Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
ANALYZING THE TOP 10 BENEFITS OF UNIFIED SECURITY FROM THE CLOUD
Accelerating ROI and Effective Security Practices by Deploying Cloud-based Integrated Solutions and Centralized Control
Of all the strategies and tactics
available to prevent breaches, deter
data leakage and theft, control
access and secure beyond the so-
called network perimeter, the one
that is emerging as an achievable
and affordable best practice is that
of unified security from the cloud.
But if you look across the web, you will no doubt come across various
versions of what constitutes “unified,” what is “protected,” and, what is
“security from the cloud?” Luckily this means that the concept of unified
security from the cloud is becoming more and more of a best practice. In
general, the practice of unified security is the centralization of all security
functions under one umbrella across the enterprise. This means more than
ensuring data encryption. It means more than access policies. It means
more than intrusion detection, malware blocking, data review. It’s more
than ensuring compliance to the various regulatory bodies that provide
general guidelines. It is the sum of all these things….and more.
So what is unified security? In short, it is an enterprise-powered tactical
strategy that not only centralizes various security toolsets, but creates the
seamless means to create cooperative functionality between them all. And
as a cloud-based security initiative, this creates several tangible benefits
that will allow any-sized company to upgrade their protection, but expand
their protection beyond the network-centric traditional models of
perimeter security.
To properly expand visibility, unified security is typically comprised of
several solutions including system log archiving (the collection and storage
of all online activity), identity management (administration of users,
Presented by:
CloudAccess:
CloudAccess provides a cloud-based
security platform to manage, control,
and monitor access for enterprise
assets. Our unified solution combines
monitoring, authentication, and
activity analysis for users, devices,
services, and applications throughout
the enterprise.
Our robust and scalable suite eliminates
the challenges of deploying enterprise-
class security solutions including costs,
risks, resources, time-to-market, and
administration. By providing such
integral services as SIEM, Identity
Management, Log Management, Single
Sign On, Web SSO, Access Mgmt, Cloud
Access offers cost-effective, high-
performance solutions controlled and
managed from the cloud that meet
compliance requirements, diverse
business needs and ensure the
necessary protection of IT assets.
www.CloudAccess.com
877-550-2568
CloudAccess, Inc 12121 Wilshire Blvd
Suite 1111 Los Angeles, CA 90025
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
passwords and applications), access management (enforcement of identity
rules and channeled access to data) and SIEM (the intelligence that
correlates and contextualizes all activity).
True unified security is also more than the solutions it comprises; it
includes the analysis, management, and the implementation of access and
intelligence policies that transform it from passive to proactive and
immediately responsive. And by developing and managing these security
features, solutions and policies from the cloud is more than the obvious
cost savings, it allows for the exponential expansion of real time visibility
over a broader landscape and facilitates a more secure transaction
compatibility with the way modern enterprises exchange, process and
share information.
To that end, the following are 10 benefits of implementing unified security
from the cloud.
10. Right size as the situation dictates – In today’s business landscape,
change is often fast and evolutionary. Being able to keep up is a major
challenge for IT and IT security. One of the hallmarks of a cloud-based
implementation is the flexibility and agility to adjust its scope quickly and
without the oppressive costs and time of a consultant or IT service.
Considering the hoops of fire and Herculean strength needed to expand
coverage to a new department or division, on-premise security initiatives
may require the purchase of new expensive servers, resource-heavy
reconfiguration and re-prioritization of core competency projects. With
the cloud’s natural economies of scale, these costs are already absorbed
and changes are more fluid and immediate. And with unified security, it’s
more than just applying a sensor or agent on a server to collect new data.
The changes to right size affect more than a single solution, —you must
consider the constant fluctuation of change within an enterprise-the ebb
and flow of staffing, the adjustment of new, updated and retired
applications, and all the moving parts that come with incorporating
vendors, suppliers and customers into the permission and protection mix.
Unified security from the cloud creates the freedom and necessary speed
to evolve with a company’s changing situation on an as-needed basis
without an Act of Congress while still ensuring the adjustments across all
the entire security landscape.
6 REQUIREMENTS FOR
EFFECTIVE FRAUD
PREVENTION:
Layered Security
Real-time, intelligence-based
risk assessment
Rapid adaptation against
evolving threats
Transaction Anomaly
Prevention
Minimize end user impact
Minimizing deployment,
management and
operational costs
Learn how to achieve this from the
cloud: www.cloudaccess.com
Metrics should be established
that facilitate common ground
for measuring effectiveness of
security measures
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
9. Make compliance easier: One of the substantial drains of time and
energy go into the process of proving to various regulatory bodies that
various slices of data are free from prying keyboards. Some companies go
so far as dedicating personnel to simply comb through logs and find and
report upon instances of breach and questionable activities. As I’ve insisted
many times before, this practice is akin to looking for the horse in a
gigantic haystack long after its left the barn (no matter how often sys-logs
are reviewed, it is done in a rear-view mirror. These are events that have
already occurred. And the damage is already done).
When evaluating what organizations like PCI and HIPAA require, the scope
is more than just continuous monitoring (see blog regarding continuous
monitoring satisfies compliance, but not security). They require proof of
compliance for everything from firewall configuration to vulnerability
scans, from data storage protocols to the development of identity
authentication, password management and access privileges. I’ve
identified about 20 common critical controls that are typically required by
all compliance agencies. Unified security consolidates all the capabilities so
that the reporting is considerably more streamline and accessible. Instead
of four or five solutions each requiring four or five reports, logins and the
physical coordination, collection and review for reporting, compliance is
achieved by an automated model (see the white paper Mapping
Compliance Requirements). It is the multiple collaborative and concurrent
layers of security that support the automations, create better accuracy and
significantly reduce the time previously dedicated to compliance reporting.
8. Easier, faster to deploy and find ROI. Forrester noted that 73% of major
software implementations don’t get past phase 1. Whether a result of
scope creep, budget issues or flagging executive buy-in, the promise of ROI
for on premise security initiatives are difficult; not to mention the drag on
IT productivity and lack of measurable results. And it’s those results we
depend on to drive ROI and solve the business need (see the article: Is your
security initiative “one inch into a mile”? ) It’s no secret that way too many
companies view security solutions as a “nice to have” luxury or a grudgingly
purchased cost center. But this is a different business environment than
even that of 5 years ago; beyond the drivers of compliance and industry
TOP TRENDS FOR IAM:
Compliance/Governance
Enterprise access control
Securely interact with
mobile, cloud apps and
social media
Insider threats/carelessness
Password management
Automate reporting, collect
usage statistics
Authentication/validation
Learn how to achieve this from the
cloud: www.cloudaccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
required governance IT security must be built into the fabric of every
online facet of the business. Ignore reality at your own peril.
Assuming that security investments are not simply a luxury, the question
remains how do you find ROI in a prevention initiative? On-premise point
solutions are expensive. There’s no getting around that fact. Installing
them is expensive. Configuring them is expensive. Maintaining them is
expensive. In fact, Gartner estimates the annual cost to own and manage
traditional on-premise security software applications can be 4X the initial
purchase. Each and every move is a significant bite out of the any potential
ROI gain in productivity. It might be more than 3 years before the
investment starts paying off in any tangible way. Now the cloud, especially
the unified security configuration, removes all of the waiting time. As a
multi-tenant deployment, there is no hardware to buy, no software to
install. Your complex, planned multi-phased, multi-year rollout can be
fused a single week (sometimes “installation-to-insight” in minutes).
Therefore the cloud version is providing the immediate benefits and
immediate returns. Moreover, unified cloud security removes the
complexity in configuration, installation and deployment because it is
already built and easily customized to fit any sized organization.
We’ll deal with cost later on, but in terms of ROI, because there are no
capital expenditures and the ability to keep investment minimized and
output maximized means you can realign resources based on immediate
business needs. The ROI is the elimination of negative impact—no
compliance fines, no trust-busting breaches while waiting for the system to
be fully functional, reduced risks and liabilities may decrease various
insurance costs, no employees slipping away unnoticed with a database of
your customers, no having to put out malware fires, no excessive time
management conflicts from multi-sourced coordination, no de-centralized
shadow IT, etc..
7. Better safeguard against BYOD: It may be the buzzword of the moment,
but it is a trend that will continue to proliferate. Employees are increasingly
using their own potentially-unsanctioned devices (smart phones, tablets
and other mobile devices) to access your network, applications and data.
(Read the blog “The Genie, the bottle and BYOD”). Users love the mobility
and the immediacy of these devices, but forget these devices are just
THE ISSUES ARE
WIDESPREAD*:
91% of companies have
experienced at least one IT
security event from an
external source.
90% of all cyber crime costs
are those caused by web
attacks, malicious code and
malicious insiders.
Due to complexity, over 70%
of organizations still not
adequately securing critical
systems.
Learn how to prevent this from the
cloud: www.cloudaccess.com
*Statistics collected from various industry sources
including Gartner, Forrester, Ponemon,
Kaspersky, and Echelon
Metrics should be established
that facilitate common ground
for measuring effectiveness of
security measures
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
hand-held computers prone to the same intrusions, attacks, viruses and
risks as the computers used in the office. The larger problem is many users
don’t see that, so every time they sign on to your network or download an
app, it creates a wider and wider vulnerability gap for the enterprise
network. However, by implementing unified security (that includes access
control and identity management), you can minimize what an employee (or
supplier, partner or any other group) can see and what tools they can access.
Additionally unified security policies can create an alert every time one of
these unsanctioned devices tries to access the enterprise. Based on your
protocols and administrative policies, the system can grant access or block
for these mobile devices. It is one way in which identity management, access
management; log management and SIEM work seamlessly together and
prevent unwarranted access or careless usage issues.
6. Security-as-a-service offers continuous tribal knowledge (expertise)
without adding headcount. One of the constant impediments to shrinking
the vulnerability gap is recruiting and retaining the specific type of talent
necessary to maintain an enterprise-level security initiative. But The
MSPAlliance reports that the unemployment rate for such professionals is
less than 1%–and the salary for these specialists has doubled in the past
three years. Security-as-a-service is the “secret” value-add that
accompanies a cloud-based deployment. Having an expert that
understands more than what a denial of service/brute force attack looks
like can be invaluable; one that knows how to read in between the lines;
that understands context and can trigger an alert or dismiss a possible
threat as harmless—and to do it without any additional personnel costs to
a company is a huge benefit.
PART 2
More than security from the cloud, the concept of unified security takes
the method another step forward in terms of best practices—the ability to
deploy a holistic security initiative, AND one that seamlessly collaborates
with the other components; that shares input across the enterprise so that
a clearer understanding of vulnerabilities can lead to effective preventive
policies and actions.
SEVEN CAUSES OF
SECURITY PARALYSIS:
It’s expensive
It’s time consuming
It’s resource heavy
There’s perceived
imbalance in the
risk/reward quotient
We’ve got it covered
We haven’t been
attacked/complacency
Expertise difficult to retain
All of these issues are addressed
and debunked in this whitepaper!
Learn how to cure these from the
cloud: www.cloudaccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
They say the whole is greater
than the sum of its parts. And
that is the core of unified
security…take the most
important parts of a security
program (SIEM, Log Archiving
and Monitoring, Identity and
Access Management and Single
Sign On), centralize and combine their capabilities to generate real time
answers to the most important enterprise IT questions
WHO’s logging in
WHAT are they accessing
WHERE’s the device
DO they have authorization
WHEN was it changed
HOW is your IT landscape affected
5. Control applications and who gets to use them: Not all users are equal.
And therefore the privileges afforded them should not be the same. But
simply setting permissions is not enough to stop potential abuse. It might
control on-premise applications behind a firewall, but there are plenty of
cracks in the perimeter when it comes to the inclusion of web-based
applications. This is why administration must go hand-in-hand with
enforcement. Identity management handles the former; creates the policies
and the provisioning of users based on their role within the organization and
application password management. Leveraging Active Directory (or any
other database source), IDM creates the framework for a variety of different
types of users from various levels of internal employees to customers. But
just like a skyscraper, the framework of steel holds up the building, but it
requires the glass and concrete to make it habitable. This is job of access
management. It takes all the rules, roles and privileges and creates a unique
channel for each user. Incorporating a single sign on portal, it limits what a
user can access. This includes multi-factor authentication (especially for
BYOD issues!). There are several combined point solutions that can
THE DIFFERENCE
BETWEEN IDENTITY
AND ACCESS
MANAGEMENT:
Identity Management is: the
creation and management
of a user account and
credentialed rights
AUTHENTICATES
Access management is: the
enforcement of the
administered rights in terms
of funneled applications
/data that entity is allowed
to see.
AUTHORIZES
Learn how to integrate these from
the cloud:
www.cloudaccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
accomplish this function, however the true best practice comes with the
additional transparent visibility promoted by a layered and holistic report.
SIEM and system log collection add the necessary context to provide the
actionable insight in terms of who is accessing what resource, when, how
often and do they have proper authentication. The bottom line is IT exerts
greater control over application management while expanding the security
protection well beyond the network firewalls.
4. Know what’s happening faster, more completely: One of the chief
advantages of the unified security cloud is the ability to see and respond to
potential issues in real time. Having all the tools in place and still relying on
periodic review of events is how most companies get in hot water. It’s a
practice that might satisfy continuous monitoring compliance, but doesn’t
provide the intelligence for immediate prevention. Because of its
portability and virtual footprint, it can be easily deployed over a greater
number of devices, servers, data caches and applications. In this wider
configuration (and based on its layered correlation), unified security
promotes an understanding of the broader (and more detailed)
implications of enterprise activity. It achieves this through situational
context and expanded visibility via coordinated capabilities across multiple
silos. In short, the consolidation of information from across the diverse
enterprise creates a more compete picture of what is happening. In that
this is a cloud-based initiative, such a configuration is much more
attainable due to fast and easy deployment/expansion, low TCO and
assisted administration.
3. Real time actionable information: In coordination with the above item,
the product of coordinated, centralized and layered levels of security is the
ability to do something about threats before they become a wider
problem. Networks and servers under your control are constantly under a
barrage of activity. Most of it, legitimate logins or website views, are
harmless; or at the very least, neutral. But amongst all the white noise you
need to systematically divine the true persistent threats and immediately
take action to prevent their spread. 24/7/365 continuous monitoring
provides the source material by collecting all the logs, automated
situational context analysis separates the good, the bad and the ugly
(based on your company’s unique definition of what constitutes a threat
CAN YOUR COMPANY
AFFORD TO LOSE $400M?
Of course not. But that’s the
dollar figure companies stand to
lose in terms of consumer trust
when security protocols are
breached according to a new
study by the research firm
Ponemon.
Gartner agrees. In an older study
(2008) found money invested (or
lack thereof) by organizations in
security has a significant impact
on customer retention. “The
study found that compared with
the average consumer, victims of
financial fraud were twice as
likely to change their shopping,
payment, and e-commerce
behavior. Among all consumers,
39% changed their behavior
because of security concerns,”
the study states. “Among fraud
victims, 71% of them changed
their behavior because of security
concerns.”
Learn how to prevent this from the
cloud: www.cloudaccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
requiring immediate action, escalation, or further scrutiny) and policy and
workflow implementation provides the guidelines of what to do next. As a
collaborative process, this centralized approach provides the most
important ingredient…speed. And with speed comes the ability to make
faster decisions. And with unified security you see both the bigger picture
and the relevant smaller details so that fast decision can be the best one
against any particular threat.
This is more than SIEM and log management working together. This is a
process that also must include the information provided by identity and
access management. Without the input of authorization and validation,
incoming traffic only has half the detail it needs to determine whether the
user not only has the proper credentials, but is using them in a patterned
way. In other words, if an account is hijacked, the hacker might have the
right credentials, but because the IP address is coming from the Ukraine
and the previous access of that account was from the home office, a red
flag should be raised. It also monitors the all-important privileged user
which typically has the proverbial keys to the kingdom. So traffic patterns
combined with adaptive behavior is simply another way unified security
adds more value and a more accurate portrait of potential network
vulnerability.
To put a more specific dollar figure on actionable intelligence, the
Ponemon Institute just released a study that discovered the lack of live
cyber threat intelligence costs enterprises an average of $10 million over
12 months. Furthermore, If respondents had actionable intelligence about
cyber attacks within 60 seconds of a compromise, they could reduce this
cost on average by $4 million (40%). However, in this same study, more
than 60 percent were unable to stop exploits because of outdated or
insufficient threat intelligence. Many in this survey said it takes over a day
to identify a compromise. That is simply too long. In that unified security
from the cloud can identify potential threats as they happen, it becomes an
essential value.
2. One single, centralized management component: Imagine juggling 5
balls. These five balls represent the various security channels that
constantly need to be reviewed and managed. Now imagine them as
grenades; if one gets dropped, it could explode. This is metaphorically
SEVEN C’S OF SECURITY
MONITORING:
As with all best practices, there are variables. How much to monitor? What priorities matter? Where are my greatest vulnerabilities? To this end, I have boiled down monitoring to 7 best practices…The 7 C’s of security monitoring:
1. Consistency 2. Continuous 3. Correlation 4. Contextual 5. Compliant 6. Centralization 7. Cloud
Learn how to achieve this from the
cloud: www.cloudaccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
closer to what may happen if any of these tools gets ignored for too long.
Obviously it is a positive step to have all the right tools; even the right tools
communicating in some fashion. However, the cloud creates a means to
unite the five balls into a single sphere. Understanding that the enterprise
is now an unstructured entity without traditional boundaries, the strategy
to control activity, users, applications and information must evolve. But as
the strategy becomes more complex, so does the administration of that
strategy. The time and expertise required to audit, report, adjust and
maintain levels of adequate protection can overwhelm even the most
prepared of organizations. For some it adds cost to the assumption that
security is already perceived as a cost center and diverts manpower and
resources away from revenue generating tasks. This is typically why so many
companies toe the line of what is required and not what is necessary. (that’s
like saying C grades are acceptable)HOWEVER, unified security creates the
centralization that removes the compound administrations for multiple
solutions. Most of the security reporting and management is controlled
through a single dashboard—that includes audit reports for compliance.
Additionally, most enterprises lack a unified view across these silos and
this leads to longer audits, unclear controls and policies, and vulnerabilities
related to unauthorized access. For instance, some SaaS applications
simply do not provide the audit logging needed for basic forensics. The
centralization combines asset discovery, vulnerability assessment, threat
detection, behavioral monitoring, security intelligence, identity
management, and access control
1. Full integration affords more protection, less cost: It’s easy enough to
build a unified solution…in theory. However, to incorporate and integrate
all the various point solution tools, comprehensive policies, cover all the
devices, endpoints and applications, network activity and devise all the
configurations, collaborations and compliance requirements might take
years and millions of dollars.
There is no debate that the on-premesis tactic is expensive and resource
heavy. Which is why only the most well-heeled companies follow this best
practice. But the cloud makes enterprise functionality and its protections
available to any sized company in any industry. The cloud model offers
obvious cost savings. In many cases, you can deploy a fully functional unified
REACT: Unified Security
from the cloud:
CloudAccess is the only
company currently providing
fully integrated unified security
from the cloud that leverages
SIEM, IDM, IAM, SSO and Log.
REACTTM or Realtime Event and
Access Correlation Technology is
a unified security platform that
leverages the cooperative
functionality of key toolsets
and/or deployed solutions. It
creates a unique holistic approach
to security management and asset
protection by broadening the
reach and scope of enterprise
monitoring, strengthening access
authentication and centralizing
control
Learn us demo this for you at:
www.cloudaccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
security program for the same cost as what others pay for just support and
maintenance every year. But cost savings extend beyond the product
licensing. Cloud based security also provides the administrative and
management components to bring the necessary expertise without having to
hire any additional employees or expensive consultants. A unified deployment
offers greatest security value because of its modest costs, its far reaching
enterprise-power capabilities, the provision of immediate results, and it
operational efficiencies that actually improve performance.
But if security is still weighted by a risk versus reward investment, the
cloud offers the most comprehensive, feature-rich, and proven-effective
option for any company looking to increase organizational control, identify
and close vulnerability gaps maintain compliance, and protect its most
valuable assets. Cloud-based security, especially a holistic and unified
approach, is no longer the alternative to on-premise, but a means to create
a proactive advantage without sacrificing resources.