PCI DSS, SOX, HIPAA, GLBA, NCUA, FFIEC, NIST, FISMA B UILDING A S ECURE, C OMPLIANT C LOUD FOR THE E NTERPRISE January 19th, 2011 Adam C. Greenfield.

Slides:



Advertisements
Similar presentations
1/17/20141 Leveraging Cloudbursting To Drive Down IT Costs Eric Burgener Senior Vice President, Product Marketing March 9, 2010.
Advertisements

Which server is right for you? Get in Contact with us
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Protect Your Business and Simplify IT with Symantec and VMware Presenter, Title, Company Date.
Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.
H OST IN THE ENTERPRISE CLOUD March 2010 Denver IrvineLouisville Newark San Francisco Matt Ferrari.
1 Vladimir Knežević Microsoft Software d.o.o.. 80% Održavanje 80% Održavanje 20% New Cost Reduction Keep Business Up & Running End User Productivity End.
VMware Virtualization Last Update Copyright Kenneth M. Chipps Ph.D.
Iron Mountain’s Continuity Service ©2006 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered.
TAG Cloud® 1 TAG-Org The vision of Dr. Talal Abu-Ghazaleh, the Chairman of TAGORG, was to establish, run and maintain the first Arab Comprehensive.
Security Controls – What Works
-How To leverage Virtual Desktop for Manageability & Security -Desktop Computing “as a service” Andreas Tsangaris CTO, PERFORMANCE
Microsoft SQL Server x 46% 900+ For Hosting Service Providers
1© Copyright 2011 EMC Corporation. All rights reserved. EMC RECOVERPOINT/ CLUSTER ENABLER FOR MICROSOFT FAILOVER CLUSTER.
Does "The Cloud" Fit Into Your Organization? Tom Horan Meridian IT Inc. VP, Strategic Markets (847)
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Cloud computing Tahani aljehani.
Security in Cloud Computing Presented by : Ahmed Alalawi.
Travis, Stephanie, Alex.  Cloud computing is a general term for anything that involves delivering hosted services over the Internet.  These services.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Cloud Computing in Large Scale Projects George Bourmas Sales Consulting Manager Database & Options.
Effectively and Securely Using the Cloud Computing Paradigm.
Cloud Computing. 2 A division of Konica Minolta Business Solutions USA Inc. What is Cloud Computing? A model for enabling convenient, on-demand network.
“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)
Security and Privacy: Can we trust the cloud?
Effectively Explaining the Cloud to Your Colleagues.
CredoGov VDI Introduction James Gunn
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.
Hybrid Cloud and Windows Server 2003 end of support on Azure Bill Evelyn, Long View Systems PJ Zargarzadeh, Microsoft.
Cloud Computing Project By:Jessica, Fadiah, and Bill.
Chapter 5 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved.
EarthLink Virtualization Services. 2 Typical Business Challenges How do I reduce the complexity of my IT operations? How do I get my limited IT staff.
Nov 22/26 Tech Forum 2015 Roberto Trinconi Cloud the New Path to the Business Leadership.
Microsoft and Symantec
MidVision Enables Clients to Rent IBM WebSphere for Development, Test, and Peak Production Workloads in the Cloud on Microsoft Azure MICROSOFT AZURE ISV.
3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.
Mark Gilbert Microsoft Corporation Services Taxonomy Building Block Services Attached Services Finished Services.
1 TCS Confidential. 2 Objective : In this session we will be able to learn:  What is Cloud Computing?  Characteristics  Cloud Flavors  Cloud Deployment.
Cloud computing: IaaS. IaaS is the simplest cloud offerings. IaaS is the simplest cloud offerings. It is an evolution of virtual private server offerings.
Practical IT Research that Drives Measurable Results Leverage Server Virtualization for DR Affordability and Agility 1Info-Tech Research Group.
© 2012 Eucalyptus Systems, Inc. Cloud Computing Introduction Eucalyptus Education Services 2.
Cloud Computing 3. TECHNOLOGY GUIDE 3: Cloud Computing 2 Copyright John Wiley & Sons Canada.
Simplest and most cost effective for SMBs Optimized & supported for specific hardware One-stop shop for hardware, OS, and CALs Lets partner focus on higher-margin.
Chapter 6: Securing the Cloud
Understanding The Cloud
Avenues International Inc.
Business Continuity & Disaster Recovery
BEST CLOUD COMPUTING PLATFORM Skype : mukesh.k.bansal.
Cloud adoption NECOOST Advisory | June 2017.
Hybrid Management and Security
Microsoft SharePoint Server 2016
Welcome! Thank you for joining us. We’ll get started in a few minutes.
How to prepare for the End of License of Windows Server 2012/R2
Cloud Computing.
AWS. Introduction AWS launched in 2006 from the internal infrastructure that Amazon.com built to handle its online retail operations. AWS was one of the.
Built on the Powerful Microsoft Azure Platform, Lievestro Delivers Care Information, Capacity Management Solutions to Hospitals, Medical Field MICROSOFT.
Business Continuity & Disaster Recovery
Skyhigh Enables Enterprises to Use Productivity Tools of Microsoft Office 365 While Meeting Their Security, Compliance & Governance Requirements Partner.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Storage Trends: DoITT Enterprise Storage
Druva inSync: A 360° Endpoint and Cloud App Data Protection and Information Management Solution Powered by Azure for the Modern Mobile Workforce MICROSOFT.
Cloud Consulting Services and Solutions
PRESENTER GUIDANCE: These charts provide data points on how IBM BaaS mid-market benefits a client with the ability to utilize a variety of backup software.
Windows Azure Hybrid Architectures and Patterns
IT Management Services Infrastructure Services
Productive + Hybrid + Intelligent + Trusted
Presentation transcript:

PCI DSS, SOX, HIPAA, GLBA, NCUA, FFIEC, NIST, FISMA B UILDING A S ECURE, C OMPLIANT C LOUD FOR THE E NTERPRISE January 19th, 2011 Adam C. Greenfield

Prioritizing Cloud Computing Key Trend - Prioritization for cloud computing is increasing dramatically. Q: Has cloud computing been identified as a priority by your organization’s executive leadership? Yes24%44% No61%43%

Cloud Hosting vs. Physical Servers  Highly likely – 38%  Somewhat likely – 42%  Unlikely – 15%  Won’t consider it – 5% Q: When considering a hardware refresh, how likely is it that you will evaluate cloud hosting as an alternative to purchasing physical servers.

4 Security and Compliance Are Pervasive Concerns Security Hysteria Some Threats Are NOT Cloud Specific Building an Enterprise Cloud A Connected Cloud Emerges Cloud Management HIPAA Example Additional Cloud Use Cases Security Advantages and Obstacles Outsourcing Does Not Transfer Responsibility (Culpability) Q&A

Cloud – Security Top Concern 5 To your best knowledge, what are the top three obstacles Cloud Computing providers must overcome?

Cloud – Top 3 Concerns 6 To your best knowledge, what are the top three obstacles Cloud Computing providers must overcome?

Top Cloud Security Concerns Ranked #1 Characteristic Ranked Top 3 Characteristics All Respondents Preventing data loss or leakage 26% Keeping security up to date 18% Protecting against Denial of service 13% Preventing data loss or leakage 57% Preventing outages 45% Keeping security up to date 43% Large Companies Meeting regulatory requirements 21% Preventing data loss or leakage19% Keeping security up to date 18% Preventing data loss or leakage 55% Meeting regulatory requirements 45% Preventing outages 42%

Mid-Enterprise and Above – Security Top Concern 8 Large companies expect higher levels of Security and Control. Due to their size, larger companies are more frequently the targets of malicious data attacks and have a greater need to protect their assets due to compliancy and regulatory requirements. Types of Cloud Computing solutions they will pursue include: R&D projects, quick promotions, online collaboration, partner integration, social networking, new business ventures (Forrester). SecurityControl 250+ Employees 75% 58% of all others 45% 38% of all others

Geographic Redundancy  (All respondents / >250 employee respondents)  42%/48% Very Important  41%/43% Important  14%/10% Neutral  3%/0% Not important Q: How important is a provider’s ability to offer multi-site, high-availability and redundancy across multiple datacenters in your decision to host with them? Our respondents gave a clear indication of the importance high-availability holds for them in choosing a hosting provider. 83% of all respondents and 91% of large company respondents indicated that this was either very important or important in their choice of a hosting company. Not a single large company respondent indicated that this wasn’t important to them. Clearly if a hosting provider isn’t offering these capabilities they simply aren’t even in the game.

Hybrid Offerings Critical As companies move to cloud based solutions, they are looking to leverage and integrate with existing infrastructure. 31% of all companies and 40% of large companies indicated that integration with their existing infrastructure was a top three characteristic of their hosting provider Large and small companies alike ranked integration with their existing infrastructure as the number two obstacle to cloud computing behind security Hybrid computing certainly provides the easiest and most cost effective entry point into cloud computing until IT organizations become more comfortable with a pure multi-tenant solution. When asked what type of cloud solution they would likely deploy, an overwhelming 78% of all and 86% of large companies indicated that they would prefer either a private, single tenant solution or a combined private single tenant/public multi-tenant cloud over a pure multi- tenant solution.

Media Hysteria and Technology Quality 11 Search Results Dedicated Hosting Outage – 58,300 Managed Hosting Outage – 60,000 Web Hosting Outage –201,000 Cloud Hosting Outage – 205,000 Performance Issues Raise Security Concerns Cloud Outages Can Be Avoided – Causes Include Poor Cloud Architectures, Outdated Hardware, and Consumer-Grade Technologies Technology Quality Still Matters

Real Security Threats – Not Isolated to Cloud 12 Personnel Issues Physical Security Privileged and End User Access Investigative Support Backup and Recovery

BUILDING AN ENTERPRISE CLOUD 13

Federation Private Cloud -> Public Cloud Burst on demand Physical -> Cloud Resource Load Optimization Short term workload Network Performance will drive Proximity Decisions Application Federation will become important in the near future 14 Building an Enterprise Cloud - Federation

Automation Deployment Provisioning automation Customers don’t want to be responsible Resource allocation and adjustment Work loads will drive automated resource adjustment On demand resources will become part of every transaction Visibility to application performance will be linked to automated resource allocation 15 Building an Enterprise Cloud - Automation

Instrumentation Application performance Instead of device performance Resource utilization What is being used by whom Single “pane” of Glass One definitive source of information Better access to important information 16 Building an Enterprise Cloud - Instrumentation

Pure Cloud – Not Always a Solution 17 Hybrid Possibly Best Route Examples Include: Regulatory Concerns Use Dedicated, Colocated or Private Cloud for Client Data and Connect to Cloud Enterprise for Web/Database Needs. New Project Utilize low end Cloud Services for Test/Development. Launch in a Private/Public Cloud or Dedicated Servers. Seasonal Spike Use Enterprise Cloud Services for Additional Compute Resources - Web, Database, Storage Capacity. Scale Up/Down Instantly. Disaster Recovery: Replicate Infrastructure to a Secondary Hosting.com Datacenter for Secure Availability of Mission-Critical Data/Apps Replicate

Cloud Management: A Compliance Dash Board 18 Add Security Appliances to Your Cloud Environment – Reports on Vulnerability Scans, Log Management, and Intrusion Protection and Detection Example AlertLogic

Hybrid Solution Example – Meet HIPAA Compliance 19 Customer Scenario HIPAA – Electronic Medical Records Solution Multi-site Geographic Redundancy Value Secure and Accessible Records Customer Scenario HIPAA – Electronic Medical Records Solution Multi-site Geographic Redundancy Value Secure and Accessible Records

Emerging Technologies VMWare’s vShield Offering 20

VMWare vShield Edge 21

VMWare vShield Zones 22

VMWare vShield App 23

ADDITIONAL CLOUD USE CASES 24

Uses: Standby Machines Replace Hardware Syndication Create VM “images” of production machines Park Images in cloud Automate synchronization with parked images for system state change – As production infrastructure changes the VM images are adjusted to reflect the change No longer need to be concerned with recovery location decision – With cloud oriented resources workload can be moved with minimal disruption 25

Host to Cloud Data Vaulting Vault production data inside cloud to accelerate restoration Existing backup software can be used to transfer data – Minimal disruption of existing processes – Offset traditional tape vaulting fees – Accelerate recovery by being closer to on-demand resources 26

Virtualized Desktop Two Types of workers – Deskbound Call centers, back office operations – Mobile Saleforce & leadership Virtualized desktops ensure there are no delays in recovery – System images are always consistent with production Allow for ultimate portability – Recover anywhere 27

Fault Tolerance An alternative to traditional clusters No clustering software required Workload adjustments automatically occur when production demand increases 28

Cloud Burst Capacity and Performance issues often result in clinical disasters – People usually end up sizing environment for extreme workloads Establish a normal operating level baseline with a private cloud – Optimize your investments & benefit from virtualization Federate with a public cloud to allow for fail-over and capacity bursting at time of excessive load – “Peak shave” your workload and move the an alternative cloud 29

S ECURITY A DVANTAGES IN THE C LOUD 30 Shifting Public Data to an External Cloud Reduces the Exposure of Internal Sensitive Data Cloud Homogeneity Makes Security Auditing/Testing Simpler Clouds Enable Automated Security Mgmt Redundancy/ DR Built Into Solution

S ECURITY C ONSIDERATIONS AND O BSTACLES 31 Trust in Chosen Vendor’s Security Model Inability to Respond to Audit Findings Obtaining Support for Investigations and Inquiries Indirect Administrator Accountability Proprietary Implementations Cannot be Examined

Q&A Adam C. Greenfield 32 Kevin Keelan Denver, CO