Presentation is loading. Please wait.

Presentation is loading. Please wait.

PCI DSS, SOX, HIPAA, GLBA, NCUA, FFIEC, NIST, FISMA B UILDING A S ECURE, C OMPLIANT C LOUD FOR THE E NTERPRISE January 19th, 2011 Adam C. Greenfield.

Similar presentations


Presentation on theme: "PCI DSS, SOX, HIPAA, GLBA, NCUA, FFIEC, NIST, FISMA B UILDING A S ECURE, C OMPLIANT C LOUD FOR THE E NTERPRISE January 19th, 2011 Adam C. Greenfield."— Presentation transcript:

1 PCI DSS, SOX, HIPAA, GLBA, NCUA, FFIEC, NIST, FISMA B UILDING A S ECURE, C OMPLIANT C LOUD FOR THE E NTERPRISE January 19th, 2011 Adam C. Greenfield

2 Prioritizing Cloud Computing Key Trend - Prioritization for cloud computing is increasing dramatically. Q: Has cloud computing been identified as a priority by your organization’s executive leadership? Yes24%44% No61%43%

3 Cloud Hosting vs. Physical Servers  Highly likely – 38%  Somewhat likely – 42%  Unlikely – 15%  Won’t consider it – 5% Q: When considering a hardware refresh, how likely is it that you will evaluate cloud hosting as an alternative to purchasing physical servers.

4 4 Security and Compliance Are Pervasive Concerns Security Hysteria Some Threats Are NOT Cloud Specific Building an Enterprise Cloud A Connected Cloud Emerges Cloud Management HIPAA Example Additional Cloud Use Cases Security Advantages and Obstacles Outsourcing Does Not Transfer Responsibility (Culpability) Q&A

5 Cloud – Security Top Concern 5 To your best knowledge, what are the top three obstacles Cloud Computing providers must overcome?

6 Cloud – Top 3 Concerns 6 To your best knowledge, what are the top three obstacles Cloud Computing providers must overcome?

7 Top Cloud Security Concerns Ranked #1 Characteristic Ranked Top 3 Characteristics All Respondents Preventing data loss or leakage 26% Keeping security up to date 18% Protecting against Denial of service 13% Preventing data loss or leakage 57% Preventing outages 45% Keeping security up to date 43% Large Companies Meeting regulatory requirements 21% Preventing data loss or leakage19% Keeping security up to date 18% Preventing data loss or leakage 55% Meeting regulatory requirements 45% Preventing outages 42%

8 Mid-Enterprise and Above – Security Top Concern 8 Large companies expect higher levels of Security and Control. Due to their size, larger companies are more frequently the targets of malicious data attacks and have a greater need to protect their assets due to compliancy and regulatory requirements. Types of Cloud Computing solutions they will pursue include: R&D projects, quick promotions, online collaboration, partner integration, social networking, new business ventures (Forrester). SecurityControl 250+ Employees 75% 58% of all others 45% 38% of all others

9 Geographic Redundancy  (All respondents / >250 employee respondents)  42%/48% Very Important  41%/43% Important  14%/10% Neutral  3%/0% Not important Q: How important is a provider’s ability to offer multi-site, high-availability and redundancy across multiple datacenters in your decision to host with them? Our respondents gave a clear indication of the importance high-availability holds for them in choosing a hosting provider. 83% of all respondents and 91% of large company respondents indicated that this was either very important or important in their choice of a hosting company. Not a single large company respondent indicated that this wasn’t important to them. Clearly if a hosting provider isn’t offering these capabilities they simply aren’t even in the game.

10 Hybrid Offerings Critical As companies move to cloud based solutions, they are looking to leverage and integrate with existing infrastructure. 31% of all companies and 40% of large companies indicated that integration with their existing infrastructure was a top three characteristic of their hosting provider Large and small companies alike ranked integration with their existing infrastructure as the number two obstacle to cloud computing behind security Hybrid computing certainly provides the easiest and most cost effective entry point into cloud computing until IT organizations become more comfortable with a pure multi-tenant solution. When asked what type of cloud solution they would likely deploy, an overwhelming 78% of all and 86% of large companies indicated that they would prefer either a private, single tenant solution or a combined private single tenant/public multi-tenant cloud over a pure multi- tenant solution.

11 Media Hysteria and Technology Quality 11 Search Results Dedicated Hosting Outage – 58,300 Managed Hosting Outage – 60,000 Web Hosting Outage –201,000 Cloud Hosting Outage – 205,000 Performance Issues Raise Security Concerns Cloud Outages Can Be Avoided – Causes Include Poor Cloud Architectures, Outdated Hardware, and Consumer-Grade Technologies Technology Quality Still Matters

12 Real Security Threats – Not Isolated to Cloud 12 Personnel Issues Physical Security Privileged and End User Access Investigative Support Backup and Recovery

13 BUILDING AN ENTERPRISE CLOUD 13

14 Federation Private Cloud -> Public Cloud Burst on demand Physical -> Cloud Resource Load Optimization Short term workload Network Performance will drive Proximity Decisions Application Federation will become important in the near future 14 Building an Enterprise Cloud - Federation

15 Automation Deployment Provisioning automation Customers don’t want to be responsible Resource allocation and adjustment Work loads will drive automated resource adjustment On demand resources will become part of every transaction Visibility to application performance will be linked to automated resource allocation 15 Building an Enterprise Cloud - Automation

16 Instrumentation Application performance Instead of device performance Resource utilization What is being used by whom Single “pane” of Glass One definitive source of information Better access to important information 16 Building an Enterprise Cloud - Instrumentation

17 Pure Cloud – Not Always a Solution 17 Hybrid Possibly Best Route Examples Include: Regulatory Concerns Use Dedicated, Colocated or Private Cloud for Client Data and Connect to Cloud Enterprise for Web/Database Needs. New Project Utilize low end Cloud Services for Test/Development. Launch in a Private/Public Cloud or Dedicated Servers. Seasonal Spike Use Enterprise Cloud Services for Additional Compute Resources - Web, Database, Storage Capacity. Scale Up/Down Instantly. Disaster Recovery: Replicate Infrastructure to a Secondary Hosting.com Datacenter for Secure Availability of Mission-Critical Data/Apps Replicate

18 Cloud Management: A Compliance Dash Board 18 Add Security Appliances to Your Cloud Environment – Reports on Vulnerability Scans, Log Management, and Intrusion Protection and Detection Example AlertLogic

19 Hybrid Solution Example – Meet HIPAA Compliance 19 Customer Scenario HIPAA – Electronic Medical Records Solution Multi-site Geographic Redundancy Value Secure and Accessible Records Customer Scenario HIPAA – Electronic Medical Records Solution Multi-site Geographic Redundancy Value Secure and Accessible Records

20 Emerging Technologies VMWare’s vShield Offering 20

21 VMWare vShield Edge 21

22 VMWare vShield Zones 22

23 VMWare vShield App 23

24 ADDITIONAL CLOUD USE CASES 24

25 Uses: Standby Machines Replace Hardware Syndication Create VM “images” of production machines Park Images in cloud Automate synchronization with parked images for system state change – As production infrastructure changes the VM images are adjusted to reflect the change No longer need to be concerned with recovery location decision – With cloud oriented resources workload can be moved with minimal disruption 25

26 Host to Cloud Data Vaulting Vault production data inside cloud to accelerate restoration Existing backup software can be used to transfer data – Minimal disruption of existing processes – Offset traditional tape vaulting fees – Accelerate recovery by being closer to on-demand resources 26

27 Virtualized Desktop Two Types of workers – Deskbound Call centers, back office operations – Mobile Saleforce & leadership Virtualized desktops ensure there are no delays in recovery – System images are always consistent with production Allow for ultimate portability – Recover anywhere 27

28 Fault Tolerance An alternative to traditional clusters No clustering software required Workload adjustments automatically occur when production demand increases 28

29 Cloud Burst Capacity and Performance issues often result in clinical disasters – People usually end up sizing environment for extreme workloads Establish a normal operating level baseline with a private cloud – Optimize your investments & benefit from virtualization Federate with a public cloud to allow for fail-over and capacity bursting at time of excessive load – “Peak shave” your workload and move the an alternative cloud 29

30 S ECURITY A DVANTAGES IN THE C LOUD 30 Shifting Public Data to an External Cloud Reduces the Exposure of Internal Sensitive Data Cloud Homogeneity Makes Security Auditing/Testing Simpler Clouds Enable Automated Security Mgmt Redundancy/ DR Built Into Solution

31 S ECURITY C ONSIDERATIONS AND O BSTACLES 31 Trust in Chosen Vendor’s Security Model Inability to Respond to Audit Findings Obtaining Support for Investigations and Inquiries Indirect Administrator Accountability Proprietary Implementations Cannot be Examined

32 Q&A Adam C. Greenfield 32 Kevin Keelan Denver, CO


Download ppt "PCI DSS, SOX, HIPAA, GLBA, NCUA, FFIEC, NIST, FISMA B UILDING A S ECURE, C OMPLIANT C LOUD FOR THE E NTERPRISE January 19th, 2011 Adam C. Greenfield."

Similar presentations


Ads by Google