HEC Security & Compliance
|
|
- Dominic Garrett
- 8 years ago
- Views:
Transcription
1 HEC Security & Compliance SAP Security, Risk & Compliance Office November, 2014 Public Version 2.0
2 Details Introduction Overview Security Offering Approach Certifications
3 Introduction Dear Customer, Information Security is not just a buzzword for the SAP Security, Risk & Compliance Office it s our daily work, our passion, and the principle that drives us. We strive to provide the best security and data protection possible to SAP and our customers. Each customer is treated as if they were our only customer. That s the kind of commitment and importance we work to achieve - every single day. We have consistently certified to internationally recognized standards such as ISO 9001 for Quality Management or ISO for Information Security, provide SOC1 and SOC2 reports twice a year along with using industry accepted best practices such as COBIT or the ISF Standard of Good Practice for Information Security to assure the best possible security and risk management approach. You can rest assured that your information is in good, experienced hands. Additional information about HANA Enterprise Cloud can be found at Regards, Ralph Salomon Chief IT & Cloud Security Officer; CRISC SAP Security, Risk & Compliance Office SAP SE Dietmar-Hopp-Allee Walldorf, Germany 2014 SAP SE or an SAP affiliate company. All rights reserved. Public - Version 2.0 3
4 Details Introduction Overview Security Offering Approach Certifications
5 HANA Enterprise Cloud (HEC) High Level Overview Corporate HANA ENTERPRISE CLOUD Admin Firewall Administrative Jump Hosts Shared Administrative Infrastructure Management Networks Public Internet Access #3 #2 #1 MPLS MPLS VPN Customer #3 Customer #2 Customer #1 The fundamental security architecture of the HEC infrastructure is the principal of a private cloud. This means customer will receive an isolated, logical grouping of several Virtual Machines and physical systems. All customer networks are completely isolated from each other. HEC administrative tasks will be done using management networks #<no>: Refers to one customer MPLS: Multiprotocol Label Switching VPN: Virtual Private Network 2014 SAP SE or an SAP affiliate company. All rights reserved. Public - Version 2.0 5
6 HANA Enterprise Cloud (HEC) High Level Overview Integration HEC SAP HEC is isolated from the SAP Corporate Network Access to HEC is only possible with a 2- factor authentication Corporate HANA ENTERPRISE CLOUD Admin Firewall Administrative Jump Hosts Shared Administrative Infrastructure Management Networks Public Internet Access #3 #2 #1 MPLS MPLS VPN Customer #3 Customer #2 HEC administration HEC administration is done using shared administrative infrastructure and management networks Customer Isolation Each HEC customer receives their own isolated landscape HEC customer landscape is fully integrated into the customer corporate network using WAN or VPN links Customer #1 #<no>: Refers to one customer MPLS: Multiprotocol Label Switching VPN: Virtual Private Network WAN: Wide Area Network 2014 SAP SE or an SAP affiliate company. All rights reserved. Public - Version 2.0 6
7 HANA Enterprise Cloud (HEC) Details Details for Customer Landscapes Corporate HANA ENTERPRISE CLOUD Admin Firewall Administrative Jump Hosts Shared Administrative Infrastructure Management Networks Customer Landscape Customer Landscape consists of physical servers running the HANA database and virtual machines running additional components (e.g. SAP Application Servers) Only logical separation within a customer landscape Security hardened system configurations #1 Physical Server HANA, e.g. 3 TB Virtual Machines SAP Appl. Server SAP Cloud Frame Manager Orchestration HANA-Cell of physical HANA Servers Provisioning Storage Virtualization Orchestration Virtualization Server Nodes 1 2 n 3 Provisioning 2014 SAP SE or an SAP affiliate company. All rights reserved. Public - Version 2.0 7
8 HANA Enterprise Cloud (HEC) Details Details for Network Integration HANA ENTERPRISE CLOUD Corporate Admin Firewall Administrative Jump Hosts Shared Administrative Infrastructure #2 VLAN for #2 VPN Router VPN for #2 Customer #2 Network Integration Customer Landscapes can be connected using IPSEC VPN and MPLS Customers can have multiple customer landscapes that are joined in one customer routing domain (#1.1 and #1.2) Network filtering can be requested between Customer Landscape and Customer Corporate Network Management Networks #1.1 #1.2 VLAN for #1 MPLS Router MPLS for #1 Customer #1 #<no>: Refers to one customer IPSEC: Internet Protocol Security MPLS: Multiprotocol Label Switching VLAN: Virtual Local Area Network VPN: Virtual Private Network 2014 SAP SE or an SAP affiliate company. All rights reserved. Public - Version 2.0 8
9 HANA Enterprise Cloud (HEC) Details Details for Public Internet Access HANA ENTERPRISE CLOUD Inbound Public Internet Access Corporate Inbound Public Internet Access with normal security requirements If required, customers can request public Internet Access Shared reverse proxy farm based on F5 technology is used Web Application Firewall provides basic security that can be extended on customer request #<no>: Refers to one customer DMZ: Demilitarized Zone VPN: Virtual Private Network Admin Firewall Administrative Jump Hosts Shared Administrative Infrastructure Management Networks Customer #1 Customer #2 #2 Router VLAN for #2 VLAN for #1 #1 #1.DMZ (optional) Reverse Proxy Farm with Web Application Firewall Inbound Public Internet Access with high security requirements Usage of a dedicated customer landscape as DMZ segment (#1.DMZ) Limited connectivity from #1.DMZ to customer landscape with customer backend (#1) 2014 SAP SE or an SAP affiliate company. All rights reserved. Public - Version 2.0 9
10 Details Introduction Overview Security Offering Approach Certifications
11 Hana Enterprise Cloud Security Secure Operations Asset Management Change Management Incident Management Anti Virus & Malware Management Backup / Restore Management Identity & Access Management Security Awareness Trainings Network Security Network Filtering Intrusion Prevention Systems Web Application Firewall 2-factor Authentication Network Admission Control Proxies with Content Filtering Advanced threat management Advanced IT Security Architecture Isolated, separated Landscape per Customer Security hardened Systems Customer data flow control Regional Data Storage (e.g. EU-, US-Cloud) European data protection and privacy policy Security measures are audited and confirmed through various Certifications & Attestations ISO Certificates o o Threat & Vulnerability Management Security Patch Management Penetration Testing Vulnerability Scanning 24 x 7 Security Monitoring Center ISO9001 Quality Management System ISO27001 Information Security Management System SOC1 (ISAE3402/SSAE16) Type I & Type II SOC2 Type I & Type II Industry specific Certificates (on demand with business case foundation) Secure Product Development Lifecycle Physical Security Video and Sensor Surveillance Access Logging Security Guards Fire Detection and Extinguishing System Uninterruptible Power Supply Biometric Access Control in certain Locations 2014 SAP SE or an SAP affiliate company. All rights reserved. Public - Version
12 Data Center Security Requirements SAP Cloud Solutions and Customer Data needs to be operated in a: SAP Tier Level III, III+ or IV classified Data Center. SAP checks on site the compliance to the SAP Data Center minimum physical security standard that covers topics like: Perimeter & Location security Building entry point security Building Security Access Controls & Monitoring General access and Access to dedicated SAP areas Fire Protection Electrical Power supply Certifications of the DC Provider Minimum availability requirements Tier I Tier II Tier III Tier III+ Tier IV Stand-alone Data Center building necessary no no no yes yes Amount of external electrical power suppliers Amount of transformers to power the Data Center n n n+1 n+1 2n UPS Battery System necessary no yes yes yes yes Minutes UPS must provide power 0 5 >10 >10 >10 Amount of UPS Systems necessary n n n+1 n+1 2n (Diesel-) Generators needed no no yes yes yes Amount of cooling systems needed n n n+1 n+1 2n Server cooling is independent from an office AC no no yes yes yes Fire detection system needs to be installed yes yes yes yes yes Fire extinguishing system must be installed no yes yes yes yes On-site response time of Data Center personnel <48h <8h <1h <1h <1h Available WAN network connection lines 1 n+1 n+1 n+1 2n Available LAN network connection lines n n+1 n+1 2n 2n 2014 SAP SE or an SAP affiliate company. All rights reserved. Public - Version
13 HEC Data Centers Current Status Tier Level & Certifications Americas EMEA + Russia APJ US, Eastcoast Europe 1 Europe 2 Russia China Japan 2 Japan 1 Ready Data Center reach Data Centers in this geography are in planning or build phase. US, Westcoast Australia US, Westcoast US, Eastcoast Europe 1 Europe2 Japan 1 Japan 2 Australia Tier Level IV III+ III+ IV III+ III III+ Certifications & Attestations SSAE16 PCI DSS SSAE16 ISO ISO 9001 PCI DSS ISO ISO 9001 SSAE 16 ISO SSAE16 ISO SSAE16 ISO SSAE SAP SE or an SAP affiliate company. All rights reserved. Public - Version
14 HANA Enterprise Cloud Security START 2014 SAP SE or an SAP affiliate company. All rights reserved. Public - Version
15 Details Introduction Overview Security Offering Approach Certifications
16 Why HANA Enterprise Cloud (HEC) is better SAP has a long-standing tradition in security of its solutions and takes demands from customers on cloud security very seriously. The key differentiator of HEC: A. B. Strong collaboration between Security, Operations and Product Development team Multi Layers of defense to protect our Customer s data C. D. Holistic Security & Compliance approach: integrated, monitored and validated by external audits Customer can select the region of data storage 2014 SAP SE or an SAP affiliate company. All rights reserved. Public - Version
17 Why HANA Enterprise Cloud (HEC) is better A. Strong Collaboration Strong collaboration of Product Security team and Operations Security team ensures proper security and compliance implemented in HEC products. Identified issues are directly communicated into Product Development team to ensure immediate fixes. Strong collaboration of Security team and Operations team ensures proper definition of security requirements individually per Cloud product within HEC. Security team consults the Operations team in defining and implementing the security measures per asset individually. Regular monitoring ensures timely identification of issues SAP SE or an SAP affiliate company. All rights reserved. Public - Version
18 Why HANA Enterprise Cloud (HEC) is better B. Multi Layers of Defense Internet DMZ - External Intrusion Prevention White Hat Hacker Penetration Tests HDMZ - Perimeter Firewall & Router ACL Protection Data Center Internal Administration Network Internal Intrusion Detection White Hat Hacker Penetration Tests Customer A Data IPS* Security Implementation Audit & Security Reviews Admin VPN / WTS Access Control & Logging Customer B Data Customer C Data Operations Multi-factor Authentication SMC** / SIEM*** *IPS = Network Intrusion Prevention System **SMC = Security Monitoring Center (7*24) ***SIEM = Security Information and Event Management 2014 SAP SE or an SAP affiliate company. All rights reserved. Public - Version
19 Why HANA Enterprise Cloud (HEC) is better C. Holistic Security & Compliance Approach (1/2) HEC leverages a multi-dimensional security and compliance approach to establish and maintain state-of-the-art Security & Compliance. The following two slides describe the key aspects of the holistic Security & Compliance Approach. Protection Goal Security (CIA) HEC focuses on confidentiality and integrity of data as well as availability of customer systems and central infrastructure. Data Protection HEC is fully committed to data protection and privacy. SAP is a global company with its headquarters in Germany, which is a member of the European Union (EU). Therefore our Policy is based on definitions of European Data Protection legislation and defines the basic principles applicable for every SAP entity *). HEC respects data protection and privacy rights and safeguards any Personal Data of our customers. IP Protection HEC in addition focuses on the protection of your intellectual property. Access to data is strictly limited according the need-to-know-principle. Strict separation of customer systems is understood! Scoping Protection Goal Technology Processes People *) If local (i.e. country specific) or other applicable laws require stricter standards, Personal Data will be handled in accordance with those stricter laws SAP SE or an SAP affiliate company. All rights reserved. Public - Version
20 Why HANA Enterprise Cloud (HEC) is better C. Holistic Security & Compliance Approach (2/2) Demands & Enforcement Requirements / Measures SAP has a strict policy framework which is broken down into detailed technical procedures for operations. Monitoring Regular monitoring ensures timely identification of deviations and initiates fixes quickly. Audits During the Compliance & Certification Audits we ask external experts to verify our security effectiveness. Through regular supplier audits, we ensure the security effectiveness of suppliers and sub-contractors. Scoping Technology Secure operability of HEC products is monitored. Issues are directly addressed to Product Development team. Our security scope covers all infrastructure components and tools required to operate and manage HEC. Processes All relevant processes for cloud product development and cloud operations are within the security scope. People Regular training and evaluation is key to ensure proper operations of HEC. Scoping Protection Goal Technology Processes People 2014 SAP SE or an SAP affiliate company. All rights reserved. Public - Version
21 Why HANA Enterprise Cloud (HEC) is better D. Customer can select storage region A. The physical storage of customer B. The general rule is: data is crucial to numerous enterprises. Therefore, our HEC customers can choose if their data is stored in cloud data centers located in the USA or in Europe. We have clear and company-wide guidelines in place that define how we respond to requests for customer data coming from law enforcement authorities and regarding national security concerns. We take our commitment to our customers and legal compliance very seriously. Customer data is only shared if the request is legally valid. Our legal department evaluates every inquiry in detail. In addition, we will question a request if there are grounds for assuming that they are not in conformity with the law SAP SE or an SAP affiliate company. All rights reserved. Public - Version
22 Details Introduction Overview Security Offering Approach Certifications
23 Cloud Security Governance / Build One Delivery Internal Controls Compliance & Processes Integrated Information Security Management System (acc. ISO27001) Controls embedded into operational processes and procedures Compliance- Processes Process Managers located within the delivery unit Training is provided on regular basis to ensure proper implementation Control effectiveness is regularly tested Compliance audits performed twice per year ISO audits performed on annual basis 2014 SAP SE or an SAP affiliate company. All rights reserved. Public - Version
24 Cloud Security Governance / Build One Delivery Internal Controls Certification Overview & Roadmap SAP Cloud Offering SAP Business by Design SAP Cloud for Customer SAP Cloud for Financials SAP Cloud for Sales Certifications and Attestations SOC1/ISAE3402 SOC 2 ISO27001 Type I Type II Type I Type II Others Certifications / Attestations SOC1 / ISAE 3402 / SSAE16 SOC 2 Purpose Report on a service organizations internal controls that are likely to be relevant to an audit of a customer s financial statements. (former SAS 70) Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy. Can be handed out to customers and prospects, use/distribution may be restricted. SAP Cloud for Service SOC 3 Trust Services Report for Service Organizations. Used for marketing purposes, unrestricted use/distribution. Certifications/ Attestations Roadmap SAP Cloud for Social Engagement SAP Cloud for Travel & Expense HANA Enterprise Cloud Ariba cloud solutions from SAP 1) Ariba - Quadrem cloud solutions from SAP SuccessFactors cloud solutions from SAP 2) SAP People Cloud Solutions - Employee Central SAP People Cloud Solutions - Employee Central Payroll SAP HANA Cloud Platform & Portal SAP HANA Cloud Portal ISO9001; planned for Q4/2014: ISO22301 PCI-DSS, Webtrust, SafeHarbor WebTrust SafeHarbor SafeHarbor SafeHarbor ISO ISO 9001 PCI-DSS Certification available: Certification planned for 2014: Certification planned for 2016: Certification not applicable: May be added in future: Certification of a Information Security Management System. Used for marketing purposes, certification can be officially published. Certification of a Quality Management System Used for marketing purposes, certification can be officially published. Required for customers: who handle cardholder information for debit, credit, prepaid, e-purse, ATM, and POS cards 1) Ariba Network / Ariba Sourcing Pro / Ariba Contract Management / Ariba Spend Visibility / Ariba Procure to Pay / Ariba Analysis / Ariba Category Management / Ariba Supplier Management / Ariba Travel and Expense / Ariba Invoice 2) SuccessFactors Performance & Goals / SuccessFactors Succession & Development / SuccessFactors Learning / SuccessFactors Onboarding / SuccessFactors Recruiting Marketing / SuccessFactors Workforce Planning / SuccessFactors Workforce Analytics / SAP Jam 2014 SAP SE or an SAP affiliate company. All rights reserved. Public - Version
25 Thank you! Contact information: Ralph R. Salomon VP Security, Risk & Compliance Office; CRISC Chief IT & Cloud Security Officer SAP SE Phone: /
StratusLIVE for Fundraisers Cloud Operations
6465 College Park Square Virginia Beach, VA 23464 757-273-8219 (main) 757-962-6989 (fax) stratuslive.com Contents Security Services... 3 Rackspace Multi Layered Approach to Security... 3 Network... 3 Rackspace
More informationSecure, Scalable and Reliable Cloud Analytics from FusionOps
White Paper Secure, Scalable and Reliable Cloud Analytics from FusionOps A FusionOps White Paper FusionOps 265 Santa Ana Court Sunnyvale, CA 94085 www.fusionops.com World-class security... 4 Physical Security...
More informationSAP Product and Cloud Security Strategy
SAP Products and Solutions SAP Product and Cloud Security Strategy Table of Contents 2 SAP s Commitment to Security 3 Secure Product Development at SAP 5 SAP s Approach to Secure Cloud Offerings SAP s
More informationBirst Security and Reliability
Birst Security and Reliability Birst is Dedicated to Safeguarding Your Information 2 Birst is Dedicated to Safeguarding Your Information To protect the privacy of its customers and the safety of their
More informationAnypoint Platform Cloud Security and Compliance. Whitepaper
Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.
More informationVMware vcloud Air Security TECHNICAL WHITE PAPER
TECHNICAL WHITE PAPER The Shared Security Model for vcloud Air The end-to-end security of VMware vcloud Air (the Service ) is shared between VMware and the customer. VMware provides security for the aspects
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationWe Believe in Security with a Capital S
Security Consulting by arvato Systems We Believe in Security with a Capital S The number of attacks on IT systems has increased dramatically in recent years, with the style and approach of such attacks
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS. Version 2.0
ENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS Version 2.0 July 20, 2012 Table of Contents 1 Foreword... 1 2 Introduction... 1 2.1 Classification... 1 3 Scope... 1
More informationFamly ApS: Overview of Security Processes
Famly ApS: Overview of Security Processes October 2015 Please consult http://famly.co for the latest version of this paper Page 1 of 10 Table of Contents 1. INTRODUCTION TO SECURITY AT FAMLY... 3 2. PHYSICAL
More informationChapter 1 The Principles of Auditing 1
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationOracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
More informationGoodData Corporation Security White Paper
GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationTransparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products?
Privacy Transparency What does privacy at Microsoft mean? Are you using my data to build advertising products? Where is my data? Who has access to my data? Compliance What certifications and capabilities
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationMAXIMUM DATA SECURITY with ideals TM Virtual Data Room
MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for
More informationCloud e-mail services: Security, Compliance and Privacy. Nasos Kladakis Solutions Specialist Microsoft Hellas
Cloud e-mail services: Security, Compliance and Privacy Nasos Kladakis Solutions Specialist Microsoft Hellas Risk Management Program Overview Information Security Policy Security Privacy & Regulatory Service
More informationSecuring the Service Desk in the Cloud
TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,
More informationTable of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
More informationwww.pwc.com Network Security Auditing April 2015
www.pwc.com Network Security Auditing Agenda Objectives Concepts Definitions Key Review Areas Architecture Assessment Types Nipper Overview Firewall Configuration Review Case Study AlgoSec Overview Firewall
More informationDeveloping the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009
Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in
More informationSecure networks are crucial for IT systems and their
ISSA The Global Voice of Information Security Network Security Architecture By Mariusz Stawowski ISSA member, Poland Chapter Secure networks are crucial for IT systems and their proper operation. Essential
More informationWhat s New in PCI DSS 2.0. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1
What s New in PCI DSS 2.0 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1 Agenda PCI Overview PCI 2.0 Changes PCI Advanced Technology Update PCI Solutions 2010 Cisco and/or
More informationBAE Systems PCI Essentail. PCI Requirements Coverage Summary Table
BAE Systems PCI Essentail PCI Requirements Coverage Summary Table Introduction BAE Systems PCI Essential solution can help your company significantly reduce the costs and complexity of meeting PCI compliance
More informationSecure and control how your business shares files using Hightail
HIGHTAIL FOR ENTERPRISE: SECURITY OVERVIEW Secure and control how your business shares files using Hightail Information the lifeblood of any business is potentially placed at risk every time digital files
More informationCloudDesk - Security in the Cloud INFORMATION
CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table December 2011 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationUnlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre
Unlock the full potential of data centre virtualisation with micro-segmentation Making software-defined security (SDS) work for your data centre Contents 1 Making software-defined security (SDS) work for
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationWe employ third party monitoring services to continually audit our systems to measure performance and identify potential bottlenecks.
Cloud computing, often referred to as simply the cloud, is the delivery of on-demand computing resources over the internet through a global network of state-of-the-art data centers. Cloud based applications
More informationInjazat s Managed Services Portfolio
Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.
More informationICANWK406A Install, configure and test network security
ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with
More informationOCTOBER 2015 TAULIA SUPPLIER ARCHITECTURE OVERVIEW TAULIA 201 MISSION STREET SAN FRANCISCO CA 94105
OCTOBER 2015 TAULIA SUPPLIER ARCHITECTURE OVERVIEW TAULIA 201 MISSION STREET SAN FRANCISCO CA 94105 CONTENTS OVERVIEW 3 SOFTWARE DESIGN 3 CUSTOMER ARCHITECTURE.. 4 DATA CENTERS. 4 RELIABILITY. 5 OPERATIONS
More informationPierianDx - Clinical Genomicist Workstation Software as a Service FAQ s
PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s Network Security Please describe the preferred connection method(s) between the PierianDx network and a healthcare organization s
More informationKeyLock Solutions Security and Privacy Protection Practices
KeyLock Solutions Overview KeyLock Solutions hosts its infrastructure at Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout
More informationTenzing Security Services and Best Practices
Tenzing Security Services and Best Practices OVERVIEW Security is about managing risks and threats to your environment. The most basic security protection is achieved by pro-actively monitoring and intercepting
More informationBest Practices for PCI DSS V3.0 Network Security Compliance
Best Practices for PCI DSS V3.0 Network Security Compliance January 2015 www.tufin.com Table of Contents Preparing for PCI DSS V3.0 Audit... 3 Protecting Cardholder Data with PCI DSS... 3 Complying with
More informationAutodesk PLM 360 Security Whitepaper
Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure
More informationDimension Data Hosted Private Cloud
Dimension Data CONTACT INFO Andy Lancaster E: andy.lancaster@dimensiondata.com P: +44 12 5277 9649 1 Contents 1 Service Description... 3 1.1 Service Overview... 3 1.2 Service Features... 4 2 Service Management...
More informationRunning Mission-Critical Enterprise Applications in Private and Hybrid Cloud Environments
Running Mission-Critical Enterprise Applications in Private and Hybrid Cloud Environments Working in Partnership Today s Presenters Working in Partnership Paul Calvert IT Services Solution Line Director
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationHow does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1
How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationVERIFONE ENHANCED ZONE ROUTER
VERIFONE ENHANCED ZONE ROUTER Security, remote management, and network connectivity offering more solutions for your c-store. SUMMARY The Verifone Enhanced Router is designed for customers to implement
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationCloud Security. Are you on the train or the tracks? ISSA CISO Executive Forum April 18, 2015. Brian Grayek CISSP, CCSK, ITILv3
Cloud Security Are you on the train or the tracks? ISSA CISO Executive Forum April 18, 2015 Brian Grayek CISSP, CCSK, ITILv3 1 Agenda: Facts Opinions (based on experience) A little humor Some gold nuggets
More informationSecurity from a customer s perspective. Halogen s approach to security
September 18, 2015 Security from a customer s perspective Using a cloud-based talent management program can deliver tremendous benefits to your organization, including aligning your workforce, improving
More informationInformation Security Policy
Information Security Policy Steve R. Hutchens, CISSP EDS, Global Leader, Homeland Security Agenda Security Architecture Threats and Vulnerabilities Design Considerations Information Security Policy Current
More informationNetwork Segmentation
Network Segmentation The clues to switch a PCI DSS compliance s nightmare into an easy path Although best security practices should be implemented in all systems of an organization, whether critical or
More informationSecurity Whitepaper: ivvy Products
Security Whitepaper: ivvy Products Security Whitepaper ivvy Products Table of Contents Introduction Overview Security Policies Internal Protocol and Employee Education Physical and Environmental Security
More informationSecurity Controls for the Autodesk 360 Managed Services
Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationCloud Computing Risks & Reality. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com
Cloud Computing Risks & Reality Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com What is Cloud Security The quality or state of being secure to be free from danger & minimize risk To be protected from
More informationLevel I - Public. Technical Portfolio. Revised: July 2015
Level I - Public Technical Portfolio Revised: July 2015 Table of Contents 1. INTRODUCTION 3 1.1 About Imaginatik 3 1.2 Taking Information Security Seriously 3 2. DATA CENTER SECURITY 3 2.1 Data Center
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationSecurity Considerations
Concord Fax Security Considerations For over 15 years, Concord s enterprise fax solutions have helped many banks, healthcare professionals, pharmaceutical companies, and legal professionals securely deliver
More informationPCI v2.0 Compliance for Wireless LAN
PCI v2.0 Compliance for Wireless LAN November 2011 This white paper describes how to build PCI v2.0 compliant wireless LAN using Meraki. Copyright 2011 Meraki, Inc. All rights reserved. Trademarks Meraki
More informationBilling for each tier is done on a monthly basis in arrears and will include both fixed and variable costs.
Service Description Dell Cloud with VMware vcloud Datacenter Service Introduction to Your Service Dell Cloud with VMware vcloud Datacenter Service (the Service ) is an Infrastructure as a Service (IaaS)
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationTenzing Security Services and Best Practices
Tenzing Security Services and Best Practices OVERVIEW Security is about managing risks and threats to your environment. The most basic security protection is achieved by pro-actively monitoring and intercepting
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationData Security and Healthcare
Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population
More informationSecurity Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net
Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those
More informationIndustrial Security Solutions
Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats
More informationIP Telephony Management
IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient
More informationSoftLayer Fundamentals. Security / Firewalls. August, 2014
SoftLayer Fundamentals Security / Firewalls August, 2014 Security Overview SoftLayer provides a security-rich environment for deploying and running customer workloads. Architecture and operational responsibilities
More informationPCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR
PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR AUTHOR: UDIT PATHAK SENIOR SECURITY ANALYST udit.pathak@niiconsulting.com Public Network Intelligence India 1 Contents 1. Background... 3 2. PCI Compliance
More informationBuilding Energy Security Framework
Building Energy Security Framework Philosophy, Design, and Implementation Building Energy manages multiple subsets of customer data. Customers have strict requirements for regulatory compliance, privacy
More informationHow To Secure Your Store Data With Fortinet
Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Introduction In the wake of many well-documented data breaches, standards such as the
More informationUnderstanding Sage CRM Cloud
Understanding Sage CRM Cloud Data centre and platform security whitepaper Document version 2016 Table of Contents 1.0 Introduction 3 2.0 Sage CRM Cloud Data centre Infrastructure 4 2.1 Site location 4
More informationSystem Security Plan University of Texas Health Science Center School of Public Health
System Security Plan University of Texas Health Science Center School of Public Health Note: This is simply a template for a NIH System Security Plan. You will need to complete, or add content, to many
More informationHow To Protect Your Network From Attack
Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Internet (In)Security Dr.-Ing. Stephan Groß Room: INF 3099 E-Mail: stephan.gross@tu-dresden.de
More informationPCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data
White Paper PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data Using credit cards to pay for goods and services is a common practice. Credit cards enable easy and
More informationCloud Contact Center. Security White Paper
Cloud Contact Center Security White Paper Introduction Customers communicate with organizations in a variety of forms from phone conversations to email, web chat and social media. As each interaction may
More informationNetwork Security. Outlines: Introduction to Network Security Dfii Defining Security Zones DMZ. July 2010. Network Security 08
Network Security (Principles i & Practices) Outlines: Introduction to Network Security Dfii Defining Security Zones DMZ By: Arash Habibi Lashkari July 2010 1 Introduction to Network Security Model of Network
More informationAltus UC Security Overview
Altus UC Security Overview Description Document Version D2.3 TABLE OF CONTENTS Network and Services Security 1. OVERVIEW... 1 2. PHYSICAL SECURITY... 1 2.1 FACILITY... 1 ENVIRONMENTAL SAFEGUARDS... 1 ACCESS...
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationPART D NETWORK SERVICES
CONTENTS 1 ABOUT THIS PART... 2 2 PUBLIC NETWORK... 2 Internet... 2 3 PRIVATE NETWORK... 3 Global WAN services... 3 4 SECURITY SERVICES... 3 Firewall... 4 Intrusion Prevention (Network)... 5 SSL/IPSEC
More informationThe Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:
Compliance Brief The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements: Using Server Isolation and Encryption as a Regulatory Compliance Solution and IT Best Practice Introduction
More informationSOLUTIONS. Secure Infrastructure as a Service for Production Workloads
IaaS SOLUTIONS Secure Infrastructure as a Service for Production Workloads THE CHALLENGE Now more than ever, business and government are facing the challenge of balancing conflicting demands. Market pressures
More informationLocking Down the Cloud for Healthcare. Kurt Hagerman Chief Information Security Officer
Locking Down the Cloud for Healthcare Kurt Hagerman Chief Information Security Officer SECURITY TRENDS Healthcare businesses are fighting REAL threats Threats are growing over time by percent of breaches
More informationThe self-defending network a resilient network. By Steen Pedersen Ementor, Denmark
The self-defending network a resilient network By Steen Pedersen Ementor, Denmark The self-defending network - a resilient network What is required of our internal networks? Available, robust, fast and
More informationIntel Enhanced Data Security Assessment Form
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationTONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1
TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1 Table of Contents 1. Operational Security 2. Physical Security 3. Network
More informationtwilio cloud communications SECURITY ARCHITECTURE
twilio cloud communications SECURITY ARCHITECTURE July 2014 twilio.com Security is a lingering concern for many businesses that want to take advantage of the flexibility and ease of cloud services. Businesses
More information