Session Four. Heads in the icloud. Moderated By. Sonny Segal. Chief Information Officer Montgomery County Maryland
|
|
- Marianna Simpson
- 8 years ago
- Views:
Transcription
1 Session Four Heads in the icloud Moderated By Sonny Segal Chief Information Officer Montgomery County Maryland
2 Introductions Mr. John W. Lainhart IV IBM Global Business Services Partner, Cybersecurity & Privacy Public Sector Cybersecurity & Privacy Service Area Leader Bethesda, MD Mr. Peter Romness Cisco Systems, Inc. Business Development Manager Public Sector Cybersecurity Herndon, VA Mr. Jeff Stratton Lockheed Martin Information Systems &Global Solutions (IS &GS) Civil Manager, Comprehensive Cyber Security Services - (CS)2 Gaithersburg, MD
3 What is the Cloud? Courtesy: Virtustream, Inc.
4 Types of Clouds Public cloud A cloud infrastructure shared by the general public or industry, typically owned and managed by an organization that sells cloud services. Community cloud A cloud infrastructure shared exclusively by certain groups, such as civil agencies or others with like missions, and managed by the group or a third party. It can be hosted on or off premises. Private cloud Cloud resources confined inside a firewall with private control over the cloud infrastructure. Some organizations run their data centers as a private cloud. Hybrid cloud An approach that uses a public cloud for some services, such as general business needs, but uses a private data center for others, such as storage of sensitive data. Government cloud There is no specific certification for this. Courtesy: Microsoft, inc.
5 Citizen services Potential Benefits Drive innovation with data services in the cloud that citizens can reuse. Offer your own data mashups on a portal. Infrastructure Get IT resources when needed. Pay only for what you use. Reduce need to build, manage, support data centers. Consolidate budget and facilities. Flexibility Adjust resources up and down to meet real-time needs; offload onsite data to the cloud; access via web browser from anywhere for remote work and continuity of operations. Collaboration More effectively communicate/collaborate; employees can access work the same way they access personal information. Courtesy: Microsoft, inc.
6 Potential Benefits(2) Disaster recovery / Continuity of Operations Centralized data storage, management, backups, data recovery in disruptions. Applications and content Rather than waiting in the software procurement line, get hosted software, datasets, and services as they are released so you can focus your mission. Policies and regulations Cloud computing can help meet compliance requirements. Creative IT Centrally managed, frees from keep-lights-on to creative problem-solving. Secure-ability Better secure-ability in cloud according to Vivek Kundra, Former U.S. CIO Speed of platform delivery Data-intensive computing in the cloud can be six times faster than in isolated data centers. Courtesy: Microsoft, inc.
7 Security Considerations Integration. With security and identity management technologies, i.e., Active Directory, and controls for role-based access and entity-level applications. Privacy. Data encryption, effective data anonymization, and mobile location privacy (compliance with the Privacy Act of 1974). Identity and access. Means of preventing inadvertent access. Ability to federate across different services and from your internal environment to the cloud? How are the databases protected for access? Compliance. What certifications does your provider possess? How do you handle dispute resolution and liability issues? What industry or government standards must you comply with? Clearly defined metrics for the cloud service monitoring? How are e-discovery and criminal compliance requests handled? What processes to move into cloud and back? Backup purged? What requirements with regard to physical location of your data? Courtesy: Microsoft, inc.
8 Security Considerations(2) Service integrity. How is the software protected from corruption (malicious or accidental)? How does your provider ensure the security of the written code? How do they do threat modeling? What is the hiring process for the personnel doing administrative operations? What levels of access do they have? Jurisdiction. The location of a cloud provider s operations can affect the privacy laws that apply to the data it hosts. Does your data need to reside within your legal jurisdiction? Federal records management and disposal laws may limit the ability of agencies to store official records in the cloud. Information protection. Who owns your data? Can it be encrypted? Who has access to encryption keys? Where is the backup located, and do you have an on-premise backup? How is Courtesy: Microsoft, inc.
9 Other Considerations Compliance HIPAA, SOX, and FISMA requirements, and FISMA accreditation and certification. Data centers Statement on Auditing Standards (SAS) 70 and International Standards Organization (ISO) certification, audited by independent, third-party security organizations. Uptime Guaranteed 99.9 percent uptime at data centers outfitted to operate during power outages and after natural disasters. Data replication between primary and secondary data centers for redundancy, without storing any data off-site. Data with or without borders Is data guaranteed to stay within the U.S. borders? Multiple data centers across the U.S. provide reliability and failover for government customers. Is the chain of custody for documents preserved when moving documents between onpremise and cloud? Do documents retain the format /fidelity for investigations/foia? How green is the cloud? Designed to reduce energy consumption (typically 25 40%) compared to traditional facilities. Who s who in your cloud? Who else is in the cloud? Courtesy: Microsoft, inc.
10 Contractual Safeguards Service Level Agreement. SLAs should include availability of services, permissible failure rate, response time on malfunction, and recovery time on crash. Security and privacy protection. SLAs should define security-relevant aspects and privacy protection agreements. Provider should agree to update security strategy in line with technological developments. Penalties for non-compliance. Agree on penalties if provider fails to deliver on contract terms. Sub-contracting. Agree whether and in what form the provider may subcontract out certain services. Need to assure subcontractors provide same level of protection as themselves, e.g., HIPAA compliance. Monitoring rights. Ensure they have the contractual right to monitor the cloud provider's data-processing activities, including its protective measures. Relying on the service provider's reports is insufficient. Contract term and return of data. Contract must include duration and exactly how data is to be returned or deleted when the contract expires or if the provider's business model changes. Exit strategy. Early return of data if the provider and/or subcontractor goes out of business or merges. Courtesy: Internet Revolution
11 Cloud Security IBM Cloud Offerings: IBM SmartCloud IBM SoftLayer IBM FedRAMP
12 To address these concerns, IBM is working with clients as both a cloud service provider and trusted advisor Secure IBM Clouds IBM Security Solutions Leveraging IBM s deep security skillset, hosting and strategic outsourcing experience, broad security portfolio, history of security innovation, and commitment to client trust as the foundation for building security into all cloud offerings. Capabilities Knowledge Leading portfolio of products and services to help secure cloud environments. Allows customers to address concerns when adopting private, public and hybrid cloud services by adopting security controls to match requirements of the workload. IBM Cloud Reference Model (Foundational Security Controls) IBM Security Framework (Cloud Security On Ramps) 12
13 IBM SmartCloud provides a robust platform for the full IBM cloud portfolio, built on the IBM cloud reference model Business Process as a Service Software as a Service Platform as a Service Infrastructure as a Service Management, support and deployment Security and isolation Availability and performance Technology platform Payment and billing IBM Cloud Reference Model 13
14 Adoption patterns are emerging and each pattern has its own set of key security concerns Infrastructure as a Service (IaaS): Cut IT expense and complexity through cloud data centers Platform-as-a-Service (PaaS): Accelerate time to market with cloud platform services Innovate business models by becoming a cloud service provider Software as a Service (SaaS): Gain immediate access with business solutions on cloud Cloud Enabled Data Center Cloud Platform Services Cloud Service Provider Business Solutions on Cloud Integrated service management, automation, provisioning, self service Pre-built, pre-integrated IT infrastructures tuned to application-specific needs Advanced platform for creating, managing, and monetizing cloud services Capabilities provided to consumers for using a provider s applications Key security focus: Infrastructure and Identity Key security focus: Applications and Data Key security focus: Data and Compliance Key security focus: Compliance and Governance Manage datacenter identities Secure virtual machines Patch default images Monitor logs on all resources Network isolation Secure shared databases Encrypt private information Build secure applications Keep an audit trail Integrate existing security Isolate cloud tenants Policy and regulations Manage security operations Build compliant data centers Offer backup and resiliency Harden exposed applications Securely federate identity Deploy access controls Encrypt communications Manage application policies 14
15 IBM s Recent Cloud Acquisition: SoftLayer is a pure IaaS Provider
16 For U.S. Federal Government there is also FedRAMP FedRAMP is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The PROGRAM JAB GOALS is the primary governance PROGRAM BENEFITS group of the Accelerate the adoption of secure cloud solutions through reuse FedRAMP of assessments and authorizations program, consisting of the chief Increase confidence security of cloud solutions information officers for the: times" Achieve consistent Department security of Defense, authorizations using a baseline set of agreed upon standards to be used for Cloud product approval in Department of Homeland Security, and or outside of FedRAMP U.S. General Services Administration. Ensure consistent application of existing security practices Increases re-use of existing security assessments across agencies Saves significant cost, time and resources "do once, use many Improves real-time security visibility Provides a uniform approach to risk-based management Increase confidence in security assessments Increase automation and near real-time data for continuous monitoring Enhances transparency between government and cloud service providers (CSPs) Improves the trustworthiness, reliability, consistency, and quality of the Federal security authorization process 16
17 FedRAMP Security Control Pyramid Summary Security Control Count: Total Base Enhancements FISMA (NIST r3) MODERATE 252 (159, 93) FedRAMP (Cloud) MODERATE 297 (168, 129) The more Cloud Services a client purchases, the fewer controls that they will be responsible for: Each service builds on the foundation below it The client will always be responsible for their personnel and facilities SaaS Applications are designed for end-users, delivered over the web 1 FedRAMP SaaS CSP* IaaS Provides on demand processing, storage, networks, and other fundamental computing resources 9 FedRAMP IaaS CSPs* Client ctrls SaaS controls PaaS controls IaaS controls Security Control Pyramid The # of controls the client is responsible for reduces as mores cloud services are purchased PaaS Tools and services designed to make coding and deploying applications (SaaS, web apps, DBs) quick and efficient e.g. PureApp / System, Big Data 1 FedRAMP PaaS CSP* *CSP # s as of 7Jan
18 Cybersecurity In a Cloud Environment Peter Romness Business Development Management Public Sector Cybersecurity Cisco Systems Inc. 18
19 Mobility Cloud Threat Consumer centric market dynamics require an end to end security architecture
20 UTOMATION AGILITY FLEXIBITY AUTOMATION AGILITY CONSISTENCY VISIBILITY EFFICIENCY CONSISTENCY ELASTIC UTOMATION CONSOLIDATION Physi COST Virtual REDUCTION Cloud ELASTIC CONSO cal AGILITY FLEXIBITY AUTOMATION AGILITY CONSISTENCY VISIBILITY EFFICIENCY CONSISTENCY ELASTIC CONSOLIDATION COST REDUCTION ELASTIC CONSO DC CLOUD TRANSITION #! % Extending security posture Unifying the network services Securing multitenancy designs
21 IT Megatrends are creating the Any to Any problem Infrastruct ure public Apps / Services hybrid tenant Workload s private Blending of Personal Access Assets through Endpoint Proliferation & Business Use Multiple Medians Services Reside In Many Clouds
22 Market Direction Integrated Platforms - Threat Centric Device Threat Aware Malware, APT Data Center Context Aware Identity, Data, Location Content Aware Applications Network Access Control Firewall Firewall Content Gateways Integrated Platform Virtual Cloud
23 The New Security Model Attack Continuum BEFORE Control Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Cloud Point in time Continuous
24 Cybersecurity In a Cloud Environment Peter Romness Business Development Management Public Sector Cybersecurity Cisco Systems Inc. 24
25 Cyber Threat Defense Futu re AI-based Threat Detection Increase Telemetry for Analysis Self-Learning and Evasion Resistance ww w FW IP S Application Centric Infrastructure Reputation Identity NextGen Firewall NexGen IPS AMP Global Threat Intelligence
26 Options by Organization Size Meraki Monitored Threat Defense Virtual Network Appliances
27 Lockheed Martin Comprehensive Cyber Security Services (CS) 2 March 5 th 2014 Jeff Stratton - Manager, (CS) 2 Lockheed Martin Proprietary Information 27
28 High Level Approach The primary goal is to provide customers with a comprehensive assessment. Avoid surface level penetration testing (when possible). Accurate and relevant reporting of results No false positives No inflated or deflated risks Remediation assistance Training for long term security sustainment Developers System Administrators Leadership STEM 28
29 Penetration Testing Simulate real-world threats against productionready applications Determine feasibility of particular attack vectors Analyze system resilience to certain attacks Identify high-risk vulnerabilities low hanging fruit Identify business logic flaws and access control flaws that scanners cannot easily assess The Problem: You can hire 10 Penetration Testers and get 10 different results. 29
30 Type of Penetration Testing Blackbox Penetration Testing Does not simulate adversaries Because its supposed to be stealthy it only finds limited attack vectors, you just can t find it all and be quiet. Testers always find 1 way in, but their could be 50 more. Relying on Blackbox testing for web apps is a big mistake! Good for scaring the customer into spending more money Unfortunately some organizations need this to get the money they need to do things right. Comprehensive Whitebox Testing More effective at finding your most concerning issues Testers have full knowledge of the environment so testers can quickly uncover major problems, without wasting precious labor hours on searching for them. 30
31 APT Simulation Testing Great for Testing Defenses Focuses mainly on the response to the Kill Chain TM Methodology: Not designed to be a comprehensive Penetration Test. 31
32 Code Review Mobile and Web Applications Thoroughly inspect source code for vulnerabilities and eliminate them at their root level Analyze frameworks and software architecture for weaknesses Offer guidance at software architecture and code level to strengthen overall software security approach 32
33 Application Risk Analysis Holistic approach to software risk analysis Utilize all system artifacts (design, architecture, code, test environment) Utilize all security analysis techniques (architecture review, threat modeling, code review, pen-testing) Provides the most thorough understanding of system risks and vulnerabilities 33
34 Software Security Touchpoints External Review Abuse Cases Security Requirements Risk Analysis Risk-Based Security Tests Code Review (tools) Risk Analysis Penetration Testing Security Operations Requirements and Use Cases Architecture and Design Test Plans Code Tests and Test Results Feedback From the Field External Review 34
35 Security Lifecycle Management 35 35
36 Security Training Secure Coding and Secure Software Engineering Can be Customized specific to customer requirements Utilization of Customer Code Examples Specific Programming Languages and Frameworks Can also be based on vulnerabilities and findings in the Customer s Environment. Help Developers understand how to consistently develop secure applications. Customized Network and Systems Security Training Network Segmentation Monitoring Capabilities Network and Application Layer Firewall Configuration General Network Security Engineering Wireless Security Vulnerability Management 36 36
37 Security In the Cloud If you are using a cloud, where is your data actually stored physically from a brick and mortar perspective? Is it even in the US? Where are the datacenters? Who has access to it? Is it encrypted? Are you using shared databases, shared operating systems, shared applications, services? If another tenant gets compromised, is your data at risk? Has the cloud service provider had comprehensive penetration testing performed? Is your environment meeting the compliance standards required for your business set forth by federal, state and local regulations? 37
38 Certification, Accreditation and Audit Preparation NIST FEDRAMP Certification FISMA Low, Moderate, High ISO-17799/27000 Series 38
39 (CS) 2 History Initial CIRT/SIC Concept & Design Next Generation Intrusion Detection System Architect DNS Blocking & Intercept Concept LM Corporate Information Security SRT Red Team, ASE Team CEWL Support Reverse Engineering Vulnerability Research Web Application Security Cyber Monitoring & Analysis Information Design Assurance Red Team Counter Intelligence JSF Software Security Program Commercial Cyber Security Consulting Source Code Analysis Software Architectural Review Secure Software Development Lifecycle Embedded Software Security Concepts A Wealth of Experience with Diversified Backgrounds Fused Together 39
40 40
IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationCloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
More informationSecuring the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation
Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns
More informationHealthcare: La sicurezza nel Cloud October 18, 2011. 2011 IBM Corporation
Healthcare: La sicurezza nel Cloud October 18, 2011 Cloud Computing Tests The Limits Of Security Operations And Infrastructure Security and Privacy Domains People and Identity Data and Information Application
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services
ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better
More informationCloud Security for Federal Agencies
Experience the commitment ISSUE BRIEF Rev. April 2014 Cloud Security for Federal Agencies This paper helps federal agency executives evaluate security and privacy features when choosing a cloud service
More informationITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS
ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information
More informationOverview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
More informationSeeing Though the Clouds
Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating
More informationPCI Compliance for Cloud Applications
What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage
More informationDispelling the vapor around Cloud Security
Dispelling the vapor around Cloud Security The final barrier to adopting cloud computing is security of their data and applications in the cloud. The last barrier to cloud adoption This White Paper examines
More informationRE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC
RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure
More informationConcurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services
Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services organization providing innovative management and technology-based
More informationAddressing Cloud Computing Security Considerations
Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft
More informationCLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM
CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material
More informationSecure Cloud Computing
Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationThe Council of the Inspectors General on Integrity and Efficiency s Cloud Computing Initiative
The Council of the Inspectors General on Integrity and Efficiency s Cloud Computing Initiative September 2014 Council of the Inspectors General on Integrity and Efficiency Cloud Computing Initiative Executive
More informationH Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments
H Y T RUST: S OLUTION B RIEF Solve the Nosy Neighbor Problem in Multi-Tenant Environments Summary A private cloud with multiple tenants such as business units of an enterprise or customers of a cloud service
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationStrategies for assessing cloud security
IBM Global Technology Services Thought Leadership White Paper November 2010 Strategies for assessing cloud security 2 Securing the cloud: from strategy development to ongoing assessment Executive summary
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationCloud and Regulations: A match made in heaven, or the worst blind date ever?
Cloud and Regulations: A match made in heaven, or the worst blind date ever? Vinod S Chavan Director Industry Cloud Solutions, IBM Cloud October 28, 2015 Customers are faced with challenge of balancing
More informationCloud Assurance: Ensuring Security and Compliance for your IT Environment
Cloud Assurance: Ensuring Security and Compliance for your IT Environment A large global enterprise has to deal with all sorts of potential threats: advanced persistent threats (APTs), phishing, malware
More informationSTORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM
STORAGE SECURITY TUTORIAL With a focus on Cloud Storage Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members
More informationCloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC
Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationHow does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1
How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management
More informationWritten Testimony. Mark Kneidinger. Director, Federal Network Resilience. Office of Cybersecurity and Communications
Written Testimony of Mark Kneidinger Director, Federal Network Resilience Office of Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationEsri Managed Cloud Services and FedRAMP
Federal GIS Conference February 9 10, 2015 Washington, DC Esri Managed Cloud Services and FedRAMP Erin Ross & Michael Young Agenda Esri Managed Services Program Overview Example Deployments New FedRAMP
More informationOWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect
OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud
More informationThe Cloud, Virtualization, and Security
A Cloud: Large groups of remote servers that are networked to allow centralized, shared data storage and online access to computer services or resources A Cloud: Large groups of remote servers that are
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed
More informationCloud Computing for SCADA
Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry
More informationAHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS
AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals
More informationOverview. FedRAMP CONOPS
Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,
More informationAssessing Risks in the Cloud
Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationA COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012
A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationTop 10 Cloud Risks That Will Keep You Awake at Night
Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com
More informationSecuring and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationCloud Security: An Independent Assessent
Cloud Security: An Independent Assessent A Quantix White Paper Dec 2010 Call us on: 0115 983 6200 Visit us on-line at: www.quantix-uk.com E-mail us at : enquiries@quantix-uk.com Why are people concerned
More informationNEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015
NEXPOSE ENTERPRISE METASPLOIT PRO Effective Vulnerability Management and validation March 2015 KEY SECURITY CHALLENGES Common Challenges Organizations Experience Key Security Challenges Visibility gaps
More informationSOLUTIONS. Secure Infrastructure as a Service for Production Workloads
IaaS SOLUTIONS Secure Infrastructure as a Service for Production Workloads THE CHALLENGE Now more than ever, business and government are facing the challenge of balancing conflicting demands. Market pressures
More informationHow to survive in a world of Virtualization and Cloud Computing, where you even can t trust your own environment anymore. Raimund Genes, CTO
How to survive in a world of Virtualization and Cloud Computing, where you even can t trust your own environment anymore. Raimund Genes, CTO Data everywhere but protection? Unprotected Data Needing Protection
More informationSecure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services
Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro Udo_Schneider@trendmicro.de 26.03.2013
More informationGoodData Corporation Security White Paper
GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share
More informationIBM 000-281 EXAM QUESTIONS & ANSWERS
IBM 000-281 EXAM QUESTIONS & ANSWERS Number: 000-281 Passing Score: 800 Time Limit: 120 min File Version: 58.8 http://www.gratisexam.com/ IBM 000-281 EXAM QUESTIONS & ANSWERS Exam Name: Foundations of
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationPrivacy + Security + Integrity
Privacy + Security + Integrity Docufree Corporation Data Security Checklist Security by Design Docufree is very proud of our security record and our staff works diligently to maintain the greatest levels
More informationStrategic Plan On-Demand Services April 2, 2015
Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on
More informationDecember 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments
December 8, 2011 MEMORANDUM FOR CHIEF INFORMATION OFFICERS FROM: SUBJECT: Steven VanRoekel Federal Chief Information Officer Security Authorization of Information Systems in Cloud Computing Environments
More informationCloud Computing. Bringing the Cloud into Focus
Cloud Computing Bringing the Cloud into Focus November 2011 Introduction Ken Cochrane CEO, IT/NET Partner, KPGM Performance and Technology National co-leader IT Advisory Services KPMG Andrew Brewin Vice
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationAll Clouds Are Not Created Equal THE NEED FOR HIGH AVAILABILITY AND UPTIME
THE NEED FOR HIGH AVAILABILITY AND UPTIME 1 THE NEED FOR HIGH AVAILABILITY AND UPTIME All Clouds Are Not Created Equal INTRODUCTION Companies increasingly are looking to the cloud to help deliver IT services.
More informationSecurity and Cloud Computing
Martin Borrett, Lead Security Architect, Europe, IBM 9 th December 2010 Outline Brief Introduction to Cloud Computing Security: Grand Challenge for the Adoption of Cloud Computing IBM and Cloud Security
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationResidual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.)
Organizational risks 1 Lock-in Risk of not being able to migrate easily from one provider to another 2 Loss of Governance Control and influence on the cloud providers, and conflicts between customer hardening
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More informationFISMA Cloud GovDataHosting Service Portfolio
FISMA Cloud Advanced Government Oriented Cloud Hosting Solutions Cyber FISMA Security Cloud Information Security Management Compliance Security Compliant Disaster Recovery Hosting Application Cyber Security
More informationWhite Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI
White Paper Achieving PCI Data Security Standard Compliance through Security Information Management White Paper / PCI Contents Executive Summary... 1 Introduction: Brief Overview of PCI...1 The PCI Challenge:
More informationSecurity & privacy in the cloud; an easy road?
Security & privacy in the cloud; an easy road? A journey to the trusted cloud Martin Vliem CISSP, CISA National Security Officer Microsoft The Netherlands mvliem@microsoft.com THE SHIFT O L D W O R L D
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationWhite Paper: Optimizing the Cloud Infrastructure for Enterprise Applications
White Paper: Optimizing the Cloud Infrastructure for Enterprise Applications 2010 Ashton, Metzler, & Associates. All rights reserved. Executive Summary Given the technological and organizational risks
More informationAn Evaluation Framework for Selecting an Enterprise Cloud Provider
An Evaluation Framework for Selecting an Enterprise Cloud Provider WHITE PAPER This White Paper is intended for senior IT leaders of global enterprises considering a new cloud solution or expanding an
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationThe Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing
Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationSecurity & Trust in the Cloud
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
More informationMANAGED SERVICES PROVIDER. Dynamic Solutions. Superior Results.
MANAGED SERVICES PROVIDER Dynamic Solutions. Superior Results. REVOLUTIONIZE YOUR INSTITUTION BY FULLY LEVERAGING THE BENEFITS OF TECHNOLOGY MAXIMIZE YOUR TECHNOLOGY INVESTMENTS ENHANCE SECURITY OF YOUR
More informationCloud Courses Description
Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationPresented by Evan Sylvester, CISSP
Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information
More informationCloud Security Who do you trust?
Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud
More informationSaaS Security for the Confirmit CustomerSat Software
SaaS Security for the Confirmit CustomerSat Software July 2015 Arnt Feruglio Chief Operating Officer The Confirmit CustomerSat Software Designed for The Web. From its inception in 1997, the architecture
More informationMicrosoft SharePoint Architectural Models
Microsoft SharePoint This topic is 1 of 5 in a series Introduction to Fundamental SharePoint This series is intended to raise awareness of the different fundamental architectural models through which SharePoint
More informationWhite paper September 2009. Realizing business value with mainframe security management
White paper September 2009 Realizing business value with mainframe security management Page 2 Contents 2 Executive summary 2 Meeting today s security challenges 3 Addressing risks in the mainframe environment
More informationCloud and Data Center Security
solution brief Trend Micro Cloud and Data Center Security Secure virtual, cloud, physical, and hybrid environments easily and effectively introduction As you take advantage of the operational and economic
More informationHIPAA Compliant Infrastructure Services. Real Security Outcomes. Delivered.
Real Security Outcomes. Delivered. Deploying healthcare and healthcare related services to the cloud can be frightening. The requirements of HIPAA can be difficult to navigate, and while many vendors claim
More informationCloud Computing and Records Management
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
More informationWhat Cloud computing means in real life
ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)
More informationArchitecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud
Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More information