eBook_Mighty Guide_Reducing Cyber Exposure from Cloud to Containers INTRODUCTION When it comes to IT infrastructure, it’s fair to say that the perimeter has left the premises. In fact, the perimeter has mostly disappeared. But what exactly does that mean? Research by Skyhigh Networks1 finds that the average organization uses 1,427 cloud services, but only 8.1% of them meet enterprise security and compliance requirements, and file sharing company Egnyte published data2 showing that 89% of companies now allow personal devices to connect to corporate networks. Most analysts agree there are billions of connected IoT devices in use today, a number that is rapidly growing, yet there is no standard for securing them. Security professionals face a rapidly changing IT landscape, one that is crowded with new types of dynamic IT assets. We decided to learn more about how they are adapting their strategies to meet these challenges. With the generous support of Tenable, we asked 29 cyber security experts the following question: How have modern assets like cloud instances, web-based applications, mobile devices, application containers, and others affected your security and risk management program? It’s a big question that lead to fascinating discussions and different perspectives from a variety of industry segments. Several themes emerged: more collaboration between security and app developers; growing emphasis on continuous scanning and detection; and some industries placing more emphasis on data-centric security strategies. These essays are loaded with fresh insights into areas of security and risk management that are becoming more challenging and more critical to healthy business operations. Whether you are a security professional, a software engineer, or a business leader, I have no doubts you will find these essays useful and thought provoking. Mighty Guides make you stronger. These authoritative and diverse guides provide a full view of a topic. They help you explore, compare, and contrast a variety of viewpoints so that you can determine what will work best for you. Reading a Mighty Guide is kind of like having your own team of experts. Each heartfelt and sincere piece of advice in this guide sits right next to the contributor’s name, biography, and links so that you can learn more about their work. This background information gives you the proper context for each expert’s independent perspective. Credible advice from top experts helps you make strong decisions. Strong decisions make you mighty. All the best, David Rogelberg Editor 1 “Cloud Adoption and Risk Report,” Skyhigh, Q4 2016 2 Infographic - https://www.egnyte.com/file-server/byod.html © 2017 Mighty Guides, Inc. I 62 Nassau Drive I Great Neck, NY 11021 I 516-360-2622 I www.mightyguides.com Sponsored by: 3 TABLE OF CONTENTS Foreword ...........................................................................................................2 Introduction .....................................................................................................3 Securing a Dynamic IT Environment Digital Assets Provide Great Benefits, but Also Create Vulnerabilities | Mark Nicholls................................................................................................6 Collaboration Is Key to Securing a Dynamic IT Environment | Carlos Lerma....................................................................................................9 You Must Account for Entirely New Kinds of Risks | David Carvalho.............................................................................................13 Visibility into Your Entire IT Ecosystem Is Fundamental | Floyd Fernandes............................................................................................16 Managing Risk Requires New Levels of Visibility | Lester Godsey...............................................................................................19 The Leap from Securing Static to Dynamic Assets Is a Management Challenge | Mannie Romero....................................................................22 Innovative Identity Management Protects Modern Assets | Cassio Goldschmidt.....................................................................................25 Maintaining a Love/Hate Relationship with Modern Assets | Scott Estes.....................................................................................................29 Rethinking Security for a Cloud Environment Cloud Services Force You to Reconsider Your Risk Model | Javed Ikbal.....................................................................................................33 Manage Security as a Shared Responsibility | Andy Boura...................................................................................................36 You Must Recognize Hidden Costs and Hidden Risks | Alex Wood....................................................................................................40 Securing Applications Is an Incredibly Complex Task | Caleb Sima....................................................................................................42 A Segmentation Strategy Simplifies Securing Cloud Assets | Chad Lorenc.................................................................................................45 Sponsored by: Protecting Modern Assets Requires a Proactive Approach | Isabel Maria Gómez González........................................................................48 Secure Your Assets, Wherever They Reside | Arlie Hartman................51 Securing a Complex Ecosystem Requires a Layered Strategy | Harshal Mehta...................................................................................................55 Moving Security to the Application Layer Risk Management Decisions Must Be Made at the App Development Level | Darwin Sanoy......................................................................................59 You Must Manage Security Controls Differently When You Move Assets to the Cloud | Lee Eason..................................................................62 A Fragmented Ecosystem Challenges a Coherent Security Strategy | Avinash Tiwari...................................................................................................65 Shifting to Software Driven Data Protection | Rory Alsop...................69 Modern Assets Require a Disciplined, Step-by-Step Approach to Security | Dilip Panjwani...............................................................................72 Focusing on Data Security Protecting Modern Assets Requires a Data-Centric Security Posture | Antonio D’Argenio............................................................................................76 Applying a Data-Centric Strategy in a Vast IT Ecosystem | Eric Bedell...........................................................................................................80 Businesses Must Focus on Protecting Information | John Meakin.....83 Life cycle Data Please complete the form to gain access to this content Access Now Related Resources Vulnerability Intelligence Report Cyber Defender Strategies: What Your Vulnerability Assessment Practices Reveal Quantifying the Attacker's First-Mover Advantage Cyber Exposure for Dummies Tenable & IDG Whitepaper_Building a Secure Foundation to Reduce Cyber Risk Thirteen Essential Steps to Meeting the Security Challenges of the New EU General Data Protection Regulation 3 REASONS: Why DevOps is a Game-Changer for Security Reducing Cyber Exposure from cloud to containers ECONOMIC, OPERATIONAL & STRATEGIC BENEFITS OF SECURITY FRAMEWORK ADOPTION Five Steps to Building a Successful Vulnerability Management Program Using Security Metrics To Drive Action 2017 Trends in Security Metrics and Security Assurance Measurement
INTRODUCTION When it comes to IT infrastructure, it’s fair to say that the perimeter has left the premises. In fact, the perimeter has mostly disappeared. But what exactly does that mean? Research by Skyhigh Networks1 finds that the average organization uses 1,427 cloud services, but only 8.1% of them meet enterprise security and compliance requirements, and file sharing company Egnyte published data2 showing that 89% of companies now allow personal devices to connect to corporate networks. Most analysts agree there are billions of connected IoT devices in use today, a number that is rapidly growing, yet there is no standard for securing them. Security professionals face a rapidly changing IT landscape, one that is crowded with new types of dynamic IT assets. We decided to learn more about how they are adapting their strategies to meet these challenges. With the generous support of Tenable, we asked 29 cyber security experts the following question: How have modern assets like cloud instances, web-based applications, mobile devices, application containers, and others affected your security and risk management program? It’s a big question that lead to fascinating discussions and different perspectives from a variety of industry segments. Several themes emerged: more collaboration between security and app developers; growing emphasis on continuous scanning and detection; and some industries placing more emphasis on data-centric security strategies. These essays are loaded with fresh insights into areas of security and risk management that are becoming more challenging and more critical to healthy business operations. Whether you are a security professional, a software engineer, or a business leader, I have no doubts you will find these essays useful and thought provoking. Mighty Guides make you stronger. These authoritative and diverse guides provide a full view of a topic. They help you explore, compare, and contrast a variety of viewpoints so that you can determine what will work best for you. Reading a Mighty Guide is kind of like having your own team of experts. Each heartfelt and sincere piece of advice in this guide sits right next to the contributor’s name, biography, and links so that you can learn more about their work. This background information gives you the proper context for each expert’s independent perspective. Credible advice from top experts helps you make strong decisions. Strong decisions make you mighty. All the best, David Rogelberg Editor 1 “Cloud Adoption and Risk Report,” Skyhigh, Q4 2016 2 Infographic - https://www.egnyte.com/file-server/byod.html © 2017 Mighty Guides, Inc. I 62 Nassau Drive I Great Neck, NY 11021 I 516-360-2622 I www.mightyguides.com Sponsored by: 3 TABLE OF CONTENTS Foreword ...........................................................................................................2 Introduction .....................................................................................................3 Securing a Dynamic IT Environment Digital Assets Provide Great Benefits, but Also Create Vulnerabilities | Mark Nicholls................................................................................................6 Collaboration Is Key to Securing a Dynamic IT Environment | Carlos Lerma....................................................................................................9 You Must Account for Entirely New Kinds of Risks | David Carvalho.............................................................................................13 Visibility into Your Entire IT Ecosystem Is Fundamental | Floyd Fernandes............................................................................................16 Managing Risk Requires New Levels of Visibility | Lester Godsey...............................................................................................19 The Leap from Securing Static to Dynamic Assets Is a Management Challenge | Mannie Romero....................................................................22 Innovative Identity Management Protects Modern Assets | Cassio Goldschmidt.....................................................................................25 Maintaining a Love/Hate Relationship with Modern Assets | Scott Estes.....................................................................................................29 Rethinking Security for a Cloud Environment Cloud Services Force You to Reconsider Your Risk Model | Javed Ikbal.....................................................................................................33 Manage Security as a Shared Responsibility | Andy Boura...................................................................................................36 You Must Recognize Hidden Costs and Hidden Risks | Alex Wood....................................................................................................40 Securing Applications Is an Incredibly Complex Task | Caleb Sima....................................................................................................42 A Segmentation Strategy Simplifies Securing Cloud Assets | Chad Lorenc.................................................................................................45 Sponsored by: Protecting Modern Assets Requires a Proactive Approach | Isabel Maria Gómez González........................................................................48 Secure Your Assets, Wherever They Reside | Arlie Hartman................51 Securing a Complex Ecosystem Requires a Layered Strategy | Harshal Mehta...................................................................................................55 Moving Security to the Application Layer Risk Management Decisions Must Be Made at the App Development Level | Darwin Sanoy......................................................................................59 You Must Manage Security Controls Differently When You Move Assets to the Cloud | Lee Eason..................................................................62 A Fragmented Ecosystem Challenges a Coherent Security Strategy | Avinash Tiwari...................................................................................................65 Shifting to Software Driven Data Protection | Rory Alsop...................69 Modern Assets Require a Disciplined, Step-by-Step Approach to Security | Dilip Panjwani...............................................................................72 Focusing on Data Security Protecting Modern Assets Requires a Data-Centric Security Posture | Antonio D’Argenio............................................................................................76 Applying a Data-Centric Strategy in a Vast IT Ecosystem | Eric Bedell...........................................................................................................80 Businesses Must Focus on Protecting Information | John Meakin.....83 Life cycle Data
