Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

Transcription

1 Securing business data CNS White Paper Cloud for Enterprise Effective Management of Data Security Jeff Finch, Head of Business Development, CNS Mosaic 2nd July 2015

2 Contents 1 Non-Disclosure Statement Introduction Not just a fad Security skills Security intelligence Compliance and hosted security A full view of the security estate How it works Expertise Conclusion... 8 cnsgroup.co.uk page 2 of 8

3 1 Non-Disclosure Statement This document contains intellectual property rights and copyright, which are proprietary to Convergent Network Solutions Ltd. The work and the information it contains are submitted for the purpose of making a proposal, fulfilling a contract or as marketing collateral. It is to be treated as confidential and shall not be used for any other purpose. It shall not be copied or disclosed to third parties, in whole or in part, without the prior written consent of Convergent Network Solutions Ltd. cnsgroup.co.uk page 3 of 8

4 2 Introduction Globally the adoption of cloud computing and resources for enterprises has been accelerating. Their initial concerns over security are being negated by the high levels of capital cost savings and flexibility cloud offers. These same organisations are using inherent tools in cloud platforms and utilising their own security enterprise tools to protect their assets. That then leaves the question where does the Security smarts, the intelligence, live in this model. If the strategy is to leverage the economies of scale in using the cloud for the applications, enterprise services and requirements, then the same should be so for the security intelligence. Compliance and enterprise grade security intelligence is normally outside the capabilities of those that provide Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service. This White Paper explores the benefits of using SaaS monitored by CNS Mosaic experts and how that can give your enterprise and organisation greater security and flexibility in a cost effective manner. cnsgroup.co.uk page 4 of 8

5 3 Not just a fad Cloud adoption is here to stay; some would say it has always been here! 75% of Security managers and CISO s have declared that they expect their spend on cloud security to increase dramatically over the next 5 years (Forrester/IBM, Gartner). Global SaaS software revenues are forecasted to reach $106B in 2016, increasing 21% over projected 2015 spending levels (IDC). A Goldman Sachs study published January 2015 projects that spending on cloud computing infrastructure and platforms will grow at a 30% CAGR from 2013 through 2018 compared with 5% growth for the overall enterprise IT. The CNS Mosaic PRO-SECURE monitored managed security service allows for the correlation of information, SIEM capability and incidence support; providing the backbone of a strong security operation. This enriches the in house security teams with additional and advanced threat correlation and analysis which makes them more efficient. 4 Security skills The Security industry is suffering from a massive skills gap and security staffing retention issues plague most enterprises. The risk of not having the right skills to support the enterprise and its operations is enormous and evermore likely. In house security skills are better utilised to support new operations and opportunities to help grow enterprise revenues. The skills that CNS Mosaic brings to its customers provide the support to deal with threats, prioritise potential risks, and advise on vulnerabilities and forensic investigation. Our skill provides the basis that allows for remediation, configuration and rapid response to security issues. 5 Security intelligence CNS is a pure play dedicated security organisation. CNS Mosaic in providing PRO-SECURE helps customers remain ahead of attackers and completes their view of their overall security posture. To make that happen enterprises need security intelligence and to apply the learning that gives across their security estate with the purpose of maintaining and enhancing their secure environment. PRO-SECURE s security intelligence objectives include: Take the noise out of security management! Reduce the cacophony of alerts into meaningful information quickly and easily. Give a quick detection and incident response Reduce the likelihood of false positives Inform the customer on what asset has been exploited, with what kind of activity and to what end (i.e. authentication breaches, data loss, etc.) The CNS Mosaic solution collects, correlates and refines data from network traffic, logs, system configurations and vulnerability reports, to automatically identify known or previously undetected threats. The services analytics engine can help find attackers and predict and prioritise security weaknesses for risk mitigation or issue remediation. cnsgroup.co.uk page 5 of 8

6 6 Compliance and hosted security The CNS Mosaic PRO-SECURE capability is the corner stone of our COMPLY & SECURE service. The CNS Mosaic COMPLY & SECURE service provides an ongoing managed security service which monitors the security environment and, utilising the controls for a compliance regime, is able to report on whether the compliance standard is being maintained. CNS Mosaic COMPLY & SECURE is able to provide the tools and controls for the following compliance standards: HMG Levels (both IL2, IL3 and the new HMG standards of Official and Official Sensitive PCI DSS V3 ISO and ISO controls OCIE/SEC CNS Mosaic PRO-SECURE and CNS Mosaic COMPLY & SECURE are able to operate in a hybrid environment and provide statistics and a view of the total security estate. 7 A full view of the security estate The CNS Mosaic PRO-SECURE and CNS Mosaic COMPLY & SECURE Platform includes: Analysis of log, flow, vulnerability, user and asset data on a single platform architecture Dynamic correlation and anomaly detection to identify threats and risks Near real-time visibility into network, application and user activity Compliance reporting and status capabilities 7.1 How it works The CNS Mosaic PRO-SECURE and CNS Mosaic COMPLY & SECURE Platform is designed to: Gather all security events from both cloud and on premises which means a quicker more responsive action to critical threats Allow in house Security teams to access the CNS Mosaic platform from a web browser; however CNS security experts manage the software configuration and implementation, along with its technical support and ongoing maintenance. Your Data never leaves the UK in fact it never leaves your enterprise and our expertise is all UK based. cnsgroup.co.uk page 6 of 8

7 8 Expertise CNS is a pure play dedicated security organisation. CNS Mosaics sister company CNS Hut3 is comprised of high quality, industry accredited security engineers, assessors and auditors for almost all major compliance regimes. This means that the CNS Mosaic services team has the knowledge, best practices, individuals and technology to keep organisations ahead of the curve when it comes to the latest threats. CNS Mosaic experts understand the need for visibility of the service and can deliver the platform to provide the enterprise with a real time view of their security posture and compliance readiness. CNS Mosaic man the CNS Security Operations Centre (SOC) and maintain an ever watchful 24 x 7 x 365 observation of clients' environments and liaise with the affected client in the event of an incident or event. Staying with the client until the issue has been remediated and assisting in the investigation, remediation and normalisation of the client s environment. cnsgroup.co.uk page 7 of 8

8 9 Conclusion Enterprises are adopting the cloud rapidly which makes it all the more important that they can monitor security across the whole of their security estate. CNS Mosaic, as a pure play managed security services company, is able to support enterprises regardless of where their assets reside. The CNS Mosaic COMPLY & SECURE platform can help enterprises maintain their compliance status across data silos including cloud all the while maintaining an ability to detect and respond to threats. CNS COMPLY & SECURE allows enterprises to also gain high visibility of their whole estate via the web access to the platform and the ability to generate reports as required for audit and compliance purposes. CNS Mosaic believes that the PRO SECURE and COMPLY & SECURE services offer great value to our clients and enable their in house staff to focus on growth activities. cnsgroup.co.uk page 8 of 8