20160000 Cloud Discovery Event - Cloud Access Security Brokers

Robin Vermeirsch

Securing SaaS applications

Who is using SaaS applications today?

Who knows what users are doing in the cloud?

Lack of visibility

Compliance

Threat prevention

Data security

Security in the SaaS world• Security Policies/requirements are developed for on premises

solutions.

• In many cases SaaS applications are a initiated by the business

• SaaS providers implement ‘some’ security, but does it fit my needs?

• Limited control/visibility what users are doing in the cloud.

• No visibility over anomalies over different applications.

Security in the SaaS world

Does not meet requirements

SHOWSTOPPER

Requirements met by adding

control

COMPENSATED

Requirements met by SaaS

provider

ACCEPTABLE

Change architecture

Adjustment expectations

Src: http://www.gartner.com/webinar/3100619

Evolution in security

Transport

• IP Firewalling• Segmentation

Protocol inspection

• Proxies• Deep inspection

Application Protection

• MDM• Web Application

Firewalls

Data CentricAudit & Protection(DCAP)

• CASB• SPSM• CDPG

+ Unmanaged devicesShadow ITCompany data is spread over multiple providers How to protect DATA?

Note trend of ABAC in DEV

What do we need?

But how?

CASB (Gartner)

• on-premises, or cloud-based security policy enforcement points

• placed between cloud service consumers and cloud service providers

• to combine and interject enterprise security policies as the cloud-based resources are accessed.

• consolidate multiple types of security policy enforcement.

http://www.gartner.com/it-glossary/cloud-access-security-brokers-casbs

Options to add security

SaaSIaaS /PaaS

SPSMSaas Platform Security

Management

CASBCloud Access Security

Brokers

CDPGCloud Data Protection Gateway

EncryptionTokenization

Masking

User activity monitoring

Data discoveryDLP

Remediation

Usage discoveryUser activity monitoringDLP (passive and active)

User activity blocking (real time)Data discovery

SSO

Vendors: http://www.gartner.com/webinar/3100619

REALTIME RETROACTIVE

Architecture Options•Using forward proxies

• Integration existing proxies

• Placing Reverse proxies

•Using Endpoint agents

+ IDaaS/MDM/Log integrations

Hackers/unkown

endpointsApproved Endpoint

Unknown SaaSApproved SaaS

Reverse Proxy

Forward Proxy

ControlAccess

&Actions

Existing Proxy

BlockActions

Architecture Solutions

• CASB (Cloud Access Security Brokers)• Forward Proxy• Reverse Proxy• API Integration

• CDPG (Cloud Data Prot. GW)• Forward Proxy• Reverse Proxy

• SPSM (SaaS Platform Mgmt)• API integration

Hackers/unkown

endpointsApproved Endpoint

Unknown SaaSApproved SaaS

Reverse Proxy

Forward Proxy

ControlAccess

&Actions

Existing Proxy

BlockActions

CASB

SPSM

CDPG

Where should you look at?

Impact on functionality & operational risk

Src: http://www.gartner.com/webinar/3100619

Implementation strategy

Implementation strategy

Src: http://www.gartner.com/webinar/3100619

Start small and add functionality

Benefits implementing CASB

Call to action

•Detect shadow IT today (=High Risk)

• Start controlling access to SaaS applications

•Get visibility over user activity in SaaS applications

•Protect your company data in SaaS applications

Xylos Cloud Services

PaaS: Debunking myths on data & analytics in the cloud

Tim Jacobs – 25 Feb 2016

Agenda•PaaS?•Myth #1•Myth #2•Myth #3•Conclusions

PaaS?

• Provides a platform for:• Development (cloud native apps)• Content distribution (media / CDN)• Internet of Things• Automation• Data processing & analytics

Data and data analytics?

Prescriptive analytics

Predictive Analytics

Diagnostic Analysis

Descriptive Analytics

Data Collection

Big Data

Incr

ease

in va

lue

of d

ata

IoT

Hypes linked together

Analytics

IoTBig Data

Debunking myths on data & analytics in the cloud• Myth #1 – Predictive analytics & big data are just BI on steroids• Myth #2 – All my data needs to go to the cloud! Y0u f00lz cr4zy?• Myth #3 – You need to hold 3 PhD’s to do predictive analytics

Myth confirmed?

Is it plausible?

Blow everything up

No No

Yes

Yes

Myth Debunking Flowchart

Agenda

•PaaS?•Myth #1

“Predictive analytics & big data are just BI on steroids”•Myth #2•Myth #3•Conclusions

New in the data landscape…1. “Big” data2. “Artificial Intelligence” & learning from data3. Fast & ubiquitious network connectivity

Evolution of data

(R)Evolution in data, the questions & tooling

Standard reports

Ad-hoc reports

Query & drilldown

Alerts

Statistical analysis

Forecasting/extrapolation

Predictive modeling

Optimization

Degree of intelligence

Valu

e

Desc

riptiv

e An

alyti

csPr

edic

tive

Anal

ytics

What happened?

How many? How often? Where?

Where exactly is the problem?

What actions are needed?

Why is this happening?

What if these trends continue?

What will happen next?

What is the best that can happen?

Traditional BI questionsETL Tools, SQL & variants

Big data, or not.

New type of questionsNew tooling, ELT,

machine learning, …

Big Data Traditional BI

Predictive Analytics

• BI and Predictive Analytics worlds are converging :• BI platform extensions to Big Data-esque & Advanced Analytics-y operations • Big Data tooling gets SQL-like interfaces:

Drill, Impala, Hive, SparkSQL, HAWQ, Presto, Vortex, …

• Big Data tooling can do descriptive and predictive analytics: MLLib, H2O, Oryx, Mahout, SAMOA, FlinkML, …

(R)Evolution & convolution

Agenda

•PaaS?•Myth #1•Myth #2

“All my data needs to go to the cloud! Y0u f00lz cr4zy?”•Myth #3•Conclusions

On-premises or cloud?• Advantages of cloud:• Start fast & fail fast• Easy consumption of created data models• Democratic in pricing & availability of algorithms

• Attention points for cloud (mostly exceptions!):

• Data privacy: legislation ↔ provider• Data volume & velocity: bandwidth

Getting data to the cloud• Transfer existing data:• “Just upload the CSV”• Azure Data Factory

(SQL, Oracle, DB2, MySQL, Sybas, PostgreSQL, ODBC, HDFS, … )

• Capture event/streaming data:• Eventhub / IoT hub

Scheduling / transformation

Event Hub

Stream A.

Azure Data Factory

Blob Storage

Data Lake

Data Warehouse

Data BaseDirect

Data Mgmt

Gateway

File

Data Base

Data Warehouse IoT IoT

IoT IoT

© The Cloud ®™

Conclusion• Compliant solutions available through provider• Subsetting & anonimization easily possible with data transfer tools

Agenda

•PaaS?•Myth #1•Myth #2•Myth #3

“You need to hold 3 PhD’s to do advanced analytics”•Conclusions

Predictive Analytics• Azure ML studio has a low learning curve• Modular, drag & drop• Pre-built machine learning algoritms with meaningful default settings

• Use case: very easy to publish “predictive engine” for your own applications

• Do you need expert knowledge? • Is the out of the box 70% accuracy sufficient?• Or do you need 95% prediction accuracy?

Example: predicting Belgian house prices

Model Features Prediction accuracy

Linear 1 Just based on m2 living area 48,40%

Linear 2 m2 living area & postal code 69,43%

Linear 3 m2 living area, postal code, # bedrooms, house type

70,36%

Decision Tree 1 m2 living area, postal code, # bedrooms, house type

70,41%

Linear 4 Linear in: postal code, # bedrooms, house type3rd power in: m2 living area

71,17%

Agenda•PaaS?•Myth #1•Myth #2•Myth #3•Conclusions

Conclusions• Three valid use cases for data in the cloud:• Reporting & analytics on big data sets, with new types of intelligence• Storing and synchronizing (subsets of) your data in the cloud• Adding intelligence to existing applications you develop

• Advantages of cloud:• Easy to start, quick to get to results, fast decommissioning once completed• Democratizing of tools & algorithmes lowers starting threshold

• Xylos can help with:• advanced expertise (data scientists)• data collection & storage expertise• data consumption / visualization expertise

Xylos Cloud Services