud Risk Control
Management Provider
Public and Hybrid

Cloud Security
Protect IaaS SaaS Protect

Workload Security Control Data
Recommended Research
Hype Cycle for Cloud Security, 2020
Steve Riley, Jay Heiser, Tom Croll (G00448013)
Clouds Are Secure: Are You Using Them Securely?
Jay Heiser (G00350439)
How to Develop Infrastructure-as-a-Service Security Skills
Steve Riley (G00392867)
How to Make Cloud More Secure Than Your Own Data Center
Neil MacDonald, Tom Croll (G00430108)
How to Develop a SaaS Governance Framework
Jay Heiser (G00382661)
For information, please contact your Gartner representative.


Outlook For Cloud Security PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Outlook For Cloud Security PDF

Uploaded by

Copyright:

Available Formats

Outlook for Cloud

Public and Hybrid

Protect IaaS SaaS Protect

Public and Hybrid

Public and Hybrid

Protect IaaS SaaS

Workload Security: Protection Exploit Prevention/Memory Protection

Identity and Access Management

Cloud Infrastructure and Platform Services Protection Hierarchy

Public and Hybrid

IaaS SaaS Protect

Primary Controls Recommended Optional

Value Allow Assess Risk

Allow Assess Risk

Public and Hybrid

Protect IaaS SaaS Protect

For information, please contact your Gartner representative.

You might also like