© Copyright 2012 Hitachi Consulting

www.hitachiconsulting.com

Chad M. Lawler, Ph.D. Director of Consulting Services, Cloud Computing chad.lawler@hitachiconsulting.com

www.hitachiconsulting.com/cloud

A Cloud Framework for Integrated

Security, Governance, Compliance,

Content and Service Management

© 2012 Hitachi Consulting Corporation

Proprietary & Confidential, All Rights Reserved

Gartner Symposium ITXPO, October 25, 2011

http://www.gartner.com/technology/symposium/orlando/

© Copyright 2012 Hitachi Consulting

Topics for Today’s Session

Review Cloud Security Risks

Cloud Framework Overview

Focus on Security

Summary & Q&A

© Copyright 2012 Hitachi Consulting

Integrated Cloud Framework - Security, Governance, Compliance,

Content ,Application & Service Management

Our framework provides businesses with a streamlined capability to rapidly, and securely

transition application and services to the cloud.

Our cloud framework helps organizations plan for appropriate cloud application deployment

Includes the necessary services for deploying well-managed applications in the cloud.

This framework provides for integrated governance policies

Provides a well-managed cloud environment that is compliant with internal policies and

external requirements

With security services to protect from both vulnerabilities and intrusions

Services that protect against loss or compromise of sensitive data.

The framework provides for integrated content management and has automated capabilities

for appropriate cloud platform selection, content migration and application importing.

2

© Copyright 2012 Hitachi Consulting

What are the top 3 greatest risks of moving to a cloud?

The right answer depends on the type of business and what is most critical Businesses must evaluate applications

Determine appropriate use in the cloud

Consider the Pillars of IT security (CIA):

Confidentiality

Integrity

Availability

© Copyright 2012 Hitachi Consulting

What are the top 3 greatest risks of moving to a cloud?

Confidentiality

Preventing sensitive information from being disclosed to unauthorized

recipients

Limiting information access and disclosure to authorized users

Risk - Private Data Exposure

Risk of potential data or private information leakage

Can threaten your customer data

As well as your business services on operations

© Copyright 2012 Hitachi Consulting

What are the top 3 greatest risks of moving to a cloud?

Integrity

Trustworthiness of information resources

Modifying information resources only in a specified and authorized

manner

Ensuring data remains consistent and changes to data are authorized

by appropriate personnel

Risk - Data Tampering

Risk of potential manipulation or altering of critical data

Can lead to making business decisions based on invalid information

© Copyright 2012 Hitachi Consulting

What are the top 3 greatest risks of moving to a cloud?

Availability

Ensures systems operate as required

And authorized users are not denied service

Allowing systems to be available whenever needed

Risk - Business Continuity

Risk of potential interruption to or compromise of your service

operations

Service outage, security attack or compromise that may lead to data

loss

Operations are interrupted or your data is compromised

© Copyright 2012 Hitachi Consulting

Cloud Security Risks

Misuse of cloud computing resources

Secure Interfaces and APIs

Risks associated with

multi-tenancy

Risk of data loss and leakage

Account / service hijacking

Remote facilities / Security Perimeter

Securing personal identification information (PII)

IP Collateral management

© Copyright 2012 Hitachi Consulting

How to mitigate the risks of moving to the cloud?

To reduce your risks… Risk must first be understood and calculated

Understand residual risk that you can influence

Develop a standardized cloud risk decision process Help decide which applications are most appropriate

Leverage cloud application assessment process to define requirements

Understand and quantify your risk Implement a policy that calculates and quantifies cloud application risk

Includes criteria for: Application Risk Tolerance

Application Security Fit

Data Protection & SLA Requirements

Business to Business Policies

Confidentiality Risk - Private Data Exposure

Integrity Risk - Data Tampering

Availability Risk - Business Continuity

© Copyright 2012 Hitachi Consulting

Integrated Cloud Framework - Security, Governance,

Compliance & Content & Application Management

Helps Organizations Leverage the Cloud in a Secure Fashion

Understand cloud application security risk and key areas of consideration

Evaluates and helps define application and data security requirements

Enables appropriate planning for cloud security, content and governance

Serves as a comprehensive guide to reduce cloud adoption risks

Integrated Cloud Framework: A Roadmap to the Cloud

Security

to protect against vulnerabilities, intrusions & compromise of sensitive data

Governance & Compliance

for an environment compliant with policies and requirements

Content Management

for control of cloud information

Application Development & Migration

development, transition and re-platform of enterprise applications

Provides streamlined capability to rapidly & securely transition to the cloud

9

© Copyright 2012 Hitachi Consulting

Integrated Cloud Framework - Security, Governance, Compliance,

Content ,Application & Service Management

10

Cloud Framework for Integrated Security, Governance, Compliance, Content & Service Management

Cloud Security, Content & Application Services

Security Services Vulnerability Scanning, Monitoring, & PII

Detection Engine

SIEM with Root Cause Analysis & Risk Assessment

Secure Cloud to Cloud & Cloud to Datacenter VPN Connectivity

Deep Code-Level Security Vulnerability Review

Content Management Services

Cloud Platform Selection Automation

Performance SLA Engine

Feedback Collection

Site Requirements, Publication Priority & Cloud Template Launch Engine

Non-Compliant Content Migration Process

Compliant Content Migration Process

Content Conversion & Standardization

Virtualized Application Automated Migration

Program Governance Framework

Security Standards - NIST, PCI,CSA,TwC, HIPAA,GLBA,Vendor

Governance Policy Enforcement

Content Compatibility & Compliance Decision Engine

Change Management Integration

Continuous Auditing Program Engine

Security Privacy Hosting

Cloud Governance, Certification & Compliance Policy

Cloud App Risk

Legal Audit Excellence

Client Standards & Best Practices - Procurement, Security, Marketing/CMG, Privacy

Content Data Classification

Risk Impact Criteria

Monitoring Criteria

Master Security Policy & Exceptions

Data Class Criteria

Hosting Criteria

Service Desk Integration (Communication, Collaboration, Reporting)

Privacy Criteria

Corporate RACI FIT

Content Management, Security, Governance Dashboard Portal

Secure Cloud Environment Incident Reporting

Vulnerability Scanning, Monitoring, & PII Reporting Interface

Site Requirements, Content Publication Priority & Cloud Template Interface

Central Cloud Platform Management Console

Feedback Collection Interface

Continuous Audit Program Interface

Governance Policy, Portal & Training Documentation Interface

Site Compliance Reporting Dashboard Interface

Performance SLA Interface

Workflow-Checklist, Certification & Approval Interface

Metering, Billing & Charge-Back Interface

Role & Access Administration Interface

Cloud Platform & Infrastructure

Cloud Platform & Hosting Environment

Marketing Criteria

Single Sign On (SSO) Identity Management & Authentication

Patch & Log Management System

IPS/IDS Event Management & Data Loss Prevention Systems

PKI & Certificate Management System

Workflow-Checklist & Approval Engine

AntiVirus & AntiMalware System Secure Cloud Platform Content Migration

Application Services

Cloud Assessment

Cloud Application Development

Cloud Application Delivery

Cloud Architecture & Design

Consulting Services Strategic Cloud Advisory

Services

Infrastructure, Transition & Migration Services

Cloud Security & Governance Services

Cloud Readiness Assessment Services

Cloud Starter Kit

Web Server Database Middleware Content OS

Patch Management

Secure VPN IPS/IDS Event Management

AntiVirus AntiMalware

Data Loss Prevention Metering, Billing

& Charge Back

Single Sign On (SSO) Identity Management, Authentication

Log Management

Cloud Applications

Managed Cloud Service

System OS Management

Backup & Restore

ITIL

Se

rvic

e M

an

ag

em

en

t

© Copyright 2012 Hitachi Consulting

Cloud Framework – Platform & Hosting Environment

Cloud Platform & Hosting Environment

Cloud Platform & Infrastructure

Web Server Database Middleware Content OS

Cloud Applications

Patch

Management

Secure VPN IPS/IDS Event

Management

AntiVirus

AntiMalware

Data Loss

Prevention Metering, Billing &

Charge Back

Single Sign On

(SSO) Identity

Management,

Authentication Log Management

System OS

Management

Backup &

Restore

© Copyright 2012 Hitachi Consulting

Cloud Framework – Content Management Services

Content Management Services

Cloud Platform Selection Automation

Performance SLA Engine

Feedback Collection

Site Requirements, Publication Priority & Cloud

Template Launch Engine

Non-Compliant Content Migration Process

Compliant Content Migration Process

Content Conversion & Standardization

Virtualized Application Automated Migration

Content Compatibility & Compliance Decision

Engine Change Management Integration

Content Data Classification Service Desk Integration

(Communication, Collaboration, Reporting)

© Copyright 2012 Hitachi Consulting

Cloud Framework - Security Services

Security Services

Vulnerability Scanning, Monitoring, & PII Detection

Engine

SIEM with Root Cause Analysis & Risk Assessment

Secure Cloud to Cloud & Cloud to Datacenter VPN

Connectivity

Deep Code-Level Security Vulnerability Review

Continuous Auditing Program Engine

Single Sign On (SSO) Identity Management &

Authentication

Patch & Log Management System

IPS/IDS Event Management & Data Loss Prevention

Systems

PKI & Certificate Management System

Workflow-Checklist & Approval Engine

AntiVirus & AntiMalware System Data Encryption & Secure Cloud Platform Content

Migration

© Copyright 2012 Hitachi Consulting

Cloud Framework – Program Governance Framework

Program Governance Framework

Security Standards - NIST,

PCI,CSA,TwC, HIPAA,GLBA,Vendor

Governance Policy Enforcement

Security Privacy Hosting

Cloud Governance, Certification & Compliance Policy

Cloud App Risk

Legal Audit Excellence

Client Standards & Best Practices -

Procurement, Security, Organization, Privacy

Risk Impact

Criteria

Monitoring

Criteria

Master Security Policy & Exceptions

Data Class

Criteria Hosting Criteria

Privacy Criteria Corporate RACI IT Other Criteria

© Copyright 2012 Hitachi Consulting

Cloud Framework – Content Mgmt, Security, Governance Dashboard Portal

Content Management, Security, Governance Dashboard Portal

Secure Cloud Environment Incident Reporting

Vulnerability Scanning, Monitoring, & PII Reporting

Interface

Site Requirements, Content Publication Priority & Cloud

Template Interface

Central Cloud Platform Management Console

Feedback Collection Interface

Continuous Audit Program Interface

Governance Policy, Portal & Training

Documentation Interface

Site Compliance Reporting Dashboard Interface

Performance SLA Interface

Workflow-Checklist, Certification & Approval

Interface

Metering, Billing & Charge-Back Interface

Role & Access Administration Interface

© Copyright 2012 Hitachi Consulting

Summary & Reccomendations

Understand that security in the cloud must be managed

Implement a policy that calculates and quantifies cloud application risk

Evaluate application and data security requirements

Plan and budget for implementing security services

Leverage a framework which covers all the key areas

Implement and adhere to the framework as a roadmap guide to reduce

cloud adoption risks

© Copyright 2012 Hitachi Consulting

Contact us to Learn More about our Cloud Solutions Today

Chad M. Lawler, Ph.D. Director of Consulting Services

Cloud Computing

14643 Dallas Parkway, Suite 800, Dallas, Texas 75254

Office: 469.221.2894

Email: chad.lawler@hitachiconsulting.com

www.hitachiconsulting.com

www.cardcloud.com/chadlawler

Sign up for a free trial to explore our Cloud Ecosystem Management Platform.

Learn More About the Benefits of Hitachi Consulting Cloud Services at

www.hitachiconsulting.com/cloud

© Copyright 2012 Hitachi Consulting