RES Software and Security

Similar documents
Directory and File Transfer Services. Chapter 7

IT Security Procedure

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

Information Security Program Management Standard

Hamilton College Administrative Information Systems Security Policy and Procedures. Approved by the IT Committee (December 2004)

Leveraging a Maturity Model to Achieve Proactive Compliance

Payment Card Industry Data Security Standard

THE BLUENOSE SECURITY FRAMEWORK

IBM Endpoint Manager for Core Protection

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

Symphony Plus Cyber security for the power and water industries

Enterprise level security, the Huddle way.

Quick Guide to Asset Management Planning An ITtoolkit.com White Paper

SafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud

SafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud

How To Manage A Patch Management Process

Introduction. PCI DSS Overview

Course Outline. Configuring, Managing & Maintaining Windows 2008 Server. Course Description: Pre-requisites:

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Bellevue University Cybersecurity Programs & Courses

White paper December Addressing single sign-on inside, outside, and between organizations

A Decision Maker s Guide to Securing an IT Infrastructure

Wellesley College Written Information Security Program

Defending the Database Techniques and best practices

Information Technology Security Procedures

Reducing the Complexity of Virtualization for Small and Midsized Businesses

Microsoft Baseline Security Analyzer

Cyber Essentials Questionnaire

Protecting Your Data On The Network, Cloud And Virtual Servers

Integrated archiving: streamlining compliance and discovery through content and business process management

Gathering MOSS? Revealing SharePoint Opportunities & Costs

Document ID. Cyber security for substation automation products and systems

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

WIRELESS LOCAL AREA NETWORK (WLAN) IMPLEMENTATION

Take Back Control in IT. Desktop & Server Management (DSM)

Using Remote Web Workplace Version 1.01

Accounting and Administrative Manual Section 100: Accounting and Finance

Analysis of the Global Vulnerability Management Market Platform Convergence Intensifies Competition but Creates Opportunity in Growth Technology

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

Information Security and Continuity Management Information Sharing Portal. Category: Risk Management Initiatives

IT Security. Muscat 15+ ABOUT US IN A GLANCE

What Do You Mean My Cloud Data Isn t Secure?

PCI DSS COMPLIANCE DATA

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00

Top Four Considerations for Securing Microsoft SharePoint

This policy shall be reviewed at least annually and updated as needed to reflect changes to business objectives or the risk environment.

How To Protect A Virtual Desktop From Attack

NETWORK AND INTERNET SECURITY POLICY STATEMENT

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

GoldMine Datasheet Title. Subtitle: Reinvent your Sales, Marketing and Support Proceses. IT Must Innovate to Meet Rising Business Expectations

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

Managing and Maintaining a Microsoft Windows Server 2003 Environment

California State Polytechnic University, Pomona. Desktop Security Standard and Guidelines

The Importance of User Workspace Virtualization in Desktop Virtualization

Accessing the Media General SSL VPN

Data Access Request Service

Did security go out the door with your mobile workforce? Help protect your data and brand, and maintain compliance from the outside

TABLE OF CONTENTS: Transforming Desktops into Workspaces

Security Solutions. Protecting your data.

Sygate Secure Enterprise and Alcatel

Proven LANDesk Solutions

The Benefits of an Integrated Approach to Security in the Cloud

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1

Information Security It s Everyone s Responsibility

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Data Security and Healthcare

NACS/PCATS WeCare Data Security Program Overview

Strategies for Protecting Virtual Servers and Desktops

SECURITY ORGANISATION Security Awareness and the Five Aspects of Security

C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)

Proactive controls to mitigate IT security risk

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Viewfinity Privilege Management Integration with Microsoft System Center Configuration Manager. By Dwain Kinghorn

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

Automation Suite for. 201 CMR Compliance

White Paper. BD Assurity Linc Software Security. Overview

WHITE PAPER: MASSACHUSETTS DATA SECURITY REGULATIONS

Devising a Server Protection Strategy with Trend Micro

Avoiding the Top 5 Vulnerability Management Mistakes

University of Liverpool

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

Information Resources Security Guidelines

Develop your Legal Practice using Cloud applications, but

Pennsylvania Department of Public Welfare. Bureau of Information Systems OBSOLETE. Secure User Guide. Version 1.0.

We at Kernel, strive to deliver to our customers the best in class services and we base our approach on the following core values:

Shoe Manufacturer Improves Access, Enhances Security with Identity and Access Management

Addressing the United States CIO Office s Cybersecurity Sprint Directives

Devising a Server Protection Strategy with Trend Micro

NETWORK SECURITY GUIDELINES

IBM Cognos Enterprise: Powerful and scalable business intelligence and performance management

Massachusetts Identity Theft/ Data Security Regulations

Guardian365. Managed IT Support Services Suite

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

PCI Security Compliance in KANA Solutions How KANA Applications Helps Companies Comply with PCI Security Standards

The Road to Compliance: Signing Your SOX Certification with Confidence

Linko Software Express Edition Typical Installation Guide

GoodData Corporation Security White Paper

Transcription:

res Software // Whitepaper RES Software and Security Realizing asset-centric and user-centric approaches to security Whitepaper IT, the way you need it

2 Table of Content Executive Summary...3 Security, why does it matter?...4 Availability...4 Focus on assets...4 The user is no longer bound to any single device...5 New challenges: confidentiality...5 Confidentiality...6 Conclusion...7 IT, the way you need it

3 Executive Summary In the rush to meet regulatory or customer mandates, organizations have spent millions of dollars implementing security and compliance measures either issue by issue or regulation by regulation. This has resulted in an asset-centric security approach, where we focus on the IT infrastructure and make sure that this is secure. However, in the current versatile user community, a user is no longer bound to any single device. So, although assets still need to be kept secure, the need arises for a user-centric security approach, where security rules are aligned with the use of those assets. This white paper presents an overview of both the asset-centric and the user-centric approaches to security. These approaches will be mapped towards the standard for Information Security: ISO 17799. www.ressoftware.com

4 Security, why does it matter? Information is an important asset in the current market. As a result, businesses want to manage this asset, but at the same time they are evolving towards collaboration with other companies in order to fulfill customer needs more quickly. This approach has increased the pressure on IT departments: on the one hand, they need to make information available for more users; and on the other hand, they need to keep this information secure and share it only with the appropriate organizations. So security matters, and any approach will have to focus on two things: Availability: making sure that information is available for use. Confidentiality: making sure that only authorized people can access it. Availability Currently, an important job for many administrators is to ensure that authorized users have access to information and the associated assets when required. This usually results in two approaches towards the issue: Focus on assets Currently, the most common approach is to focus on assets. This approach originates from a risk management approach: In a Microsoft Windows environment, this means that the following tasks that need to be performed on a regular basis: Scanning machines for vulnerabilities, i.e. querying installed operating system patches and installed software, querying NTFS and share right assignments, querying service properties, and running MBSA queries. Taking counter measures for certain risks, i.e. installing patches, changing service parameters, changing NTFS and share rights assignments. These standard, frequently repeated tasks can be easily automated with a solution for IT Run Book Automation for Windows, such as RES Wisdom. Risk Analysis Assets Threats Vulnerabilities Risk Management Risks Countermeasures IT, the way you need it

5 The user is no longer bound to any single device The question arises whether this asset-centric approach, in which threats are perceived as external forces, is enough. Does this approach ensure availability of the service? In the current user environment, users no longer have their own desktop (asset) on which they use their services. In today s IT world, a user can have a laptop or desktop for use at the office during the day, and a desktop made available via Server Based Computing for use from home or from any other place outside the office. This results in new challenges for IT departments, because the main focus is on ensuring availability of a user s services. Users want their services (applications plus their settings) to be available whatever the method of delivery, and they want changes made in one environment to be reflected in all the others automatically. This results in the next approach to availability: the user-centric approach, which is reflected in User Workspace Management. In this approach, all user settings are disconnected from the underlying application delivery solution, and are applied when a user starts an application. This gives the user a unified workspace independent of application delivery solution. New challenges: confidentiality Focusing on the availability of services to users, both in the office and outside the office, enhances user productivity and business performance. However, this approach does pose new challenges to the IT department, and these challenges need to be addressed. A user now has access to the company network from outside the office too, but some services and their corresponding resources should not be available from outside the office. Once we have established the availability of a service to a user, we need to make sure that this service is only available for those who are authorized. This is confidentiality, the focus of the next part of this whitepaper. www.ressoftware.com

6 Confidentiality To ensure that information is accessible only to those who are authorized to access it, is a challenging task in the current environment. If a user is not bound to one single workstation, it is no longer possible to allow or disallow access based on the workstation (asset). The asset-centric approach, though important, is not sufficient. A user-centric approach is needed as well, so that a user can get access to the services, but only after the following checks: Who is the user? This question is answered using authentication based on username and password. Where is the user? This is important, because where a user starts a service can determine whether that service (such as the application plus its settings and resources) should be available. What time is it? Some services may have scheduled maintenance windows during which they are not available. Does the user have the necessary token? In some cases, you may want to base access to a service on additional levels of authentication, because the application contains too much sensitive information. Besides the internal user, business is starting to collaborate with other companies. These collaborative initiatives will need to share information, and so they need to be supported by IT. The asset-oriented approach tries to make sure that external threats don t come in. This is not possible in a collaborative enterprise: people from other companies do need to get inside your network, but you only want to grant them access to those services they need. This requires a different approach, one that starts from the inside and works out, instead of the other way round. This is what you deliver with a user-centric security approach. You grant a user access to a service, namely the application with its settings. Based on this access, you can then grant the user access to related: Files and folders Local storage Removable storage Network resources Network Resources Removable Storage Local Storage Files and Folders Applications (services) IT, the way you need it

7 Conclusion The ISO 17799 standard is related to information security. This standard defines information as an asset that may exist in many forms, and that has value to an organization. The goal of information security is to protect this asset suitably, so that business continuity is ensured, business damage is minimized, and return on investments is maximized. According to ISO 17799, information security is characterized as the preservation of: Integrity: safeguarding the accuracy and completeness of information and of protection methods. Availability: ensuring that authorized users have access to information and associated assets when required. Confidentiality: ensuring that information is accessible only to those authorized to have access. As discussed in the previous paragraphs, there are two approaches in Information Security: asset-centric and user-centric. The asset-centric approach ensures that the infrastructure is available, and helps protect it against external threats. But in the current versatile user environment, this approach by itself is not enough to make services available to users. Because the user is working from multiple desktops both in and out of the corporate network, a user-centric approach is needed as well. Combining these approaches will result in a better availability, but, even more importantly, will greatly improve the confidentiality as described by ISO 17799. The user-centric security approach is delivered through the use of User Workspace Management. This gives the desired availability of the services to end users, without compromising the necessary security policy. Together, the RES Software products RES Wisdom and RES PowerFuse deliver both the asset-centric and the user-centric security approach. www.ressoftware.com

RES Software is an independent software developer and vendor, founded in 1999. We unify different technologies with one goal: getting the right services to the right people at the right time. Our versatile and innovative products enable IT professionals to manage their Microsoft Windows environments, delivering IT the way people need it to do their daily work. We achieve this by involving our customers in the development and enhancement of our products. Currently more than 2,500 organizations worldwide have purchased products from the RES Software portfolio. RES Software products are exclusively delivered through a network of certified partners. More information: www.ressoftware.com Copyright 1998-2009 RES Software. V2001-01

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information