Top 5 Cloud Security Tips (How to Protect Your Data in the Cloud)

well good afternoon good morning how you doing your minds are full the stimulation is happening I would like to share with you a story of stories of life in the cloud all right may I start with a brief introduction of a good friend of mine called Eddie Doyle Eddie where are you please right stand up Eddie I’m going to need your help in a minute and he’s a friend and a mentor of mine Eddie and I have been sitting and bantering for weeks about how we can give you Thank You Eddie you may sit about how we can give you specific takeaways based on real-world experience going into the clouds securely I’m with checkpoint 14 years as Peter said and I’ve been on the cloud team and the strategy the global strategy team for the last year and we surveyed dozens of CISOs and what I’m going to do first in part one of the story is do what I call and can I ask the camera to come in tight on my hand right here so right here brother to come in tight this is a $5 chip which represents a story of five takeaways that I’m going to give you in five minutes that’s a lot okay then I’m going to bring two special guests to the stage and I’m going to teach you in a minute with what we’re doing they’re good now Eddie come up here please do I trust you can I test the trust model Eddie can you do this for me can you send three $5 chips from the front row and have them pass all the way to the back row and Eddie I want you to audit the results and make sure they make it all the way back there do you trust security in the cloud do you know why not right you’re going to learn how we overcome it from two different real workbook real world perspectives let me first tell you five things that CISOs and CSOs have told us that have formed the strategy of something called v6 have you heard of e SEC raise your hand have you not heard of e SEC raise your hand by the way did anybody tell you that in my presentations you will be overly asked you will be asked too many questions and asked to participate by the way I’m totally embarrassed do you know why later I’m going to be totally embarrassed I’m going to have to ask you for a very big favor so store that up there here comes five and five number one C so said we need the ability to go in and out of the Google cloud the azure the AWS the VMware NSX and the private cloud the cisco a CIT open the OpenStack we need the ability to go in experiment maybe come back out we need to be able to do that all with what equal security that’s point number one so when you’re looking at cloud security such as V SEC you want to make sure that you can move those workloads in and out raise your hand if you’re experimenting cloud or about to experimenting cloud don’t exactly know what you’re doing and need that freedom with V SEC you’ll have it number two the ability to have a unified view of cloud security the ability to observe threat prevention in real-time but not just in the cloud in your data center when I say hybrid cloud you know what I mean raise your hand I know what hybrid cloud is raise your hand I do not know what the hybrid cloud is hybrid cloud refers to traditional data center deployment that you have today and efforts to lift and shift and move into the cloud what are the reasons we even care about cloud there are primarily two and I’m going to set you up with the teaser here they are number one agility the ability to go quicker without a doubt number two elasticity if the security solution doesn’t respect follow and execute on those the CISOs and CSOs told us not valuable don’t slow us down speed it up okay so how do we achieve all this number three is the ability to be completely integrated with these ecosystems what does that mean that

means no additional typing and clicking and re clicking and re pasting and becoming replicating it means an automated and an adaptive model let me put it in concrete terms for you and I’ll be quick number one the ability from day zero to script and automatically build security and on day one the ability to already have it in place in the cloud anybody heard of Al raise your hand raise your hand a and oh let me rephrase anybody heard of automation and orchestration anybody experimenting ok you know is a cloud buzzword where automation and orchestration is where cloud is that I’ll never be elastic and I’ll never get the true true agility I want cloud if I don’t have automation and the orchestration of all of it cloud security must respect and obey all that such as visa my favorite one is the following did you believe this morning when you got up that someone would get on stage and ask you if you had a pet raise your hand if you have a dog put your hand down raise you if you have a cat raise your hand you have cattle anybody here a farmer and have cattle oh my god you’re getting a $5 chip we thought one we got one there’s your chip pets and cattle is a very very good analogy for an important piece of elasticity in a cloud that we call scaling let me explain it to you when you have a pet you love your pet your pet has a name what do you do with your pet when your pet gets sick that’s right say it out loud take them to the vet right nurse them back to health what do we hope about the life of our pets that it will be a long life okay let’s talk about cattle cattle do they have names no what do they have they have numbers that’s part coming up of the whole presentation what happens when the cattle get sick you eat it you shoot it I only have two more minutes to tell you that in cloud the most interesting kind of workloads are those that lend themselves to a grow and shrink like cattle I kill off the cattle I kill off the workload and I grow it back out again we look at the pets more like the databases of the world they need a lot of care and feeding but the more interesting workload are the ones that scale out and scale back we’re going to talk about scaling and whatever cloud deployments you’ve got must also respect scaling whether it’s auto scaling or manual scaling security must follow it you just got five takeaways in five minutes the flexibility to go in and out of cloud with unified management for security threat prevention in real-time pre-emptive by the way I’m going to ask you to be pre-emptive with me in about one minute and you’re going to make fun of me afterwards people going to come up and say I can’t believe you did that number two the ability to see infrastructure in the cloud and have it automatically in my security policy I don’t have to retype rekey recopy re anything hey you know automation and orchestration and finally the ability to have my cattle not only for scaling in workloads but also the consumption of cloud raise your hand if you know what page you go is raise your hand page you go is a popular way to consume cloud and cloud security that says I pay for what I use and I scale down here’s a teaser I’m going to bring a guest out in a minute who’s going to educate you on true cloud consumption and dispel a myth that a lot of people have now let’s see if I can get this done right actually in the interest of time 80% of firms 80% are looking at a public cloud deployment and have concerns about security number one 80% 70% of new data center deployments are looking at a software-defined data center model where security is key micro segmentation in east-west 38% are a DevOps shop raise your hand if you’re a DevOps or have agility methodologies in your shop raise your hand if you have developers right raise your hand if you have shadow IT in your shop raise your hand if you have no idea whether you have shadow IT or not at people using credit cards in the cloud talk about that with my second guest now comes the part that I’m ashamed and embarrassed about are you ready do I have your commitment I did give out casino chips so you will play along I hope will you please stand up if you have concerns about moving securely into the cloud stand up please this is where you stand up yes right now you answer that question by standing up this is where everybody stands up do not be sitting do you know why this is what I’m embarrassed look at these people please stand I’m begging you I’m begging you literally to please them what happened well our first guest is a gentleman named Mike Lambert Mike is a amazing guy VP and CISO of open like he’s got 23 years in it the New York Stock Exchange

previously in a number of roles he holds patents he’s an expert on many aspects of cloud he’s going to tell you what he did in cloud but I promised him a standing ovation now he’s got headphones on he can’t hear all this he can’t hear and I assure you but when he comes out will you act like you’re just giving him a standing ovation and clat very loudly maybe cheer Mike Lamberg ladies and gentlemen welcome Mike have a seat how’s Mike’s microphone how we doing there where can you hear Mike no we can’t one two three and now we now we can Mike so our goal of this is to give these people a real word real view of what you did tell us about openly tell us about how you went from traditional data center into the cloud and what drove it absolutely so open link is the exclusive voice too much partying last night you nailed it open link is the global leader in trading and risk management solutions for the energy industry financial services and also corporates we traditionally sell our software and products into the traditional data centers of our clients for clients that are not that big you don’t have very large IT shops we also have a whole hosting business as well that we support so within our data centers will actually support it based on how our software operates and the things we do with it and with our clients we saw tremendous value basically from what Brian was really talking about in the areas of scalability the ability the agility okay so the idea of being able to orchestrate very very important and we feel that we can actually still provide a secure solution in the public cloud and so far conversations we’ve had with our clients and we actually highly have one product out there a dev test product and we actually have in a public cloud resonates very strongly with them that we’re able to do it in the proper fashion so that’s this question I’m going to read their minds yeah I hope I can do this successfully having had so many meetings we talked about agility we talked about elasticity in a cloud I think those are important to what you’re doing but one of the biggest confusion points is this notion of cost savings both in cloud and cloud security are you saving money by going into the cloud what are the use cases that these people can leverage in real world to actually achieve it or is it a myth it’s not a myth but it does have to be engineered if you think you’re going to basically do a lift and shift your data center and stick it in the cloud you’ll end up spending a lot more it’s not the right approach there are certain workloads that make sense and I’ll give you two quick examples are product basically is very fairly complex and our clients will typically build development and test environments in order to test out new releases changes and one-nut they’ll spend a lot of money in it from a capital account from a capex perspective on building those environments that are not really used all the time all right we feel it there’s a very strong need to bring that into the public cloud we can spin them up very quickly and then spin them down that are only paying for when they’re used now on the production side and we haven’t offered it yet we’re in the process of right now when you build out an environment once again our system uses a lot of processing capacity to do it so lots of systems that it runs on if we if during the day most of the time maybe they’re running a twenty percent load certain times of the day doing certain calculations they’ll spin up and they’ll be up at a much higher level well when you move to the cloud we can actually use an elasticity they only pay and buy for the nominal okay and then during the day when they scale we Auto scale up to provide them the capacity and then it becomes a pay-as-you-go for that capacity and then it goes and that needs to apply to security as well absolutely okay so coming on to that yet let’s talk a little bit about security in the cloud I think that from our research and our meetings we have seen that these people their chief reservation among many is scheduled going into the public cloud securely you face that same challenge how did not just checkpoint but another partner guard a core help address that tell us a little about it so let’s talk about so we are going into Azure that’s what we are right now now you’ve heard people from yesterday they have lots of certifications and everything we actually believe that they have a really good secure infrastructure but as I see so I don’t trust anybody or anything all right so on top of whatever they’re doing I’m going to actually have to bring additional products and it’s a very large ecosystem of partners and you know we’ve chosen checkpoint and another product called GuardiCore and I’ll just talk a little bit about so the the atomic network and peace if you would would be the be net they will lock it down as it does a very good job we put checkpoints on top of that so the whole flood protection model on top of that for each client that we bring into the cloud and that provide this good perimeter control it also allows us very important to validate the controls that Azure is actually providing so not only are we adding and enhancing the security and building a really solid security stack but we’re also able to

verify those lower layers that are being provided to us by the provider by Azure and now in addition talk about GuardiCore hey GuardiCore we actually ironically restore them and actually vetted them based on CPX last year here at the conference though it was very good that they were here what they are is they’re an agent-based product product that sits on all of our VMs regardless of their temporary or permanent workloads and it allows us to enumerate all processes and flows in and out of every one of those VMs so if you’re in an environment you have a quick way of actually seeing your overall environment then they graphically provided where the real value is is really twofold one that allows us to baseline because our application is deterministic baseline what that configuration is and then if you were to implement things like micro segmentation okay where you want to drive everything through the firewall it actually works with the api’s of checkpoint and you can literally move or export everything in GuardiCore into it and it’ll automatically create all the rules within the firewall okay which to me is probably the biggest issue of human error is creating the rules now it’s done automatically based on the layer and you can go even further is at guard ik will actually allow us to at the east-west perspective alert on anything that’s you know that doesn’t fall into that base line so it’s very important for the ecosystem to solutions VSAT guard accord we have a guiding principle of shared responsibility in a cloud how many people are familiar with something called shared responsibility for security in the cloud how many people are not familiar with it they don’t know what that is good explain to them what we’ve had this conversation many many times explain to them what that means and where the cloud stops for security where we you know one start well a sure that’s where I am right now basically they own the lower layers of the stack okay so effectively they’ll protect against the in overall environment but I’d like to look at it they were also providing you a length of rope and enough so to hang yourself on okay so at the end of the day you can configure you can change you can add permissions that could really close you a lot of issues so the shared responsibility really comes in to the fact that we still have a responsibility when we build our application and build our systems into the cloud to properly secure them on top of what the provider is providing all right and in fact you know I don’t like to focus on compliance I’m much more focused on security you heard that this morning the idea is is that you could still build your security plan on top of what the what the provider is providing and once again checkpoint and as your checkpoint Azure and guard are key to making it work for us so information overload yes you’re about the point in the in the conference right you’re feeling it give them two or three takeaways talk about I know we’ve talked about paradigm changing give them a couple takeaways they can go so the biggest thing and we’ve been weaving in it for over a year and you think you’re walking in and it is once again it’s a totally different paradigm and if you were a top notch network or security engineer throw away everything that you ever learned okay when you go into it really completely throw it away yeah pretty much wait because there is no longer a network okay it’s software okay that’s what you can touch and you can’t touch all of it you can touch pieces of it so and I like the best analogy is as you get a guy and I just the picture a guy with a sniffer standing in the middle of a data center holding saying where do i plug it in there is no place to plug it in so how you diagnose problems totally different and one of the most important things that we learned is you need to be able to partner with organizations okay so check points as part of the ecosystem okay enguarde a core who have a very deep bench of understanding of the cloud and partnerships with the underlying providers so the azure is the AWS is the googles okay by having that when a problem crops up it’s invaluable because you’re going to need everybody on debt to deal with even the simplest problem because you don’t have the level of visibility that you had with a traditional network and I’m not going to make them stand up but may I say thank you very much for joining us will you give them at least a round of applause you’re awesome thank you man they’re like a minute that’s a day in the life of clouds told by someone who is maybe a little head of you maybe not but a little ahead of a lot of firms in the cloud quick and dirty we’re going to move right through this next guest I am going to have to ask you for another favor because we can’t give one standing ovation we’re not but not another do you agree this is the eyes are rolling rise up come on rise up get the blood pumping Adam Massey from the Google cloud platform don’t cry okay you could clap yes Adam welcome welcome have a seat I’ll be all about you madam you’ve got today you’ve got responsibility for all the strategic part technology alliances for all of the Google cloud strategy around the world Google Apps Chrome the G suite and also

most interesting property this group is the Google cloud platform aching big investments tell them what’s great about the Google cloud let’s start with that yeah so we think there’s a lot of things at Google cloud platform apart but if you guys aren’t super familiar with us we really kind of think about a couple takeaways to leave you with a v1 we really like to think of ourselves of the innovation leader so continuous innovation building future-proof infrastructure and if you think like what does future-proof infrastructure really mean it’s about really meeting customers where they are today which is largely infrastructure-as-a-service software architectures that kind of look like they do in your own data centers but in the cloud while also innovating for the future and really driving forward things like machine learning advanced analytics servers with software architecture and it’s actually interesting do you guys know when we started building our cloud how long ago tell us you know this what’s that yeah look at who said it who said it can you get a daddy get a chip to that gentlemen so in 1998 we first launched our google.com search engine I was really if you think back that’s probably a great example of one of the earlier scaled fast applications and you know keeping multiple copies of the entire Internet index later adding things like Gmail and YouTube and the Android mobile platform created a lot of scale infrastructure challenges for us that they’re just simply weren’t solutions on the market for so it started you know driving us to innovate on you know what servers and disks need to look like in that model what kind of databases we would require what is the network need to look like and it emerged into what we have today which is a cloud that we offer to the to the world into our customers including one of the most advanced networks with over 100 pops you know seven different regions 20 different zones and not only all those great services actually seven plus of which have over a billion users each running on how many seven plus services each with a billion users on it that runs on that infrastructure but also great enterprise customers like Conrad who you’ll hear more about today coca-cola Home Depot Motorola and others and let me get you that question these people I think most people entering the cloud are they how are they entering what are the kinds of workloads you’re seeing then bring in first yeah I mean I think for most enterprises right the entry point is like I mentioned before it doesn’t look all that different than what you’re running in your own company or data center it’s starting with infrastructures of service VM clusters usually as a starting point and then that grows and you start to layer on different innovations and ways to Auto scale and replicate and protect so I think the starting point is there and a lot of the drivers behind that which we pride ourselves on or price and performance you know you might think cloud is cheaper than doing it yourself you might disagree with me but we definitely are the cheapest cloud out there with prices roughly 30 to 50 percent lower than our other competitor clouds but also a lot of things to help ease that transition for enterprises like we’ve got a free migration service whether you’re migrating one VM or a million VMs it’s free we’ve also got a free you know a free perpetual price tier for some of our services as well so we’re trying to make that transition as frictionless as possible but what they’re worried about is security in the out and shared responsibility which I know that Google also subscribes to can you talk a little bit about Google’s position on giant Network securing cloud versus how customers need to secure their own workload well I’m not going to get into the whole argument around whether the clouds more secure or less I have an opinion on that but we also know that share of responsibility is really important because the way customers are using clouds today is you’re building software and you’re writing applications you’re running workloads on this platform so for us security has been a core part of our DNA from our inception as a company we have a huge security team it’s part of our software development process every new employee goes through pretty deep security training so it’s a big part of what we do and so we try to innovate a lot of the platform right on the infrastructure services the network make it the most secure platform you could run on but the shared responsibility piece comes in when you start thinking about bringing your data to that platform and you know writing and building new applications on that platform and for us in addition to driving a lot of innovation on platform level security we double down on our ecosystem and that’s my job so my job running this technology alliances organization is to ensure that our partners like checkpoint and what we’re doing V sac is an extension of our own platform that enables you the customer who might have and probably everybody has their feet in multiple worlds on Prem in the cloud increasingly in multiple clouds ensuring you’ve got a tried-and-true enterprise class solution to you know manage your security across all those different plans why don’t we tell them about Conrad Conrad’s an interesting joint yeah use case for us why don’t you talk about what Conrad Electronics is and what they’re doing and then maybe I can entertain a little bit about what they’re doing with security and making sure so if you’re not familiar with Conrad electronics they are a German electronics retailer and they primarily sell you know a mix of consumer and specialized electronics now they’re a great customer of Google’s so I think about a year ago they moved off of Lotus Notes and off of Microsoft

Office to G suite so we’re thrilled about that they’ve also started moving their e-commerce presence insight over to Google cloud platform and going to run that there and there’s a bunch of exciting innovations they’re doing like running it on container based architecture and other things but I think one of the cool things that we sort of share use case around is this really innovative IOT platform they’re building so Conrad is building this IOT this data aggregation solution called Conrad connect and the idea is they sell you know electronics devices and so they’re building an IOT platform that will enable their customers to connect all these different devices and also do a bunch of interesting things with them like connect to Google assistant and the Google home product for voice interaction and other things but they’re also a checkpoint beset customer they run yeah look let me tell you about the use case can you imagine for a minute we familiar generally with DevOps raise your hand I think I raise your hand what do you know about DevOps well let me tell you about DevOps one its developers what developers care about security okay not much why their primary charge is developing agile getting there quicker so what Conrad did was had multiple teams of DevOps teams that are developing as part of this IOT or e-commerce app and they’re developing and releasing very very quickly using the Google cloud platforms xpn feature which is a cross project we gave each DevOps team its own area separated but V SEC secured all of the access in a separate project so that all the DevOps units were passing through this but the responsibility for managing security in that share in that security V SEC area was all separate so we weren’t counting on the DevOps guys to secure it okay so it’s a really innovative way that both Google cloud and V SEC combined to provide a highly highly agile environment yet also mandate security so really interesting use case we’re running out of time I just wanted to ask you to recap what are the three takeaways and the information overload that you want to leave with us so Friday in Vegas after our conference hey thank you so much for having me here and hearing me out three takeaways I’d love to leave you with is one just how committed to cloud and enterprise Google is you know it’s important to realize that this is a huge business of ours it’s one we’re investing very deeply in I think we’ve invested around 30 billion in capex infrastructure investment and data center build-out and growing the teams of just the last three years and we see that investment continuing to rise the second thing is security for us as an afterthought it’s a core part of like everything we do from software design to staffing of our teams even to data center design and build out and we don’t do that alone we do that very very closely with checkpoint vcx a core part of our cloud security strategy and this is a partnership we’re really excited about and how to apply and help you all transition to the cloud and then I think the last thing I’d love to leave you with is this concept of we are the open cloud and what does open mean why is that important how does it benefit them open is really important if you’re a customer because if you look at open source projects like Linux and other things open drives rapid innovation and that’s ultimately the benefit of cloud for all of you right is being able to benefit from companies like Google and Amazon and Microsoft and others too rapidly innovate so you can leverage the value that comes out of that and whether it’s our open sourcing of beyond Corp or tensorflow our machine learning open source project there’s a number of others this is a big thing that we’re focused on it’s going to a ballista be your innovation partner Adam thanks for your time they provide it yeah thanks for coming thank you everybody was it valuable did you get something out of it – 17 minutes all right I’m all good to go Peter I’m good to go and I cede the floor thank you very much for your time