Upload
netiq
View
761
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Presented at ISACA's Enterprise Risk Management: Provide Security from CyberThreats virtual conference.
Citation preview
Building a Cloud-Ready Security Program
Be ready. Get ahead…stay ahead.
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.2
Overview
• Cloud makes the world complex.
• There are some things you control.
• Get those right.
• Stay relevant.
• Extend and reinforce success.
• How (specifically) NetIQ helps.
@NetIQ - #NetIQCloud
At the Crossroads
© 2012 NetIQ Corporation. All rights reserved.4
What Keeps You up at Night?
NewThreats
Expanding Computing
Environment
BusinessKeepsMoving
StaffStretched
Thin
Change + Complexity = Loss of Control and Visibility
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.5
Fueling the Rush to the Cloud
• Greater customer and partner integration and intimacy
• Faster response to competitive threats
• Faster time to market
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.6
Cloud Brings Many Challenges
• Security
• Visibility
• Cost Management
• Alignment
• Compliance
© 2012 NetIQ Corporation. All rights reserved.7
Things Are Getting Complicated
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.8
Things Are Getting ComplicatedMORE
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.9
Interdependencies Grow
• Systems and services extend into third-party cloud offerings.
• Creates interdependencies that never existing before.
• These are highly complex, and potentially very difficult to manage.
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.10
BYO…(Anything)
• …Device
• …Cloud
• …Applications
• …Identity
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.11
Integration and Proliferation
• Cloud usage proliferates.
• Integration with existing services is complex.
• Integration between ‘clouds’ can be even harder.
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.12
All The Risk… None of the Reward
• IT continues to hold liability:• Controls access to critical services and data
• Manages organizational risk
• Deals with compliance
• Yet business users continue to directly engage with the cloud and unmanaged personal devices.
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.13
It’s Getting Crazy Out There
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.14
It’s Getting Crazy Out There
11,500+ files, every second, every day
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.15
Cloud Brings Challenges
• Security
• Visibility
• Cost Management
• Alignment
• Compliance
You are here.
© 2012 NetIQ Corporation. All rights reserved.16
• There is little-to-no knowledge of internal activities – or potential threats.
• Most breaches are discovered by a third party – not the breached party.
Maintain the Status Quo
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.17
Gain Visibility and Control
• Focus on organizational risk management
• Greater context for security and risk data
• Know what your internal users are doing
• Monitor and audit all activity around sensitive assets
@NetIQ - #NetIQCloud
Ready, set..transform!
© 2012 NetIQ Corporation. All rights reserved.19
Risk: Define It, Manage It
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.20
What Does That Mean?
Focus resources on the most critical assets, then make sure the “basics” are in place:
• System configuration
• Reduce privileged users
• Reduce privileges
• Monitor activity
• Integrate identity
• Improve access controls
• Keep it visible, keep it real
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.21
Focus on the Data, Then Layer Defenses
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.22
It’s All About The Data
Data-centric, risk-focused security
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.23
Surround with Layers of Data-Centric Solutions….• Manage who has access
• Monitor what they do
• Secure where the data is
• Build intelligence and use it
• Integrate other data-centric technologies
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.24
Keep It Rolling
• Continuous compliance
• Automate where you can, when you can
• Smarter security is better than more security
• Don’t just believe the vendors
• Make sure it’s easy to show value
© 2012 NetIQ Corporation. All rights reserved.25
Extending…
It’s easier to extend what’s right into the cloud.
© 2012 NetIQ Corporation. All rights reserved.26
Fight Fire With Fire
• OK, cloud with cloud
• Increasing interest in SecaaS
• NetIQ closely involved in this
• Partnering with cloud providers
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.27
NetIQ Will Help
• Faster identification of threats
• Clearer understanding of “who”
• Simpler management of access to services
• Reduced risk from poor configuration
• Tighter controls on privileged users
@NetIQ - #NetIQCloud
© 2012 NetIQ Corporation. All rights reserved.28
cloud ninenoun Informal.a state of elation or happiness (usually in the phrase on cloud nine)