Designing an Enterprise GIS Security Strategy Michael E. Young Matt Lorrain
|
|
- Claude Logan
- 8 years ago
- Views:
Transcription
1 Designing an Enterprise GIS Security Strategy 2014 Michael E. Young Matt Lorrain
2 Agenda Introduction Trends Strategy Mechanisms Server Mobile Cloud Compliance Summary
3 Introduction What is a secure GIS?
4 Introduction What is The Answer? Risk Impact
5 Introduction Where are the vulnerabilities? *SANS Relative Vulnerabilities
6 Current Real World Scenarios & Trends
7 Trends Application Level Vulnerabilities *Kaspersky Lab Global Research and Analysis Team Kaspersky Security Bulletin 2013
8 Trends Next generation threats More security controls does not mean more security - Controls can be circumvented individually - Fast-moving attacks bypass traditional defenses New generation of attacks - High-end cybercrime and state sponsored campaigns - Human attackers: motivated, organized, and unpredictable *FireEye: A Real-World Assessment of the Defense-in-Depth Model
9 Trends Controls by Industry Frequency of incident patterns by industry drives new security control recommendations by industry Focus on the right security controls * Verizon 2014 DBIR
10 Real-world security scenarios Disaster communications modified Open source security component vulnerability affects 2/3 rd of web services Hacker closes cloud-based business overnight Large retailer breach
11 Real-world security scenarios Disaster communications modified Scenario - Organization utilize cloud based services for disseminating disaster communications - Required easy updates from home and at work - Drove allowing public access to modify service information Lessons learned - Don t allow anonymous users to modify web service content - Enforce strong governance for web publication process - Minimize or eliminate temporary modification rights of anonymous users - If web services are exposed to the Internet, just providing security through the application does not prevent accessing the services directly Lack of strong governance leads to unexpected consequences
12 Real-world security scenarios Open source security component vulnerability affects 2/3 rd of web services Scenario OpenSSL vulnerability (HeartBleed) ArcGIS Online was indirectly exposed through utilization of Amazon s Elastic Load Balancer AWS patch their ELB systems within a day of the vulnerability announcement Many ArcGIS components contain the vulnerable version, but do not utilize the vulnerable function ArcGIS Server for Linux was vulnerable Lessons learned 3 rd party / open source components are immersive across cloud and on-premises Many organizations still don t have effective patch management for these underlying components Don t rely on only 1 layer of security, as no individual layer is full-proof Esri s first cross-product vulnerability status KBA minimized confusion Utilize the new Trust.ArcGIS.com site Lack of appropriate funding slows resolution of vulnerabilities
13 Real-world security scenarios Hacker closed cloud-based business overnight Scenario Hosting provider Code Spaces victim of DoS attack, ransom request, then deletion Solution hosted within Amazon Web Services w/information redundant across regions Hacker gained access to AWS Control interface and was able to delete most data and instances With most customer data gone, and most servers gone, company was forced out of business in 1 day Lessons Learned Anything that's vulnerable to the same threats is not really an offsite backup Utilize 2-factor authentication for access to administrative interfaces Lack of strong authentication can have catastrophic consequences
14 Real-world security scenarios Large retailer breach Scenario - Theft of personal and credit data - Millions spent on malware detection & analyzing answers for extensive security questionnaires provided to service providers Lessons Learned - Customized and/or overly extensive security questionnaires waste vendor and customer dollars, while not improving security - Utilize standardized questionnaires and accreditations to assess security - ArcGIS Online has the Cloud Security Alliance answers and is FISMA Low accredited - Details available at Trust.ArcGIS.com Misapplied security focus wastes time/money & while increasing risk
15 Trends 2014 and beyond Focus shifting from network perimeter to data - Drives need for stronger authentication of who is accessing the data Mobile malware continues to grow APTs and malware diversification Unpatched systems (Windows XP end-of-life) Hacking the Internet of Things
16 Strategy
17 Strategy A better answer Identify your security needs - Assess your environment - Datasets, systems, users - Data categorization and sensitivity - Understand your industry attacker motivation Understand security options - Trust.arcgis.com - Enterprise-wide security mechanisms - Application specific options Implement security as a business enabler - Improve appropriate availability of information - Safeguards to prevent attackers, not employees
18 Strategy Enterprise GIS Security Strategy Security Risk Management Process Diagram - Microsoft
19 Strategy Evolution of Esri Products & Services Enterprise Solution Product Isolated Systems Integrated Systems Software as a Service 3 rd Party Security Embedded Security Managed Security
20 Strategy Esri Products and Solutions Secure Products - Trusted geospatial services - Individual to organizations - 3 rd party assessments ArcGIS Secure Enterprise Guidance - Trust.ArcGIS.com site - Online Help Secure Platform Management - SaaS Functions & Controls - Certifications / Accreditations
21 Strategy Security Principles CIA Security Triad Availability
22 Strategy Defense in Depth More layers does NOT guarantee more security Understand how layers/technologies integrate Simplify Balance People, Technology, and Operations Holistic approach to security Data and Assets Physical Controls Policy Controls Technical Controls
23 Mechanisms
24 Mechanisms
25 Mechanisms Authentication GIS Tier (Default) - Built-in User store - Enterprise (AD / LDAP) - ArcGIS Tokens Web, mobile, and desktop clients Web server Web Adaptor Web Tier (Add web adaptor) - Enterprise (AD / LDAP) - Any authentication supported by web server - HTTP Basic / Digest - PKI - Windows Integrated ArcGIS for Desktop users GIS Server administrators Publish Services Connect to ArcGIS Server Manager + GIS server(s) Data server
26 Mechanisms Authorization Role-Based Access Control Esri COTS - Assign access with ArcGIS Manager - Service Level Authorization across web interfaces - Services grouped in folders utilizing inheritance 3 rd Party - Web Services Conterra s Security Manager (more granular) - RDBMS Row Level or Feature Class Level - Versioning with Row Level degrades RDBM performance - Alternative - SDE Views URL Based authorization - IIS 7.0 and above - Authorization based on the URL itself
27 Mechanisms Filters 3 rd Party Options Firewalls Reverse Proxy Web Application Firewall - Open Source option ModSecurity Anti-Virus Software Intrusion Detection / Prevention Systems Limit applications able to access geodatabase
28 Mechanisms Filters - Web Application Firewall (WAF) Implemented in DMZ WAF, SSL Accel Load Balancer 443 Firewall Internet Network Load Balancing Protection from web-based attacks Port: 80 IIS/Java Web Server Port: 80 IIS/Java Web Server Monitors all incoming traffic at the application layer Web Apps Web Adaptor Web Server A Web Adaptor Web Apps Web Server B Firewall Can be part of a security gateway - SSL Certificates ArcGIS Site - Load Balancer
29 Mechanisms Encryption 3 rd Party Options Network - IPSec (VPN, Internal Systems) - SSL (Internal and External System) - Cloud Encryption Gateways - Only encrypted datasets sent to cloud File Based - Operating System BitLocker - GeoSpatially enabled PDF s combined with Certificates - Hardware (Disk) RDBMS - Transparent Data Encryption - Low Cost Portable Solution - SQL Express 2012 w/tde
30 Mechanisms Logging/Auditing Esri COTS - Geodatabase history - May be utilized for tracking changes - ArcGIS Workflow Manager - Track Feature based activities - ArcGIS Server 10+ Logging - User tag tracks user requests 3 rd Party - Web Server, RDBMS, OS, Firewall - Consolidate with a SIEM 3 rd party geospatial service monitors - Esri System Monitor - Vestra GeoSystems Monitor - Geocortex Optimizer
31 ArcGIS Server
32 ArcGIS Server Enterprise Deployment WAF, SSL Accel Load Balancer Network Load Balancing 443 Firewall Internet Port: 443 Port: 80 Port: 80 IIS/Java Web Server IIS/Java Web Server IIS/Java Web Server ADFS Proxy Web Apps Web Adaptor Web Adaptor Web Apps Auth Web Server Web Server A Web Server B Firewall Supporting Infrastructure ArcGIS Site ADFS / SAML 2.0 Port: 6080 Web Adaptor Round-Robin Port: 6080 AD/ LDAP SQL ArcGIS for Server GIS Services GIS Server A Server Request Load Balancing GIS Services ArcGIS for Server GIS Server B Clustered HA NAS Config Store HA DB1 HA DB2 Directories FGDB
33 ArcGIS Server Minimize Attack Surface Don t expose Server Manager to public Attack surface over time Disable Services Directory Disable Service Query Operation (as feasible) Enable Web Service Request Filtering - Windows 2008 R2+ Request Filtering - XML Security Gateway - Does not intercept POST requests - REST API only requires GET and HEAD verbs - Exception Utilize POST for token requests Attack surface Time Limit utilization of commercial databases under website - File GeoDatabase can be a useful intermediary Require authentication to services
34 ArcGIS Server 10.2 Enhancements Single-Sign-On (SSO) for Windows Integrated Authentication - Works across ArcGIS for Server, Portal, and Desktop Stronger PKI validation - Leverage multi-factor authentication when accessing applications, computers, and devices - Web adaptor deployed to web server forwards to AGS the request and username Integrated account management and publishing capabilities - Across ArcGIS for Server and Portal in a federated configuration Key SQL Injection vulnerabilities addressed - Changes made in 10.2 may affect some advanced users that were using database-specific SQL statements in their custom applications Add support for - Active Directory nested groups & domain forests - Configuring Private and Public services within the same ArcGIS Server site
35 ArcGIS Server Single ArcGIS Server machine Desktop, Web, and Mobile Clients Desktop, Web, and Mobile Clients 80/443 Reverse Proxy Server 6080/ /6443 Site Administrators Connect to Manager GIS server, Data, Server directories, Configuration Store Site Administrators Connect to Manager GIS server, Data, Server directories, Configuration Store Front-ending GIS Server with Reverse Proxy or Web Adapter
36 ArcGIS Server ArcGIS Server HA - Sites independent of each other Desktop, Web, and Mobile Clients Active-active configuration is shown - Active-passive is also an option Separate configuration stores and management Network Load Balancer (NLB) - Scripts can be used to synchronize Cached map service for better performance Web Adaptors (optional) Load balancer to distribute load Site Administrators Connect to Manager ArcGIS Server site ArcGIS Server site Site Administrators Connect to Manager Server directories, Configuration Store (duplicated between sites)
37 ArcGIS Server ArcGIS Server HA Shared configuration store Desktop, Web, and Mobile Clients Shared configuration store Network Load Balancer (NLB) Web Adaptor will correct if server fails Web Adaptors Config change could affect whole site - Example: publishing a service GIS servers Site Administrators Connect to Manager Test configuration changes Data server, Data (enterprise geodatabase), Server directories, Configuration Store
38 ArcGIS Server ArcGIS Server HA Clusters of Dedicated Services Desktop, Web, and Mobile Clients Shared configuration store Network Load Balancer (NLB) Server clusters - Perform same set of functions Web Adaptors (optional) GIS servers Example - Cluster A handles geoprocessing services - Cluster B handles less intensive services Site Administrators Connect to Manager Cluster A Data server, Data (enterprise geodatabase), Server directories, Configuration Store Cluster B
39 Mobile
40 Mobile What are the mobile concerns? *OWASP 2013 Top Ten Mobile:
41 Mobile Security Touch Points Server authentication Communication Device access SDE permissions Storage Service authorization Project access Data access
42 Mobile Authenticating to ArcGIS Services GIS Tier Auth - ArcGIS Tokens - Pass credentials through UserCredentials / AGSCredential object - Hardcode long-term token into layout XML (Ideally avoid) Web Tier Auth HTTP Basic/Digest - Pass credentials through UserCredentials object - PKI Support Android OS version dependent - Not available on Windows phone yet SSL Support - Certificates issued by trusted cert authority - Self-signed certificates (Dev environment)
43 Mobile Enterprise Mobile Security Top 5 Best Practices Mobile Device Management - Enterprise device solutions (InTune, AirWatch, Good, MaaS360) - Benefits: Secure , browser, remote wipe, app distribution Anti-malware software Secure communications - Use encryption or VPN Strong authentication - Password at minimum - Future: two-factor authentication Control 3 rd Party Software
44 Cloud
45 Cloud Service Models Non-Cloud - Traditional systems infrastructure deployment - Portal for ArcGIS & ArcGIS Server IaaS - Portal for ArcGIS & ArcGIS Server - Some Citrix / Desktop SaaS - ArcGIS Online - Business Analyst Online Customer Responsible End to End Decreasing Customer Responsibility Customer Responsible For Application Settings
46 Cloud Deployment Models Online Online Intranet Intranet Intranet Server Portal Server Public Hybrid 1 On- Premises Online Server Server Server Read-only Basemaps Intranet Intranet Portal Server Cloud Hybrid 2 On-Premises + On-premise
47 Cloud Management Models Self-Managed - Your responsibility for managing IaaS deployment security - Security measures discussed later Provider Managed - Esri Managed Services (Standard Offering) - New Esri Managed Cloud Services (ECMS) option - FedRAMP Moderate environment established - Accreditation expected end of year
48 Cloud EMCS Accredited Offering Customer Instances ArcGIS for Server Portal for ArcGIS ArcGIS Online Customer Databases End Users Security Infrastructure Centralized Authentication (2-factor) Key Management Network Address Translation Virtual Private Cloud (Segmentation) Redundancy (multiple data centers) IDS/SIEM Logging Esri Cloud GIS Administrator ArcGIS Online front-end (Low) Managed Services back-end (Mod)
49 Cloud Real Permutations Public Business Partner 1 Private IaaS Internal Portal Internal AGS Filtered Content External AGS ArcGIS Online Business Partner 2 Database File Geodatabase Public IaaS Field Worker Enterprise Business
50 Cloud Hybrid ArcGIS Online Users 4. Access Service Group TeamGreen 1. Register Services AGOL Org On-Premises ArcGIS Server Hosted Services, Content Public Dataset Storage ArcGIS Org Accounts External Accounts 2. Enterprise Login (SAML 2.0) User Repository AD / LDAP Segment sensitive data internally and public data in cloud
51 Cloud Hybrid Data sources Where are internal and cloud datasets combined? - At the browser - The browser makes separate requests for information to multiple sources and does a mash-up - Token security with SSL or even a VPN connection could be used between the device browser and on-premises system On-Premises Operational Layer Service Cloud Basemap Service ArcGIS Online Browser Combines Layers
52 Cloud On-premises Why? - Additional security demands - Federated account management needs between ArcGIS Server and Portal - Registered services (managed and secured via Server) - Federated services (managed via Server, secured via Portal) - Hosted services (managed and secured via Portal) Requires - Infrastructure - Portal & System Administration
53 Cloud Data Locations On-premises Cloud Provider ArcGIS Online ArcGIS Server ArcGIS Server Feature Services Typically utilized for sensitive data & services Commonly utilized to reduce management costs Commonly utilized for mildly sensitive information and public data/services
54 Cloud ArcGIS Online Standards Enterprise Logins - SAML Provides federated identity management - Integrate with your enterprise LDAP / AD New API s to Manage users & app logins - Developers can utilize OAuth 2-based API s -
55 Cloud ArcGIS Online - Settings Organization administrator options - Require SSL encryption - Allow anonymous access to org site Consume Token secured ArcGIS Server services - 10 SP1 and later - User name and password prompts upon adding the service to a map, and viewing Transparency - Trust.ArcGIS.com
56 Cloud IaaS Common ArcGIS IaaS Deployments - ArcGIS Server Windows AMI to AWS - ArcGIS Server via Cloud Builder to AWS ArcGIS AWS Security Best Practices - 8 main areas - 5 minute minimum
57 Cloud IaaS AWS 8 Security Areas to Address - Virtual Private Cloud (VPC) - Identity & Access Management (IAM) - Administrator gateway instance(s) (Bastion) - Reduce attack surface (Hardening) - Security Information Event Management (SIEM) - Patch management (SCCM) - Centralized authentication/authorization - Web application firewall (WAF)
58 Cloud IaaS - AWS Question - Of the 8 security areas on previous slide, how many are handled by AWS for you? Answer - 2 areas, VPC and IAM Question Part 2 - What is *the* key security mechanism to mitigate against someone gaining unauthorized access to your AWS console? Answer - 2-factor authentication
59 Cloud IaaS AWS 5 minute minimum Minimize RDP surface - Update OS patches - Many AMI s disable automatic updates - Enable NLA for RDP - Set AWS Firewall to Limit RDP access to specific IP s - Use strong passwords, account lockout policies Minimize Application Surface - Disable ArcGIS Services Discovery - Don t expose ArcGIS Manager web app to Internet Enable 2-factor Authentication to your AWS console - The AWS console is a one-stop shop for access to all your instances in the cloud These steps can be completed within 5 minutes Do them!
60 Compliance
61 Compliance Products and Services ArcGIS Online - FISMA Low Accredited Authority To Operate (ATO) by USDA - FedRAMP Moderate in future (2015) Managed Services: Esri Managed Cloud Services (EMCS) - FedRAMP Moderate in process (2014) ArcGIS Desktop - FDCC (versions ) - USGCB (versions 10.1+)
62 Compliance Corporate Operations ISO Esri s Corporate Security Charter Privacy Assurance - US EU/Swiss SafeHarbor self-certified - TRUSTed cloud certified SSAE 16 Type 1 Previously SAS 70 - Esri Data Center Operations - Expanded to Managed Services in 2012
63 Compliance Solution Level Geospatial Deployment Patterns to meet stringent security standards - Hybrid deployments - On-premise deployments Supplemented with 3 rd party security components Upcoming best practice alignment guidance - CJIS Law Enforcement - HIPAA Healthcare - STIGs Defense
64 Compliance Cloud Infrastructure Providers ArcGIS Online Utilizes World-Class Cloud Infrastructure Providers - Microsoft Azure - Amazon Web Services Cloud Infrastructure Security Compliance SSAE16 SOC1 Type2 Moderate
65 Compliance ArcGIS Online Assurance Layers Customer Web App Consumption ArcGIS Management Esri Web Server & DB software AGOL SaaS FISMA Low (USDA) SafeHarbor (TRUSTe) Operating system Instance Security Management Cloud Provider ISO SSAE16 FedRAMP Mod Cloud Providers Hypervisor Physical
66 Compliance Accreditation Roadmap 2014Q Complete ArcGIS Online FISMA Low Esri Managed Cloud Services (EMCS) FedRAMP Mod ArcGIS Online FedRAMP Mod
67 Summary
68 Summary Security is a Core Component of the ArcGIS Trusted Geospatial Platform Expanding ArcGIS Capabilities Standardized Assurance Operational Excellence... Enables sharing the right information, with the right resources, at the right time
69 Summary Security is NOT about just a technology - Understand your organizations GIS risk level - Prioritize efforts accord to your industry and needs - Don t just add components, simplified Defense In Depth approach Secure Best Practice Guidance is Available - Check out the ArcGIS Trust Site! - ArcGIS Security Architecture Workshop - SecureSoftwareServices@esri.com
70
ArcGIS and Enterprise Security
ArcGIS and Enterprise Security Leveraging ArcGIS in Cybersecurity Ken Stoni Secure Enterprise ArcGIS Best Practices Michael Young Visualizing the Virtual: A geospatial approach to cyber operations and
More informationDesigning an Enterprise GIS Security Strategy
Esri International User Conference San Diego, California Technical Workshops July 26, 2012 Designing an Enterprise GIS Security Strategy Michael E Young Agenda Introduction Strategy Trends Mechanisms ArcGIS
More informationArcGIS Cloud Security Roadmap & Best Practices for Federal Agencies. Michael E. Young
ArcGIS Cloud Security Roadmap & Best Practices for Federal Agencies Michael E. Young Agenda Introduction ArcGIS Cloud Capabilities ArcGIS Online (SaaS) Security ArcGIS Cloud Providers ArcGIS IaaS Security
More informationEsri Managed Cloud Services and FedRAMP
Federal GIS Conference February 9 10, 2015 Washington, DC Esri Managed Cloud Services and FedRAMP Erin Ross & Michael Young Agenda Esri Managed Services Program Overview Example Deployments New FedRAMP
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationArcGIS Security Authorization Advancements
Federal GIS Conference February 9 10, 2015 Washington, DC ArcGIS Security Authorization Advancements Michael Young & Erin Ross Overview Authorization Past & Present Products - ArcGIS Server - ArcGIS Desktop
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
SOLUTION BRIEF PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP The benefits of cloud computing are clear and compelling: no upfront investment, low ongoing costs, flexible capacity and fast application
More informationDeploying ArcGIS for Server Using Managed Services
Deploying ArcGIS for Server Using Managed Services Andrew Sakowicz Erin Ross Sridhar Karra Agenda Introduction Program Overview - Overview - Methodology - Tools Customer Deployments - Architecture and
More informationApplication Security Best Practices. Matt Tavis Principal Solutions Architect
Application Security Best Practices Matt Tavis Principal Solutions Architect Application Security Best Practices is a Complex topic! Design scalable and fault tolerant applications See Architecting for
More informationEnterprise GIS Architecture Deployment Options. Andrew Sakowicz
Enterprise GIS Architecture Deployment Options Andrew Sakowicz Audience Audience - Architects - Developers - Administrators - Project Managers Level: - Beginner / Intermediate Introduction Andrew Sakowicz
More informationPortal for ArcGIS. Satish Sankaran Robert Kircher
Portal for ArcGIS Satish Sankaran Robert Kircher ArcGIS A Complete GIS Data Management Planning & Analysis Field Mobility Operational Awareness Constituent Engagement End to End Integration Collect, Organize,
More informationHow To Use Arcgis For Free On A Gdb 2.2.2 (For A Gis Server) For A Small Business
Esri Middle East and Africa User Conference December 10 12 Abu Dhabi, UAE Understanding ArcGIS in Virtualization and Cloud Environments Marwa Mabrouk Powerful GIS capabilities Delivered as Web services
More informationSecurity Best Practices for Microsoft Azure Applications
Security Best Practices for Microsoft Azure Applications Varun Sharma Principal Security Engineer, Information Security & Risk Management (ISRM), Microsoft IT Service Lines Application Security Infrastructure
More informationVendor Questionnaire
Instructions: This questionnaire was developed to assess the vendor s information security practices and standards. Please complete this form as completely as possible, answering yes or no, and explaining
More informationCloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
More informationDeploying ArcGIS for Server Using Esri Managed Services
Federal GIS Conference 2014 February 10 11, 2014 Washington DC Deploying ArcGIS for Server Using Esri Managed Services Andrew Sakowicz Erin Ross Cloud Overview Deploying ArcGIS for Server What is Cloud:
More informationSecuring ArcGIS Server Services: First Steps
Federal GIS Conference February 9 10, 2015 Washington, DC Securing ArcGIS Server Services: First Steps Michael Sarhan Esri msarhan@esri.com Agenda Review Basic Security Workflow ArcGIS Server Roles and
More informationUsing ArcGIS for Server in the Amazon Cloud
Federal GIS Conference February 9 10, 2015 Washington, DC Using ArcGIS for Server in the Amazon Cloud Bonnie Stayer, Esri Amy Ramsdell, Blue Raster Session Outline AWS Overview ArcGIS in AWS Cloud Builder
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationSecurity Overview Enterprise-Class Secure Mobile File Sharing
Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud
More informationIntegrating Single Sign-on Across the Cloud By David Strom
Integrating Single Sign-on Across the Cloud By David Strom TABLE OF CONTENTS Introduction 1 Access Control: Web and SSO Gateways 2 Web Gateway Key Features 2 SSO Key Features 3 Conclusion 5 Author Bio
More informationWith Eversync s cloud data tiering, the customer can tier data protection as follows:
APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software
More informationSMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales
SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,
More informationPortal for ArcGIS: An Introduction
2013 Esri Mid-Atlantic User Conference December 10-11 Baltimore, MD Portal for ArcGIS: An Introduction Derek Law Esri, Redlands Agenda Web GIS Deployment patterns Portal for ArcGIS overview Security Integration
More informationSimone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud
Simone Brunozzi, AWS Technology Evangelist, APAC Fortress in the Cloud AWS Cloud Security Model Overview Certifications & Accreditations Sarbanes-Oxley (SOX) compliance ISO 27001 Certification PCI DSS
More informationPortal. from the trenches!
from the trenches! Deployment Patterns Scaling and High Availability Reference Implementations Common Challenges Extending Engagement patterns Esri UC 2014 Technical Workshop for ArcGIS Technology Transfer
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationArcGIS for Server Deployment Scenarios An ArcGIS Server s architecture tour
ArcGIS for Server Deployment Scenarios An Arc s architecture tour Ismael Chivite Product Manager at Esri Concepts Single Machine Configurations Basic Basic with Proxy Fail-Over Load Balanced or Siloed
More informationBest Practices for Security and Compliance with Amazon Web Services. A Trend Micro White Paper I April 2013
Best Practices for Security and Compliance with Amazon Web Services A Trend Micro White Paper I April 2013 Contents Executive Summary...2 Defining Cloud Computing...2 SERVICE MODELS...3 DEPLOYMENT MODELS...5
More informationIntroduction to the EIS Guide
Introduction to the EIS Guide The AirWatch Enterprise Integration Service (EIS) provides organizations the ability to securely integrate with back-end enterprise systems from either the AirWatch SaaS environment
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationBuilding Energy Security Framework
Building Energy Security Framework Philosophy, Design, and Implementation Building Energy manages multiple subsets of customer data. Customers have strict requirements for regulatory compliance, privacy
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationAWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II
AWS Security CJ Moses Deputy Chief Information Security Officer Security is Job Zero! Overview Security Resources Certifications Physical Security Network security Geo-diversity and Fault Tolerance GovCloud
More informationArcGIS for Server in the Amazon Cloud. Michele Lundeen Esri
ArcGIS for Server in the Amazon Cloud Michele Lundeen Esri What we will cover ArcGIS for Server in the Amazon Cloud Why How Extras Why do you need ArcGIS Server? Some examples Publish - Dynamic Map Services
More informationManaging Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015
Managing Your Microsoft Windows Server Fleet with AWS Directory Service May 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationSecure Cloud Computing
Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for
More informationTable of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
More informationSecuring access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001
Securing access to Citrix applications using Citrix Secure Gateway and SafeWord PremierAccess App Note December 2001 DISCLAIMER: This White Paper contains Secure Computing Corporation product performance
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationMove over, TMG! Replacing TMG with Sophos UTM
Move over, TMG! Replacing TMG with Sophos UTM Christoph Litzbach, Pre-Sales Engineer NSG 39 Key Features of TMG HTTP Antivirus/spyware URL Filtering HTTPS forward inspection Web Caching Role based access
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationSecuring the Microsoft Platform on Amazon Web Services
Securing the Microsoft Platform on Amazon Web Services Tom Stickle August 2012 (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 22 Abstract Deploying Microsoft
More informationSecurity Whitepaper. NetTec NSI Philosophy. Best Practices
Security Whitepaper NetTec NSI provides a leading SaaS-based managed services platform that to efficiently backup, monitor, and troubleshoot desktops, servers and other endpoints for businesses. Our comprehensive
More informationTake Control of Identities & Data Loss. Vipul Kumra
Take Control of Identities & Data Loss Vipul Kumra Security Risks - Results Whom you should fear the most when it comes to securing your environment? 4. 3. 2. 1. Hackers / script kiddies Insiders Ex-employees
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationKEMP LoadMaster. Enabling Hybrid Cloud Solutions in Microsoft Azure
KEMP LoadMaster Enabling Hybrid Cloud Solutions in Microsoft Azure Introduction An increasing number of organizations are moving from traditional on-premises datacenter architecture to a public cloud platform
More informationInteract Intranet Version 7. Technical Requirements. August 2014. 2014 Interact
Interact Intranet Version 7 Technical Requirements August 2014 2014 Interact Definitions... 3 Licenses... 3 On-Premise... 3 Cloud... 3 Pulic Cloud... 3 Private Cloud... 3 Perpetual... 3 Self-Hosted...
More informationPCI DSS 3.0 Compliance
A Trend Micro White Paper April 2014 PCI DSS 3.0 Compliance How Trend Micro Cloud and Data Center Security Solutions Can Help INTRODUCTION Merchants and service providers that process credit card payments
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationPROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN
PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN CONNECTING TO THE CLOUD DAVID CHAPPELL DECEMBER 2009 SPONSORED BY AMAZON AND MICROSOFT CORPORATION CONTENTS The Challenge:
More informationAPIs The Next Hacker Target Or a Business and Security Opportunity?
APIs The Next Hacker Target Or a Business and Security Opportunity? SESSION ID: SEC-T07 Tim Mather VP, CISO Cadence Design Systems @mather_tim Why Should You Care About APIs? Amazon Web Services EC2 alone
More informationCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer
More informationBAE Systems PCI Essentail. PCI Requirements Coverage Summary Table
BAE Systems PCI Essentail PCI Requirements Coverage Summary Table Introduction BAE Systems PCI Essential solution can help your company significantly reduce the costs and complexity of meeting PCI compliance
More informationMicrosoft Azure. Microsoft Azure Security, Privacy, & Compliance
Security, Privacy, & Compliance Technology trends: driving cloud adoption BENEFITS Speed Scale Economics Cloud Trend: 70% 2 weeks to deliver new services vs. 6-12 months with traditional solution Scale
More information2013 AWS Worldwide Public Sector Summit Washington, D.C.
Washington, D.C. Next Generation Privileged Identity Management Control and Audit Privileged Access Across Hybrid Cloud Environments Ken Ammon, Chief Strategy Officer Who We Are Security software company
More informationDeploy Remote Desktop Gateway on the AWS Cloud
Deploy Remote Desktop Gateway on the AWS Cloud Mike Pfeiffer April 2014 Last updated: May 2015 (revisions) Table of Contents Abstract... 3 Before You Get Started... 3 Three Ways to Use this Guide... 4
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationArcGIS 10.3 Server on Amazon Web Services
ArcGIS 10.3 Server on Amazon Web Services Copyright 1995-2015 Esri. All rights reserved. Table of Contents Introduction What is ArcGIS Server on Amazon Web Services?............................... 5 Quick
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationPortWise Access Management Suite
Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s
More informationtwilio cloud communications SECURITY ARCHITECTURE
twilio cloud communications SECURITY ARCHITECTURE July 2014 twilio.com Security is a lingering concern for many businesses that want to take advantage of the flexibility and ease of cloud services. Businesses
More information319 MANAGED HOSTING TECHNICAL DETAILS
319 MANAGED HOSTING TECHNICAL DETAILS 319 NetWorks www.319networks.com Table of Contents Architecture... 4 319 Platform... 5 319 Applications... 5 319 Network Stack... 5 319 Cloud Hosting Technical Details...
More informationSecurity Practices, Architecture and Technologies
Security Practices, Architecture and Technologies CONTACT: 36 S. Wall Street Columbus, OH 43215 1-800-VAB-0300 www.viewabill.com 1 CONTENTS End-to-End Security Processes and Technologies... 3 Secure Architecture...
More informationCentrify Cloud Connector Deployment Guide
C E N T R I F Y D E P L O Y M E N T G U I D E Centrify Cloud Connector Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationRemoteApp Publishing on AWS
RemoteApp Publishing on AWS WWW.CORPINFO.COM Kevin Epstein & Stephen Garden Santa Monica, California November 2014 TABLE OF CONTENTS TABLE OF CONTENTS... 2 ABSTRACT... 3 INTRODUCTION... 3 WHAT WE LL COVER...
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationCourse 20533: Implementing Microsoft Azure Infrastructure Solutions
Course 20533: Implementing Microsoft Azure Infrastructure Solutions Overview About this course This course is aimed at experienced IT Professionals who currently administer their on-premises infrastructure.
More informationXerox Mobile Print Cloud
September 2012 702P00860 Xerox Mobile Print Cloud Information Assurance Disclosure 2012 Xerox Corporation. All rights reserved. Xerox and Xerox and Design are trademarks of Xerox Corporation in the United
More informationUnderstanding ArcGIS Deployments in Public and Private Cloud. Marwa Mabrouk
Understanding ArcGIS Deployments in Public and Private Cloud Marwa Mabrouk Agenda Back to Basics What are people doing? New Features Using ArcGIS in the Cloud - Private Cloud - Public Cloud Technical Demos
More informationIdentity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect
Identity Federation: Bridging the Identity Gap Michael Koyfman, Senior Global Security Solutions Architect The Need for Federation 5 key patterns that drive Federation evolution - Mary E. Ruddy, Gartner
More informationImplementing Microsoft Azure Infrastructure Solutions
Course Code: M20533 Vendor: Microsoft Course Overview Duration: 5 RRP: 2,025 Implementing Microsoft Azure Infrastructure Solutions Overview This course is aimed at experienced IT Professionals who currently
More informationMIGRATIONWIZ SECURITY OVERVIEW
MIGRATIONWIZ SECURITY OVERVIEW Table of Contents Introduction... 2 Shared Security Approach... 2 Customer Best Practices... 2 Application Security... 4 Database Level Security... 4 Network Security...
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationIntroduction to the Mobile Access Gateway
Introduction to the Mobile Access Gateway This document provides an overview of the AirWatch Mobile Access Gateway (MAG) architecture and security and explains how to enable MAG functionality in the AirWatch
More informationWhy SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?
SaaS vs. COTS Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? Unlike COTS solutions, SIMCO s CERDAAC is software that is offered as a service (SaaS). This offers several
More informationSharePoint 2013 Logical Architecture
SharePoint 2013 Logical Architecture This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references, may change without notice.
More informationMedia Shuttle s Defense-in- Depth Security Strategy
Media Shuttle s Defense-in- Depth Security Strategy Introduction When you are in the midst of the creative flow and tedious editorial process of a big project, the security of your files as they pass among
More informationConfiguration Guide. BES12 Cloud
Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationFileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.
FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution. In today s world the potential for ready access to data from virtually any device over any type of network connection creates
More informationBuilding Secure Applications. James Tedrick
Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationCourse: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems
Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding
More informationGoodData Corporation Security White Paper
GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share
More informationThe Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency
logo The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency Understanding the Multiple Levels of Security Built Into the Panoptix Solution Published: October 2011
More informationService Manager and the Heartbleed Vulnerability (CVE-2014-0160)
Service Manager and the Heartbleed Vulnerability (CVE-2014-0160) Revision 1.0 As of: April 15, 2014 Table of Contents Situation Overview 2 Clarification on the vulnerability applicability 2 Recommended
More informationSecurity Considerations for DirectAccess Deployments. Whitepaper
Security Considerations for DirectAccess Deployments Whitepaper February 2015 This white paper discusses security planning for DirectAccess deployment. Introduction DirectAccess represents a paradigm shift
More informationSymantec App Center 4.0 Admin Documentation
Symantec App Center 4.0 Admin Documentation Installation Planning Guide September 2012 Symantec Corporation, 2012 Page 1 Table of Contents Purpose of Document... 3 Deployment Options Overview... 3 Public
More informationEnsuring Enterprise Data Security with Secure Mobile File Sharing.
A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite
More informationCLOUD COMPUTING SERVICES CATALOG
CLOUD COMPUTING SERVICES CATALOG... Including information about the FedRAMP SM authorized Unclassified Remote Hosted Desktop (URHD) Software as a Service solution CTC Cloud Computing Services Software
More information