Designing a Web GIS Security Strategy
|
|
- Diane Riley
- 7 years ago
- Views:
Transcription
1 Designing a Web GIS Security Strategy Michael Young CISO Products Matt Lorrain Security Architect
2 Agenda Introduction Trends Strategy Mechanisms Server Mobile Cloud EMCS Advanced Plus Compliance
3 Introduction What is a secure GIS?
4 Introduction What is The Answer? Risk Impact
5 Introduction Where are the vulnerabilities? *SANS Relative Vulnerabilities Core component vulnerabilities were exposed in the past few years, application risks are still king
6 Trends Michael Young
7 Trends Web Application Attacks *Verizon 2016 DBIR
8 Trends Main threat activities from web app attacks Password based authentication is STILL broken - Use 2-factor Validate inputs Patching process for third party plugins *Verizon 2016 DBIR
9 Trends Trends by Industry Confirmed data breaches by industry Rise of web app attacks across the board since last year due to rise in stolen credentials Privilege Misuse - Defense in Depth approach *Verizon 2016 DBIR
10 Recurring security scenarios Disaster communications modified Scenario - Organization utilizes cloud based services for disseminating disaster communications - Required easy updates from home and at work - Drove allowing public access to modify service information Lesson learned - Enforce strong governance processes for web publication - Don t allow anonymous users to modify web service content - Minimize or eliminate temporary modification rights of anonymous users - If web services are exposed to the internet, just providing security at the application level does not prevent direct service access Lack of strong governance leads to unexpected consequences
11 Recurring security scenarios Long-live the token! Scenario - Developers using access tokens not segmenting them appropriately from their applications and code - Tokens are often configured to have long life in contradiction with secure development best practices - Code is shared through cloud repositories (such as GitHub) and tokens exposed - Result is tokens can be used by malicious users to perform privileged functions, intercept private communications, eavesdrop, etc. Lessons learned - Separate credentials directly from code and do not store in code repositories - Perform routine checks of organization code repositories and applications - Use short-lived tokens when possible
12 Recurring security scenarios Leveraging leaked credentials Scenario - User had account with LinkedIn or Adobe - Account information compromised - User changed password for their compromised service - 4 years later account information offered on dark market - Compromised account info utilized to access other services in May & June 2016, such as: - GitHub, Netflix, Facebook, GoToMyPC, Reddit, TeamViewer, Twitter, and Carbonite Lessons Learned - Avoid utilizing the same password between services - Utilize enterprise strength password management tools to facilitate unique passwords - Check if your has been in a compromise Services like
13 Recurring Security Scenarios QUIZ When was the last ArcGIS Security patch released? Hint The Trust.ArcGIS.com site will always have this answer handy 99.9% of vulnerabilities are exploited more than a year after being released
14 Trends Strategic Shifts in Security Priorities for 2016 and Beyond Identity management priority increasing as security focus moves from network to data level Advanced Persistent Threats driving shift from Protect to Detect Encryption of Internet traffic via SSL v3 broken Utilize only TLS / Configure ciphers Password protection is broken Use 2-factor auth Cloud Access Security Brokers (CASB) Gartner top security tech pick for 2016 Patch! Attackers routinely use unpatched vulnerabilities to compromise organizations Ransomware & Trojans on rise Backups operational & utilize link validation tools Deprecation of MD5 and SHA-1 for certificates and code signing - Use SHA-256 Silverlight died first, now it s Adobe Flash Ensure cross-domain is not trust all
15 Strategy Michael Young
16 Strategy A better answer Identify your security needs - Assess your environment - Datasets, systems, users - Data categorization and sensitivity - Understand your industry attacker motivation Understand security options - Trust.arcgis.com - Enterprise-wide security mechanisms - Application specific options Implement security as a business enabler - Improve appropriate availability of information - Safeguards to prevent attackers, not employees
17 Strategy Enterprise GIS Security Strategy Security Risk Management Process Diagram - Microsoft
18 Strategy Evolution of Esri Products & Services Web GIS Distributed Web GIS Desktop GIS Server GIS 3 rd Party Security Embedded Security Shared Responsibilty Security
19 Strategy Esri Products and Solutions Secure Products - Trusted geospatial services - Individual to organizations - 3 rd party assessments ArcGIS Secure Platform Management - Backed by Certifications / Compliance Secure Enterprise Guidance - Trust.ArcGIS.com site - Online Help
20 Strategy Security Principles CIA Security Triad Availability
21 Strategy Defense in Depth More layers does NOT guarantee more security Understand how layers/technologies integrate Simplify Balance People, Technology, and Operations Holistic approach to security Data and Assets Physical Controls Policy Controls Technical Controls
22 Mechanisms Matt Lorrain
23 Mechanisms
24 Mechanisms Users & Authentication User Store Options - Built-in user store - Server, Portal, ArcGIS Online - Enterprise user store - LDAP / Active Directory Authentication Options - Built-in Token Service - Server, Portal, ArcGIS online - Web-tier (IIS/Apache) w/ Web Adaptor - Windows Integrated Auth, PKI, Digest - Identity Provider (IdP) / Enterprise Logins - SAML 2.0 for ArcGIS Online & Portal ArcGIS Server patterns - Server-tier Auth w/ Built-in users - Server-tier Auth w/ Enterprise Users - Web-tier Auth w/ Enterprise Users Portal for ArcGIS patterns - Portal-tier Auth w/ Built-in users - Portal-tier Auth w/ Enterprise users - Web-tier Auth w/ Enterprise users - SAML 2.0 Auth w/ Enterprise Users ArcGIS Online patterns - ArcGIS Online Auth w/ Built-in users - SAML 2.0 Auth w/ Enterprise users
25 Mechanisms Authorization Out-of-box roles (level of permission) - Administrators - Publishers - Users - Custom Only for Portal for ArcGIS & ArcGIS Online ArcGIS for Server Web service authorization set by pub/admin - Assign access with ArcGIS Manager - Service Level Authorization across web interfaces - Services grouped in folders utilizing inheritance Portal for ArcGIS Item authorization set by item owner - Web Map Layers secured independently - Packages & Data Allow downloading - Application Allows opening app
26 Mechanisms Authorization Extending with 3 rd Party components Web services - Conterra s Security Manager (more granular) - Layer and attribute level security RDBMS - Row Level or Feature Class Level - Versioning with Row Level degrades performance - Alternative SDE Views URL Based - Web Server filtering - Security application gateways and intercepts
27 Mechanisms Filters 3 rd Party Options Firewalls - Host-based - Network-based Reverse Proxy Web Application Firewall - Open Source option ModSecurity Anti-Virus Software Intrusion Detection / Prevention Systems Limit applications able to access geodatabase
28 Mechanisms Filters - Web Application Firewall (WAF) Internet 443 Implemented in DMZ Protection from web-based attacks DMZ Security Gateway WAF, SSL Accel, LB Monitors all incoming traffic at the application layer Web servers ArcGIS servers Protection for public facing applications Can be part of a security gateway Internal Infrastructure - SSL Certificates - Load Balancer
29 Mechanisms Encryption 3 rd Party Options Network - IPSec (VPN, Internal Systems) - SSL/TLS (Internal and External System) - Cloud Access Security Brokers (CASB) - Proxy - Only encrypted datasets sent to cloud File Based - Operating System BitLocker - GeoSpatially enabled PDF s with Certificates - Hardware (Disk) RDBMS - Transparent Data Encryption
30 Mechanisms Logging/Auditing Esri COTS - Geodatabase history - May be utilized for tracking changes - ArcGIS Workflow Manager - Track Feature based activities - ArcGIS Server 10+ Logging - User tag tracks user requests - Set to a minimum of INFO 3 rd Party - Web Server, RDBMS, OS, Firewall - Consolidate with a SIEM Geospatial service monitors - Esri System Monitor - Vestra GeoSystems Monitor - Geocortex Optimizer
31 Mechanisms GIS monitoring with System Monitor Network Hardware Web Server Proactive Integrated - Dashboards across all tiers End-to-End ArcGIS Server Geodatabase RDBMS - All tier monitoring Continuous - %Coverage provided Extendable - Custom queries
32 Web GIS Matt Lorrain
33 Web GIS ArcGIS Online or Portal? ArcGIS Online Portal for ArcGIS SaaS Releases often - Upgraded automatically (by Esri) - Esri controls SLA Functionality (smart mapping ) Enterprise Integration - Web SSO via SAML Software - Part of ArcGIS Server - Releases 1-2 times per year - Upgraded manually (by organization) - Organization controls SLA Functionality (smart mapping ) Enterprise Integration - Web SSO via SAML - Web-tier Authentication via Web Adaptor - Enterprise Groups - ArcGIS Server Integration
34 Web GIS Anatomy of a Web GIS User Applications (Desktop, Web & Mobile) Portal (GeoInformation Model) Services (GIS Server) Data Stores (Enterprise GDB)
35 Web GIS Multiple Portals portal portal portal portal One Portal Many Portals?
36 Web GIS Multiple Portals Enterprise or Public Users portal Department A Users Department B Users Department C Users portal portal portal Shared Services
37 Web GIS References vs. Federated Referenced My Layer Federated My Layer Portal Portal 1 st Login 1 st Login 2 nd Login SSO My Service My Service
38 Web GIS Architecture Options and Security Considerations What are the confidentiality and integrity needs of your GIS? - Drives extent to which cloud is used - Drives potential authentication options used - Drives encryption requirements What are the availability requirements of your GIS? - Benefits of cloud scalability - Redundancy across web tiers, GIS tier, and database tier Authentication requirements - Leverage centralized authentication (AD/LDAP) - For an on premise portal that can be Web-tier authentication or using Enterprise Logins
39 Enterprise deployment Real Permutations Public Business Partner 1 Private IaaS Internal Portal Internal AGS Filtered Content External AGS ArcGIS Online Business Partner 2 Database File Geodatabase Public IaaS Field Worker Enterprise Business
40 Attack surface ArcGIS Server Implementation Guidance Don t expose Server Manager or Admin interfaces to public Attack surface over time Disable Services Directory Disable Service Query Operation (as feasible) Limit utilization of commercial databases under website - File GeoDatabase can be a useful intermediary Require authentication to services Use HTTPS Time - Or at least make it available! Restrict cross-domain requests - Implement a whitelist of trusted domains for communications
41 ArcGIS Server Awareness of Relative Risk Security hardening best practices provide insights into relative risk of different services, and optional mitigation measures to reduce risk Service Map Map Feature Feature Feature Geocoding Geodata Geodata Geodata Geoprocessing Image Image Image Relative Service Risk Capability Mapping Query Read Edit Sync Geocode Query Data Extraction Replica Geoprocessing Imaging Edit Upload Default when Enabled Security Hardened Security Hardened Settings Red = Higher Risk Yellow = Average Risk Green = Low Risk
42 ArcGIS Server 10.4 Enhancements ArcGIS Server and Portal ArcGIS Server Best Practices security scanner Update passwords for registered and managed databases - To meet password policy requirements for cycling passwords ArcGIS Server Read-Only Mode - Disables publishing new services and blocks admin operations HTTP and HTTPS is enabled by default Security fixes and enhancements Enforce and choose cryptographic ciphers and algorithms
43 Mobile Matt Lorrain
44 Mobile What are the mobile concerns? *OWASP Top Ten Mobile:
45 Mobile Security Touch Points Server authentication Communication Device access SDE permissions Storage Service authorization Project access Data access
46 Mobile Challenges Users are beyond corporate firewall - To VPN or not to VPN? Authentication/Authorization challenges Disconnected editing - Local copies of data Management of mobile devices - Enterprise Mobility Management is the answer! - Mobile Device Management - Mobile Application Management - Security Gateways - Examples: MobileIron, MaaS360, Airwatch, and many more
47 Mobile Potential Access Patterns DMZ Web Adaptor IIS Portal ArcGIS VPN ArcGIS Server Security Gateway SQL Server NAS Shared config store AD FS 2.0 External facing GIS Enterprise AD ArcGIS Desktop
48 Mobile Implementation Guidance Encrypt data-in-transit (HTTPS) via TLS Encrypt data-at-rest Segmentation - Use ArcGIS Online, Cloud, or DMZ systems to disseminate public-level data Perform Authentication/Authorization Use an Enterprise Mobility Management (EMM) solution - Secure - Enforce encryption - App distribution - Remote wipe - Control 3 rd party apps & jailbreak detection
49 Cloud Matt Lorrain
50 Decreasing Customer Responsibility Cloud Service Models Non-Cloud - Traditional systems infrastructure deployment - Portal for ArcGIS & ArcGIS Server Customer Responsible End to End IaaS - Portal for ArcGIS & ArcGIS Server - Some Citrix / Desktop SaaS - ArcGIS Online - Business Analyst Online Customer Responsible For Application Settings
51 Cloud Deployment Models Online Online Intranet Intranet Intranet Server Portal Server Public Hybrid 1 On- Premises Online Server Server Server Read-only Basemaps Intranet Intranet Portal Server Cloud Hybrid 2 On-Premises + On-premise
52 Cloud Management Models Self-Managed - Your responsibility for managing IaaS deployment security - Security measures discussed later Provider Managed - Esri Managed Services (Standard Offering) - New Esri Managed Cloud Services (EMCS) Advanced Plus - FedRAMP Moderate environment
53 Cloud IaaS Amazon Web Services 8 Security Areas to Address - Virtual Private Cloud (VPC) - Identity & Access Management (IAM) - Administrator gateway instance(s) (Bastion) - Reduce attack surface (Hardening) - Security Information Event Management (SIEM) - Patch management (SCCM) - Centralized authentication/authorization - Web application firewall (WAF)
54 Cloud IaaS Reduce your risk in 10 minutes! Minimize RDP surface - Update OS patches - Many AMI s disable automatic updates - Enable NLA for RDP - Set AWS Firewall to Limit RDP access to specific IP s - Use strong passwords, account lockout policies Minimize Application Surface - Disable ArcGIS Services Discovery - Don t expose ArcGIS Manager web app to Internet Enable 2-factor Authentication to your AWS console - The AWS console is a one-stop shop for access to all your instances in the cloud
55 Cloud Hybrid deployment combinations Users Apps Anonymous Access On-Premises Ready in months/years Behind your firewall You manage & certify Esri Managed Cloud Services Ready in days All ArcGIS capabilities at your disposal in the cloud Dedicated services FedRAMP Moderate ArcGIS Online Ready in minutes Centralized geo discovery Segment anonymous access from your systems FISMA Low... All models can be combined or separate
56 Cloud Hybrid ArcGIS Online Users 4. Access Service Group TeamGreen 1. Register Services AGOL Org On-Premises ArcGIS Server Hosted Services, Content Public Dataset Storage ArcGIS Org Accounts External Accounts 2. Enterprise Login (SAML 2.0) User Repository AD / LDAP Segment sensitive data internally and public data in cloud
57 Cloud Hybrid Data sources Where are internal and cloud datasets combined? - At the browser - The browser makes separate requests for information to multiple sources and does a mash-up - Token security with SSL or even a VPN connection could be used between the device browser and on-premises system On-Premises Operational Layer Service Cloud Basemap Service ArcGIS Online Browser Combines Layers
58 Cloud Hybrid Deployment Scenarios Common for large enterprises Primary reason - Data Segmentation / Prevent storing sensitive data in the cloud What is stored in AGOL? Service Metadata - Username & password - Default, not saved - Initial extent - Adjust to a less specific area - Name & tags - Address with organization naming convention - IP Address - Utilize DNS names within URL s - Thumbnail image Replace with any image as appropriate
59 Cloud ArcGIS Online Standards Enterprise Logins - SAML Provides federated identity management - Integrate with your enterprise LDAP / AD New API s to Manage users & app logins - Developers can utilize OAuth 2-based API s -
60 Cloud ArcGIS Online Implementation Guidance Require HTTPS Do not allow anonymous access Allow only standard SQL queries Restrict members for sharing outside of organization (as feasible) Use enterprise logins with SAML 2.0 with existing Identity Provider (IdP) - If unable, use a strong password policy (configurable) in ArcGIS Online - Enable multi-factor authentication for users Use multifactor for admin accounts Use a least-privilege model for roles and permissions - Custom roles
61 Esri Managed Cloud Services Advanced Plus Michael Young
62 Esri Managed Cloud Services Advanced Plus What is it? Cloud-based GIS infrastructure support, including: - Enterprise system design - Infrastructure management - Software (Esri & 3 rd Party) installation, updates, and patching - Application deployment - Database management - 24/7 support and monitoring - FedRAMP Moderate ATO by US Census Bureau - Security infrastructure - Security controls and processes
63 Esri Managed Cloud Services Advanced Plus Why did Esri pursue FedRAMP authorization? Demand - Customers demanded FedRAMP compliance before rolling out future production operations - Risk - Customer risk increasing rapidly without security infrastructure - Mandate - OMB mandate all low and moderate impact cloud services leveraged by more than one office or agency must comply with FedRAMP requirements Accelerates Review and Acceptance of Cloud Based Services
64 Esri Managed Cloud Services Advanced Plus Documentation FIPS 199 Control Implementation Summary (CIS) System Security Plan (SSP) Information System Security Policies User Guide E-Authentication Template Privacy Threshold Analysis (PTA) Rules of Behavior (ROB) IT Contingency Plan Security Assessment Plan (SAP) Test Case Workbook Security Assessment Report (SAR) Plan of Action and Milestone (POA&M) Policies and procedures Business Impact Analysis Configuration Management Plan Incident Response Plan Interconnection Security Agreement (ISA / MOU) Penetration Test Plan 1000 s of pages ensuring rigorous security
65 Esri Managed Cloud Services Advanced Plus Rigorous Third Party Security Assessment - Must occur annually - Third Party Assessment Organization (3PAO) accredited by FedRAMP - Documentation - A security review of all FedRAMP controls and implementation details - Technical Assessment - System level scans - Web Interface scans - Database scans - Penetration testing Great advisors and skilled assessors keep the effort focused
66 Esri Managed Cloud Services Advanced Plus Continuous Monitoring FedRAMP Reporting Workflow Monitoring Workflow Ensures maintenance of acceptable risk posture
67 EMCS Security Infrastructure AWS Customer Infrastructure Active/Active Redundant across two Cloud Data Centers End Users Public-Facing Gateway Web Application Firewall WAF ArcGIS for Portal DMZ Security Ops Center (SOC) Security Service Gateway Intrusion Detection IDS / SIEM ArcGIS Server Cloud Infrastructure Centralized Management Backup, CM, AV, Patch, Monitor Hypervisor, TCP/IP, Network ACLs, Routing, Storage, Hardware Bastion Gateway MFA Relational Database File Servers Authentication/Authorization LDAP, DNS, PKI Dedicated Customer Application Infrastructure Common Security Infrastructure Esri Administrators Esri Admin Gateway Cloud Infrastructure Hypervisor, TCP/IP, Network ACLs, Routing, Storage, Hardware Common Cloud Infrastructure Legend Agency Application Cloud Provider Security
68 Compliance Michael Young
69 Compliance ArcGIS Platform Security Esri Corporate Cloud Infrastructure Providers Products and Services Solution Guidance
70 Compliance Extensive security compliance history FISMA Law Established FedRAMP Announced First FedRAMP Authorization OMB FedRAMP Mandate Planned ArcGIS Online FedRAMP Authorization Esri GOS2 FISMA Authorization Esri Participates in First Cloud Computing Forum Esri Hosts Federal Cloud Computing Security Workshop ArcGIS Online FISMA Authorization EMCS receives FedRAMP ATO Esri has actively participated in hosting and advancing secure compliant solutions for over a decade
71 Compliance Esri Corporate ISO Esri s Corporate Security Charter Privacy Assurance - US EU/Swiss SafeHarbor self-certified - TRUSTed cloud certified
72 Compliance Cloud Infrastructure Providers ArcGIS Online Utilizes World-Class Cloud Infrastructure Providers - Microsoft Azure - Amazon Web Services Cloud Infrastructure Security Compliance
73 Compliance Products and Services ArcGIS Online - FISMA Low Authority to Operate by USDA (2014) - FedRAMP - Upcoming Esri Managed Cloud Services (EMCS) - FedRAMP Moderate (2015) - HIPAA Ready (2016) ArcGIS Server - DISA STIG (2016) ArcGIS Desktop - FDCC (versions ) - USGCB (versions 10.1+)
74 Compliance Solution Level Geospatial Deployment Patterns to meet stringent security standards - Hybrid deployments - On-premise deployments Supplemented with 3 rd party security components - Enterprise Identity management integration - CA SiteMinder (Complete) - Geospatial security constraints ConTerra - Mobile security gateway integration Best practices for compliance alignment - CJIS Law Enforcement - HIPAA Healthcare
75 Compliance Responsibility Across Hosting Options On-premises Esri Images & Cloud Builder Esri Managed Cloud Services FedRAMP Moderate ArcGIS Online FISMA Low ArcGIS Server ArcGIS Server ArcGIS Server ArcGIS Online OS/DB/Network OS/DB/Network OS/DB/Network OS/DB/Network Security Infrastructure No Security Infrastructure by default Security Infrastructure Security Infrastructure Virtual / Physical Servers Cloud Infrastructure (IaaS) Cloud Infrastructure (IaaS) Cloud Infrastructure (IaaS) Customer Responsibility Esri Responsibility CSP Responsibility
76 Compliance Cloud Roadmap 2015 Upcoming 2014 ArcGIS Online FISMA Low Managed Services (EMCS) FedRAMP Mod ArcGIS Online FedRAMP
77 Summary
78 Summary Security demands are rapidly evolving - Prioritize efforts accord to your industry and needs - Don t just add components, simplified Defense In Depth approach Secure best practice guidance is available - Check out the ArcGIS Trust Site! - Security Architecture Workshop - SecureSoftware@esri.com
79 Thank you Please fill out the session survey in your mobile app In the agenda, click on the title of this session - Enterprise GIS: Security Strategy Click Technical Workshop Survey Answer a few short questions and enter any comments
80 Want to learn more?
81
Designing an Enterprise GIS Security Strategy 2014. Michael E. Young Matt Lorrain
Designing an Enterprise GIS Security Strategy 2014 Michael E. Young Matt Lorrain Agenda Introduction Trends Strategy Mechanisms Server Mobile Cloud Compliance Summary Introduction What is a secure GIS?
More informationArcGIS and Enterprise Security
ArcGIS and Enterprise Security Leveraging ArcGIS in Cybersecurity Ken Stoni Secure Enterprise ArcGIS Best Practices Michael Young Visualizing the Virtual: A geospatial approach to cyber operations and
More informationEsri Managed Cloud Services and FedRAMP
Federal GIS Conference February 9 10, 2015 Washington, DC Esri Managed Cloud Services and FedRAMP Erin Ross & Michael Young Agenda Esri Managed Services Program Overview Example Deployments New FedRAMP
More informationDesigning an Enterprise GIS Security Strategy
Esri International User Conference San Diego, California Technical Workshops July 26, 2012 Designing an Enterprise GIS Security Strategy Michael E Young Agenda Introduction Strategy Trends Mechanisms ArcGIS
More informationArcGIS Security Authorization Advancements
Federal GIS Conference February 9 10, 2015 Washington, DC ArcGIS Security Authorization Advancements Michael Young & Erin Ross Overview Authorization Past & Present Products - ArcGIS Server - ArcGIS Desktop
More informationArcGIS Cloud Security Roadmap & Best Practices for Federal Agencies. Michael E. Young
ArcGIS Cloud Security Roadmap & Best Practices for Federal Agencies Michael E. Young Agenda Introduction ArcGIS Cloud Capabilities ArcGIS Online (SaaS) Security ArcGIS Cloud Providers ArcGIS IaaS Security
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationPortal for ArcGIS. Satish Sankaran Robert Kircher
Portal for ArcGIS Satish Sankaran Robert Kircher ArcGIS A Complete GIS Data Management Planning & Analysis Field Mobility Operational Awareness Constituent Engagement End to End Integration Collect, Organize,
More informationApplication Security Best Practices. Matt Tavis Principal Solutions Architect
Application Security Best Practices Matt Tavis Principal Solutions Architect Application Security Best Practices is a Complex topic! Design scalable and fault tolerant applications See Architecting for
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
SOLUTION BRIEF PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP The benefits of cloud computing are clear and compelling: no upfront investment, low ongoing costs, flexible capacity and fast application
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationSimone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud
Simone Brunozzi, AWS Technology Evangelist, APAC Fortress in the Cloud AWS Cloud Security Model Overview Certifications & Accreditations Sarbanes-Oxley (SOX) compliance ISO 27001 Certification PCI DSS
More informationSecurity Overview Enterprise-Class Secure Mobile File Sharing
Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud
More informationPortal for ArcGIS: An Introduction
2013 Esri Mid-Atlantic User Conference December 10-11 Baltimore, MD Portal for ArcGIS: An Introduction Derek Law Esri, Redlands Agenda Web GIS Deployment patterns Portal for ArcGIS overview Security Integration
More informationSecurity Best Practices for Microsoft Azure Applications
Security Best Practices for Microsoft Azure Applications Varun Sharma Principal Security Engineer, Information Security & Risk Management (ISRM), Microsoft IT Service Lines Application Security Infrastructure
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table December 2011 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationSecuring ArcGIS Server Services: First Steps
Federal GIS Conference February 9 10, 2015 Washington, DC Securing ArcGIS Server Services: First Steps Michael Sarhan Esri msarhan@esri.com Agenda Review Basic Security Workflow ArcGIS Server Roles and
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationEnterprise GIS Architecture Deployment Options. Andrew Sakowicz
Enterprise GIS Architecture Deployment Options Andrew Sakowicz Audience Audience - Architects - Developers - Administrators - Project Managers Level: - Beginner / Intermediate Introduction Andrew Sakowicz
More informationCloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
More informationDeploying ArcGIS for Server Using Managed Services
Deploying ArcGIS for Server Using Managed Services Andrew Sakowicz Erin Ross Sridhar Karra Agenda Introduction Program Overview - Overview - Methodology - Tools Customer Deployments - Architecture and
More informationAWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II
AWS Security CJ Moses Deputy Chief Information Security Officer Security is Job Zero! Overview Security Resources Certifications Physical Security Network security Geo-diversity and Fault Tolerance GovCloud
More informationIntroduction to the EIS Guide
Introduction to the EIS Guide The AirWatch Enterprise Integration Service (EIS) provides organizations the ability to securely integrate with back-end enterprise systems from either the AirWatch SaaS environment
More informationIntroduction to the Mobile Access Gateway
Introduction to the Mobile Access Gateway This document provides an overview of the AirWatch Mobile Access Gateway (MAG) architecture and security and explains how to enable MAG functionality in the AirWatch
More informationSeeing Though the Clouds
Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating
More informationPortal. from the trenches!
from the trenches! Deployment Patterns Scaling and High Availability Reference Implementations Common Challenges Extending Engagement patterns Esri UC 2014 Technical Workshop for ArcGIS Technology Transfer
More informationWorkday Mobile Security FAQ
Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy
More informationBAE Systems PCI Essentail. PCI Requirements Coverage Summary Table
BAE Systems PCI Essentail PCI Requirements Coverage Summary Table Introduction BAE Systems PCI Essential solution can help your company significantly reduce the costs and complexity of meeting PCI compliance
More informationEnsuring Enterprise Data Security with Secure Mobile File Sharing.
A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationXerox Mobile Print Cloud
September 2012 702P00860 Xerox Mobile Print Cloud Information Assurance Disclosure 2012 Xerox Corporation. All rights reserved. Xerox and Xerox and Design are trademarks of Xerox Corporation in the United
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationSecurity Considerations for DirectAccess Deployments. Whitepaper
Security Considerations for DirectAccess Deployments Whitepaper February 2015 This white paper discusses security planning for DirectAccess deployment. Introduction DirectAccess represents a paradigm shift
More informationCentrify Cloud Connector Deployment Guide
C E N T R I F Y D E P L O Y M E N T G U I D E Centrify Cloud Connector Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as
More informationPortWise Access Management Suite
Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s
More informationHow To Use Arcgis For Free On A Gdb 2.2.2 (For A Gis Server) For A Small Business
Esri Middle East and Africa User Conference December 10 12 Abu Dhabi, UAE Understanding ArcGIS in Virtualization and Cloud Environments Marwa Mabrouk Powerful GIS capabilities Delivered as Web services
More informationGoodData Corporation Security White Paper
GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationSecure Cloud Computing
Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for
More informationCLOUD SERVICES FOR EMS
CLOUD SERVICES FOR EMS Greg Biegen EMS Software Director Cloud Operations and Security September 12-14, 2016 Agenda EMS Cloud Services Definitions Hosted Service Managed Services Governance Service Delivery
More informationUsing ArcGIS for Server in the Amazon Cloud
Federal GIS Conference February 9 10, 2015 Washington, DC Using ArcGIS for Server in the Amazon Cloud Bonnie Stayer, Esri Amy Ramsdell, Blue Raster Session Outline AWS Overview ArcGIS in AWS Cloud Builder
More informationDeploying ArcGIS for Server Using Esri Managed Services
Federal GIS Conference 2014 February 10 11, 2014 Washington DC Deploying ArcGIS for Server Using Esri Managed Services Andrew Sakowicz Erin Ross Cloud Overview Deploying ArcGIS for Server What is Cloud:
More informationMedia Shuttle s Defense-in- Depth Security Strategy
Media Shuttle s Defense-in- Depth Security Strategy Introduction When you are in the midst of the creative flow and tedious editorial process of a big project, the security of your files as they pass among
More informationBest Practices for Security and Compliance with Amazon Web Services. A Trend Micro White Paper I April 2013
Best Practices for Security and Compliance with Amazon Web Services A Trend Micro White Paper I April 2013 Contents Executive Summary...2 Defining Cloud Computing...2 SERVICE MODELS...3 DEPLOYMENT MODELS...5
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More information2013 AWS Worldwide Public Sector Summit Washington, D.C.
Washington, D.C. Next Generation Privileged Identity Management Control and Audit Privileged Access Across Hybrid Cloud Environments Ken Ammon, Chief Strategy Officer Who We Are Security software company
More informationNetwork and Security Controls
Network and Security Controls State Of Arizona Office Of The Auditor General Phil Hanus IT Controls Webinar Series Part I Overview of IT Controls and Best Practices Part II Identifying Users and Limiting
More informationSecurity Whitepaper. NetTec NSI Philosophy. Best Practices
Security Whitepaper NetTec NSI provides a leading SaaS-based managed services platform that to efficiently backup, monitor, and troubleshoot desktops, servers and other endpoints for businesses. Our comprehensive
More informationBuilding Secure Applications. James Tedrick
Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationAppendix C Pricing Index DIR Contract Number DIR-TSO-2724
Appendix C Pricing Index DIR Contract Number DIR-TSO-2724 Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) Amazon Web Services (AWS) is a comprehensive cloud services platform that offers
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationTable of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationIdentity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect
Identity Federation: Bridging the Identity Gap Michael Koyfman, Senior Global Security Solutions Architect The Need for Federation 5 key patterns that drive Federation evolution - Mary E. Ruddy, Gartner
More informationGetting Started with Clearlogin A Guide for Administrators V1.01
Getting Started with Clearlogin A Guide for Administrators V1.01 Clearlogin makes secure access to the cloud easy for users, administrators, and developers. The following guide explains the functionality
More informationEnd User Devices Security Guidance: Apple ios 8
GOV.UK Guidance End User Devices Security Guidance: Apple ios 8 Published Contents 1. Changes since previous guidance 2. Usage scenario 3. Summary of platform security 4. How the platform can best satisfy
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationBuilding Energy Security Framework
Building Energy Security Framework Philosophy, Design, and Implementation Building Energy manages multiple subsets of customer data. Customers have strict requirements for regulatory compliance, privacy
More informationSecuring Office 365 with MobileIron
Securing Office 365 with MobileIron Introduction Office 365 is Microsoft s cloud-based productivity suite. It includes online versions of Microsoft s most popular solutions, like Exchange and SharePoint,
More informationEnterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect
Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment Paul Luetje Enterprise Solutions Architect Table of Contents Welcome... 3 Purpose of this document...
More informationPCI DSS 3.0 Compliance
A Trend Micro White Paper April 2014 PCI DSS 3.0 Compliance How Trend Micro Cloud and Data Center Security Solutions Can Help INTRODUCTION Merchants and service providers that process credit card payments
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationAirWatch Solution Overview
AirWatch Solution Overview Marenza Altieri-Douglas - AirWatch Massimiliano Moschini Brand Specialist Itway 2014 VMware Inc. All rights reserved. Cloud Computing 2 BYOD 3 Device aziendali? 4 From Client/Server
More informationAPIs The Next Hacker Target Or a Business and Security Opportunity?
APIs The Next Hacker Target Or a Business and Security Opportunity? SESSION ID: SEC-T07 Tim Mather VP, CISO Cadence Design Systems @mather_tim Why Should You Care About APIs? Amazon Web Services EC2 alone
More informationProtecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices
Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices It s common today for law enforcement
More informationSecurity Information & Policies
Security Information & Policies 01 Table of Contents OVERVIEW CHAPTER 1 : CHAPTER 2: CHAPTER 3: CHAPTER 4: CHAPTER 5: CHAPTER 6: CHAPTER 7: CHAPTER 8: CHAPTER 9: CHAPTER 10: CHAPTER 11: CHAPTER 12: CHAPTER
More informationCloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC
Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationOverview. FedRAMP CONOPS
Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,
More informationVendor Questionnaire
Instructions: This questionnaire was developed to assess the vendor s information security practices and standards. Please complete this form as completely as possible, answering yes or no, and explaining
More informationVisibility and Control for Sanctioned & Unsanctioned Cloud Apps
Visibility and Control for Sanctioned & Unsanctioned Cloud Apps Walter Doria Technical Director Exclusive Networks Gabriele Buratti Principal SE Imperva Today s Agenda Introductions & Discussion Market
More informationNetwork Test Labs (NTL) Software Testing Services for igaming
Network Test Labs (NTL) Software Testing Services for igaming Led by committed, young and dynamic professionals with extensive expertise and experience of independent testing services, Network Test Labs
More informationSECURE YOUR DATA EXCHANGE WITH SAFE-T BOX
SECURE YOUR DATA EXCHANGE SAFE-T BOX WHITE PAPER Safe-T. Smart Security Made Simple. 1 The Costs of Uncontrolled Data Exchange 2 Safe-T Box Secure Data Exchange Platform 2.1 Business Applications and Data
More informationBlending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access
Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Vikas Jain Director, Product Management Intel Corporation Jesper Tohmo CTO, Nordic Edge (an Intel company) Session ID:
More informationHybrid for SharePoint Server 2013. Search Reference Architecture
Hybrid for SharePoint Server 2013 Search Reference Architecture 2014 Microsoft Corporation. All rights reserved. This document is provided as-is. Information and views expressed in this document, including
More informationDecember 2015 702P00860. Xerox App Studio 3.0 Information Assurance Disclosure
December 2015 702P00860 Xerox App Studio 3.0 Information Assurance Disclosure 2014 Xerox Corporation. All rights reserved. Xerox and Xerox and Design and ConnectKey are trademarks of Xerox Corporation
More informationADDENDUM TO STATE OF MARYLAND PURCHASES ISSUED UNDER STATE CONTRACT NO. 060B2490021-2015.
ADDENDUM TO STATE OF MARYLAND PURCHASES ISSUED UNDER STATE CONTRACT NO. 060B2490021-2015. This addendum is applicable to each purchase order that is subject to the State of Maryland s contract number 060B2490021-2015.
More informationCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer
More informationManaging Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015
Managing Your Microsoft Windows Server Fleet with AWS Directory Service May 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational
More informationBlue Jeans Network Security Features
Technical Guide Blue Jeans Network Security Features Blue Jeans Network understands an organization s need for secure communications. The Blue Jeans cloud-based video conferencing platform provides users
More informationPortWise Access Management Suite
Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s
More informationAnypoint Platform Cloud Security and Compliance. Whitepaper
Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.
More informationDeploy Remote Desktop Gateway on the AWS Cloud
Deploy Remote Desktop Gateway on the AWS Cloud Mike Pfeiffer April 2014 Last updated: May 2015 (revisions) Table of Contents Abstract... 3 Before You Get Started... 3 Three Ways to Use this Guide... 4
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationXerox Digital Alternatives Security and Evaluation Guide. May 2015 Version 1.1
Xerox Digital Alternatives Security and Evaluation Guide May 2015 Version 1.1 2015 Xerox Corporation. All rights reserved. Xerox, Xerox and Design, and CompleteView are trademarks of Xerox Corporation
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationWith Eversync s cloud data tiering, the customer can tier data protection as follows:
APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software
More informationKEMP LoadMaster. Enabling Hybrid Cloud Solutions in Microsoft Azure
KEMP LoadMaster Enabling Hybrid Cloud Solutions in Microsoft Azure Introduction An increasing number of organizations are moving from traditional on-premises datacenter architecture to a public cloud platform
More informationMicrosoft Azure. Microsoft Azure Security, Privacy, & Compliance
Security, Privacy, & Compliance Technology trends: driving cloud adoption BENEFITS Speed Scale Economics Cloud Trend: 70% 2 weeks to deliver new services vs. 6-12 months with traditional solution Scale
More informationDelivering peace of mind in digital optimization: Clicktale's security standards and practices
THE CLICKTALE DIFFERENCE Delivering peace of mind in digital optimization: Clicktale's security standards and practices CONTENTS INTRODUCTION... 2 PRIVACY AND ANONYMITY...2 ISO 27001 COMPLIANCE...4 APPLICATION-LEVEL
More information全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks
全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks Agenda Challenges and PCI DSS 3.0 Updates Personal Information Protection Act Strategy to Protect against leak of Confidential Personal and Corporate
More informationCopyright Giritech A/S. Secure Mobile Access
Secure Mobile Access From everywhere... From any device... From user......to applications Page 3...without compromising on security and usability... and to my PC in the office: Secure Virtual Access Contrary
More information