Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
ゼロトラスト導入支援ってどんなことやってるの?
Search
fnifni
April 15, 2022
Technology
0
52
ゼロトラスト導入支援ってどんなことやってるの?
奈良先端技術大学院大学の卒業制作を行ってるチームに話した内容です
当該チームは、既存の企業にゼロトラストを導入することについてのホワイトペーパーを作るという目的を持っているとのことでした。
fnifni
April 15, 2022
Tweet
Share
More Decks by fnifni
See All by fnifni
生成AIのガバナンスとこれから
fnifni
0
88
AWS re:Inforce 2024 に コミュニティから登壇してきた話
fnifni
0
24
COM224: How organizations are actually applying AWS security best practices
fnifni
0
24
BsidesTokyo2024_AWSセキュリティの ベストプラクティスに関する 利用実態調査のレポートの紹介
fnifni
0
24
re:Inforce2024-recap_英語力ゴミカスでもフル英語登壇を乗り切る成功メソッド
fnifni
0
94
信頼ルールはGoogle Drive共有の孫の手になるか?
fnifni
0
190
ログの話
fnifni
0
55
re:Inforce 2021 ReCap
fnifni
0
180
CloudTailをAzure Sentinelで 分析するということ
fnifni
1
180
Other Decks in Technology
See All in Technology
端末が簡単にリモートから操作されるデモを通じて ソフトウェアサプライチェーン攻撃対策の重要性を理解しよう
kitaji0306
0
170
Amazon FSx for NetApp ONTAPを利用するにあたっての要件整理と設計のポイント
non97
1
160
フルカイテン株式会社 採用資料
fullkaiten
0
36k
わたしとトラックポイント / TrackPoint tips
masahirokawahara
1
240
【若手エンジニア応援LT会】AWS Security Hubの活用に苦労した話
kazushi_ohata
0
150
最速最小からはじめるデータプロダクト / Data Product MVP
amaotone
5
720
CyberAgent 生成AI Deep Dive with Amazon Web Services / genai-aws
cyberagentdevelopers
PRO
1
470
Aurora_BlueGreenDeploymentsやってみた
tsukasa_ishimaru
1
120
AWSコンテナ本出版から3年経った今、もし改めて執筆し直すなら / If I revise our container book
iselegant
15
3.9k
バクラクにおける可観測性向上の取り組み
yuu26
3
400
日経電子版におけるリアルタイムレコメンドシステム開発の事例紹介/nikkei-realtime-recommender-system
yng87
1
460
生成AIと知識グラフの相互利用に基づく文書解析
koujikozaki
1
130
Featured
See All Featured
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
9
680
Fireside Chat
paigeccino
32
3k
Designing for humans not robots
tammielis
249
25k
Gamification - CAS2011
davidbonilla
80
5k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
92
16k
Art, The Web, and Tiny UX
lynnandtonic
296
20k
Become a Pro
speakerdeck
PRO
24
5k
Designing the Hi-DPI Web
ddemaree
280
34k
Designing for Performance
lara
604
68k
10 Git Anti Patterns You Should be Aware of
lemiorhan
654
59k
Visualization
eitanlees
144
15k
Transcript
What is the support for introducing Zero Trust like? It's
a universal story, after all. By Hirokazu Yoshida / At NARA INSTITUTE of SCIENCE and TECHNOLOGY / 2022.4.13
θϩτϥετಋೖࢧԉͬͯ ͲΜͳײ͡ͳͷʁ ݁ہɺීวతͳͳΜͩΑ ٢ాͻΖ͔ͣ / ಸྑઌՊֶٕज़େֶӃେֶ / 2022.4.13
Hirokazu Yoshida @ CloudNative Inc. Job : Security Engineer Community
: Security-JAWS Handle Name : fnifni Who am I !?
Today's expected audience and their issues • θϩτϥετͷ֓೦͔ͬͯΔʢຊ࣭తʹਖ਼͘͠ཧղ͍ͯ͠Δ͔ผʣ •
θϩτϥετʮಋೖ͢ΔͷʯͱࢥͬͯΔ • ࣾձਓ • طଘͷاۀʹରͯ͠θϩτϥετಋೖਪਐͷضΛৼ͍͖͍ͬͯͨ • ࣗͨͪͰͰ͖ͦ͏ͱࢥ͑ΔɺಋೖϓϩηεͷϗϫΠτϖʔύʔΛ࡞Γ ͍͚ͨͲɺ࣮ࡍͲ͏͍ͬͯ͘ͷ͔Πϝʔδ͕͍ͭͯͳ͍
Attention !!! • ຊࢿྉಥ؏Ͱ࡞ͯ͠·͢ͷͰɺଟগ͓ݟ͍͕ۤ͋͠Δͱ ࢥ͍·͢ɻ • ݸਓͷܦݧଇʹجͮ͘෦ؚ͕·Ε·͢ɻ • ͔͋͠Βͣྃ͝ঝ͍ͩ͘͞ɻ
Today's topic • είʔϓͷ • ϑΝϯμϝϯλϧͳ • θϩτϥετಋೖࢧԉͱ͍ͯͬͯ͘͠ϑΣʔζྫͷ
Today's topicʢRatioʣ • είʔϓͷʢ1ʣ • ϑΝϯμϝϯλϧͳʢ5ʣ • θϩτϥετಋೖࢧԉͱ͍ͯͬͯ͘͠ϑΣʔζྫͷʢ4ʣ
What to talk about today and what not to talk
about • ࠓ͢͜ͱ • طଘاۀͷใγεςϜରͯ͠ɺθϩτϥετΛ৫ΓࠐΜͩγεςϜΛσβ Πϯ͠ɺಋೖ͍ͯͨ͘͠ΊͷϑΝϯμϝϯλϧͳߟ͑ํಋೖɾల։ͷྲྀΕ ʹ͍ͭͯ • ͞ͳ͍͜ͱ • ୯७ͳθϩτϥετͱݺΕΔͷಋೖखॱϢʔεέʔε • ݸผ۩ମతͳΦϖϨʔγϣϯ
Today's topic • είʔϓͷ • ϑΝϯμϝϯλϧͳ • θϩτϥετಋೖࢧԉͱ͍ͯͬͯ͘͠ϑΣʔζྫͷ
Common system architectures in companies
Common system architectures in companies
ϓϩμΫτʹΨνͰ θϩτϥετΛ࣮͍ͯ͠Δͷ PagerDuty θϩτϥετωοτϫʔΫ ― ڥքޚͷݶքΛ͑ΔͨΊͷηΩϡΞͳγεςϜઃܭ 9.10ɹέʔεελσΟɿPagerDutyͷΫϥυʹґଘ͠ͳ͍ωοτϫʔΫ ΑΓ
ࠓ͓͢Δͷ ใγεςϜʹରͯ͠ͷ θϩτϥετಋೖࢧԉͷͰ͢
Today's topic • είʔϓͷ • ϑΝϯμϝϯλϧͳ • θϩτϥετಋೖࢧԉͱ͍ͯͬͯ͘͠ϑΣʔζྫͷ
Fundamental Topics • θϩτϥετʹ͍ͭͯͷΑ͋͘Δޡղ • θϩτϥετಋೖࢧԉʹ͋ͨͬͯͷϚΠϯυηοτ • θϩτϥετಋೖࢧԉΛ࢝ΊΔ্ͰͷΞϓϩʔν
Fundamental Topics • θϩτϥετʹ͍ͭͯͷΑ͋͘Δޡղ • θϩτϥετಋೖࢧԉʹ͋ͨͬͯͷϚΠϯυηοτ • θϩτϥετಋೖࢧԉΛ࢝ΊΔ্ͰͷΞϓϩʔν
ࣾͷγεςϜΛ ͯ͢θϩτϥετʹ͍ͨ͠ΜͰ͢
Common Misconceptions • શͳθϩτϥετΞʔΩςΫνϟͷಋೖҝ͠ಘͳ͍ • ͦͦɺϏδωεͦͷͷ͕Կ͔Λ৴པ͢ΔϓϩηεͰߏ ͞Ε͍ͯΔ • ϏδωεϓϩηεࣾγεςϜͦͷͷ͔Βɺθϩτϥ ετΛલఏͱͯ͠࡞ΒΕͨͷ͕ɺBeyondCope
Common Misconceptions • શͳθϩτϥετΞʔΩςΫνϟͷಋೖҝ͠ಘͳ͍ • ͦͦɺۀͰ༻͢ΔใγεςϜػثΞϓϦέʔ γϣϯɺαʔϏεɺθϩτϥετલఏͰ࡞ΒΕ͍ͯͳ͍ • Ͱ͖ΔࣄɺγεςϜͷσβΠϯʹɺθϩτϥετͷཁૉΛ ৫ΓࠐΜͩͷΛ࡞Γ্͛Δͱ͍͏͜ͱ
θϩτϥετങ͖ͬͯͨʂ ࠷৽ٕज़ͳΜͰʂ
Common Misconceptions • θϩτϥετΛߏ͢Δٕज़ɺීวతͳٕज़ͷٕज़ͷूੵ • ϑΝΠΞΥʔϧɺূ໌ॻɺ࠷খݖݶͷݪଇɺσόΠεΠϯϕϯ τϦ…etc • θϩτϥετͷจ຺Ͱ͜Ε·Ͱଘࡏ͠ͳ͔ͬͨͷɺ
ࠓଘࡏ͍ͯ͠ͳ͍ʢͦΕͬΆ͍ͷͰ͖ͭͭ͋Δʣ • ৴པͷਪΤϯδϯ
͜Ε͔Βθϩτϥετʂ ڥքޚͳΜ͔͍ΒΜ͔ͬͨΜʂ
Common Misconceptions • ͦͦɺθϩτϥετڥքܕޚΛશ͘൱ఆ͍ͯ͠ͳ͍ • ۀͰѻ͏ίϯϙʔωϯτͷଟ͘θϩτϥετΞʔΩςΫ νϟʹରԠͰ͖ͳ͍ͷ͔Γ • IoTػثɺෳ߹ػɺࢹΧϝϥγεςϜɺ
੍ޚܥγεςϜ…etc
Δ͖͜ͱ ڥքޚΓͭͭ Γ͍ͨ͜ͱɾͳΓ͍ͨ࢟ʹ͚ͯ θϩτϥετͷཁૉΛ৫ΓࠐΜͩγεςϜ ΛσβΠϯ͍ͯ͘͜͠ͱ
Fundamental Topics • θϩτϥετʹ͍ͭͯͷΑ͋͘Δޡղ • θϩτϥετಋೖࢧԉʹ͋ͨͬͯͷϚΠϯυηοτ • θϩτϥετಋೖࢧԉΛ࢝ΊΔ্ͰͷΞϓϩʔν
ͲΜͳཱͪҐஔͰ θϩτϥετಋೖࢧԉΛ͍ͬͯΔͷ͔
Mindset • ࣄऀاۀͷ୲ऀͷཱࣗͱࣗΛଅ͠ɺใγεςϜΛίϯ τϩʔϧՄೳͳͷʹ͢Δ • Γ͍ͨ͜ͱɾͳΓ͍ͨ࢟ɺ՝ʹର͢ΔਐΊํɺߟ͑ํͷ ΨΠυʢίϯαϧτʹ૬ஊʣ • ୲ऀ͕ࣗखΛಈ͔ͯ͠ɺܦݧ͠ɺվળ͍ͯͨ͘͠Ίͷ
ٕज़ࢧԉ
୲ऀ͕ݴ͍ͬͯΔ͜ͱͷ 7-8ׂ͕ਖ਼͘͠ͳ͍
Examples of common incorrectness • खஈ͕తʹͳͬͯΔύλʔϯ • ʮͳͥͳΒʯ͕ͳ͘ɺ͍͖ͳΓํ๏͔Βೖ͍ͬͯΔ • θϩτϥετΛಋೖ͍ͨ͠ΜͰ͢ʂ
• ΤϞςοτରࡦͰXXXΛ͍͍ͨͰ͢ʂ
Examples of common incorrectness • ࠜڌ͕ബऑͳύλʔϯ • ͋Εɺ͜Εɺͬͨ΄͏͕ྑ͍Ͱ͢ΑͶʢίετ੨ఱҪʣ • ʮͳͥͳΒʯ͕ͳ͍ͷͰɺ࣮ͨ͠ࢪࡦΛ֎ͤͳ͘ͳΔ
Examples of common incorrectness • Λಋೖ͢ΕͳΜͱ͔ͳΔɺӡ༻୭͔ʹΒͤΕ͍͍ͱࢥͬͯ ͍Δύλʔϯ • ϕϯμʔͷཆͰ͢Ͷ •
ݪཧओٛͷύλʔϯ • ηΩϡϦςΟͷͨΊʹXXXېࢭ͠·͠ΐ͏ʂ • ͦΕͬͯɺ୭͕ͤʹͳΔΜͰ͔͢ʁ
૬ख͕ΜͰ ૬खͷͨΊʹͳΒͳ͍͜ͱ ܟҙΛ࣋ͬͯ͢Δ
Examples of common unhelpful things • ൺֱදѱ • ୭͔͕࡞ͬͨൺֱදɺݟͨਓͷࣄͳΜ͔ؔͳ͘࡞ΒΕ ͍ͯΔ
• ͦͷʮ˓ʯɺ͋ͳͨʹͱͬͯຊʹʮ˓ʯͰ͔͢ʁ • ࣗʹͱͬͯ˓͔Ͳ͏͔ɺ৮ͬͯΈͳ͍ͱΘ͔Βͳ͍
Examples of common unhelpful things • ൺֱදඞཁѱ • ্ਃ͢Δ্Ͱɺൺֱ͔ͨ͠ʁΛΘΕΔ߹͋Δ •
ࣗͰԖචͳΊͯ࡞ͬͨൺֱද͕࠷ڧ • ٬؍తʁ ͦͦ٬؍తͳൺֱද͕ࣗͨͪʹͲͷΑ͏ʹϑΟοτ͠ ͍ͯΔͳΜͯɺ୭͕આ໌ͯ͘͠ΕΔΜͰ͔͢Ͷʁ
Examples of common unhelpful things • ϕετϓϥΫςΟεͷݬ • ϕετϓϥΫςΟεʮߟ͑ํʯͰ͋ͬͯʮ͜͏Ε͍͍(How To)ʯͰͳ͍
• ࣗͨͪʹͱͬͯԿ͕Ͳͷఔඞཁ͔ΛݟۃΊΔඞཁ͕͋Δ • Ͳ͔͔͜Β͖࣋ͬͯͨHow To͕ɺࣗͨͪʹͱͬͯඞཁेͰ ͋Δͬͯ୭͕આ໌ͯ͘͠ΕΔΜͰ͔͢Ͷʁ
ཁ ࣗͨͪͷ͜ͱͳΜ͔ͩΒࣄ͍ͯͩ͘͠͞ ͱ͍͏͜ͱ
Fundamental Topics • θϩτϥετʹ͍ͭͯͷΑ͋͘Δޡղ • θϩτϥετಋೖࢧԉʹ͋ͨͬͯͷϚΠϯυηοτ • θϩτϥετಋೖࢧԉΛ࢝ΊΔ্ͰͷΞϓϩʔν
ϗϥʔετʔϦʔԼࡦ
Limitations of Horror Stories • ໌֬ͳϦεΫ՝ʹରॲͰ͖Δ͕ɺͦΕҎ্͕ͳ͍ • ϦεΫͷ૯ྔܦӦऀͷհࡏͳ͠ʹଌΕͳ͍ • ΏʔͯɺͦΜͳͷى͖Δʁͦ͜·ͰΠϯύΫτ͋Δʁ
ଞࣾͲ͏ͯ͠ΔͷʁΛಥഁͰ͖ͳ͍ • ৽͍͠ϦεΫ͕ੜ·ΕͨΒɺ·ͨ৽͍͠ͷΛങΘͳ͍ͱ͍ ͚ͳ͍ͷʁͱ͍͏ٙ೦Λ১Ͱ͖ͳ͍
Limitations of Horror Stories • θϩτϥετΛಋೖ͢Εղܾ͢Δ͔ผͷ • ڥքޚΛ͔ͬ͠ΓͬͨΓɺ৬ঠΛపఈ͢ΕղܾͰ ͖Δ͋Δ •
θϩτϥετΛಋೖͯ͠ղܾ͠·͠ΐ͏
ϑΝΠφϯεʹΛ͚Δ
It costs a lot of money to do anything. •
ࠓ·Ͱ͍ͬͯͳ͔ͬͨ͜ͱΛΔͷͰɺجຊతʹίετ૿ • ͍ͭͷλΠϛϯάͰɺͲͷఔͷΩϟογϡΞτ͕ੜ͡Δ ͷ͔ɺܦӦऀͷॏେͳؔ৺ࣄʢΩϟογϡϑϩʔͱ૬ஊʣ • ࡞ͨ͠ϩʔυϚοϓΛجʹɺ͓͕ۚඞཁͳ࣌ظΛఏࣔ͢Δ • ෆཁʹͳΔػثઃඋɺϥΠηϯε͕͋Εɺ৫ΓࠐΉ
εςʔΫϗϧμʔΛר͖ࠐΉ
Are you trying to do this with just a few
people? • ܦӦऀΛ͡Ίɺܦཧɺ๏ɺਓࣄɺࣄۀ෦ͱؔΘΒͳ͍ͱਐΜͰ͍͔ͳ͍ • ܦӦऀɿτοϓϚωδϝϯτɺඞཁͳࢿݯͷׂΓͯ • ܦཧɿϑΝΠφϯεपΓɺطଘγεςϜͷࢧ͍पΓ • ๏ɿࣄۀಛੑʹର͢Δ๏తͳ໘ͰͷϑΥϩʔ • ਓࣄɿIDιʔεͱͷ߹ • ࣄۀ෦ɿϢʔεέʔεɺ͍উखɺۀޮͷϑΟʔυόοΫͷๅݿ
γεηΩϡϦςΟ෦͚ͩͰ ਐΊΑ͏ͱ͍ͯ͠·ͤΜ͔ʁ
୭͕Ͳ͏ͤʹͳΔͷ͔ ܞΘΔ୲ऀͷςϯγϣϯ͕ ΞΨΔʹ͠ͳ͍ͱଓ͔ͳ͍
γεηΩϡϦςΟ෦͕ ෦ʹดͬͯ͜͡ࣄ͢Δ࣌ ͱͬ͘ʹऴΘͬͯΔ
Today's topic • είʔϓͷ • ϑΝϯμϝϯλϧͳ • θϩτϥετಋೖࢧԉͱ͍ͯͬͯ͘͠ϑΣʔζྫͷ
general fl ow
How long does it take?
What will you be able to do?
To apply a popular phrase.
ͱɺ·͊શମΛ၆ᛌͯ͠ ਐΊ͍ͯ͘ͱ͍͏͜ͱͰ͢
Α͋͘ΔΞϯνύλʔϯ
anti-pattern • ෦తͳཁૉ͚ͩͰΖ͏ͱ͢Δ͜ͱ • ೝূͱσόΠε੍ޚ͚ͩείʔϓΛߜͬͯΓ͍ͨͰ͢ • ͜ͷͰͰ͖Δͱ͜Ζ͚ͩΓ·͢
AsIsͷώΞϦϯάσβΠϯ͔Β είʔϓ֎ͷ͜ͱ͕ൈ͚མͪΔ
The ones that fall out • ۀͰAndroid͔ͭͬͯΔΜ͚ͩͲྑ͔ͬͨΜ͚ͩͬʁ • ͳ่͠͠Ͱࢲ͑ͪΌͬͯΔΜͩΑͳʔ •
࣮VPNͱͷ৯͍߹Θ͕ͤѱ͍ΜͩΑͶ • ͜ͷͰ͜ͷۀΛͬͪΌͬͯྑ͔ͬͨΜ͚ͩͬʁ • ੍ޚϙΠϯτʹ࿙Ε͕͋ͬͨʢζϨͯͨʣɻɻɻ
෦తʹਐΊΑ͏ͱ͢ΔఏҊΛड͚ೖΕΔͳΒ શମͷσβΠϯΛࣗͰҾ͍ͯ ߹ੑΛϋϯυϦϯά͢Δ͜ͱ
analysis of current situation
What we are doing in our analysis of the current
situation • ϦεΫੳ݁ՌͱϦεΫରԠํͷ֬ೝ • Γ͍ͨ͜ͱɺͳΓ͍ͨ࢟ͷώΞϦϯά • खஈ͕తʹͳͬͯͳ͍͔ͷνΣοΫɺͳͥͳΒͷਂ۷Γ • ۀʹؔΘΔεςʔΫϗϧμʔͷ֬ೝ • ۀҕୗΞϧόΠτͳͲ
What we are doing in our analysis of the current
situation • ݱࡏͷγεςϜߏͱͦͷߏʹࢸͬͨഎܠͷ֬ೝ • IDج൫σόΠεԿΛͬͯΔͷʁ • ࣄॴݿɺͳͲɺͲ͜ͰͲΜͳۀͬͯΔͷʁ • ͲΜͳΩοςΟϯάͯ͠Δʁڞ༗IDͱ͔ͬͯΔʁ • ωοτϫʔΫߏʁ
What we are doing in our analysis of the current
situation • ۀγεςϜSaaSϥΠηϯεͷ • ͍ͭߪೖͯ͠ɺอकඅͲΕ͘Β͍ʁ • ԿͷׂΛՌ͍ͨͯ͠Δͷͳͷʁ • ͲΕ͘Β͍ؾʹೖͬͯΔʁ • SSOՄ൱Θ͔Δͱͳ͓ྑ͠
What we are doing in our analysis of the current
situation • ݱࡏͷηΩϡϦςΟϙϦγʔͷ༰֬ೝ • ఆΊΒΕ͍ͯΔ༰ɺͲͷΑ͏ʹ࣮ɾӡ༻͍ͯ͠Δʁ • ४ڌ͖͢ϨΪϡϨʔγϣϯنఆͷ֬ೝ • σβΠϯʹର͢Δ४ڌੑ୭͕ͲͷΑ͏ʹߦ͏ͷ͔ཧ
What we are doing in our analysis of the current
situation • σʔλͷྲྀ௨ܦ࿏ͷ֬ೝ • ৫ͱͯ͠Ͳͷఔॏཁͳใ͕ɺͲ͜ʹஔ͞Ε͓ͯΓɺ ͩΕ͕ɺͲͷσόΠεΛ༻͍ͯɺͲͷΑ͏ͳܦ࿏ͰΞΫηε ͢Δ͔ • ISMS27002Ͱཧ͞ΕΔσʔλͷΛ֦ு͢Δͷ͕ ൺֱతϦʔζφϒϧ
Formulate overall design
άϥϯυσβΠϯͬͯ ͜͏͍͏ֆΛඳ͚͑͑ΜΖʁ
Is this what the overall design is about?
͜ΕɺͨͩͷֆͰ͢
What should be included in the overall design • ϦεΫ՝ɺΓ͍ͨ͜ͱɾͳΓ͍ͨ࢟
• AsIsߏɺToBeߏɺCanBeߏ • σβΠϯίϯηϓτͱ֤ίϯϙʔωϯτͰߦ͏͜ͱ੍ޚͷ֓ཁ • ՝ͱͷϚοϐϯά
What should be included in the overall design • ਐΊΔ্Ͱͷཹҙ
• MDMΓ͑ϢʔβʔӨڹɺηΩϡϦςΟػߏͷΓସ͑ • ϩʔυϚοϓʢ࣮ॱংʣͱεέδϡʔϧ • ߪೖϥΠηϯεҰཡʢֹؚۚΉʣ • ഇغ͢ΔγεςϜͱഇغ࣌ظ
ͳΔ΄Ͳ Θ͔ΒΜ
What should be included in the overall design
What should be included in the overall design
ཁ ٕज़ͷԡ͠ചΓʹͳͬͯ·ͤΜ͔ʁ ͱ͍͏͜ͱ
CanBeߏͬͯʁ
A practical landing place for the time being • ҰඈͼʹToBeߏʹ͍͚ͳ͍͜ͱଟʑ͋Δ
• ͗͢Δεέδϡʔϧɺਫ਼͕ஶ͘͠མͪΔ • ͬͯΈͯɺ͜͏ͩͬͨɾ͜Μͳͣ͡ΌɺΑ͋͘Δ͜ͱ • Γ͍ͨ͜ͱɾͳΓ͍ͨ࢟ʹରͯ͠ɺۙͰͨͲΓண͖͍ͨঢ়ଶΛ ࣮ݱͰ͖ΔߏΛCanBeߏͱݺΜͰ·͢
identity control
Why should we have ID control? • త • ՄೳͳݶΓɺҰҙͷIDͰγεςϜར༻Ͱ͖ΔΑ͏ɺIDΛҰݩཧ͢Δ
• ೝূͱೝՄΛҰݩతʹߦ͑ΔΑ͏ʹ͢Δ • ͳͥͳΒ • ୭͕͍ͭԿΛͨ͠ͱ͍͏ϩάʹҙຯΛ࣋ͨͤΔ(൱ೝࢭ) • ۀར༻SaaSͷϢʔβʔཧΛݸผʹߦΘͳ͍ঢ়گΛ࡞Γɺୀ৬ऀ෦֎ऀͷΞΫηεΛ͙
What to do as an identity control ? • ৴པͰ͖ΔIDιʔεͷ֬ೝʢਓࣄDBActive
DirectoryͳͲʣ • ڞ༗IDͷચ͍ग़͠ͱ؇ાஔ • IDιʔε͔ΒIdPͷܨ͗ࠐΈ • SaaSαʔϏεͷSSOઃఆɺϢʔβʔ/άϧʔϓ(σ)ϓϩϏδϣχϯά • ਵͯ͠SaaSଆͷೝՄઃܭ
What to do as an identity control ? • SSO͕Ͱ͖ͳ͍αʔϏεʹରͯ͠ͷ؇ાஔ
• IDάϧʔϓϝϯόʔγοϓͷ୨Է͠ͷΈͮ͘Γ • ۀʹؔΘΔ֎෦εςʔΫϗϧμʔͷIDཧͷΈͮ͘Γ • ߹ʹΑͬͯɺෳͷIdPΛ͍͚Δ͜ͱ͋Δ
device control
Why should we have device control? • త • ۀͰ͏σόΠεΛಛఆ͠ɺඞཁͳ੍ޚΛ৴Ͱ͖Δঢ়ଶΛอূ
͢Δ • ͳͥͳΒ • ηΩϡϦςΟ࠷͍ਫ४ʹ߹ͬͯ͠·͏ͨΊɺඞཁͱఆΊͨ ηΩϡϦςΟઃఆΞϓϦέʔγϣϯΛ࣮֬ʹ৴͢Δඞཁ͕͋Δ
What to do as an device control • طଘσόΠεʹର͢ΔMDMͷΤϯϩʔϧϝϯτ •
ΩοςΟϯάͰ͍ͬͯΔ͜ͱηΩϡϦςΟϙϦγʔʹج੍ͮ͘ ޚػೳͷ੍ݶͷΛMDMͰ • AutoPilotDEPΛ༻͍ͯɺ৽نσόΠεͷθϩλονσϓϩΠ • ࢀߟɿhttps://www.youtube.com/watch?v=Z-7W4T-IOFk
Content Management
Why should we have Content Management? • త • ϑΝΠϧαʔόʔʹ͋ΔσʔλΛΫϥυετϨʔδʹҠߦ͠ɺ
ߴ͍ϨϕϧͷࠪੑͱΞΫηείϯτϩʔϧɺোੑɺརศੑΛڗड͢Δ • ϢʔεέʔεʹΑͬͯɺΫϥυετϨʔδ͕ϑΟοτ͠ͳ͍߹͋Γ • ͳͥͳΒ • ڥքͰकΔ͖ͷΛݮ͡ɺγεͷӡ༻ཧෛ୲Λݮ͡Δ͜ͱ͕Ͱ͖Δ
What to do as a Content Management? • ϑΥϧμߏઃܭɺΞΫηεݖઃܭ •
άϧʔϓϓϩϏδϣχϯάͱ࿈ಈ • Ϣʔεέʔεʹ߹Θͤͨςφϯτઃఆௐ • Ϣʔεέʔε্ɺ·͘͠ͳ͍ಈ࡞ͷ੍ݶઃఆ • ֎෦ڞ༗ํࣜͱͷ߹
What to do as a Content Management? • σʔλҠߦ •
ҠߦݩɾҠߦઌͷϚοϐϯά • πʔϧͷ༻ΛਪʢσʔλҠߦϊϋΛཁ͢Δʣ • ϝʔϧఴϑΝΠϧͷΫϥυετϨʔδอ • Ϣʔβʔपࢿྉ࡞ɺτϨʔχϯάϫʔΫγϣοϓͷ։࠵
Endpoint Protection
Why should we have Endpoint Protection? • త • ΞϯνΟϧεͰରԠͰ͖ͳ͍ΤϯυϙΠϯτͷڴҖΛݕग़
͠ɺରԠ͢Δ • ͳͥͳΒ • ߴԽ͢Δ߈ܸɺϚϧΣΞͰݕग़͢Δ͜ͱࠔͰ͋Γɺ ΠϯςϦδΣϯεΛ׆༻͢Δඞཁ͕͋Δ͔Β
What to do as a Endpoint Protection? • ςφϯτઃఆ •
ར༻͢Δػೳɺར༻͠ͳ͍ػೳͷܾఆɺϩʔϧઃܭ • ॳظల։ • ΦϯϘʔυखॱͷཱ֬ɺ࠷ݶͷػೳಈ࡞֬ೝɾಈ࡞Өڹ֬ೝ • طଘΞϯνϚϧΣΞͷೖΕସ͑ํࣜͷݕ౼
What to do as a Endpoint Protection? • ύΠϩοτల։ •
֤෦͔ΒύΠϩοτϢʔβʔΛืͬͯɺEDRΛಋೖ • ۀӨڹ֬ೝͱνϡʔχϯά • ΞϥʔτରԠͷशख़ͱରԠϑϩʔͷཱ֬ • ࣗࣾͰͷରԠ͕͍͠෦ͷ֬ೝ
What to do as a Endpoint Protection? • SOCࣄۀऀબఆʢΦϓγϣϯʣ •
ࣗࣾͰରԠ͕͍͠෦ʹ͍ͭͯɺରԠͯ͠Β͑ΔSOCࣄۀऀΛ୳͢ • ӡ༻ɺSOCࣄۀऀͰ݁͠ͳ͍͜ͱʹҙ • SOCࣄۀऀτϥΠΞϧӡ༻ʢΦϓγϣϯʣ • ࣮ࡍʹͲͷϨϕϧͰରԠΛͯ͘͠ΕΔ͔ɺͲͷΑ͏ͳΓͱΓ͕ੜ͡Δ͔
What to do as a Endpoint Protection? • ੬ऑੑରԠʢʹΑΔʣ •
৫ͷ੬ऑੑΛಛఆ͠ɺରԠΛཁ͢ΔͷΛஅ͢Δ • OSઃఆΞϓϦέʔγϣϯόʔδϣϯʹجͮ͘੬ऑੑ͕ର • ରԠσόΠε੍ޚͷج൫Λར༻͢Δ
Shadow IT Countermeasures
Why should we have Shadow IT Countermeasures? • త
• ۀͰར༻͍ͯ͠ΔSaaSαʔϏεར༻ͷՄࢹԽͱ੍ޚ • ѱੑίϯςϯπͷΞΫηε੍ݶ • ͳͥͳΒ • Web௨৴ɺσʔλྲྀ௨ͷॏཁͳΩʔϙΠϯτ
What to do as a Shadow IT Countermeasures? • ҠߦઃܭɺઃఆͷҠߦ
• ڥքޚطଘͷηΩϡϦςΟػߏ͕ߦ͍ͬͯΔ੍ޚͷચ͍ग़͠ͱɺ CASB/SWGͷམͱ͠ࠐΈ • σόΠε౷੍ج൫Λ༻͍ͯɺAgentల։ • େ͖͘AgentܕɺAPIܕɺProxyܕͱ͋Δ͕ɺΧόʔൣғͱωοτϫʔΫ τϙϩδͷࣗ༝Λߟྀ͢ΔͱAgentܕ͕ϑΝʔετνϣΠε
What to do as a Shadow IT Countermeasures? • νϡʔχϯά
• ςφϯτࣝผొ • SSL෮߸ʹΑΔӨڹΛड͚ΔSaaSɺWebαʔϏεʹ͍ͭͯɺআ֎ઃఆͳͲ ͷ࣮ࢪ • Ҡߦઃఆͷೖ • ΧςΰϦϑΟϧλϦϯάɺෆ৹ͳυϝΠϯͷଓ੍ݶઃఆͳͲ
What to do as a Shadow IT Countermeasures? • ՄࢹԽ༰ͷ֬ೝ
• SaaSαʔϏεͷར༻ঢ়گ͔ΒɺରԠํΛݕ౼ • ར༻෦ͱͷௐ͢Γ߹Θͤ • ՄࢹԽ݁Ռʹج੍ͮ͘ޚઃఆ
What to do as a Shadow IT Countermeasures? • DLP
• ৫Ͱอޢ͖͢σʔλΛਖ਼نදݱͰఆٛͰ͖Δ͔͕ΧΪ • ϑϦʔϋϯυͰߦ͏ʹ͕ߴ͗͢Δʢݸਓใͱ͔ʣ • ࣄۀಛੑͱσʔλͷྲྀ௨ܦ࿏Λेʹ뱌Ͱ͖Εɺൺֱతγϯ ϓϧʹ͏͜ͱՄೳʢࣙॻɺ֦ுࢠɺϑΝΠϧαΠζͳͲʣ
Breaking away from VPN
Why are you breaking away from VPNs? • త •
ݸʑͷࣾΞϓϦέʔγϣϯΦϯϓϨϛεγεςϜʹରͯ͠ɺ ೝূʹجͮ͘ΞΫηείϯτϩʔϧΛఏڙ͢Δ • ͳͥͳΒ • VPNɺωοτϫʔΫͷΞΫηεڐՄʹରͯ͠ɺIAPΞϓϦ έʔγϣϯʹରͯ͠ɺϢʔβʔ͝ͱͷଓڐՄΛఏڙ͢Δ
What does getting out of a VPN do? • ଓରγεςϜʢ㲈VPNʹґଘ͍ͯ͠ΔγεςϜʣͷચ͍ग़͠
• ϙʔτɺIPΞυϨεɺFQDNɺґଘ͢ΔDNSΛ֬ೝ • ࣾγεςϜͷૄ௨ՄೳͳॴʹίωΫλΛஔ͢Δ • ରγεςϜͷଓݕূ • ཪͰΞΫηε͍ͯ͠ΔURLͳͲͷ͋ͿΓग़͠
What does getting out of a VPN do? • ϩʔϧઃܭ
• ϩʔϧ͝ͱʹར༻͢ΔΞϓϦέʔγϣϯηοτΛఆٛ • ϓϩϏδϣχϯάͨ͠άϧʔϓʹجͮ͘ • ίωΫλνϡʔχϯά • εϧʔϓοτՄ༻ੑͷௐ͕ඞཁͰ͋Ε
What does getting out of a VPN do? • VPNଘஔͷγφϦΦʹ͍ͭͯͷݕ౼ʢΦϓγϣϯʣ
• ߴ͍Մ༻ੑΛཁ͢ΔαʔϏε͕͋ΕɺόοΫΞοϓճઢͱ͠ ͯVPNΛଘஔ͢Δ͜ͱΞϦ • අ༻ΩοςΟϯάɺӡ༻ෛՙͷݮʹͳΒͳ͍ͷͰɺ ϦεΫϚωδϝϯτͱͯ͠ͷஅ͕ඞཁ
log management
Why do you do log management? • త • ֤SaaSηΩϡϦςΟʹࢄΒΔϩάΞϥʔτΛू
͠ɺγεςϜΞϥʔτΛ၆ᛌ͢Δ͜ͱͰରԠ͖͢Πϯγσϯτ ΛݟۃΊΔ • ͳͥͳΒ • ֤ͷϩάͷ૬ޓ֬ೝͷखؒΛݮΒ͠ɺରԠͷࣗಈԽʹܨ͛Δ
What does log management do? • ετʔϦʔͷཱ֬ • ͩΕ͕ɺ୭ʹରͯ͠ɺͲͷΑ͏ͳ͜ͱΛઆ໌Ͱ͖ͨΒউͪͰ͋Δ͔ •
ऩूରϩάͷબผ • ετʔϦʔʹؔΘΔϩάॏཁσʔλΛϗετ͢ΔαʔϏεɺ͓ΑͼϦεΫΞη εϝϯτͷ݁Ռɺൃݟత౷੍ʢϩάʹΑΔݕग़ʣ͕ରԠࡦͱͯ͠ڍ͛ΒΕͨγε ςϜ͕ର • ͳΜͰूɺΞϯνύλʔϯ
What does log management do? • อଘظؒͷܾఆʢن੍๏ྩʹجͮ͘ʣ • ϩάऩूج൫ͷબఆͱܾఆ •
ϩάऩूରͱͷܨ͗ࠐΈ͕༰қͳ͕͋Δ͔ • ϑΝʔετνϣΠεɺΫϥυܕSIEM • Ͱ͖ΕɺεϞʔϧελʔτՄೳͳΛબఆ
What does log management do? • ֤αʔϏεͱSIEMͱͷܨ͗ࠐΈ • ຯͰҰ൪ॏ͍ɻ҆қʹ࡞ΓࠐΈʹΔͷې •
ϩʔϧઃܭ • ϩά୭ʹͰݟΒΕͯྑ͍ͷͰͳ͍
What does log management do? • ݕग़ϩδοΫͷ࡞ • ετʔϦʔϦεΫΞηεϝϯτͷ݁Ռʹجͮ͘࡞ΓࠐΈ •
ࣗಈରԠɺઌͣ௨͔Β • ରԠΛ͍ͯ͘͠தͰɺ͓ܾ·ΓͷରԠ༰ΛࣗಈԽ͍ͯ͘͠ • ΤϯϦονϝϯτɺՃௐࠪͳͲ
What does log management do? • ՄࢹԽςϯϓϨʔτͷ࡞ • ετʔϦʔϦεΫΞηεϝϯτͷ݁Ռʹجͮ͘࡞ΓࠐΈ •
ࢹઃఆ • ՝ۚঢ়گɺϩάྲྀೖঢ়گɺΫΤϦʔ࣮ߦঢ়گ…etc
ͱɺ·͊ ʮθϩτϥετಋೖࢧԉʯ ͜Μͳײ͡ͰਐΊ͍ͯ͘༁Ͱ͢
conclusion • Γ͍ͨ͜ͱɾͳΓ͍ͨ࢟ΛجʹɺʮͳͥͳΒʯΛ໌֬ʹͯ͠ɺ ใγεςϜͷσβΠϯʹθϩτϥετͷཁૉΛ৫ΓࠐΜͰ͍͘ • ࣮ʹ͋ͨͬͯઐ͕ࣝඞཁ͕ͩɺࣗͰखΛಈ͔ͯ͠ɺܦݧ ͱϑΟʔυόοΫʹج͍ͮͯίϯτϩʔϧ͍ͯ͘͠Α͏ʹ͠ͳ͍ ͱɺखʹෛ͑ͳ͍ʹͳΔ • ಛผͳ͜ͱ͕ͳ͚ΕɺID౷੍ˠσόΠε౷੍͔Β࢝ΊΔ
͓ͳ͔͍ͬͺ͍Ͱ͔͢ʁ
One more things
θϩτϥετಋೖͷ͜͏ଆ
ബʑצ͍͍ͮͯΔͱࢥ͍·͕͢ ͋Γͱ͋ΒΏΔใ͕ू·͖ͬͯ·͢
Things that have gathered when you notice them • ͷΠϯϕϯτϦใʢ୭ͷεϚϗʹͲͷΞϓϦ͕ೖͬͯΔʁʣ
• WebӾཡใʢ୭͕͍ͭͲΜͳαΠτʹΞΫηεͨ͠ʣ • ςΩετใʢ୭͕ͲΜͳϫʔυΛߘ͔ͨ͠ͳʣ • Ґஔใʢ୭ͷσόΠεͲ͜ʹ͋Δʁʣ
ݸਓใͬͯͬͯΔʁ
Yes. These are private information • ID౷੍͞Εͨੈք؍Ͱɺ΄ͱΜͲͷσʔλʢϩάʣʹUPNϝʔϧΞυϨεʹඥ͘ • ۀͰ༻͢ΔใγεςϜͷϞχλϦϯάɺใηΩϡϦςΟ࿑ಇऀͷ৬ઐ೦ٛ ͷݟ͔Βɺۀ্ͷඞཁੑ͕ೝΊΒΕΔ
• ଞํͰɺࣄۀऀʹͱͬͯࣝผ͞ΕͨIDͱݸਓͱͷর߹༰қͰ͋Δ͜ͱ͔Βɺ͜ΕΒͷσʔλ ݸਓࣝผੑΛ༗͠ɺݸਓใʹ֘͢Δ͜ͱ͕ҰൠతͰ͋Δ • ैͬͯɺϞχλϦϯάݸਓใอޢ๏ͷن੍ରͰ͋Δͱ͍͑Δ • ϞχλϦϯάɺϓϥΠόγʔਓ֨ݖͷ৵ʹΑΔଛഛঈٻૌুͰ૪ΘΕΔ͜ͱ͋Δ શຊใॲཧֶशৼڵڠձ ൛ ݸਓใอޢ࢜ೝఆࢼݧ ެೝςΩετୈ2൛ 571ʙ572ทΑΓൈਮʢҰ෦ཁʣ
Yes. These are private information https://www.meti.go.jp/policy/it_policy/privacy/050805_guideline.pdf
ཁ ϞχλϦϯάͰಘͨใɺ ݸਓใͱͯ͠ར༻ൣғΛ໌֬ʹͯ͠ ར༻͢Δͱ͍͏͜ͱ
ͯ͞ɺੈͷதθϩτϥετͱڣΜͰ͍Δ ϕϯμʔ͕ྊᬚͯ͠·͕͢
͜ͷ͜ͱʹݴٴ͠ͳ͍ͷ ͳͥͰ͠ΐ͏͔Ͷʁ
Έͳ͞Μͷ॓ʹ͓͖ͯ͠·͢˒
Thank you !