Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
ゼロトラスト導入支援ってどんなことやってるの?
Search
fnifni
April 15, 2022
Technology
0
52
ゼロトラスト導入支援ってどんなことやってるの?
奈良先端技術大学院大学の卒業制作を行ってるチームに話した内容です
当該チームは、既存の企業にゼロトラストを導入することについてのホワイトペーパーを作るという目的を持っているとのことでした。
fnifni
April 15, 2022
Tweet
Share
More Decks by fnifni
See All by fnifni
生成AIのガバナンスとこれから
fnifni
0
88
AWS re:Inforce 2024 に コミュニティから登壇してきた話
fnifni
0
23
COM224: How organizations are actually applying AWS security best practices
fnifni
0
24
BsidesTokyo2024_AWSセキュリティの ベストプラクティスに関する 利用実態調査のレポートの紹介
fnifni
0
24
re:Inforce2024-recap_英語力ゴミカスでもフル英語登壇を乗り切る成功メソッド
fnifni
0
94
信頼ルールはGoogle Drive共有の孫の手になるか?
fnifni
0
190
ログの話
fnifni
0
55
re:Inforce 2021 ReCap
fnifni
0
180
CloudTailをAzure Sentinelで 分析するということ
fnifni
1
180
Other Decks in Technology
See All in Technology
カメラを用いた店内計測におけるオプトインの仕組みの実現 / ai-optin-camera
cyberagentdevelopers
PRO
1
120
WINTICKETアプリで実現した高可用性と高速リリースを支えるエコシステム / winticket-eco-system
cyberagentdevelopers
PRO
1
190
とあるユーザー企業におけるリスクベースで考えるセキュリティ業務のお話し
4su_para
2
310
ガチ勢によるPipeCD運用大全〜滑らかなCI/CDを添えて〜 / ai-pipecd-encyclopedia
cyberagentdevelopers
PRO
3
190
わたしとトラックポイント / TrackPoint tips
masahirokawahara
1
230
オーティファイ会社紹介資料 / Autify Company Deck
autifyhq
9
120k
AWSコンテナ本出版から3年経った今、もし改めて執筆し直すなら / If I revise our container book
iselegant
13
3.8k
Shift-from-React-to-Vue
calm1205
1
1.2k
プロダクトエンジニアが活躍する環境を作りたくて 事業責任者になった話 ~プロダクトエンジニアの行き着く先~
gimupop
1
400
来年もre:Invent2024 に行きたいあなたへ - “集中”と“つながり”で楽しむ -
ny7760
0
420
現地でMeet Upをやる場合の注意点〜反省点を添えて〜
shotashiratori
0
460
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
5
49k
Featured
See All Featured
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
231
17k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
Building a Modern Day E-commerce SEO Strategy
aleyda
38
6.9k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
22k
We Have a Design System, Now What?
morganepeng
50
7.2k
Art, The Web, and Tiny UX
lynnandtonic
296
20k
Fashionably flexible responsive web design (full day workshop)
malarkey
404
65k
Happy Clients
brianwarren
97
6.7k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.5k
Unsuck your backbone
ammeep
668
57k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
225
22k
Transcript
What is the support for introducing Zero Trust like? It's
a universal story, after all. By Hirokazu Yoshida / At NARA INSTITUTE of SCIENCE and TECHNOLOGY / 2022.4.13
θϩτϥετಋೖࢧԉͬͯ ͲΜͳײ͡ͳͷʁ ݁ہɺීวతͳͳΜͩΑ ٢ాͻΖ͔ͣ / ಸྑઌՊֶٕज़େֶӃେֶ / 2022.4.13
Hirokazu Yoshida @ CloudNative Inc. Job : Security Engineer Community
: Security-JAWS Handle Name : fnifni Who am I !?
Today's expected audience and their issues • θϩτϥετͷ֓೦͔ͬͯΔʢຊ࣭తʹਖ਼͘͠ཧղ͍ͯ͠Δ͔ผʣ •
θϩτϥετʮಋೖ͢ΔͷʯͱࢥͬͯΔ • ࣾձਓ • طଘͷاۀʹରͯ͠θϩτϥετಋೖਪਐͷضΛৼ͍͖͍ͬͯͨ • ࣗͨͪͰͰ͖ͦ͏ͱࢥ͑ΔɺಋೖϓϩηεͷϗϫΠτϖʔύʔΛ࡞Γ ͍͚ͨͲɺ࣮ࡍͲ͏͍ͬͯ͘ͷ͔Πϝʔδ͕͍ͭͯͳ͍
Attention !!! • ຊࢿྉಥ؏Ͱ࡞ͯ͠·͢ͷͰɺଟগ͓ݟ͍͕ۤ͋͠Δͱ ࢥ͍·͢ɻ • ݸਓͷܦݧଇʹجͮ͘෦ؚ͕·Ε·͢ɻ • ͔͋͠Βͣྃ͝ঝ͍ͩ͘͞ɻ
Today's topic • είʔϓͷ • ϑΝϯμϝϯλϧͳ • θϩτϥετಋೖࢧԉͱ͍ͯͬͯ͘͠ϑΣʔζྫͷ
Today's topicʢRatioʣ • είʔϓͷʢ1ʣ • ϑΝϯμϝϯλϧͳʢ5ʣ • θϩτϥετಋೖࢧԉͱ͍ͯͬͯ͘͠ϑΣʔζྫͷʢ4ʣ
What to talk about today and what not to talk
about • ࠓ͢͜ͱ • طଘاۀͷใγεςϜରͯ͠ɺθϩτϥετΛ৫ΓࠐΜͩγεςϜΛσβ Πϯ͠ɺಋೖ͍ͯͨ͘͠ΊͷϑΝϯμϝϯλϧͳߟ͑ํಋೖɾల։ͷྲྀΕ ʹ͍ͭͯ • ͞ͳ͍͜ͱ • ୯७ͳθϩτϥετͱݺΕΔͷಋೖखॱϢʔεέʔε • ݸผ۩ମతͳΦϖϨʔγϣϯ
Today's topic • είʔϓͷ • ϑΝϯμϝϯλϧͳ • θϩτϥετಋೖࢧԉͱ͍ͯͬͯ͘͠ϑΣʔζྫͷ
Common system architectures in companies
Common system architectures in companies
ϓϩμΫτʹΨνͰ θϩτϥετΛ࣮͍ͯ͠Δͷ PagerDuty θϩτϥετωοτϫʔΫ ― ڥքޚͷݶքΛ͑ΔͨΊͷηΩϡΞͳγεςϜઃܭ 9.10ɹέʔεελσΟɿPagerDutyͷΫϥυʹґଘ͠ͳ͍ωοτϫʔΫ ΑΓ
ࠓ͓͢Δͷ ใγεςϜʹରͯ͠ͷ θϩτϥετಋೖࢧԉͷͰ͢
Today's topic • είʔϓͷ • ϑΝϯμϝϯλϧͳ • θϩτϥετಋೖࢧԉͱ͍ͯͬͯ͘͠ϑΣʔζྫͷ
Fundamental Topics • θϩτϥετʹ͍ͭͯͷΑ͋͘Δޡղ • θϩτϥετಋೖࢧԉʹ͋ͨͬͯͷϚΠϯυηοτ • θϩτϥετಋೖࢧԉΛ࢝ΊΔ্ͰͷΞϓϩʔν
Fundamental Topics • θϩτϥετʹ͍ͭͯͷΑ͋͘Δޡղ • θϩτϥετಋೖࢧԉʹ͋ͨͬͯͷϚΠϯυηοτ • θϩτϥετಋೖࢧԉΛ࢝ΊΔ্ͰͷΞϓϩʔν
ࣾͷγεςϜΛ ͯ͢θϩτϥετʹ͍ͨ͠ΜͰ͢
Common Misconceptions • શͳθϩτϥετΞʔΩςΫνϟͷಋೖҝ͠ಘͳ͍ • ͦͦɺϏδωεͦͷͷ͕Կ͔Λ৴པ͢ΔϓϩηεͰߏ ͞Ε͍ͯΔ • ϏδωεϓϩηεࣾγεςϜͦͷͷ͔Βɺθϩτϥ ετΛલఏͱͯ͠࡞ΒΕͨͷ͕ɺBeyondCope
Common Misconceptions • શͳθϩτϥετΞʔΩςΫνϟͷಋೖҝ͠ಘͳ͍ • ͦͦɺۀͰ༻͢ΔใγεςϜػثΞϓϦέʔ γϣϯɺαʔϏεɺθϩτϥετલఏͰ࡞ΒΕ͍ͯͳ͍ • Ͱ͖ΔࣄɺγεςϜͷσβΠϯʹɺθϩτϥετͷཁૉΛ ৫ΓࠐΜͩͷΛ࡞Γ্͛Δͱ͍͏͜ͱ
θϩτϥετങ͖ͬͯͨʂ ࠷৽ٕज़ͳΜͰʂ
Common Misconceptions • θϩτϥετΛߏ͢Δٕज़ɺීวతͳٕज़ͷٕज़ͷूੵ • ϑΝΠΞΥʔϧɺূ໌ॻɺ࠷খݖݶͷݪଇɺσόΠεΠϯϕϯ τϦ…etc • θϩτϥετͷจ຺Ͱ͜Ε·Ͱଘࡏ͠ͳ͔ͬͨͷɺ
ࠓଘࡏ͍ͯ͠ͳ͍ʢͦΕͬΆ͍ͷͰ͖ͭͭ͋Δʣ • ৴པͷਪΤϯδϯ
͜Ε͔Βθϩτϥετʂ ڥքޚͳΜ͔͍ΒΜ͔ͬͨΜʂ
Common Misconceptions • ͦͦɺθϩτϥετڥքܕޚΛશ͘൱ఆ͍ͯ͠ͳ͍ • ۀͰѻ͏ίϯϙʔωϯτͷଟ͘θϩτϥετΞʔΩςΫ νϟʹରԠͰ͖ͳ͍ͷ͔Γ • IoTػثɺෳ߹ػɺࢹΧϝϥγεςϜɺ
੍ޚܥγεςϜ…etc
Δ͖͜ͱ ڥքޚΓͭͭ Γ͍ͨ͜ͱɾͳΓ͍ͨ࢟ʹ͚ͯ θϩτϥετͷཁૉΛ৫ΓࠐΜͩγεςϜ ΛσβΠϯ͍ͯ͘͜͠ͱ
Fundamental Topics • θϩτϥετʹ͍ͭͯͷΑ͋͘Δޡղ • θϩτϥετಋೖࢧԉʹ͋ͨͬͯͷϚΠϯυηοτ • θϩτϥετಋೖࢧԉΛ࢝ΊΔ্ͰͷΞϓϩʔν
ͲΜͳཱͪҐஔͰ θϩτϥετಋೖࢧԉΛ͍ͬͯΔͷ͔
Mindset • ࣄऀاۀͷ୲ऀͷཱࣗͱࣗΛଅ͠ɺใγεςϜΛίϯ τϩʔϧՄೳͳͷʹ͢Δ • Γ͍ͨ͜ͱɾͳΓ͍ͨ࢟ɺ՝ʹର͢ΔਐΊํɺߟ͑ํͷ ΨΠυʢίϯαϧτʹ૬ஊʣ • ୲ऀ͕ࣗखΛಈ͔ͯ͠ɺܦݧ͠ɺվળ͍ͯͨ͘͠Ίͷ
ٕज़ࢧԉ
୲ऀ͕ݴ͍ͬͯΔ͜ͱͷ 7-8ׂ͕ਖ਼͘͠ͳ͍
Examples of common incorrectness • खஈ͕తʹͳͬͯΔύλʔϯ • ʮͳͥͳΒʯ͕ͳ͘ɺ͍͖ͳΓํ๏͔Βೖ͍ͬͯΔ • θϩτϥετΛಋೖ͍ͨ͠ΜͰ͢ʂ
• ΤϞςοτରࡦͰXXXΛ͍͍ͨͰ͢ʂ
Examples of common incorrectness • ࠜڌ͕ബऑͳύλʔϯ • ͋Εɺ͜Εɺͬͨ΄͏͕ྑ͍Ͱ͢ΑͶʢίετ੨ఱҪʣ • ʮͳͥͳΒʯ͕ͳ͍ͷͰɺ࣮ͨ͠ࢪࡦΛ֎ͤͳ͘ͳΔ
Examples of common incorrectness • Λಋೖ͢ΕͳΜͱ͔ͳΔɺӡ༻୭͔ʹΒͤΕ͍͍ͱࢥͬͯ ͍Δύλʔϯ • ϕϯμʔͷཆͰ͢Ͷ •
ݪཧओٛͷύλʔϯ • ηΩϡϦςΟͷͨΊʹXXXېࢭ͠·͠ΐ͏ʂ • ͦΕͬͯɺ୭͕ͤʹͳΔΜͰ͔͢ʁ
૬ख͕ΜͰ ૬खͷͨΊʹͳΒͳ͍͜ͱ ܟҙΛ࣋ͬͯ͢Δ
Examples of common unhelpful things • ൺֱදѱ • ୭͔͕࡞ͬͨൺֱදɺݟͨਓͷࣄͳΜ͔ؔͳ͘࡞ΒΕ ͍ͯΔ
• ͦͷʮ˓ʯɺ͋ͳͨʹͱͬͯຊʹʮ˓ʯͰ͔͢ʁ • ࣗʹͱͬͯ˓͔Ͳ͏͔ɺ৮ͬͯΈͳ͍ͱΘ͔Βͳ͍
Examples of common unhelpful things • ൺֱදඞཁѱ • ্ਃ͢Δ্Ͱɺൺֱ͔ͨ͠ʁΛΘΕΔ߹͋Δ •
ࣗͰԖචͳΊͯ࡞ͬͨൺֱද͕࠷ڧ • ٬؍తʁ ͦͦ٬؍తͳൺֱද͕ࣗͨͪʹͲͷΑ͏ʹϑΟοτ͠ ͍ͯΔͳΜͯɺ୭͕આ໌ͯ͘͠ΕΔΜͰ͔͢Ͷʁ
Examples of common unhelpful things • ϕετϓϥΫςΟεͷݬ • ϕετϓϥΫςΟεʮߟ͑ํʯͰ͋ͬͯʮ͜͏Ε͍͍(How To)ʯͰͳ͍
• ࣗͨͪʹͱͬͯԿ͕Ͳͷఔඞཁ͔ΛݟۃΊΔඞཁ͕͋Δ • Ͳ͔͔͜Β͖࣋ͬͯͨHow To͕ɺࣗͨͪʹͱͬͯඞཁेͰ ͋Δͬͯ୭͕આ໌ͯ͘͠ΕΔΜͰ͔͢Ͷʁ
ཁ ࣗͨͪͷ͜ͱͳΜ͔ͩΒࣄ͍ͯͩ͘͠͞ ͱ͍͏͜ͱ
Fundamental Topics • θϩτϥετʹ͍ͭͯͷΑ͋͘Δޡղ • θϩτϥετಋೖࢧԉʹ͋ͨͬͯͷϚΠϯυηοτ • θϩτϥετಋೖࢧԉΛ࢝ΊΔ্ͰͷΞϓϩʔν
ϗϥʔετʔϦʔԼࡦ
Limitations of Horror Stories • ໌֬ͳϦεΫ՝ʹରॲͰ͖Δ͕ɺͦΕҎ্͕ͳ͍ • ϦεΫͷ૯ྔܦӦऀͷհࡏͳ͠ʹଌΕͳ͍ • ΏʔͯɺͦΜͳͷى͖Δʁͦ͜·ͰΠϯύΫτ͋Δʁ
ଞࣾͲ͏ͯ͠ΔͷʁΛಥഁͰ͖ͳ͍ • ৽͍͠ϦεΫ͕ੜ·ΕͨΒɺ·ͨ৽͍͠ͷΛങΘͳ͍ͱ͍ ͚ͳ͍ͷʁͱ͍͏ٙ೦Λ১Ͱ͖ͳ͍
Limitations of Horror Stories • θϩτϥετΛಋೖ͢Εղܾ͢Δ͔ผͷ • ڥքޚΛ͔ͬ͠ΓͬͨΓɺ৬ঠΛపఈ͢ΕղܾͰ ͖Δ͋Δ •
θϩτϥετΛಋೖͯ͠ղܾ͠·͠ΐ͏
ϑΝΠφϯεʹΛ͚Δ
It costs a lot of money to do anything. •
ࠓ·Ͱ͍ͬͯͳ͔ͬͨ͜ͱΛΔͷͰɺجຊతʹίετ૿ • ͍ͭͷλΠϛϯάͰɺͲͷఔͷΩϟογϡΞτ͕ੜ͡Δ ͷ͔ɺܦӦऀͷॏେͳؔ৺ࣄʢΩϟογϡϑϩʔͱ૬ஊʣ • ࡞ͨ͠ϩʔυϚοϓΛجʹɺ͓͕ۚඞཁͳ࣌ظΛఏࣔ͢Δ • ෆཁʹͳΔػثઃඋɺϥΠηϯε͕͋Εɺ৫ΓࠐΉ
εςʔΫϗϧμʔΛר͖ࠐΉ
Are you trying to do this with just a few
people? • ܦӦऀΛ͡Ίɺܦཧɺ๏ɺਓࣄɺࣄۀ෦ͱؔΘΒͳ͍ͱਐΜͰ͍͔ͳ͍ • ܦӦऀɿτοϓϚωδϝϯτɺඞཁͳࢿݯͷׂΓͯ • ܦཧɿϑΝΠφϯεपΓɺطଘγεςϜͷࢧ͍पΓ • ๏ɿࣄۀಛੑʹର͢Δ๏తͳ໘ͰͷϑΥϩʔ • ਓࣄɿIDιʔεͱͷ߹ • ࣄۀ෦ɿϢʔεέʔεɺ͍উखɺۀޮͷϑΟʔυόοΫͷๅݿ
γεηΩϡϦςΟ෦͚ͩͰ ਐΊΑ͏ͱ͍ͯ͠·ͤΜ͔ʁ
୭͕Ͳ͏ͤʹͳΔͷ͔ ܞΘΔ୲ऀͷςϯγϣϯ͕ ΞΨΔʹ͠ͳ͍ͱଓ͔ͳ͍
γεηΩϡϦςΟ෦͕ ෦ʹดͬͯ͜͡ࣄ͢Δ࣌ ͱͬ͘ʹऴΘͬͯΔ
Today's topic • είʔϓͷ • ϑΝϯμϝϯλϧͳ • θϩτϥετಋೖࢧԉͱ͍ͯͬͯ͘͠ϑΣʔζྫͷ
general fl ow
How long does it take?
What will you be able to do?
To apply a popular phrase.
ͱɺ·͊શମΛ၆ᛌͯ͠ ਐΊ͍ͯ͘ͱ͍͏͜ͱͰ͢
Α͋͘ΔΞϯνύλʔϯ
anti-pattern • ෦తͳཁૉ͚ͩͰΖ͏ͱ͢Δ͜ͱ • ೝূͱσόΠε੍ޚ͚ͩείʔϓΛߜͬͯΓ͍ͨͰ͢ • ͜ͷͰͰ͖Δͱ͜Ζ͚ͩΓ·͢
AsIsͷώΞϦϯάσβΠϯ͔Β είʔϓ֎ͷ͜ͱ͕ൈ͚མͪΔ
The ones that fall out • ۀͰAndroid͔ͭͬͯΔΜ͚ͩͲྑ͔ͬͨΜ͚ͩͬʁ • ͳ่͠͠Ͱࢲ͑ͪΌͬͯΔΜͩΑͳʔ •
࣮VPNͱͷ৯͍߹Θ͕ͤѱ͍ΜͩΑͶ • ͜ͷͰ͜ͷۀΛͬͪΌͬͯྑ͔ͬͨΜ͚ͩͬʁ • ੍ޚϙΠϯτʹ࿙Ε͕͋ͬͨʢζϨͯͨʣɻɻɻ
෦తʹਐΊΑ͏ͱ͢ΔఏҊΛड͚ೖΕΔͳΒ શମͷσβΠϯΛࣗͰҾ͍ͯ ߹ੑΛϋϯυϦϯά͢Δ͜ͱ
analysis of current situation
What we are doing in our analysis of the current
situation • ϦεΫੳ݁ՌͱϦεΫରԠํͷ֬ೝ • Γ͍ͨ͜ͱɺͳΓ͍ͨ࢟ͷώΞϦϯά • खஈ͕తʹͳͬͯͳ͍͔ͷνΣοΫɺͳͥͳΒͷਂ۷Γ • ۀʹؔΘΔεςʔΫϗϧμʔͷ֬ೝ • ۀҕୗΞϧόΠτͳͲ
What we are doing in our analysis of the current
situation • ݱࡏͷγεςϜߏͱͦͷߏʹࢸͬͨഎܠͷ֬ೝ • IDج൫σόΠεԿΛͬͯΔͷʁ • ࣄॴݿɺͳͲɺͲ͜ͰͲΜͳۀͬͯΔͷʁ • ͲΜͳΩοςΟϯάͯ͠Δʁڞ༗IDͱ͔ͬͯΔʁ • ωοτϫʔΫߏʁ
What we are doing in our analysis of the current
situation • ۀγεςϜSaaSϥΠηϯεͷ • ͍ͭߪೖͯ͠ɺอकඅͲΕ͘Β͍ʁ • ԿͷׂΛՌ͍ͨͯ͠Δͷͳͷʁ • ͲΕ͘Β͍ؾʹೖͬͯΔʁ • SSOՄ൱Θ͔Δͱͳ͓ྑ͠
What we are doing in our analysis of the current
situation • ݱࡏͷηΩϡϦςΟϙϦγʔͷ༰֬ೝ • ఆΊΒΕ͍ͯΔ༰ɺͲͷΑ͏ʹ࣮ɾӡ༻͍ͯ͠Δʁ • ४ڌ͖͢ϨΪϡϨʔγϣϯنఆͷ֬ೝ • σβΠϯʹର͢Δ४ڌੑ୭͕ͲͷΑ͏ʹߦ͏ͷ͔ཧ
What we are doing in our analysis of the current
situation • σʔλͷྲྀ௨ܦ࿏ͷ֬ೝ • ৫ͱͯ͠Ͳͷఔॏཁͳใ͕ɺͲ͜ʹஔ͞Ε͓ͯΓɺ ͩΕ͕ɺͲͷσόΠεΛ༻͍ͯɺͲͷΑ͏ͳܦ࿏ͰΞΫηε ͢Δ͔ • ISMS27002Ͱཧ͞ΕΔσʔλͷΛ֦ு͢Δͷ͕ ൺֱతϦʔζφϒϧ
Formulate overall design
άϥϯυσβΠϯͬͯ ͜͏͍͏ֆΛඳ͚͑͑ΜΖʁ
Is this what the overall design is about?
͜ΕɺͨͩͷֆͰ͢
What should be included in the overall design • ϦεΫ՝ɺΓ͍ͨ͜ͱɾͳΓ͍ͨ࢟
• AsIsߏɺToBeߏɺCanBeߏ • σβΠϯίϯηϓτͱ֤ίϯϙʔωϯτͰߦ͏͜ͱ੍ޚͷ֓ཁ • ՝ͱͷϚοϐϯά
What should be included in the overall design • ਐΊΔ্Ͱͷཹҙ
• MDMΓ͑ϢʔβʔӨڹɺηΩϡϦςΟػߏͷΓସ͑ • ϩʔυϚοϓʢ࣮ॱংʣͱεέδϡʔϧ • ߪೖϥΠηϯεҰཡʢֹؚۚΉʣ • ഇغ͢ΔγεςϜͱഇغ࣌ظ
ͳΔ΄Ͳ Θ͔ΒΜ
What should be included in the overall design
What should be included in the overall design
ཁ ٕज़ͷԡ͠ചΓʹͳͬͯ·ͤΜ͔ʁ ͱ͍͏͜ͱ
CanBeߏͬͯʁ
A practical landing place for the time being • ҰඈͼʹToBeߏʹ͍͚ͳ͍͜ͱଟʑ͋Δ
• ͗͢Δεέδϡʔϧɺਫ਼͕ஶ͘͠མͪΔ • ͬͯΈͯɺ͜͏ͩͬͨɾ͜Μͳͣ͡ΌɺΑ͋͘Δ͜ͱ • Γ͍ͨ͜ͱɾͳΓ͍ͨ࢟ʹରͯ͠ɺۙͰͨͲΓண͖͍ͨঢ়ଶΛ ࣮ݱͰ͖ΔߏΛCanBeߏͱݺΜͰ·͢
identity control
Why should we have ID control? • త • ՄೳͳݶΓɺҰҙͷIDͰγεςϜར༻Ͱ͖ΔΑ͏ɺIDΛҰݩཧ͢Δ
• ೝূͱೝՄΛҰݩతʹߦ͑ΔΑ͏ʹ͢Δ • ͳͥͳΒ • ୭͕͍ͭԿΛͨ͠ͱ͍͏ϩάʹҙຯΛ࣋ͨͤΔ(൱ೝࢭ) • ۀར༻SaaSͷϢʔβʔཧΛݸผʹߦΘͳ͍ঢ়گΛ࡞Γɺୀ৬ऀ෦֎ऀͷΞΫηεΛ͙
What to do as an identity control ? • ৴པͰ͖ΔIDιʔεͷ֬ೝʢਓࣄDBActive
DirectoryͳͲʣ • ڞ༗IDͷચ͍ग़͠ͱ؇ાஔ • IDιʔε͔ΒIdPͷܨ͗ࠐΈ • SaaSαʔϏεͷSSOઃఆɺϢʔβʔ/άϧʔϓ(σ)ϓϩϏδϣχϯά • ਵͯ͠SaaSଆͷೝՄઃܭ
What to do as an identity control ? • SSO͕Ͱ͖ͳ͍αʔϏεʹରͯ͠ͷ؇ાஔ
• IDάϧʔϓϝϯόʔγοϓͷ୨Է͠ͷΈͮ͘Γ • ۀʹؔΘΔ֎෦εςʔΫϗϧμʔͷIDཧͷΈͮ͘Γ • ߹ʹΑͬͯɺෳͷIdPΛ͍͚Δ͜ͱ͋Δ
device control
Why should we have device control? • త • ۀͰ͏σόΠεΛಛఆ͠ɺඞཁͳ੍ޚΛ৴Ͱ͖Δঢ়ଶΛอূ
͢Δ • ͳͥͳΒ • ηΩϡϦςΟ࠷͍ਫ४ʹ߹ͬͯ͠·͏ͨΊɺඞཁͱఆΊͨ ηΩϡϦςΟઃఆΞϓϦέʔγϣϯΛ࣮֬ʹ৴͢Δඞཁ͕͋Δ
What to do as an device control • طଘσόΠεʹର͢ΔMDMͷΤϯϩʔϧϝϯτ •
ΩοςΟϯάͰ͍ͬͯΔ͜ͱηΩϡϦςΟϙϦγʔʹج੍ͮ͘ ޚػೳͷ੍ݶͷΛMDMͰ • AutoPilotDEPΛ༻͍ͯɺ৽نσόΠεͷθϩλονσϓϩΠ • ࢀߟɿhttps://www.youtube.com/watch?v=Z-7W4T-IOFk
Content Management
Why should we have Content Management? • త • ϑΝΠϧαʔόʔʹ͋ΔσʔλΛΫϥυετϨʔδʹҠߦ͠ɺ
ߴ͍ϨϕϧͷࠪੑͱΞΫηείϯτϩʔϧɺোੑɺརศੑΛڗड͢Δ • ϢʔεέʔεʹΑͬͯɺΫϥυετϨʔδ͕ϑΟοτ͠ͳ͍߹͋Γ • ͳͥͳΒ • ڥքͰकΔ͖ͷΛݮ͡ɺγεͷӡ༻ཧෛ୲Λݮ͡Δ͜ͱ͕Ͱ͖Δ
What to do as a Content Management? • ϑΥϧμߏઃܭɺΞΫηεݖઃܭ •
άϧʔϓϓϩϏδϣχϯάͱ࿈ಈ • Ϣʔεέʔεʹ߹Θͤͨςφϯτઃఆௐ • Ϣʔεέʔε্ɺ·͘͠ͳ͍ಈ࡞ͷ੍ݶઃఆ • ֎෦ڞ༗ํࣜͱͷ߹
What to do as a Content Management? • σʔλҠߦ •
ҠߦݩɾҠߦઌͷϚοϐϯά • πʔϧͷ༻ΛਪʢσʔλҠߦϊϋΛཁ͢Δʣ • ϝʔϧఴϑΝΠϧͷΫϥυετϨʔδอ • Ϣʔβʔपࢿྉ࡞ɺτϨʔχϯάϫʔΫγϣοϓͷ։࠵
Endpoint Protection
Why should we have Endpoint Protection? • త • ΞϯνΟϧεͰରԠͰ͖ͳ͍ΤϯυϙΠϯτͷڴҖΛݕग़
͠ɺରԠ͢Δ • ͳͥͳΒ • ߴԽ͢Δ߈ܸɺϚϧΣΞͰݕग़͢Δ͜ͱࠔͰ͋Γɺ ΠϯςϦδΣϯεΛ׆༻͢Δඞཁ͕͋Δ͔Β
What to do as a Endpoint Protection? • ςφϯτઃఆ •
ར༻͢Δػೳɺར༻͠ͳ͍ػೳͷܾఆɺϩʔϧઃܭ • ॳظల։ • ΦϯϘʔυखॱͷཱ֬ɺ࠷ݶͷػೳಈ࡞֬ೝɾಈ࡞Өڹ֬ೝ • طଘΞϯνϚϧΣΞͷೖΕସ͑ํࣜͷݕ౼
What to do as a Endpoint Protection? • ύΠϩοτల։ •
֤෦͔ΒύΠϩοτϢʔβʔΛืͬͯɺEDRΛಋೖ • ۀӨڹ֬ೝͱνϡʔχϯά • ΞϥʔτରԠͷशख़ͱରԠϑϩʔͷཱ֬ • ࣗࣾͰͷରԠ͕͍͠෦ͷ֬ೝ
What to do as a Endpoint Protection? • SOCࣄۀऀબఆʢΦϓγϣϯʣ •
ࣗࣾͰରԠ͕͍͠෦ʹ͍ͭͯɺରԠͯ͠Β͑ΔSOCࣄۀऀΛ୳͢ • ӡ༻ɺSOCࣄۀऀͰ݁͠ͳ͍͜ͱʹҙ • SOCࣄۀऀτϥΠΞϧӡ༻ʢΦϓγϣϯʣ • ࣮ࡍʹͲͷϨϕϧͰରԠΛͯ͘͠ΕΔ͔ɺͲͷΑ͏ͳΓͱΓ͕ੜ͡Δ͔
What to do as a Endpoint Protection? • ੬ऑੑରԠʢʹΑΔʣ •
৫ͷ੬ऑੑΛಛఆ͠ɺରԠΛཁ͢ΔͷΛஅ͢Δ • OSઃఆΞϓϦέʔγϣϯόʔδϣϯʹجͮ͘੬ऑੑ͕ର • ରԠσόΠε੍ޚͷج൫Λར༻͢Δ
Shadow IT Countermeasures
Why should we have Shadow IT Countermeasures? • త
• ۀͰར༻͍ͯ͠ΔSaaSαʔϏεར༻ͷՄࢹԽͱ੍ޚ • ѱੑίϯςϯπͷΞΫηε੍ݶ • ͳͥͳΒ • Web௨৴ɺσʔλྲྀ௨ͷॏཁͳΩʔϙΠϯτ
What to do as a Shadow IT Countermeasures? • ҠߦઃܭɺઃఆͷҠߦ
• ڥքޚطଘͷηΩϡϦςΟػߏ͕ߦ͍ͬͯΔ੍ޚͷચ͍ग़͠ͱɺ CASB/SWGͷམͱ͠ࠐΈ • σόΠε౷੍ج൫Λ༻͍ͯɺAgentల։ • େ͖͘AgentܕɺAPIܕɺProxyܕͱ͋Δ͕ɺΧόʔൣғͱωοτϫʔΫ τϙϩδͷࣗ༝Λߟྀ͢ΔͱAgentܕ͕ϑΝʔετνϣΠε
What to do as a Shadow IT Countermeasures? • νϡʔχϯά
• ςφϯτࣝผొ • SSL෮߸ʹΑΔӨڹΛड͚ΔSaaSɺWebαʔϏεʹ͍ͭͯɺআ֎ઃఆͳͲ ͷ࣮ࢪ • Ҡߦઃఆͷೖ • ΧςΰϦϑΟϧλϦϯάɺෆ৹ͳυϝΠϯͷଓ੍ݶઃఆͳͲ
What to do as a Shadow IT Countermeasures? • ՄࢹԽ༰ͷ֬ೝ
• SaaSαʔϏεͷར༻ঢ়گ͔ΒɺରԠํΛݕ౼ • ར༻෦ͱͷௐ͢Γ߹Θͤ • ՄࢹԽ݁Ռʹج੍ͮ͘ޚઃఆ
What to do as a Shadow IT Countermeasures? • DLP
• ৫Ͱอޢ͖͢σʔλΛਖ਼نදݱͰఆٛͰ͖Δ͔͕ΧΪ • ϑϦʔϋϯυͰߦ͏ʹ͕ߴ͗͢Δʢݸਓใͱ͔ʣ • ࣄۀಛੑͱσʔλͷྲྀ௨ܦ࿏Λेʹ뱌Ͱ͖Εɺൺֱతγϯ ϓϧʹ͏͜ͱՄೳʢࣙॻɺ֦ுࢠɺϑΝΠϧαΠζͳͲʣ
Breaking away from VPN
Why are you breaking away from VPNs? • త •
ݸʑͷࣾΞϓϦέʔγϣϯΦϯϓϨϛεγεςϜʹରͯ͠ɺ ೝূʹجͮ͘ΞΫηείϯτϩʔϧΛఏڙ͢Δ • ͳͥͳΒ • VPNɺωοτϫʔΫͷΞΫηεڐՄʹରͯ͠ɺIAPΞϓϦ έʔγϣϯʹରͯ͠ɺϢʔβʔ͝ͱͷଓڐՄΛఏڙ͢Δ
What does getting out of a VPN do? • ଓରγεςϜʢ㲈VPNʹґଘ͍ͯ͠ΔγεςϜʣͷચ͍ग़͠
• ϙʔτɺIPΞυϨεɺFQDNɺґଘ͢ΔDNSΛ֬ೝ • ࣾγεςϜͷૄ௨ՄೳͳॴʹίωΫλΛஔ͢Δ • ରγεςϜͷଓݕূ • ཪͰΞΫηε͍ͯ͠ΔURLͳͲͷ͋ͿΓग़͠
What does getting out of a VPN do? • ϩʔϧઃܭ
• ϩʔϧ͝ͱʹར༻͢ΔΞϓϦέʔγϣϯηοτΛఆٛ • ϓϩϏδϣχϯάͨ͠άϧʔϓʹجͮ͘ • ίωΫλνϡʔχϯά • εϧʔϓοτՄ༻ੑͷௐ͕ඞཁͰ͋Ε
What does getting out of a VPN do? • VPNଘஔͷγφϦΦʹ͍ͭͯͷݕ౼ʢΦϓγϣϯʣ
• ߴ͍Մ༻ੑΛཁ͢ΔαʔϏε͕͋ΕɺόοΫΞοϓճઢͱ͠ ͯVPNΛଘஔ͢Δ͜ͱΞϦ • අ༻ΩοςΟϯάɺӡ༻ෛՙͷݮʹͳΒͳ͍ͷͰɺ ϦεΫϚωδϝϯτͱͯ͠ͷஅ͕ඞཁ
log management
Why do you do log management? • త • ֤SaaSηΩϡϦςΟʹࢄΒΔϩάΞϥʔτΛू
͠ɺγεςϜΞϥʔτΛ၆ᛌ͢Δ͜ͱͰରԠ͖͢Πϯγσϯτ ΛݟۃΊΔ • ͳͥͳΒ • ֤ͷϩάͷ૬ޓ֬ೝͷखؒΛݮΒ͠ɺରԠͷࣗಈԽʹܨ͛Δ
What does log management do? • ετʔϦʔͷཱ֬ • ͩΕ͕ɺ୭ʹରͯ͠ɺͲͷΑ͏ͳ͜ͱΛઆ໌Ͱ͖ͨΒউͪͰ͋Δ͔ •
ऩूରϩάͷબผ • ετʔϦʔʹؔΘΔϩάॏཁσʔλΛϗετ͢ΔαʔϏεɺ͓ΑͼϦεΫΞη εϝϯτͷ݁Ռɺൃݟత౷੍ʢϩάʹΑΔݕग़ʣ͕ରԠࡦͱͯ͠ڍ͛ΒΕͨγε ςϜ͕ର • ͳΜͰूɺΞϯνύλʔϯ
What does log management do? • อଘظؒͷܾఆʢن੍๏ྩʹجͮ͘ʣ • ϩάऩूج൫ͷબఆͱܾఆ •
ϩάऩूରͱͷܨ͗ࠐΈ͕༰қͳ͕͋Δ͔ • ϑΝʔετνϣΠεɺΫϥυܕSIEM • Ͱ͖ΕɺεϞʔϧελʔτՄೳͳΛબఆ
What does log management do? • ֤αʔϏεͱSIEMͱͷܨ͗ࠐΈ • ຯͰҰ൪ॏ͍ɻ҆қʹ࡞ΓࠐΈʹΔͷې •
ϩʔϧઃܭ • ϩά୭ʹͰݟΒΕͯྑ͍ͷͰͳ͍
What does log management do? • ݕग़ϩδοΫͷ࡞ • ετʔϦʔϦεΫΞηεϝϯτͷ݁Ռʹجͮ͘࡞ΓࠐΈ •
ࣗಈରԠɺઌͣ௨͔Β • ରԠΛ͍ͯ͘͠தͰɺ͓ܾ·ΓͷରԠ༰ΛࣗಈԽ͍ͯ͘͠ • ΤϯϦονϝϯτɺՃௐࠪͳͲ
What does log management do? • ՄࢹԽςϯϓϨʔτͷ࡞ • ετʔϦʔϦεΫΞηεϝϯτͷ݁Ռʹجͮ͘࡞ΓࠐΈ •
ࢹઃఆ • ՝ۚঢ়گɺϩάྲྀೖঢ়گɺΫΤϦʔ࣮ߦঢ়گ…etc
ͱɺ·͊ ʮθϩτϥετಋೖࢧԉʯ ͜Μͳײ͡ͰਐΊ͍ͯ͘༁Ͱ͢
conclusion • Γ͍ͨ͜ͱɾͳΓ͍ͨ࢟ΛجʹɺʮͳͥͳΒʯΛ໌֬ʹͯ͠ɺ ใγεςϜͷσβΠϯʹθϩτϥετͷཁૉΛ৫ΓࠐΜͰ͍͘ • ࣮ʹ͋ͨͬͯઐ͕ࣝඞཁ͕ͩɺࣗͰखΛಈ͔ͯ͠ɺܦݧ ͱϑΟʔυόοΫʹج͍ͮͯίϯτϩʔϧ͍ͯ͘͠Α͏ʹ͠ͳ͍ ͱɺखʹෛ͑ͳ͍ʹͳΔ • ಛผͳ͜ͱ͕ͳ͚ΕɺID౷੍ˠσόΠε౷੍͔Β࢝ΊΔ
͓ͳ͔͍ͬͺ͍Ͱ͔͢ʁ
One more things
θϩτϥετಋೖͷ͜͏ଆ
ബʑצ͍͍ͮͯΔͱࢥ͍·͕͢ ͋Γͱ͋ΒΏΔใ͕ू·͖ͬͯ·͢
Things that have gathered when you notice them • ͷΠϯϕϯτϦใʢ୭ͷεϚϗʹͲͷΞϓϦ͕ೖͬͯΔʁʣ
• WebӾཡใʢ୭͕͍ͭͲΜͳαΠτʹΞΫηεͨ͠ʣ • ςΩετใʢ୭͕ͲΜͳϫʔυΛߘ͔ͨ͠ͳʣ • Ґஔใʢ୭ͷσόΠεͲ͜ʹ͋Δʁʣ
ݸਓใͬͯͬͯΔʁ
Yes. These are private information • ID౷੍͞Εͨੈք؍Ͱɺ΄ͱΜͲͷσʔλʢϩάʣʹUPNϝʔϧΞυϨεʹඥ͘ • ۀͰ༻͢ΔใγεςϜͷϞχλϦϯάɺใηΩϡϦςΟ࿑ಇऀͷ৬ઐ೦ٛ ͷݟ͔Βɺۀ্ͷඞཁੑ͕ೝΊΒΕΔ
• ଞํͰɺࣄۀऀʹͱͬͯࣝผ͞ΕͨIDͱݸਓͱͷর߹༰қͰ͋Δ͜ͱ͔Βɺ͜ΕΒͷσʔλ ݸਓࣝผੑΛ༗͠ɺݸਓใʹ֘͢Δ͜ͱ͕ҰൠతͰ͋Δ • ैͬͯɺϞχλϦϯάݸਓใอޢ๏ͷن੍ରͰ͋Δͱ͍͑Δ • ϞχλϦϯάɺϓϥΠόγʔਓ֨ݖͷ৵ʹΑΔଛഛঈٻૌুͰ૪ΘΕΔ͜ͱ͋Δ શຊใॲཧֶशৼڵڠձ ൛ ݸਓใอޢ࢜ೝఆࢼݧ ެೝςΩετୈ2൛ 571ʙ572ทΑΓൈਮʢҰ෦ཁʣ
Yes. These are private information https://www.meti.go.jp/policy/it_policy/privacy/050805_guideline.pdf
ཁ ϞχλϦϯάͰಘͨใɺ ݸਓใͱͯ͠ར༻ൣғΛ໌֬ʹͯ͠ ར༻͢Δͱ͍͏͜ͱ
ͯ͞ɺੈͷதθϩτϥετͱڣΜͰ͍Δ ϕϯμʔ͕ྊᬚͯ͠·͕͢
͜ͷ͜ͱʹݴٴ͠ͳ͍ͷ ͳͥͰ͠ΐ͏͔Ͷʁ
Έͳ͞Μͷ॓ʹ͓͖ͯ͠·͢˒
Thank you !