Security and Privacy Services Cloud computing point of view October 2012.

Slides:

Advertisements

Similar presentations

IT Asset Management Status Update 02/15/ Agenda What is Asset Management and What It Is Not Scope of Asset Management Status of Key Efforts Associated.

Advertisements

© Copyright 2010 Hewlett-Packard Development Company, L.P. HP Confidential. 1 HP ENTERPRISE CLOUD SOLUTIONS VERSION

Hybrid Computing is the New Net Norm Heath Aubin Solution Architect Microsoft Corporation AAP201.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Dr. Bhavani Thuraisingham June 2013

By Adam Balla & Wachiu Siu

KDP-1: Integrate supply chain knowledge into secure solutions concepts Evaluate supply chain threats with respect to the set of possible solutions under.

Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Copyright © 2006, ZapThink, LLC 1 Achieving the “5 Nines” of Business Continuity in SOA Applications Jason Bloomberg Senior Analyst ZapThink, LLC.

Security Controls – What Works

The State of Security Management By Jim Reavis January 2003.

Cloud Usability Framework

Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.

Greg Pierce| Concerto Cloud Services Which Cloud is Right for Microsoft CRM?

Cloud Computing Guide & Handbook SAI USA Madhav Panwar.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Patch Management Strategy

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Source: Forrester 2008 configurability multi- tenant efficiency, scalability.

Cloud Computing in Large Scale Projects George Bourmas Sales Consulting Manager Database & Options.

Introduction to Cloud Computing

© 2010 Wipro Ltd - Confidential Evolution of Identity As A Service (IDAAS) Oct 2010 Vinod Muniyappa General Manager – Application & Data Security Enterprise.

Lean and (Prepared for) Mean: Application Security Program Essentials Philip J. Beyer - Texas Education Agency John B. Dickson.

Software to Data model Lenos Vacanas, Stelios Sotiriadis, Euripides Petrakis Technical University of Crete (TUC), Greece Workshop.

Lessons Learned in Smart Grid Cyber Security

© Copyright 2011 Hewlett-Packard Development Company, L.P. 1 Sundara Nagarajan (“SN”) CLOUD SYSTEMS AUTOMATION.

Xiaoyue Jiu, Fola Oyediran, Eboni Strawder | Group 10

Computer Science and Engineering 1 Cloud ComputingSecurity.

Risk Management & Legal Issues in Cloud Practice Christopher Dodorico Director, PricewaterhouseCoopers Wednesday, October 10, 2012.

SUNY FARMINGDALE Computer Programming & Information Systems BCS451 – Cloud Computing Prof. Tolga Tohumcu.

Automating Enterprise IT Management by Leveraging Security Content Automation Protocol (SCAP) John M. Gilligan May, 2009.

About Sally Smoczynski Background in process improvement Consultant in Information Security, Service Management and Business Continuity Strong experience.

Cloud Use Cases, Required Standards, and Roadmaps Excerpts From Cloud Computing Use Cases White Paper

2009 Federal IT Summit Cloud Computing Breakout October 28, 2009.

Software Development Risk Assessment for Clouds National Technical University of Ukraine “Kiev Polytechnic Institute” Heat and energy design faculty Department.

Ken Brumfield | Premier Field Engineer Ward Ralston| Group Product Manager Microsoft Corporation.

PaaSport Introduction on Cloud Computing PaaSport training material.

Cloud Computing Use Case Draft v2.

CLOUD COMPUTING RICH SANGPROM. What is cloud computing? “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a.

Integration integration of all the information flowing through a company – financial and accounting, human resource information, supply chain information,

© 2012 IBM Corporation IBM Security Systems 1 © 2012 IBM Corporation Cloud Security: Who do you trust? Martin Borrett Director of the IBM Institute for.

GRC: Aligning Policy, Risk and Compliance

ISA 201 Intermediate Information Systems Acquisition.

Software as a Service (SaaS) Fredrick Dande, MBA, PMP.

Enterprise Solution Services Assessing the IT environment Oversaw 2014 Texas Legacy System Study report (HB 2738, 83R) Identified 4,130 business applications.

1© Copyright 2016 EMC Corporation. All rights reserved. VIEWTRUST SOFTWARE OVERVIEW RISK MANAGEMENT AND COMPLIANCE MONITORING.

Records management and cloud computing Records Services LRC meeting September 2012.

© 2013 Cloud Technology Partners, Inc. / Confidential 1 The Many Faces of PaaS Platform as a Service Decisions Mike Kavis 10/08/2013.

 December 2010 US Chief Information Officer Vivek Kundra released the Federal Cloud Computing Strategy. This became to be what is known as “Cloud First”

The National Institute of Standards and Technology (NIST) define Cloud Computing as “a model for enabling convenient, on-demand network access to a shared.

Viewtrust software overview

Use Cloud Computing to Achieve Small Enterprise Savings

Understanding The Cloud

Platform as a Service (PaaS)

BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.

Cyber Risk Presentation to the Board of Directors

Cloud Computing Kelley Raines.

IT GOVERNANCE December 1, 2017.

Secure & Unified Identity

Accelerate Application Innovation in the Cloud PaaS, IaaS (VMs & Containers) & Stack September, 2017.

Making Information Security Manageable with GRC

Cloud Security An IaaS Story 2018 © Netskope. All rights reserved.

Computer Science and Engineering

Journey to the Cloud – Guidance and Lessons Learned

Microsoft Data Insights Summit

IT Management Services Infrastructure Services

Presentation transcript:

Security and Privacy Services Cloud computing point of view October 2012

Copyright © 2012 Deloitte Development LLC. All rights reserved. 1 Cloud Opportunities Beyond apparent security and risk challenges, Cloud computing will lead to… Leverage Cloud solutions to realize better efficiency within security management program Opportunity to implement stronger security than legacy on premise security models Disposable environment - turn it off when not in use to keep security efficiency high Reduce vulnerabilities by ‘rightsizing’ resources in use through dynamic provisioning capability Cloud Security Strategy Regulatory Identity, and Access Mgmt ERP Cyber Threat Resiliency and Availability Privacy Security Operations App Development New Security Opportunities

Copyright © 2012 Deloitte Development LLC. All rights reserved. 2 Using integrated frameworks to help comply with regulatory requirements Cloud Security Strategy Resiliency and availability Cyber threat Privacy App development ERP Security operations Identity, and access mgmt WHAT YOU NEED TO KNOW:CHALLENGES:SOLUTION: Identifying the current and upcoming regulatory requirements should be part of the design and selection of the cloud solution. Use an integrated framework that rationalizes the various regulatory requirements as the assessment and tracking mechanism for the various regulatory requirements. Create strategies for managing and prioritizing remediation efforts. Use a risk-based approach for managing risk. Regulatory Perform a regulatory analysis of your cloud computing adoptions to understand what requirements are needed. Establish an integrated framework for the current and even upcoming requirements. Consider a GRC (Governance, Risk and Compliance) strategy that allows an “Assess Once, Test Once, Satisfy Many” model. Next steps What to include in your regulatory strategy Some regulations have not been updated Since cloud computing is relatively new, many regulatory agencies have not updated the requirements for the cloud. As regulations change, companies may not know each of the requirements needed to comply before they use cloud computing. Often, the regulatory and security requirements come after the fact. Companies are concerned with various unknowns, including the rapid development of many new products, technologies, and services available for the cloud. Depending on the cloud computing solution, using certain cloud service providers may actually increase or change the regulatory requirements that a company traditionally needs to comply with. There are strategies for managing multiple requirements Companies are at different levels of maturity, requiring strategies for prioritization and remediation. Standards and leading practices are too new Cloud computing does not yet have an established “standard” and many leading practices are still evolving. Regulations

Copyright © 2012 Deloitte Development LLC. All rights reserved. 3 How to enable secure application development WHAT YOU NEED TO KNOW:CHALLENGES:SOLUTION: Cloud Security Strategy Regulatory Identity, and access mgmt. ERP Cyber Threat Resiliency and availability Privacy Security operations Create and define application security requirements and regulatory expectations for moving to the cloud. Define SDLC approach and expectation for use of an operational software application hosted by a CSP. Update and document patch and vulnerability management expectations for hosted applications to include support services. Create a data and application access strategy, which aligns to existing data access security policies. What to include in your App Development strategy App development Create an application deployment roadmap for moving to a CSP based on risk exposure, reduction, and deployment capability. Develop a security evaluation criterion to evaluate application environments to include evaluations for support PaaS and IaaS. Outline service-level expectation within SLA along with an ISA, which outlines security expectation (e.g., uptime, upgrades, and response capabilities). Next steps Operation Software Development Life Cycle SaaS applications should follow a specific Software Development Lifecycle (SDLC) model and operational release management process (e.g., security-focused user acceptance testing). Secure Configuration and Vulnerability Testing SaaS applications need be configured in accordance to a published common configuration management guide as well as use common security benchmarks (e.g., OWASP Top 10, CIS Configuration Benchmarks, and NIST SCAPs). Migrating Legacy Applications Many companies are recognizing the value of migrating legacy applications to a PaaS model to reduce cost and avoid expensive hardware costs for the upkeep of less active applications. Cloud application hosting can involve several outsourced services (e.g., PaaS and IaaS), which can create difficulties for aligning security practices, response and patch, and vulnerability management capabilities throughout the service offering. Operational SDLC for SaaS services may not mature. CSP’s SDLC process may not include operational testing, throughput put, and data transfer/failover capabilities via PaaS/IaaS. Application release cycle and patch and vulnerability management can be difficult based on CSP capabilities, terms, and service operations. The cycle of version changes may not always be known and sometimes can change without warning. Application Security