The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach



Similar documents
Delivering IT Security and Compliance as a Service

IT Security & Compliance. On Time. On Budget. On Demand.

Rozwiązanie SaaS w zakresie bezpieczeństwa teleinformatycznego i ochrony danych dla przedsiębiorstw

Governance, Risk, and Compliance (GRC) White Paper

Introduction to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Bringing Continuous Security to the Global Enterprise

How to manage IT Risks and IT Compliance as a Service

Department of Technology Services

Current IBAT Endorsed Services

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Application Security Center overview

Tufin Orchestration Suite

Cloud and Data Center Security

The Value of Vulnerability Management*

TRIPWIRE NERC SOLUTION SUITE

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

Testing Solutions to Tackle Application Security Checkpoint Technologies SQGNE. Jimmie Parson Checkpoint Technologies

HP Application Security Center

Introduction to QualysGuard IT Risk SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Obtaining Value from Your Database Activity Monitoring (DAM) Solution

IBM SECURITY QRADAR INCIDENT FORENSICS

Total Protection for Compliance: Unified IT Policy Auditing

NE T GENERATION CLOUD SECURITY PLATFORM

Vendor Risk Management Financial Organizations

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

Understanding Vulnerability Management Life Cycle Functions

Criticial Need for Stronger Network Security. QualysGuard SaaS-based Vulnerability Management for Stronger Security and Verification of Compliance

Your world runs on applications. Secure them with Veracode.

W H I T E P A P E R A u t o m a t i n g D a t a c e n t e r M a nagement: Consolidating Physical and Virtualized Infrastructures

Vulnerability management lifecycle: defining vulnerability management

Analysis of the Global Vulnerability Management Market Platform Convergence Intensifies Competition but Creates Opportunity in Growth Technology

How To Improve Your Business

Continuous Network Monitoring

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Enterprise Service Management (ESM)

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

Delivering Security & Compliance On Demand

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization

SecureVue Product Brochure

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC

8 Key Requirements of an IT Governance, Risk and Compliance Solution

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Cyber Security RFP Template

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief

Automating Cloud Security Control and Compliance Enforcement for PCI DSS 3.0

IBM Rational AppScan: enhancing Web application security and regulatory compliance.

Practical Approaches to Achieving Sustainable IT Governance

John Essner, CISO Office of Information Technology State of New Jersey

Moving Forward with IT Governance and COBIT

Governance Simplified

IT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma

Copyright 11/1/2010 BMC Software, Inc 1

Actionable Security Intelligence: Preparing for the Next Threat with a Proactive Strategy

IBM Rational AppScan: Application security and risk management

BIG SHIFT TO CLOUD-BASED SECURITY

Cloud Computing An Auditor s Perspective

Vulnerability Management

Extreme Networks Security Analytics G2 Vulnerability Manager

QRadar SIEM 6.3 Datasheet

Security management solutions White paper. Extend business reach with a robust security infrastructure.

Integrated Threat & Security Management.

Choosing a Server to Fit Your Business. A step-by-step guide to help businesses maximize the benefits of Intel. Xeon -based server solutions.

Firewall Administration and Management

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

IBM Security IBM Corporation IBM Corporation

WHITE PAPER Configuration and Change Management for IT Compliance and Risk Management: The Tripwire Approach

rating of 5 out 5 stars

Making Compliance Work for You

How to set up a CSIRT in an ITIL driven organization. Christian Proschinger Raiffeisen Informatik GmbH

What CSOs Need To Know About Software-Defined Security

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER

RSA Archer Risk Intelligence

Using QUalysgUard to Meet sox CoMplianCe & it Control objectives

How To Buy Nitro Security

How To Manage Risk

How To Protect Your Cloud From Attack

Choosing a Server to Fit your Business

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

A Flexible and Comprehensive Approach to a Cloud Compliance Program

CDM Hardware Asset Management (HWAM) Capability

Lumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks

Obtaining Enterprise Cybersituational

Sensitive Data Management: Current Trends in HIPAA and HITRUST

HP Server Automation Standard

Transcription:

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25 th 2008

Agenda The Problem at hand = Simplifying Security and Compliance A Software as a Service (SaaS) Approach to bring Security and Compliance together and delivering it as a Service Why is SaaS a disruptive technology? The fears of having the data outside my enterprise and being captive to the vendors who control it What does this all mean to the security industry and professionals? Q&A

The Problem to Solve IT Security and Compliance on a Global Scale Assessing the Security and Compliance posture of the IT infrastructure is critical and harder than ever Increased sophistication of the attacks Accelerated technological innovation driven by the consumerization of technology Ever increasing set of data security and privacy regulations Answering the business needs to extend the enterprise Throwing software, hardware and people at the problem is not an option anymore

Gartner s View Enterprise Compliance and Risk Management Regulations SOX, PCI, HIPAA Control Objectives CobiT, ITIL, others Controls ISO 17799, NIST 800-53, others Policy Mapping People and Process Policies Policy Distribution & Management Identity and Access Secure Configuration Monitor and Report Vulnerability Compliance Management Define Policies Create a Baseline Assess Vulnerability Risk User Process Application Systems Compliance Reporting Eliminate Root Cause Shield and Mitigate Difficult and costly to implement and maintain with Enterprise Software

Automation is the Solution The Tasks at Hand Assessing the IT Security and Compliance Posture on a Global Scale is what Enterprises have been Asking for! Comprehensive and Accurate Collection of Security and Compliance information and dashboards to monitor and visualize Providing Actionable Reports to ALL constituents Automated Auditing of Remediation Extending Security and Compliance Requirements to Outsourcers, Suppliers and Partners The challenge is to identify and to audit every asset and provide actionable reports to all stakeholders

Security + Compliance Posture Actionable Reporting for all Stakeholders And Delivering it as a Service The Security + Compliance Conundrum Leveraging well established frameworks such as CobIT, ISO, ITIL and NIST Security & Compliance Frameworks

A New Paradigm: Security + Compliance Lifecycle Workflow Under this new paradigm, a system is deemed out of compliance if it is: Vulnerable to attacks, Improperly configured or in violation of internal policies or external regulations

Example of a Global SaaS Infrastructure Qualys SaaS Security and Compliance Scanning Infrastructure End to End Security Annual Volume of Scans: 250+ millions IP audit scans (maps and scans) with 7,000 scanner appliances in over 85 countries with 6 Sigma scanning accuracy (less than 3.4 defects per million scans) The world's largest VM enterprise deployment at a Forbes Global 50 with 223 scanner appliances deployed in 52 countries scanning 1 million IPs

Example of Seamless Delivery of New Functionalities with SaaS C O N F I D E N T I A L

Why is SaaS a disruptive Technology? Orders of magnitude more cost effective to develop, deliver and update -- It also delivers better quality Liberates enterprises from making complex and costly IT infrastructure choices and having to live with them for a long time Allows security to be built into the infrastructure and applications and allows users to better control access and distribution Allows users to try before buying and to switch vendor easily Why has such a disruptive technology taken so long to emerge and why are there still so few implementations?

What about the fears of having the data outside the direct control of the enterprise? This is of course a legitimate concern as controlling the security and privacy of the data is the number one job of the security professional and yet counter-intuitively the SaaS model provides for better and more measurable security and compliance

What does it means for the security industry and for the security professionals? We are going to see an accelerated consolidation of the high industry in general and of the security industry in particular SaaS will have a transformational impact on the role of the CIO and of the CISO

Q&A Thank You pcourtot@qualys.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information