SUPPORTING CIO STRATEGIES AND PRIORITIES: FROM THE CLOUD

Transcription

1

2 SUPPORTING CIO STRATEGIES AND PRIORITIES: FROM THE CLOUD Presented by: CloudAccess: CloudAccess provides comprehensive security-as-a-service from the cloud. Our suite of robust and scalable solutions eliminates the challenges of deploying enterprise-class security solutions including costs, risks, resources, time-to-market, and administration. By providing such integral services as SIEM, Identity Management, Log Management, Single Sign On, Web SSO, Access Management, Cloud Access offers costeffective, high-performance solutions controlled and managed from the cloud that meet compliance requirements, diverse business needs and ensure the necessary protection of IT assets CloudAccess, Inc Wilshire Blvd Suite 1111 Los Angeles, CA The biggest eye-opener in Gartner s recently-published study on the current agenda regarding the digital landscape for Chief Information Officers is that CIO s recognize that cloud computing will not only be a significant part of the future, but that their own roles and behavior need to be updated to survive in the modern enterprise. CIOs will have to develop new IT strategies and plans that go beyond the usual day-to-day maintenance of an enterprise IT infrastructure. technologies provide a platform to achieve results, but only if CIOs adopt new roles and behaviors to find digital value. Most CIOs recognize that the future of enterprise IT lay not with sitting and writing code and patching servers, but rather one of strategic development and as an integrator of business goals: riding the sea change from a person plugging in cables to an analyst; from a compiler of stacks to a broker of business needs. For more on ths subject, read our article, Rethinking IT: Using the Cloud as a Change Catalyst: HERE

3 The Gartner survey of more than 2000 CIOs, was indeed fascinating - Hunting and Harvesting in a Digital World: The 2013 CIO Agenda - and one of the highlights was a wish list of Technology and Business Priorities for I, of course, was encouraged (yet not surprised) to see cloud computing, workflow, business intelligence and security on the list. Although they appear on separate wish lists, they represent the key transitions and challenges of the evolving paradigm CIOs must confront to keep their resources relevant and facilitate 6 REQUIREMENTS FOR EFFECTIVE FRAUD PREVENTION: Layered Security Real-time, intelligence-based risk assessment Rapid adaptation against evolving threats Transaction Anomaly Prevention Minimize end user impact Minimizing deployment, management and operational costs progress it s no leap that the successful achievement of any or all the items on the lists require a unification of technology, process and analysis. Before you can say Obvious Things, for $1000, Alex, what I would like to do is highlight some specific tactics or advantages that integrate the Top Business Priorities with Top Technology Priorities. For this, I am advocating a holistic and unified security platform to demonstrate how a CIO can advance their agenda and ensure the smooth operation of their enterprise IT landscape. First, the complete lists: Learn how to achieve this from the cloud: Metrics should be established that facilitate common ground for measuring effectiveness of security measures

4 I will combine several elements because a strong cloud-based security program unifies several technologies and provides the necessary business priorities. This is not to say other technologies within the purview of the CIO don t apply, but as this is a security document, I SHOULD YOUR COMPANY EMBRACE BYOD?: Source: Logicalis Survey % of IT decision makers agreed that BYOD already has or will improve their work processes 59% believe that they would be at a competitive disadvantage without BYOD 74% of companies with usercentric BYOD strategies claimed to experience improved employee productivity. It may not be whether or not you should, but simply know the best way to ensure security Learn how to achieve this from the cloud: will keep it within the context to illustrate that the attainment of several goals can be correlated from the cloud. For that let s look at some of the common threads that stitch together these wish lists. Better visibility (analytics & business intelligence/collaboration/better operation results)-with better visibility comes better, faster decisions based on relevant data. If you can see the giant asteroid speeding towards the planet, better visibility provides the time and the layers of input to devise multiple options to prevent disaster! Yet as so much data criss-crosses the enterprise in so many forms, formats, and shared ownerships; across so many applications for a multitude of purposes, it can be difficult (and resource-heavy) to monitor and fill vulnerability gaps. Many CIOs have invested in multiple technologies and processes to mitigate risk, however unless they are linked, or work collaboratively, it s like hiring several children to plug dykes with their fingers. I ve seen in too many companies that although they have the right intention, the left hand does not always know what the right is doing. There are simply too many devices, agendas, access opportunities and external and internal threats NOT to centralize and unify tools like SIEM, Log Management, single sign on and identity management. The idea here is that each controls a segment of enterprise security. By allowing them to leverage each other s capabilities to collaborate and communicate under a centralized monitoring platform, you get contextual information that otherwise would take considerable more time and resourced expertise to compile, analyze and react.

5 Unification (centralization in real time), promotes three dimensional data (or 360 degree visibility) which, in turn, improves responsiveness and control. This allows you to deploy critical resources with pinpoint accuracy based on the full measure of intelligence and policy priorities. This is the key to better operational results. For more on ths subject, read our article, the New Standard: Intelligence Driven Security: HERE THE PROBLEM WITH PASSWORDS: Source: Flying Penguin Consultants 43% admit that employees manage passwords in spreadsheets or on sticky notes and 34% share passwords with their co-workers for applications like FedEx, Twitter, Staples, LinkedIn. 20% experienced an employee still able to login after leaving the company. Learn how to AVOID this from the cloud: Cost-effectiveness (efficiency/cloud computing/reducing enterprise costs). Security is not cheap. You should not nickel and dime costs when the smooth operation of your enterprise, your reputation amongst customers and partners, and the protection of your IP assets are at stake With that said, not only can security be affordable, but it can actually create ROI if deployed and managed intelligently. No one disputes the need to deploy something more than a firewall or password protection, but I understand that CIOs are now looking for better ROI on their existing poker hand. That s where the cloud makes so much sense. By packaging (deployed and managed from the cloud) the 4 solution types mentioned in better visibility, CIOs avoid the dragging anchor of CapEx. In fact I have seen several case studies that show such an attachment strategy (adding pieces that are not currently an owned asset) operates at a savings that the subscription cost for the entire initiative is less than annual support and maintenance for on premise. So if acquisition costs are significantly manageable, what you are left with is enterprise capabilities that increase your efficiency to resource quotient. The whole concept of efficiency is more than just saving money and getting more bang for your buck on a cloud computing solution. If the

6 THE 7 C s OF SECURITY MONITORING: Source: CloudAccess White Paper: Sailing the Seven C s of Security Monitoring security protocols and processes are configured using a combination of internal resources and security-as-a-service expertise, you expand your sphere of effectiveness and protect more virtual territory using less resources. Efficiency is about doing things better while expounding a minimum of resources. The idea of on-demand scalability (to expand or contract immediately based on business needs and not budget dictates) is another resource, cost savings concept that cloud security offers that makes your initiative rightsized. Too often initiatives are weighed down by bloated costs like investments in hardware/servers, unused licenses and lost protection time while trying to develop and deploy more complex versions. For more on ths subject, read our article, Are the costs of cloud security to good to be true?: HERE Consistency Continuous Correlation Contextual Compliant Centralization Core competency focus (enterprise growth, legacy modernization, innovation) This is about working smarter. The reality of maintaining security across your enterprise is that the skills required to monitor, protect, update, respond, report and comply does not exist within one dedicated person, but 1/10th of 10 different people. Within a tenuous economy it is not a stretch to say IT has been the focus of a great deal of job fusion as many companies are forced to pare down staffs. Cloud Learn how to monitor 24/7/365 from the cloud: Many companies without the means to hire a large and experienced staff have found that outsourcing to an MSP (managed service provider) is a sound management decision. Taking this one step further, when you consider outsourcing features such as security-as-aservice or policy-as-a-service options, you create new benefits of security expertise (continuous tribal knowledge) without additional man hours or expense. Not only does this allow precision budgeting, but more importantly allows you to prioritize and focus on your

7 company s core competency. As CIO, your job transforms from resetting passwords and patching updates to applications to finding and supporting new ways to expand your business through technology. For more on ths subject, read our article, A preposition makes all the difference in/of/for/from the cloud: HERE INTELLIGENCE-DRIVEN SECURITY MODELS: An intelligence-driven security system consisting of multiple components: A thorough understanding of risk The use of agile controls based on pattern recognition and predictive analytics The use of big data analytics to give context to vast streams of data to produce timely, actionable info Personnel with the right skill set to operate the systems Information sharing at scale Learn how to ACHIEVE this from the cloud: Improved automation: (customer retention, Improving IT applications and infrastructure)unified cloud based security makes it easier to manage users. Through automated provisioning and multilevel authentication, not only is it easier for your customers to do business with you, but you maintain their ongoing trust by being a proper steward of their private and sensitive information. More so are the behind-the-scenes policies and procedures enforced by a system that is looking at information) in real time) beyond log ins or passwords. By leveraging various aspects of identity and access management with that of SIEM s intrusion detection and Log Management s historical archiving, a unified system can automatically understand behavior patterns (adaptive risk) of users. Just because a log in has the right user name and password (which could have been stolen from a malware implant that records keystrokes) doesn t mean it is the user. Using situational context, the system sees that the last 100 log ins came from an IP address in Provo, Utah but this one is coming from overseas at 3am and is trying to access information not often viewed. The improved automated policy now sends an alert to the analyst who can put a block in place and shut down the incursion. But automation keeps your infrastructure in good working order too. Not only does it help maintain whichever industry compliance regulation you company is required to follow, but through automatic provisioning controls what your internal users can do and see. Joe gets hired as a sales exec. As soon as he is added to Active Directory or

8 LDAP and his role is identified, he is given a certain view of the network. And the reverse happens immediately once he leaves the company; removing the threat of sabotage or data theft or an access vulnerability left open to exploit. TOP 10 BIG DATA SECURITY & PRIVACY CHALLENGES Source: Cloud Security Alliance Secure computations in distributed programming frameworks Security best practices for nonrelational data stores Secure data storage and transactions logs End-point input validation/filtering Real-time security/compliance monitoring Scalable and composable privacy-preserving data mining and analytics Cryptographically enforced access control and secure communication Granular access control Granular audits Data provenance Learn how to OVERCOME these from the cloud: For more on ths subject, read our article, So, just what is REACT? And why does it matter?: HERE Facilitating productivity (Legacy modernization, mobile tech, retaining workforce) The highest goal for any CIO is to find ways to make the enterprise more resilient, stronger and to fulfill its needs. Going back to mapping behavior patterns (as discussed above), another benefit of unified cloud based security is that it allows a CIO to see not just the negative tendencies (and vulnerabilities that keep you up at night), but the way employees work. Using technology, how can the CIO improve productivity? Tablets, phones and other personal devices? The best applications and solutions? The trick is to examine the needs and then broker the best way to facilitate the need without compromising security. In the case of new applications, a variety of solutions can be designated across the enterprise and directed at specific users through rule and responsibility-based provisioning. This way access is controlled to only those who need to see certain features and the data is secure from unauthorized sources. In terms of BYOD, each company must make a decision on what these devices are allowed to access from to ERP data and what is the policy on securing the individual devices. Some analysts see 2013 as a tipping point in terms of technologies. This includes mobile, analytics, big data, social and cloud technologies. The CIO needs to be ready for this paradigm change.

9 One of the more salient points from the Gartner survey stems from the fact that only 43% of technology s true business potential is being exploited to give companies a competitive edge. This, Gartner says, can t continue, and if IT is to remain relevant in an increasingly digital world then there will have to be a substantial increase in this percentage. UNIFIED SECURITY FROM THE CLOUD Realtime Event and Access Correlation Technology is a unified security platform that leverages the cooperative functionality of key toolsets and/or deployed solutions monitored in REAL TIME. Where this Gartner survey refers to cloud computing in general, this blog could apply to virtually any cloud-supported strategy. It s a big fluffy cloud out their and the 21st century needs to take full advantage of the agility and manageability the cloud provides. Move beyond the hype. Go beyond the buzzwords and the flavors of the month and see how a virtualized strategy improves your productivity, vision-to-reality proposals and your bottom line. To this, I am saying that cloud-based security needs to be incorporated as part of this sea-change so that any sized company in any industry may realize the long term benefits of achieving the priorities noted on the Gartner lists. The features, functions, capabilities and reliability have matured to where they can easily and effectively support the vision of any forward-thinking CIO. WHO is logging in? WHAT assets are they viewing/accessing? WHERE is the device? WHEN was the asset changed? HOW is the user/visitor credentialed/authorized? Learn how to REACT from the cloud:

10 WANT TO LEARN MORE ABOUT CLOUD SECURITY? MENTION THIS WHITE PAPER AND WE WILL EXTEND A FREE MONTH OF SERVICE WHEN YOU SIGN UP FOR A YEAR OR MORE PAY-AS-YOU-GO SUBSCRIPTION CONTACT CLOUDACCESS FOR A LIVE ONLINE DEMONSTRATION OF OUR SIEM AND LOG MANAGEMENT SOLUTIONS DELIVERED AND MANAGED FROM THE CLOUD. The sky is no longer the limit with secure, affordable cloud security solutions from CloudAccess. MORE INFORMATION: CONTACT: Read Our Blog: LIKE Us on Facebook Follow Us On Twitter Join us on LinkedIn