Upload
chad-lawler
View
865
Download
0
Embed Size (px)
DESCRIPTION
Integrated Cloud Framework: Security, Governance, Compliance, Content Application, and Service Management - Gartner Symposium ITXPO, October 25, 2011, Author Chad M. Lawler, Ph.D., Director, Consulting Services, Cloud Computing, U.S. Strategic Technology Solutions, Hitachi Consulting
Citation preview
© Copyright 2012 Hitachi Consulting
www.hitachiconsulting.com
Chad M. Lawler, Ph.D. Director of Consulting Services, Cloud Computing [email protected]
www.hitachiconsulting.com/cloud
A Cloud Framework for Integrated
Security, Governance, Compliance,
Content and Service Management
© 2012 Hitachi Consulting Corporation
Proprietary & Confidential, All Rights Reserved
Gartner Symposium ITXPO, October 25, 2011
http://www.gartner.com/technology/symposium/orlando/
© Copyright 2012 Hitachi Consulting
Topics for Today’s Session
Review Cloud Security Risks
Cloud Framework Overview
Focus on Security
Summary & Q&A
© Copyright 2012 Hitachi Consulting
Integrated Cloud Framework - Security, Governance, Compliance,
Content ,Application & Service Management
Our framework provides businesses with a streamlined capability to rapidly, and securely
transition application and services to the cloud.
Our cloud framework helps organizations plan for appropriate cloud application deployment
Includes the necessary services for deploying well-managed applications in the cloud.
This framework provides for integrated governance policies
Provides a well-managed cloud environment that is compliant with internal policies and
external requirements
With security services to protect from both vulnerabilities and intrusions
Services that protect against loss or compromise of sensitive data.
The framework provides for integrated content management and has automated capabilities
for appropriate cloud platform selection, content migration and application importing.
2
© Copyright 2012 Hitachi Consulting
What are the top 3 greatest risks of moving to a cloud?
The right answer depends on the type of business and what is most critical Businesses must evaluate applications
Determine appropriate use in the cloud
Consider the Pillars of IT security (CIA):
Confidentiality
Integrity
Availability
© Copyright 2012 Hitachi Consulting
What are the top 3 greatest risks of moving to a cloud?
Confidentiality
Preventing sensitive information from being disclosed to unauthorized
recipients
Limiting information access and disclosure to authorized users
Risk - Private Data Exposure
Risk of potential data or private information leakage
Can threaten your customer data
As well as your business services on operations
© Copyright 2012 Hitachi Consulting
What are the top 3 greatest risks of moving to a cloud?
Integrity
Trustworthiness of information resources
Modifying information resources only in a specified and authorized
manner
Ensuring data remains consistent and changes to data are authorized
by appropriate personnel
Risk - Data Tampering
Risk of potential manipulation or altering of critical data
Can lead to making business decisions based on invalid information
© Copyright 2012 Hitachi Consulting
What are the top 3 greatest risks of moving to a cloud?
Availability
Ensures systems operate as required
And authorized users are not denied service
Allowing systems to be available whenever needed
Risk - Business Continuity
Risk of potential interruption to or compromise of your service
operations
Service outage, security attack or compromise that may lead to data
loss
Operations are interrupted or your data is compromised
© Copyright 2012 Hitachi Consulting
Cloud Security Risks
Misuse of cloud computing resources
Secure Interfaces and APIs
Risks associated with
multi-tenancy
Risk of data loss and leakage
Account / service hijacking
Remote facilities / Security Perimeter
Securing personal identification information (PII)
IP Collateral management
© Copyright 2012 Hitachi Consulting
How to mitigate the risks of moving to the cloud?
To reduce your risks… Risk must first be understood and calculated
Understand residual risk that you can influence
Develop a standardized cloud risk decision process Help decide which applications are most appropriate
Leverage cloud application assessment process to define requirements
Understand and quantify your risk Implement a policy that calculates and quantifies cloud application risk
Includes criteria for: Application Risk Tolerance
Application Security Fit
Data Protection & SLA Requirements
Business to Business Policies
Confidentiality Risk - Private Data Exposure
Integrity Risk - Data Tampering
Availability Risk - Business Continuity
© Copyright 2012 Hitachi Consulting
Integrated Cloud Framework - Security, Governance,
Compliance & Content & Application Management
Helps Organizations Leverage the Cloud in a Secure Fashion
Understand cloud application security risk and key areas of consideration
Evaluates and helps define application and data security requirements
Enables appropriate planning for cloud security, content and governance
Serves as a comprehensive guide to reduce cloud adoption risks
Integrated Cloud Framework: A Roadmap to the Cloud
Security
to protect against vulnerabilities, intrusions & compromise of sensitive data
Governance & Compliance
for an environment compliant with policies and requirements
Content Management
for control of cloud information
Application Development & Migration
development, transition and re-platform of enterprise applications
Provides streamlined capability to rapidly & securely transition to the cloud
9
© Copyright 2012 Hitachi Consulting
Integrated Cloud Framework - Security, Governance, Compliance,
Content ,Application & Service Management
10
Cloud Framework for Integrated Security, Governance, Compliance, Content & Service Management
Cloud Security, Content & Application Services
Security Services Vulnerability Scanning, Monitoring, & PII
Detection Engine
SIEM with Root Cause Analysis & Risk Assessment
Secure Cloud to Cloud & Cloud to Datacenter VPN Connectivity
Deep Code-Level Security Vulnerability Review
Content Management Services
Cloud Platform Selection Automation
Performance SLA Engine
Feedback Collection
Site Requirements, Publication Priority & Cloud Template Launch Engine
Non-Compliant Content Migration Process
Compliant Content Migration Process
Content Conversion & Standardization
Virtualized Application Automated Migration
Program Governance Framework
Security Standards - NIST, PCI,CSA,TwC, HIPAA,GLBA,Vendor
Governance Policy Enforcement
Content Compatibility & Compliance Decision Engine
Change Management Integration
Continuous Auditing Program Engine
Security Privacy Hosting
Cloud Governance, Certification & Compliance Policy
Cloud App Risk
Legal Audit Excellence
Client Standards & Best Practices - Procurement, Security, Marketing/CMG, Privacy
Content Data Classification
Risk Impact Criteria
Monitoring Criteria
Master Security Policy & Exceptions
Data Class Criteria
Hosting Criteria
Service Desk Integration (Communication, Collaboration, Reporting)
Privacy Criteria
Corporate RACI FIT
Content Management, Security, Governance Dashboard Portal
Secure Cloud Environment Incident Reporting
Vulnerability Scanning, Monitoring, & PII Reporting Interface
Site Requirements, Content Publication Priority & Cloud Template Interface
Central Cloud Platform Management Console
Feedback Collection Interface
Continuous Audit Program Interface
Governance Policy, Portal & Training Documentation Interface
Site Compliance Reporting Dashboard Interface
Performance SLA Interface
Workflow-Checklist, Certification & Approval Interface
Metering, Billing & Charge-Back Interface
Role & Access Administration Interface
Cloud Platform & Infrastructure
Cloud Platform & Hosting Environment
Marketing Criteria
Single Sign On (SSO) Identity Management & Authentication
Patch & Log Management System
IPS/IDS Event Management & Data Loss Prevention Systems
PKI & Certificate Management System
Workflow-Checklist & Approval Engine
AntiVirus & AntiMalware System Secure Cloud Platform Content Migration
Application Services
Cloud Assessment
Cloud Application Development
Cloud Application Delivery
Cloud Architecture & Design
Consulting Services Strategic Cloud Advisory
Services
Infrastructure, Transition & Migration Services
Cloud Security & Governance Services
Cloud Readiness Assessment Services
Cloud Starter Kit
Web Server Database Middleware Content OS
Patch Management
Secure VPN IPS/IDS Event Management
AntiVirus AntiMalware
Data Loss Prevention Metering, Billing
& Charge Back
Single Sign On (SSO) Identity Management, Authentication
Log Management
Cloud Applications
Managed Cloud Service
System OS Management
Backup & Restore
ITIL
Se
rvic
e M
an
ag
em
en
t
© Copyright 2012 Hitachi Consulting
Cloud Framework – Platform & Hosting Environment
Cloud Platform & Hosting Environment
Cloud Platform & Infrastructure
Web Server Database Middleware Content OS
Cloud Applications
Patch
Management
Secure VPN IPS/IDS Event
Management
AntiVirus
AntiMalware
Data Loss
Prevention Metering, Billing &
Charge Back
Single Sign On
(SSO) Identity
Management,
Authentication Log Management
System OS
Management
Backup &
Restore
© Copyright 2012 Hitachi Consulting
Cloud Framework – Content Management Services
Content Management Services
Cloud Platform Selection Automation
Performance SLA Engine
Feedback Collection
Site Requirements, Publication Priority & Cloud
Template Launch Engine
Non-Compliant Content Migration Process
Compliant Content Migration Process
Content Conversion & Standardization
Virtualized Application Automated Migration
Content Compatibility & Compliance Decision
Engine Change Management Integration
Content Data Classification Service Desk Integration
(Communication, Collaboration, Reporting)
© Copyright 2012 Hitachi Consulting
Cloud Framework - Security Services
Security Services
Vulnerability Scanning, Monitoring, & PII Detection
Engine
SIEM with Root Cause Analysis & Risk Assessment
Secure Cloud to Cloud & Cloud to Datacenter VPN
Connectivity
Deep Code-Level Security Vulnerability Review
Continuous Auditing Program Engine
Single Sign On (SSO) Identity Management &
Authentication
Patch & Log Management System
IPS/IDS Event Management & Data Loss Prevention
Systems
PKI & Certificate Management System
Workflow-Checklist & Approval Engine
AntiVirus & AntiMalware System Data Encryption & Secure Cloud Platform Content
Migration
© Copyright 2012 Hitachi Consulting
Cloud Framework – Program Governance Framework
Program Governance Framework
Security Standards - NIST,
PCI,CSA,TwC, HIPAA,GLBA,Vendor
Governance Policy Enforcement
Security Privacy Hosting
Cloud Governance, Certification & Compliance Policy
Cloud App Risk
Legal Audit Excellence
Client Standards & Best Practices -
Procurement, Security, Organization, Privacy
Risk Impact
Criteria
Monitoring
Criteria
Master Security Policy & Exceptions
Data Class
Criteria Hosting Criteria
Privacy Criteria Corporate RACI IT Other Criteria
© Copyright 2012 Hitachi Consulting
Cloud Framework – Content Mgmt, Security, Governance Dashboard Portal
Content Management, Security, Governance Dashboard Portal
Secure Cloud Environment Incident Reporting
Vulnerability Scanning, Monitoring, & PII Reporting
Interface
Site Requirements, Content Publication Priority & Cloud
Template Interface
Central Cloud Platform Management Console
Feedback Collection Interface
Continuous Audit Program Interface
Governance Policy, Portal & Training
Documentation Interface
Site Compliance Reporting Dashboard Interface
Performance SLA Interface
Workflow-Checklist, Certification & Approval
Interface
Metering, Billing & Charge-Back Interface
Role & Access Administration Interface
© Copyright 2012 Hitachi Consulting
Summary & Reccomendations
Understand that security in the cloud must be managed
Implement a policy that calculates and quantifies cloud application risk
Evaluate application and data security requirements
Plan and budget for implementing security services
Leverage a framework which covers all the key areas
Implement and adhere to the framework as a roadmap guide to reduce
cloud adoption risks
© Copyright 2012 Hitachi Consulting
Contact us to Learn More about our Cloud Solutions Today
Chad M. Lawler, Ph.D. Director of Consulting Services
Cloud Computing
14643 Dallas Parkway, Suite 800, Dallas, Texas 75254
Office: 469.221.2894
Email: [email protected]
www.hitachiconsulting.com
www.cardcloud.com/chadlawler
Sign up for a free trial to explore our Cloud Ecosystem Management Platform.
Learn More About the Benefits of Hitachi Consulting Cloud Services at
www.hitachiconsulting.com/cloud
© Copyright 2012 Hitachi Consulting