ArcGIS Cloud Security Roadmap & Best Practices for Federal Agencies. Michael E. Young

Size: px
Start display at page:

Download "ArcGIS Cloud Security Roadmap & Best Practices for Federal Agencies. Michael E. Young"

Transcription

1 ArcGIS Cloud Security Roadmap & Best Practices for Federal Agencies Michael E. Young

2 Agenda Introduction ArcGIS Cloud Capabilities ArcGIS Online (SaaS) Security ArcGIS Cloud Providers ArcGIS IaaS Security ArcGIS Security Advancements Summary

3 Introduction - Michael E Young - Esri Principal Security Architect - AGOL FISMA Information System Security Officer (ISSO) - Certified Information Systems Security Professional (CISSP)

4 Introduction Cloud security affected by many moving parts Cloud Security Standards Evolving Cloud First Initiative Advancing ArcGIS Security Capabilities Evolution of Cloud Provider Capabilities Mobilization of workforce

5 Introduction Choosing an appropriate cloud deployment Not just technical issues/concerns Political push/pull issues - Cloud first vs. We don t trust cloud providers, yet No silver bullet for all cloud security concerns - This session provides a roadmap of options and best practices, not just a Safe button to push

6 Introduction Heightened Cybersecurity Concerns over the last month Executive Order on Improving Critical Infrastructure Cybersecurity Report APT1: Exposing One of China s Espionage Units DHS Recommendation to disable Java

7 Introduction Top Cloud Threats for CSA

8 Introduction Cloud Security Standards Evolving FISMA - Per solution, per agency accreditation since Pre-cloud FedRAMP - Do once, use many times cloud security framework - First IaaS ATO December 2012

9 Introduction Esri s Security Strategy Evolution Enterprise Solution Product Isolated Systems Integrated Systems Cloud 3 rd Party Security Embedded Security Managed Security

10 Introduction Pre-Cloud Deployment Editors Manual Response Analysis Manual Response Collection in the Field SDE Weekly Extract FGDB Desktop/Laptop read-only viewer Paper Maps Ineffective dissemination to field workers and external groups

11 ArcGIS Cloud Capabilities

12 ArcGIS Cloud Capabilities Cloud Service Models Cloud Deployment Models Cloud Management Models

13 ArcGIS Cloud Capabilities Service Models Each service layer fulfills different business needs ArcGIS Online Biz Process/ Operations App/Svc Usage Scenarios Software as a Service Platform as a Service Application Development Develop, Test, Deploy and Manage Usage Scenarios Cloud Provider IT Infrastructure/ Operation Create/Install, Manage, Monitor Usage Scenarios Infrastructure as a Service ArcGIS Server, Portal for ArcGIS * NIST SRA

14 ArcGIS Cloud Capabilities Service Models Non-Cloud - Traditional systems infrastructure deployment - Portal for ArcGIS & ArcGIS Server IaaS - Portal for ArcGIS & ArcGIS Server - Some Citrix / Desktop SaaS - ArcGIS Online - Business Analyst Online - Community Analyst Agency Responsible End to End Decreasing Agency Responsibility Agency Responsible For Application Settings

15 ArcGIS Cloud Capabilities Deployment Models On-Premises - Information cannot go outside an organizations walls - Solution: Portal for ArcGIS Community - Data / Systems management constraints - Amazon GovCloud ITAR / US Persons - Esri Managed Services Prototype in place - CGI Federal ITAR / US Citizen - Esri Managed Services starting Hybrid - Customer can manage services and data in their walls (Segmentation) - Common implementation Public - Accessible and cost effective - ArcGIS Online - Uses public cloud infrastructure like SalesForce / Google Apps

16 ArcGIS Cloud Capabilities Management Model Self-Managed - Your responsibility for managing IaaS deployment security - Key security controls discussed later Esri Managed - Managed Services - Starting work on FISMA compliant environment capabilities - Government community cloud management now available

17 ArcGIS Cloud Capabilities Hybrid Implementation Public Agency B Gov t IaaS Agency Portal Internal AGS Filtered Content External AGS ArcGIS Online Agency C Agency Database File Geodatabase Public IaaS Field Worker Agency A

18 ArcGIS Cloud Capabilities Implementation options Service Non-Cloud IaaS SaaS Model AGS Your Location AGS in AWS ArcGIS Online Deployment On-Premises Community mun Hybrid Public Model Your location AWS GovCloud Your Loc+AWS AWS/Azure Management Self Managed aged Managed Model You Esri On-premise Cloud *AWS is a placeholder on this slide for any cloud provider such as Azure, CGI, or Terremark

19 ArcGIS Online Security

20 ArcGIS Online Security SaaS Cloud Components

21 ArcGIS Online Security How is it used? Web Map Work Planner Assigns work to field workers Field Workers Gets work via area polygon Polygon set to in progress Creates points Captures picture(s) Sets polygon status to complete Event Center Uses map to find completed field work Develop Material/ Equipment List Organization Views impact of event on the system Working off one map

22 ArcGIS Online Security Deployment Options Online Online Intranet Intranet Intranet Server Server Server Portal Server Server Server Online Server Server Server Read-only Basemaps Intranet Intranet Portal Server Server Server Cloud On-premise

23 ArcGIS Online Security Hybrid Cloud Deployment AGOL Web Map SDE Extracts FGDB Feature Services Mobile View (Esri App) Empty Schemas.mxd ArcGIS Server Desktop View Segment sensitive data internally and public data in cloud

24 ArcGIS Online Security Hybrid Cloud Deployment - Metadata Common reason for hybrid cloud deployment is to prevent storing sensitive data in the cloud Initial FISMA accreditation based on this deployment What is stored in AGOL? - Metadata 5 metadata items that could be deemed sensitive are: 1. Service username & password Default, not saved 2. Service initial extent Adjust to a less specific area 3. Service name & tags Address with organization naming convention 4. Service IP Address Utilize DNS names within URL s 5. Service thumbnail image Replace with any image as appropriate

25 ArcGIS Online Security Hybrid Cloud Deployment Data sources Where are internal and cloud datasets combined? - At the browser - The browser makes separate requests for information to multiple sources and does a mash-up - Token security with SSL or even a VPN connection could be used between the device browser and on-premises system On-Premises Operational Layer Service Cloud Basemap Service ArcGIS Online Browser Combines Layers https://yourserver.com/arcgis/rest...

26 ArcGIS Online Security Responsibility across components Application Customer Configured Web Admin App (Org-wide settings, Management) End-User Org Portal (Create maps, Share, Discover) Application Esri Managed ArcGIS Online Application (Portal, Map Services, Account Management) Data (Portal, Index, Hosted) OS & Middleware Esri & Cloud Provider Managed Middleware Operating System Infrastructure Cloud Provider Managed Server Infrastructure (Servers, Storage, Racks) Network Infrastructure (Switches, Routers, Cables, SAN) Data Center (Physical facility, UPS, Cooling)

27 ArcGIS Online Security Common Questions 1. Where is my data? - All ArcGIS Online data and processing resides within US Data centers on US soil 2. Is my information encrypted? - Organization administrator can force SSL encryption for all communications - ArcGIS Online does not encrypt data at rest; however sensitive items can be encrypted by 3 rd party solutions 3. Is it security accredited? - Actively in progress and expected this year 4. Is my data locked into ArcGIS Online? - Data publishers can extract and download data back to their organization via shapefiles, CSVs, or original publication package.

28 ArcGIS Cloud Providers

29 ArcGIS Cloud Providers ArcGIS Deployments Amazon Web Services CGI Terremark Microsoft Azure

30 ArcGIS Cloud Providers Amazon Web Services Utilized by Esri Cloud Builder solution AWS IaaS is FISMA moderate Actively working towards FedRAMP GovCloud meets US Persons requirements

31 ArcGIS Cloud Providers CGI & Terremark * CGI Architecture Diagram Offer IaaS type capabilities through VMWare CGI Recently Received FedRAMP Provisional ATO Additional layers of security can be added to expedite accreditation efforts Can meet US Citizenship requirements as necessary

32 ArcGIS Cloud Providers Microsoft Azure Cloud IaaS PaaS Actively working towards FedRAMP compliance this year Esri is actively testing ArcGIS Server in IaaS cloud

33 ArcGIS IaaS Security

34 ArcGIS IaaS Security Question - If my cloud IaaS is FISMA/FedRAMP accredited and I deploy my app into that cloud, is the overall implementation FISMA/FedRAMP equivalent? Answer - No IaaS FISMA Default ArcGIS Question Part 2 - Okay, so it s not FISMA/FedRAMP equivalent, but the IaaS by itself ensures the solution is secure enough, right? Answer - No

35 ArcGIS IaaS Security Why is IaaS accreditation by itself not enough? Where are most of the vulnerabilities & who is responsible for mitigating them? Customer Responsibility in IaaS

36 ArcGIS IaaS Security Common ArcGIS IaaS Deployments - Deploy ArcGIS Server Windows AMI to AWS - Deploy ArcGIS Server via Cloud Builder to AWS ArcGIS AWS Security Best Practices - Infrastructure Controls - Big Data Transfer - Application Controls - 5 minute minimum

37 ArcGIS IaaS Security Best Practices in AWS Segment cloud infrastructure - Utilize Amazon Virtual Private Cloud (VPC) - Utilize separate VPC s for DMZ, Web, App, DB, and Admin systems Utilize Amazon Identity & Access Management (IAM) - Implement two-factor authentication Establish a remote admin gateway - Reduce the number of internet facing admin connections

38 ArcGIS IaaS Security Best Practices in AWS Reduce attack surface of all interfaces - Security harden system & disable unused services - Reference GeoCloud instance for policies - Potential future ArcGIS Server STIG Establish change management & logging infrastructure - SIEM & HIDS integration - Patch management deployment (SCCM) Centralized systems authentication & authorization Establish Web Application Firewall capabilities

39 ArcGIS IaaS Security Transferring Big Data to the cloud FTP? Don t do it! Compression Tools - RainStor 1/40 th original size - No time/storage consuming re-inflation TCP / UDP Optimization Tools - Aspera - Utilize UDP for throughput and TCP for error-free Multifunction Optimization Tools - Cloud Opt & Attunity Cloudbeam - Compression, protocol optimization, data de-duplication, SSL acceleration

40 ArcGIS IaaS Security Minimize ArcGIS Server Attack Surface Don t expose Server Manager to public Disable Services Directory Disable Service Query Operation (as feasible) Enable Web Service Request Filtering - Windows 2008 R2+ Request Filtering - XML Security Gateway - Does not intercept POST requests - REST API only requires GET and HEAD verbs Limit utilization of commercial databases under website - File GeoDatabase can be a useful intermediary Require authentication to services File Geo Database New whitelisting capabilities coming

41 Too Much? Scenario: I just have a non-production system and all data is public.

42 ArcGIS IaaS Security Basic Steps for The Overwhelmed 1. Minimize RDP surface - Update OS patches - Many AMI s disable automatic updates - Enable NLA & FIPS for RDP - Set AWS Firewall to Limit RDP access to specific IP s 2. Minimize Application Surface - Disable ArcGIS Services Directory - Don t expose ArcGIS Manager web app to Internet These steps can be completed within 5 minutes Do them!

43 ArcGIS IaaS Security Want more details? Suggest utilizing SANS 20 Critical Security Controls - More specific guidance for Amazon IaaS deployments -

44 ArcGIS Security Advancements

45 ArcGIS Security Advancements Esri Product Federal A&A Roadmap Product Cloud Provider Planned Federal A&A Q Q Q Q ArcGIS Online Amazon Web Services Amazon Web Service & MS Azure FISMA Low FedRAMP Mod Implement ATO FISMA USDA Alignment FedRAMP SaaS Reviews Started Implement ATO ArcGIS Server CSP or AWS GovCloud FISMA Mod Facilitate ATO FISMA Incorporate Lessons Learned Esri Managed AWS,CSP FedRAMP Mod Alignment Establish AGS Fed Image Implement ATO

46 ArcGIS Security Advancements ArcGIS Online Security Certification Efforts In Place - Esri Data Center Operations - SSAE 16 Type 1 - Expanded to Managed Services in 2012 Currently Pursuing - FISMA Low Accreditation - Includes 3 rd party assessment - Expected completion over next several months - Safe Harbor Self-Certification Future - Addresses Privacy - FedRAMP Moderate - Incorporates more advanced security controls

47 ArcGIS Security Advancements Upcoming ArcGIS Online Security Capabilities Federated Identity Management - SAML 2.0 Web SSO Profile - Beta - March Production - Summer ADFS & CA SiteMinder ArcGIS Online Browser Agency More granular role permissions - Allow customization of roles and rights Sign into and use ArcGIS Online using your Enterprise login / identity.

48 ArcGIS Security Advancements ArcGIS Desktop Self-Certifications FDCC - Desktop products USGCB - Desktop products 10.1

49 ArcGIS Security Advancements Upcoming ArcGIS Server / Portal Security Capabilities Agency Identity Provider ArcGIS Server Shared Users & Roles (Federated) ArcGIS Portal Agency Certificate Authority Extending on-premises authentication & authorization capabilities

50 ArcGIS Security Advancements Additional ArcGIS Security Resources Available Now - ArcGIS Online Security Flyer - / software/arcgis/arcgis-online/agol-security-overview-flyer.pdf - Enterprise Security Resource Center - Future - ArcGIS Server STIG - DISA / FISMA Alignment - ArcGIS Online Cloud Security Alliance (STAR) - Standardized cloud security control documentation

51 Summary

52 Summary Cloud security is NOT just about technology - Understand your organizations Cloud GIS risk level - Utilize Defense-In-Depth ArcGIS Cloud Capabilities are expanding rapidly - Deployments across numerous cloud providers - Deployments in government community clouds Expect standardized cloud security from Esri - Product Security Capabilities SAML Web SSO - Alignment with Federal Regulations FedRAMP, FISMA - Security Control Documentation CSA - Security Hardened Images Checklist Don t forget to take 5 minutes to check your IaaS!

53 What is still needed? Your Input is Crucial Your Feedback and Insight Today is Essential - Current Security Issues - Upcoming Security Requirements - Areas of concern Not addressed Today Contact Us At: Enterprise Security

54 Wednesday Closing Session Closing and Hosted Lunch 11:30 AM 1:30 PM Ballrooms A C, Third Level Join conference attendees for lunch and closing session Closing Speaker Todd Park, U.S. CTO Wrap-up and request for feedback with Jack Dangermond.

55 Upcoming Events esri.com/events Date Event Location March 21, 2013 Esri DC Meet Up Big Data & Location Analytics Washington, DC April 18, 2013 Esri DC Meet Up Washington, DC March 23 26, 2013 Esri Partner Conference Palm Springs, CA March 25 28, 2013 Esri Developer Summit Palm Springs, CA July 6 9, 2013 Esri National Security Summit San Diego, CA July 8 12, 2013 Esri International User Conference San Diego, CA

56 Thank You Please complete a session evaluation form. #FedGIS

57

Designing an Enterprise GIS Security Strategy 2014. Michael E. Young Matt Lorrain

Designing an Enterprise GIS Security Strategy 2014. Michael E. Young Matt Lorrain Designing an Enterprise GIS Security Strategy 2014 Michael E. Young Matt Lorrain Agenda Introduction Trends Strategy Mechanisms Server Mobile Cloud Compliance Summary Introduction What is a secure GIS?

More information

Understanding ArcGIS Deployments in Public and Private Cloud. Marwa Mabrouk

Understanding ArcGIS Deployments in Public and Private Cloud. Marwa Mabrouk Understanding ArcGIS Deployments in Public and Private Cloud Marwa Mabrouk Agenda Back to Basics What are people doing? New Features Using ArcGIS in the Cloud - Private Cloud - Public Cloud Technical Demos

More information

ArcGIS and Enterprise Security

ArcGIS and Enterprise Security ArcGIS and Enterprise Security Leveraging ArcGIS in Cybersecurity Ken Stoni Secure Enterprise ArcGIS Best Practices Michael Young Visualizing the Virtual: A geospatial approach to cyber operations and

More information

Designing an Enterprise GIS Security Strategy

Designing an Enterprise GIS Security Strategy Esri International User Conference San Diego, California Technical Workshops July 26, 2012 Designing an Enterprise GIS Security Strategy Michael E Young Agenda Introduction Strategy Trends Mechanisms ArcGIS

More information

Esri Managed Cloud Services and FedRAMP

Esri Managed Cloud Services and FedRAMP Federal GIS Conference February 9 10, 2015 Washington, DC Esri Managed Cloud Services and FedRAMP Erin Ross & Michael Young Agenda Esri Managed Services Program Overview Example Deployments New FedRAMP

More information

ArcGIS Security Authorization Advancements

ArcGIS Security Authorization Advancements Federal GIS Conference February 9 10, 2015 Washington, DC ArcGIS Security Authorization Advancements Michael Young & Erin Ross Overview Authorization Past & Present Products - ArcGIS Server - ArcGIS Desktop

More information

ArcGIS for Server: In the Cloud

ArcGIS for Server: In the Cloud DevSummit DC February 11, 2015 Washington, DC ArcGIS for Server: In the Cloud Bonnie Stayer, Esri Session Outline Cloud Overview - Benefits - Types of clouds ArcGIS in AWS - Cloud Builder - Maintenance

More information

Using ArcGIS for Server in the Amazon Cloud

Using ArcGIS for Server in the Amazon Cloud Federal GIS Conference February 9 10, 2015 Washington, DC Using ArcGIS for Server in the Amazon Cloud Bonnie Stayer, Esri Amy Ramsdell, Blue Raster Session Outline AWS Overview ArcGIS in AWS Cloud Builder

More information

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility. FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer

More information

Deploying ArcGIS for Server Using Esri Managed Services

Deploying ArcGIS for Server Using Esri Managed Services Federal GIS Conference 2014 February 10 11, 2014 Washington DC Deploying ArcGIS for Server Using Esri Managed Services Andrew Sakowicz Erin Ross Cloud Overview Deploying ArcGIS for Server What is Cloud:

More information

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II AWS Security CJ Moses Deputy Chief Information Security Officer Security is Job Zero! Overview Security Resources Certifications Physical Security Network security Geo-diversity and Fault Tolerance GovCloud

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility

More information

Deploying ArcGIS for Server Using Managed Services

Deploying ArcGIS for Server Using Managed Services Deploying ArcGIS for Server Using Managed Services Andrew Sakowicz Erin Ross Sridhar Karra Agenda Introduction Program Overview - Overview - Methodology - Tools Customer Deployments - Architecture and

More information

ArcGIS Server and Portal for ArcGIS An Introduction to Security

ArcGIS Server and Portal for ArcGIS An Introduction to Security FedGIS Conference February 24 25, 2016 Washington, DC ArcGIS Server and Portal for ArcGIS An Introduction to Security Michael Sarhan & Bill Major Using Portal with ArcGIS Server Portal Server Portal and

More information

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics

More information

Understanding ArcGIS in Virtualization and Cloud Environments

Understanding ArcGIS in Virtualization and Cloud Environments Esri Middle East and Africa User Conference December 10 12 Abu Dhabi, UAE Understanding ArcGIS in Virtualization and Cloud Environments Marwa Mabrouk Powerful GIS capabilities Delivered as Web services

More information

Enterprise GIS Architecture Deployment Options. Andrew Sakowicz

Enterprise GIS Architecture Deployment Options. Andrew Sakowicz Enterprise GIS Architecture Deployment Options Andrew Sakowicz Audience Audience - Architects - Developers - Administrators - Project Managers Level: - Beginner / Intermediate Introduction Andrew Sakowicz

More information

NCTA Cloud Architecture

NCTA Cloud Architecture NCTA Cloud Architecture Course Specifications Course Number: 093019 Course Length: 5 days Course Description Target Student: This course is designed for system administrators who wish to plan, design,

More information

ArcGIS for Server in the Cloud

ArcGIS for Server in the Cloud Esri Developer Summit March 8 11, 2016 Palm Springs, CA ArcGIS for Server in the Cloud Cherry Lin, Nikhil Shampur, and Derek Law March 10, 2016 Quick Survey 1. How many attendees are using the Cloud today?

More information

2013 AWS Worldwide Public Sector Summit Washington, D.C.

2013 AWS Worldwide Public Sector Summit Washington, D.C. Washington, D.C. Welcome to the AWS Cloud Steve Halliwell General Manager, State, Local & Education What is Amazon Web Services? Deployment & Administration Application Services Compute Storage Database

More information

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise

More information

Ensuring the Security of Your Company s Data & Identities. a best practices guide

Ensuring the Security of Your Company s Data & Identities. a best practices guide a best practices guide Ensuring the Security of Your Company s Data & Identities Symplified 1600 Pearl Street, Suite 200» Boulder, CO, 80302» www.symplified.com» @Symplified Safe and Secure Identity Management

More information

Appendix C Pricing Index DIR Contract Number DIR-TSO-2724

Appendix C Pricing Index DIR Contract Number DIR-TSO-2724 Appendix C Pricing Index DIR Contract Number DIR-TSO-2724 Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) Amazon Web Services (AWS) is a comprehensive cloud services platform that offers

More information

Tableau Online Security in the Cloud

Tableau Online Security in the Cloud Tableau Online Security in the Cloud Author: Ellie Fields Senior Director, Product Marketing, Tableau Software June 2013 p2 Tableau Software understands that data is among the most strategic and important

More information

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Ensuring Enterprise Data Security with Secure Mobile File Sharing. A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite

More information

Agenda. How to configure

Agenda. How to configure dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services

More information

The Weakest Link : Securing large, complex, global Oracle ebusiness Suite solutions

The Weakest Link : Securing large, complex, global Oracle ebusiness Suite solutions The Weakest Link : Securing large, complex, global Oracle ebusiness Suite solutions Radomir Vranesevic Director and IT Architect Oracle Certified Master, CISSP Fusion Professionals 1 Agenda Introduction

More information

Deploy Remote Desktop Gateway on the AWS Cloud

Deploy Remote Desktop Gateway on the AWS Cloud Deploy Remote Desktop Gateway on the AWS Cloud Mike Pfeiffer April 2014 Last updated: May 2015 (revisions) Table of Contents Abstract... 3 Before You Get Started... 3 Three Ways to Use this Guide... 4

More information

AV-18 Introduction of the GIS Integration

AV-18 Introduction of the GIS Integration Slide 1 AV-18 Introduction of the GIS Integration Authors Victor Lough Dan Marsillo Geoff Tarcha social.invensys.com @InvensysOpsMgmt / #SoftwareRevolution /InvensysVideos /InvensysOpsMgmt /company/invensys

More information

2013 AWS Worldwide Public Sector Summit Washington, D.C.

2013 AWS Worldwide Public Sector Summit Washington, D.C. Washington, D.C. Next Generation Privileged Identity Management Control and Audit Privileged Access Across Hybrid Cloud Environments Ken Ammon, Chief Strategy Officer Who We Are Security software company

More information

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing

More information

Securing ArcGIS Server Services: First Steps

Securing ArcGIS Server Services: First Steps Federal GIS Conference February 9 10, 2015 Washington, DC Securing ArcGIS Server Services: First Steps Michael Sarhan Esri msarhan@esri.com Agenda Review Basic Security Workflow ArcGIS Server Roles and

More information

Seeing Though the Clouds

Seeing Though the Clouds Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating

More information

GeoCloud Project Report USGS/EROS Spatial Data Warehouse Project

GeoCloud Project Report USGS/EROS Spatial Data Warehouse Project GeoCloud Project Report USGS/EROS Spatial Data Warehouse Project Description of Application The Spatial Data Warehouse project at the USGS/EROS distributes services and data in support of The National

More information

Security Overview Enterprise-Class Secure Mobile File Sharing

Security Overview Enterprise-Class Secure Mobile File Sharing Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud

More information

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways

More information

Secure Cloud Computing

Secure Cloud Computing Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP SOLUTION BRIEF PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP The benefits of cloud computing are clear and compelling: no upfront investment, low ongoing costs, flexible capacity and fast application

More information

ArcGIS for Server in the Amazon Cloud. Michele Lundeen Esri

ArcGIS for Server in the Amazon Cloud. Michele Lundeen Esri ArcGIS for Server in the Amazon Cloud Michele Lundeen Esri What we will cover ArcGIS for Server in the Amazon Cloud Why How Extras Why do you need ArcGIS Server? Some examples Publish - Dynamic Map Services

More information

Portal for ArcGIS. Satish Sankaran Robert Kircher

Portal for ArcGIS. Satish Sankaran Robert Kircher Portal for ArcGIS Satish Sankaran Robert Kircher ArcGIS A Complete GIS Data Management Planning & Analysis Field Mobility Operational Awareness Constituent Engagement End to End Integration Collect, Organize,

More information

WALKME WHITEPAPER. WalkMe Architecture

WALKME WHITEPAPER. WalkMe Architecture WALKME WHITEPAPER WalkMe Architecture Introduction WalkMe - the Enterprise Class Guidance and Engagement Platform - drives users to action as they use software or websites. WalkMe is used by Enterprises

More information

Application Security Best Practices. Matt Tavis Principal Solutions Architect

Application Security Best Practices. Matt Tavis Principal Solutions Architect Application Security Best Practices Matt Tavis Principal Solutions Architect Application Security Best Practices is a Complex topic! Design scalable and fault tolerant applications See Architecting for

More information

How to Grow and Transform your Security Program into the Cloud

How to Grow and Transform your Security Program into the Cloud How to Grow and Transform your Security Program into the Cloud Wolfgang Kandek Qualys, Inc. Session ID: SPO-207 Session Classification: Intermediate Agenda Introduction Fundamentals of Vulnerability Management

More information

Active Directory Domain Services on the AWS Cloud: Quick Start Reference Deployment Mike Pfeiffer

Active Directory Domain Services on the AWS Cloud: Quick Start Reference Deployment Mike Pfeiffer Active Directory Domain Services on the AWS Cloud: Quick Start Reference Deployment Mike Pfeiffer March 2014 Last updated: September 2015 (revisions) Table of Contents Abstract... 3 What We ll Cover...

More information

A Sumo Logic White Paper. Sumo Logic Security Model. Secure by Design

A Sumo Logic White Paper. Sumo Logic Security Model. Secure by Design A Sumo Logic White Paper Sumo Logic Security Model Secure by Design Entrusting your data to a third-party service provider requires rigorous security measures. At Sumo Logic, the security and integrity

More information

Petroleum Web Applications to Support your Business. David Jacob & Vanessa Ramirez Esri Natural Resources Team

Petroleum Web Applications to Support your Business. David Jacob & Vanessa Ramirez Esri Natural Resources Team Petroleum Web Applications to Support your Business David Jacob & Vanessa Ramirez Esri Natural Resources Team Agenda Petroleum Web Apps to Support your Business The ArcGIS Location Platform Introduction

More information

Workday Mobile Security FAQ

Workday Mobile Security FAQ Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy

More information

Assignment # 1 (Cloud Computing Security)

Assignment # 1 (Cloud Computing Security) Assignment # 1 (Cloud Computing Security) Group Members: Abdullah Abid Zeeshan Qaiser M. Umar Hayat Table of Contents Windows Azure Introduction... 4 Windows Azure Services... 4 1. Compute... 4 a) Virtual

More information

Scott Moore, Esri April 4, 2016 2016 Intermountain, Great Falls, MT

Scott Moore, Esri April 4, 2016 2016 Intermountain, Great Falls, MT Create Great Web Apps No Coding Required Scott Moore, Esri April 4, 2016 2016 Intermountain, Great Falls, MT Agenda Product overview Web AppBuilder for ArcGIS tour What s New November 2015 ArcGIS Online

More information

Building Energy Security Framework

Building Energy Security Framework Building Energy Security Framework Philosophy, Design, and Implementation Building Energy manages multiple subsets of customer data. Customers have strict requirements for regulatory compliance, privacy

More information

Threat Modeling Cloud Applications

Threat Modeling Cloud Applications Threat Modeling Cloud Applications What You Don t Know Will Hurt You Scott Matsumoto Principal Consultant smatsumoto@cigital.com Software Confidence. Achieved. www.cigital.com info@cigital.com +1.703.404.9293

More information

DRUVA SECURITY OVERVIEW ICT AFRICA CAPE TOWN LEE MEPSTED EMEA CHANNEL MANAGER

DRUVA SECURITY OVERVIEW ICT AFRICA CAPE TOWN LEE MEPSTED EMEA CHANNEL MANAGER DRUVA SECURITY OVERVIEW ICT AFRICA CAPE TOWN LEE MEPSTED EMEA CHANNEL MANAGER ABOUT DRUVA Company Fastest growing data protection company Headquartered in Silicon Valley Backed by Sequoia and EMC Ranked

More information

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0 Configuration Guide BlackBerry Enterprise Service 12 Version 12.0 Published: 2014-12-19 SWD-20141219132902639 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12...

More information

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud Simone Brunozzi, AWS Technology Evangelist, APAC Fortress in the Cloud AWS Cloud Security Model Overview Certifications & Accreditations Sarbanes-Oxley (SOX) compliance ISO 27001 Certification PCI DSS

More information

With Eversync s cloud data tiering, the customer can tier data protection as follows:

With Eversync s cloud data tiering, the customer can tier data protection as follows: APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software

More information

Blue Jeans Network Security Features

Blue Jeans Network Security Features Technical Guide Blue Jeans Network Security Features Blue Jeans Network understands an organization s need for secure communications. The Blue Jeans cloud-based video conferencing platform provides users

More information

NCSU SSO. Case Study

NCSU SSO. Case Study NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must

More information

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper StrikeForce Technologies, Inc. 1090 King Georges Post Rd. Edison, NJ 08837, USA Tel: 732 661-9641 Fax: 732 661-9647 http://www.sftnj.com

More information

ProjectManager.com Security White Paper

ProjectManager.com Security White Paper ProjectManager.com Security White Paper Standards & Practices www.projectmanager.com Introduction ProjectManager.com (PM) developed its Security Framework to continue to provide a level of security for

More information

Security Whitepaper. NetTec NSI Philosophy. Best Practices

Security Whitepaper. NetTec NSI Philosophy. Best Practices Security Whitepaper NetTec NSI provides a leading SaaS-based managed services platform that to efficiently backup, monitor, and troubleshoot desktops, servers and other endpoints for businesses. Our comprehensive

More information

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology SaaS at Pfizer Challenges, Solutions, Recommendations Agenda How are Cloud and SaaS different in practice? What does Pfizer s SaaS footprint look like? Identity is the Issue: Federation (SSO) and Provisioning/De-provisioning

More information

WALKME SOLUTION ARCHITECTURAL WHITE PAPER

WALKME SOLUTION ARCHITECTURAL WHITE PAPER WALKME SOLUTION ARCHITECTURAL WHITE PAPER WHAT IS WALKME FOR SALESFORCE? WalkMe enables Salesforce to build and overlay interactive Walk-Thrus that intuitively guide users to self-task successfully with

More information

Top. Reasons Federal Government Agencies Select kiteworks by Accellion

Top. Reasons Federal Government Agencies Select kiteworks by Accellion Top 10 Reasons Federal Government Agencies Select kiteworks by Accellion Accellion Government Customers Include: Top 10 Reasons Federal Government Agencies Select kiteworks Accellion provides government

More information

Cloud Courses Description

Cloud Courses Description Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment

More information

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Vikas Jain Director, Product Management Intel Corporation Jesper Tohmo CTO, Nordic Edge (an Intel company) Session ID:

More information

Symantec App Center 4.0 Admin Documentation

Symantec App Center 4.0 Admin Documentation Symantec App Center 4.0 Admin Documentation Installation Planning Guide September 2012 Symantec Corporation, 2012 Page 1 Table of Contents Purpose of Document... 3 Deployment Options Overview... 3 Public

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

Configuration Guide BES12. Version 12.2

Configuration Guide BES12. Version 12.2 Configuration Guide BES12 Version 12.2 Published: 2015-07-07 SWD-20150630131852557 Contents About this guide... 8 Getting started... 9 Administrator permissions you need to configure BES12... 9 Obtaining

More information

Cloud Courses Description

Cloud Courses Description Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,

More information

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon

More information

SAP Enterprise Architecture in the Era of SAP HANA, Infrastructure, Platforms, Software and Everything-as-a-Service

SAP Enterprise Architecture in the Era of SAP HANA, Infrastructure, Platforms, Software and Everything-as-a-Service SAP Enterprise Architecture in the Era of SAP HANA, Infrastructure, Platforms, Software and Everything-as-a-Service Chuck Kichler (kichler@us.ibm.com) LEARNING POINTS How to consume the on-premise vs.

More information

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Firewall VPN Router. Quick Installation Guide M73-APO09-380 Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,

More information

Bringing Cloud Security Down to Earth. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com

Bringing Cloud Security Down to Earth. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Bringing Cloud Security Down to Earth Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Agenda About Nemertes Cloud Dynamics and Adoption Assessing Risk of Cloud Services

More information

Hybrid Cloud Identity and Access Management Challenges

Hybrid Cloud Identity and Access Management Challenges Hybrid Cloud Identity and Access Management Challenges Intro: Timothy P. McAliley timothy.mcaliley@microsoft.com Microsoft Premier Field Engineer, SQL Server, Washington, DC CISA, CISM, CISSP, ITIL V3,

More information

ShareFile Security Overview

ShareFile Security Overview ShareFile Security Overview ShareFile Company Policy All ShareFile employees undergo full background checks and sign our information security policy prior to beginning employment with the company. The

More information

Cloud models and compliance requirements which is right for you?

Cloud models and compliance requirements which is right for you? Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,

More information

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module Collax SSL VPN Howto This howto describes the easy configuration of a Collax server as SSL VPN gateway in order to enable external access to selected applications in the company network. Except for a common

More information

RemoteApp Publishing on AWS

RemoteApp Publishing on AWS RemoteApp Publishing on AWS WWW.CORPINFO.COM Kevin Epstein & Stephen Garden Santa Monica, California November 2014 TABLE OF CONTENTS TABLE OF CONTENTS... 2 ABSTRACT... 3 INTRODUCTION... 3 WHAT WE LL COVER...

More information

White Paper How Noah Mobile uses Microsoft Azure Core Services

White Paper How Noah Mobile uses Microsoft Azure Core Services NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Sean Horne CTO EMC UKI. The leakage of Intellectual Property.. .and the risk of Privacy, Trustworthiness, Governance and Data Breaches

Sean Horne CTO EMC UKI. The leakage of Intellectual Property.. .and the risk of Privacy, Trustworthiness, Governance and Data Breaches Sean Horne CTO EMC UKI The leakage of Intellectual Property...and the risk of Privacy, Trustworthiness, Governance and Data Breaches 1 The business of Insurance is guided by Trust Insurance is a promise

More information

Preparing for GO!Enterprise MDM On-Demand Service

Preparing for GO!Enterprise MDM On-Demand Service Preparing for GO!Enterprise MDM On-Demand Service This guide provides information on...... An overview of GO!Enterprise MDM... Preparing your environment for GO!Enterprise MDM On-Demand... Firewall rules

More information

NEFSIS DEDICATED SERVER

NEFSIS DEDICATED SERVER NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.2.0.XXX (DRAFT Document) Requirements and Implementation Guide (Rev5-113009) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis

More information

Microsoft Power BI. Nov 21, 2015

Microsoft Power BI. Nov 21, 2015 Nov 21, 2015 Microsoft Power BI Biray Giray Practice Lead - Enterprise Architecture, Collaboration, ECM, Information Architecture and Governance getalbert.ca biray.giray@getalbert.ca Michael McKiernan

More information

PCI Requirements Coverage Summary Table

PCI Requirements Coverage Summary Table StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2

More information

DreamFactory on Microsoft SQL Azure

DreamFactory on Microsoft SQL Azure DreamFactory on Microsoft SQL Azure Account Setup and Installation Guide For general information about the Azure platform, go to http://www.microsoft.com/windowsazure/. For general information about the

More information

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns

More information

Microsoft Enterprise Mobility Suite

Microsoft Enterprise Mobility Suite Microsoft Enterprise Mobility Suite Standalone - overview Peter Daalmans http://configmgrblog.com, peter@daalmans.com IT-Concern John Marcum Enterprise Client Management Architect / johnmarcum@outlook.com

More information

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible IT transformation and evolving identities A number of technology trends, including cloud, mobility,

More information

Security Practices, Architecture and Technologies

Security Practices, Architecture and Technologies Security Practices, Architecture and Technologies CONTACT: 36 S. Wall Street Columbus, OH 43215 1-800-VAB-0300 www.viewabill.com 1 CONTENTS End-to-End Security Processes and Technologies... 3 Secure Architecture...

More information

PATCH MANAGER what does it do?

PATCH MANAGER what does it do? PATCH MANAGER what does it do? PATCH MANAGER SAAS maps all your physical assets and physical infrastructure such as network and power cabling, racks, servers, switches, UPS and generators. It provides

More information

About Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

About Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack About Me KVM, API, DB, Upgrades, SystemVM, Build system, various subsystems Contributor and Committer

More information

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user

More information

Configuration Guide. BES12 Cloud

Configuration Guide. BES12 Cloud Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need

More information

Mapping and Geographic Information Systems Professional Services

Mapping and Geographic Information Systems Professional Services Mapping and Geographic Information Systems Professional Services G-Cloud Services RM 1557 Service Definition Esri UK GCloud 5 Lot 4 Specialist Services Government Procurement Service Acknowledgement Esri

More information

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

Course 20533: Implementing Microsoft Azure Infrastructure Solutions Course 20533: Implementing Microsoft Azure Infrastructure Solutions Overview About this course This course is aimed at experienced IT Professionals who currently administer their on-premises infrastructure.

More information

Media Shuttle s Defense-in- Depth Security Strategy

Media Shuttle s Defense-in- Depth Security Strategy Media Shuttle s Defense-in- Depth Security Strategy Introduction When you are in the midst of the creative flow and tedious editorial process of a big project, the security of your files as they pass among

More information

Configuration Guide BES12. Version 12.1

Configuration Guide BES12. Version 12.1 Configuration Guide BES12 Version 12.1 Published: 2015-04-22 SWD-20150422113638568 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12... 8 Product documentation...

More information

Securing Office 365 with MobileIron

Securing Office 365 with MobileIron Securing Office 365 with MobileIron Introduction Office 365 is Microsoft s cloud-based productivity suite. It includes online versions of Microsoft s most popular solutions, like Exchange and SharePoint,

More information