2 Presenters Steve Kelley, COO 31 years experience building and managing operations and service delivery organizations in industrial robotics, medical devices, software development and IT services consulting businesses. Steve has extensive experience in networking, quality assurance, software development, disaster recovery services, and project management. He has worked with FDA GMP/GCP, FDA 21 CFR 820, SOX/SSAE16, FISMA, and HIPAA regulatory environments. Steve and Rob have worked together for over 20 years in several successful entrepreneurial ventures. Glen Balestrieri, Director of Managed Services With 26 years of management experience in Information Technology and Direct Sales allows, Glen is directly responsible for regulatory compliance, information systems security, systems engineering, systems maintenance and customer service. Glen holds a degree from American International College, with concentrations in networking, Linux, and Microsoft systems.
3 Security Best Practices Session Directives To discuss the security, speed and usability of the PopMedNet Private Cloud hosted at Lincoln Peak Partners. Session length is minutes including introductions, overview, presentation and Q&A. Q&A session will start 15 minutes before session ending
4 Presentation Overview In this presentation we will discuss: Securing the cloud. The Infrastructure behind the curtain Encryption systems in play, both at rest and in transit Compliance and what that means to PopMedNet Redundancy Application Data Flow and its Security
5 PMN Infrastructure and Security
6 Code Security Assessment
7 July 2, 2015 In June of 2015, Pivot Point Security conducted a static code review of Lincoln Peak Partner s PopMedNet applications as part of their software assurance process to provide assurance that the source code follows secure coding practices. Our code review methodology follows the testing approach recommended by the OWASP Application Security Verification Standard (ASVS). Findings are mapped to both the OWASP Top 10 and the Common Weakness Enumeration (CWE) project. We determined that the applications are secured in a manner consistent with secure coding practices and on par with similar applications that we have tested. While we did not identify any critical vulnerabilities during our testing, we did identify two areas of concern. After reviewing the issues with Lincoln Peak Partners, they indicated that these issues are actually mitigated by outside controls. Pivot Point Security has been architected to provide maximum levels of independent and objective information security expertise to our varied client base. The team responsible for conducting security assessments of this nature is led by a Certified Information Security Auditor/IRCA ISO Auditor and includes personnel appropriately qualified to render this opinion (e.g., Certified Information System Security Professionals, Microsoft Certified System Engineers, Certified Ethical Hackers, etc.) John Verry, CLA/CISA/CRISC Principal Enterprise Security Consultant
9 Security Overview Examples Redundant Firewalls Intrusion Detection Systems 24/7 Live Monitoring and Response Endpoint Security Antivirus and Malware Encryption in Use, at Rest and in Transit Vulnerability Scans Manual and Automatic Weekly Log File Auditing Third Party Pen Testing
11 Application Redundancy Lincoln Peak Partners FISMA Compliant Private Cloud Block Diagram MDPHnet / PopMedNet Users SSL Remote VPN Access INTERNET Admins SSL Remote VPN AccessLincoln Peak 10Mbps Commit (Burstable GB Segment) SSL/TLS SSL/TLS 1Mbps Commit (Burstable GB Segment) Dulles Vault DC Lincoln Peak Primary Phoenix DC Disaster Recovery Site Cold or Warm available SSL VPN Site to Site Tunnel Asynchronous Replication on Carpathia Backbone with RPO=15 minutes Lincoln Peak Partners partners with Carpathia Hosting to provide high reliability, secure managed services solution. Lincoln Peak is certified FISMA compliant and in process on SAS-70/SSAE-16. Carpathia Hosting is FISMA, SAS-70/SSAE-16, and SysTrust certified.
12 Backup with Redundancy Backup Policies Lincoln Peak Standard Operation Policy Backup and retention outlines the follow in the flow chart. Redundant backups assure your data remains intact during crisis situations. Lincoln Peak recognizes the need to customize policies for each individual customer. We can provide the flexibility you need to feel secure. All database backup are encrypted at rest and all data is encrypted in transit. This is an automated and monitored process.
13 Response Internet https/tls Ask a question Overview of Data Flow Investigators End User Web Browser https/tls Internet Ask a question Firewall VLAN 1 Response PMN Single Sign On Option PopMedNet Portal https/tls Ask a question https/tls Data Provider Data Mart Administrators Web Browser Administrators Firewall Firewall PMN Web Service https/tls 1.2 https/tls 1.2 VLAN 2 PMN Database Carpathia Hosting Firewall Firewall Response Internet DataMart Desktop Client Model Adaptors
Tenzing Security Services and Best Practices OVERVIEW Security is about managing risks and threats to your environment. The most basic security protection is achieved by pro-actively monitoring and intercepting
Cloud Computing Thunder and Lightning on Your Horizon? Overview As organizations automate more and more of their manual processes, the Internet is increasingly becoming an important tool in the delivery
Lecture Click to add text Infrastructure Security Lead IBM Bluemix team Agenda 2 Overview of Cloud security Different security considerations across different types of cloud Differences against traditional
custom hosting for how you do business 24775 League Island Boulevard Philadelphia PA 19112 gibraltarit.com 866.410.4427 Gibraltar s replicated cloud architecture and PCI/HIPAA compliant data centers provide
Diana Gligorijević, direktor marketinga INFOTECH 2012 29.5.2012. Vrnjačka Banja TELEGROUP PROFILE TELEGROUP OVERVIEW 1992 Telegroup LTD, UK 1996 TeleGroup Banja Luka 2001 TeleGroup Beograd 2007 TeleGroup
A COALFIRE WHITE PAPER Using s Cloud & Data Center Security Solution to meet PCI DSS 3.0 Compliance Implementing s Deep Security Platform in a Payment Card Environment April 2015 Page 1 Executive Summary...
Xerox Litigation Services In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost and Risk Your Highest Priority is also Your Greatest Challenge Data breaches are not just
Security Whitepaper: OCLC's Commitment to Secure Library Services Contents Executive Summary... 2 I. Information Security and Enterprise Risk Management... 4 A. OCLC's Corporate Policies... 5 B. Data Classification
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
6465 College Park Square Virginia Beach, VA 23464 757-273-8219 (main) 757-962-6989 (fax) stratuslive.com Contents Security Services... 3 Rackspace Multi Layered Approach to Security... 3 Network... 3 Rackspace
WHITE PAPER Informatica Cloud Architecture and Security Overview Independent Analysis of the Architecture and Security Features of Informatica Cloud Prepared by Mercury Consulting, a leader in Ground to
IBM Connections White Paper September 2014 IBM Connections Cloud Security 2 IBM Connections Cloud Security Contents 3 Introduction 4 Security-rich Infrastructure 6 Policy Enforcement Points Provide Application
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
Amazon Web Services: Overview of Security Processes May 2011 (Please consult http://aws.amazon.com/security for the latest version of this paper) 1 Amazon Web Services (AWS) delivers a scalable cloud computing
Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary
WHITE PAPER Securing Your Cloud-Based Data Integration A Best Practices Checklist A Report on Secure Integration Techniques Targeted at the Information Technology Executive Prepared by Mercury Consulting,
Continuous Compliance for Energy and Nuclear Facility Cyber Security Regulations Leveraging Configuration and Vulnerability Analysis for Critical Assets and Infrastructure May 2015 (Revision 2) Table of
Software and services are moving off corporate and organizational networks and into the cloud. The trends are clear and the pace is accelerating. But what exactly is the cloud? Can client-server software
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
AWS Security Best Practices Dob Todorov Yinal Ozkan November 2013 (Please consult http://aws.amazon.com/security for the latest version of this paper) Page 1 of 56 Table of Contents Abstract... 4 Overview...
Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP email@example.com Security Security is recognized as essential to protect vital processes and the systems that provide those
SAP hybris Commerce, cloud edition, Managed Services Description Effective June 2015 OBJECTIVES AND SCOPE This document provides supplemental information regarding the Managed Services for the SAP hybris