How Safe are you in your Cloud?

Similar documents
Cloud and Regulations: A match made in heaven, or the worst blind date ever?

Dynamic Security for the Hybrid Cloud

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

Addressing Security for Hybrid Cloud

Data, Data, Who Has The Data?

VMware vcloud Air Security TECHNICAL WHITE PAPER

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

5 Things to Look for in a Cloud Provider When it Comes to Security

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

What is Security Intelligence?

Strategies for assessing cloud security

Cloud Security Trust Cisco to Protect Your Data

Practical Development with a Platform as a Service (PaaS) Beyond the Basics

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

IBM Security in the Cloud

AWS Worldwide Public Sector

On Demand Cloud Services Value First

SOC & HIPAA Compliance

Safeguarding the cloud with IBM Dynamic Cloud Security

Security of Cloud Computing for the Power Grid

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Hybrid Cloud - Your Path to Business Agility

Q1 Labs Corporate Overview

Feliciano Intini Responsabile dei programmi di Sicurezza e Privacy Microsoft Italia

Empowering Your Business in the Cloud Without Compromising Security

Cyber Security Symposium 2015 September 29,2015

Microsoft Azure. Die "Hyper-Scale" Cloudplattform. Gerwald Oberleitner 22. September 2015

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

A Guide to. Cloud Services for production workloads

Managing risks in a Salesforce environment

Transforming Analytics for Cognitive Business

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

Ragy Magdy Regional Channel Manager MEA IBM Security Systems

How to ensure control and security when moving to SaaS/cloud applications

Start New Conversations, Open New Doors

Cloud Security: The Grand Challenge

CERTIFICATIONS / DATAFARMAR&B

Cloud Computing Trends, Examples & What s Ahead

In the Cloud We Trust!

Analytics In the Cloud

Building the Internet of Things Jim Green - CTO, Data & Analytics Business Group, Cisco Systems

Audit My OpenStack Cloud!!

Payment Card Industry Data Security Standard

Healthcare: La sicurezza nel Cloud October 18, IBM Corporation

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

EMA Radar for Private Cloud Platforms: Q1 2013

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing

Securing the Microsoft Cloud

The Education Fellowship Finance Centralisation IT Security Strategy

Enterprise Cloud Adoption- Deployment Models, Workloads and Industry Perspective

Cloud Security Who do you trust?

The Production Cloud

Innovate with the Cloud built for Cognitive Business - IBM Cloud.

IIA Conference. September 18, Paige Needling Director, Global Information Security Recall, Inc.

A BETTER SOLUTION FOR MAINTAINING HEALTHCARE DATA SECURITY IN THE CLOUD

Clinical Trials in the Cloud: A New Paradigm?

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security.

Well-Documented Controls Reduce Risk and Support Compliance Initiatives

The Evolution of Application Monitoring

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

<Insert Picture Here> Oracle Identity And Access Management

With Eversync s cloud data tiering, the customer can tier data protection as follows:

IBM Cloud TechTalks (Part 4 of 4):

Oracle Cloud Update November 2, Eric Frank Oracle Sales Consultant. Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Preemptive security solutions for healthcare

NEC Managed Security Services

Cloud Computing and Standards

The Open Cloud Near-Term Infrastructure Trends in Cloud Computing

The Benefits of an Integrated Approach to Security in the Cloud

Unified Identity Management

Konsolidacija podatkov v oblaku znotraj organizacije

Teradata and Protegrity High-Value Protection for High-Value Data

Hybrid Cloud Computing

Security Trends. The Case for Intelligence-Driven Security. Copyright 2013 EMC Corporation. All rights reserved.

Things to Consider When Planning for Cloud-Based Data Protection

2011 Talking Points and Go-To-Market Themes

Firewall Administration and Management

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices

Safeguarding the cloud with IBM Security solutions

The Next Generation of IT Management. Jason Andrew Vice President, Marketing & Communications

The role of standards in driving cloud computing adoption

Security Services. A Solution for Providing BPM of Security Services within the Enterprise Environment.

TRUSTED CLOUD. Our commitment to provide a cloud you can trust. Fernando Machado Píriz September 2014

Welcome. Panel. Cloud Computing New Challenges in Data Integrity and Security 13 November 2014

Cloud-Centric Workloads and Platforms Workstream

Secure Cloud Computing

Healthcare Enterprise View of Cloud What is Cloud Additional Needs Cloud Models Cloud Economics 101 Stack Decision Framework

IBM Open Cloud Architecture

Infrastructure as a Service (IaaS) Dancik International and Peak 10

STRATEGIES FOR SUCCESS IN THE CLOUD THE FIVE KEYS TO EXCEPTIONAL BUISINESS IMPACT

Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

CONVERGED DATA PROTECTION. ITSA Nürnberg

IBM SoftLayer Cloud - fleksibel infrastruktur i skyen - perfekt til hybrid cloud

Get Your Head in the Cloud. The Hidden Power of Coupa s True Cloud Solution

CloudCheck Compliance Certification Program

SafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud

SafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud

Ecom Infotech. Page 1 of 6

Transcription:

Nov Nov 4-5, 4-5, 2014 2014 Monarch Monarch Beach, Beach, CA CA How Safe are you in your Cloud? Security Intelligence and Regulatory Compliance in the Cloud November 2014 Heather Hinton, Ph.D. IBM Distinguished Engineer CTO Cloud Security and Compliance GTS Cloud Services Division

Executive Summary Cloud Adoption Compliance concerns Security concerns IBM Focus Cloud environments need to satisfy the same compliance requirements as traditional IT, with same security tools, policies and procedures, adapted for Cloud deployment Cloud adoption highlights changes to thinking about compliance including adoption of transitive compliance Infrastructure compliance with SOC2, ISO27001/2 or similar Client-side workload compliance built on Infrastructure + Workload Software/service compliance built on Infrastructure + Service Cloud adoption requires security solutions covering Identity, ion and Insight to be extended to stand alone and hybrid cloud Identity (user identification, access control and governance) ion (infrastructure security, app and data security, risk mgmt) Insight (user activity, threat intelligence, compliance, cost) Deploy Cloud offerings On and with extensive regulatory and compliance assertions Address hybrid cloud use cases by leveraging underlying compliance of,, layers With Integrated security capabilities Address hybrid cloud use cases by leveraging strong enterprise security solutions and services

Cloud computing is rapidly transforming the enterprise Access IBM Dynamic Cloud Security Data Optimize Security Operations Gain Workloads IBM Transitive Cloud Compliance Infrastructure Optimize Compliance Activities Leverage

Challenge: Adapt our understanding of risk management to allow adoption of secure, compliant, business friendly cloud Perceived Biggest Risks Software as a Service () Platform as a Service () Infrastructure as a Service () provider doesn t have adequate (up to my standards) practices around data protection, identity management, intrusion protection Focused on risks of managed by other and not enough on security basics for integrating with other providers and solutions provider won t have the same types of basic controls (up to my standards) that I need for my developers in my environment Focused on what the developer will do when removed from the training wheels of internal IT controls (developers let lose on the Internet!) provider doesn t have adequate (up to my standards) practices around physical security Tends to think in context of a traditional data center with physical cages

Cloud presents the opportunity to radically transform security practices and adopt new approaches to workload compliance Cloud compliance allows us to rethink risks based on the comprehensive hybrid cloud and transitive compliance Traditional Compliance Client dictated and driven control of risks for end-to-end operational stack Dynamic Cloud Compliance Compliance statements provided by each layer build up an end-to-end compliance statement Traditional Security Manual, static, and reactive Dynamic Cloud Security Standardized, automated, agile, and elastic Cloud security is not only achievable, it is an opportunity to drive the business, improve defenses and reduce risk

IBM SoftLayer and Bluemix provide a security-rich environment IBM Marketplace IBM Bluemix IBM Marketplace, Bluemix, and Partners AppScan for Mobile Vuln Single Sign On Intel TXT SoftLayer s Triple-layer network security SoftLayer: certified compliance Supports Data Privacy PCI DSS v3.0 AoC Ready for HIPAA Ready for GxP FedRAMP Ready System

IBM Transitive Compliance for the Hybrid Cloud is built on a layer cake model Workloads Infrastructure Leverage Hosted MssP Provider demonstrates MssP/ using Compliance Assertions, Ready For statements, and MssP/ specific audits as needed Customer provides Workload Compliance using Compliance Assertions, Ready For statements, and workload specific audits as needed Ready For Compliance Assertions Data Privacy Optimize Compliance Activities

IBM Dynamic Cloud Security Portfolio for the Hybrid Cloud supports security solutions tailored for your workload s needs Access Data Gain Hosted MssP Cloud Identity Services Intelligent Threat ion Cloud Cloud Sign On Service Cloud Web and Mobile Application Analyzers Cloud Access r Cloud Privileged Identity r Cloud Data Activity Monitoring Cloud Security Intelligence Security Intelligence and Operations Consulting Services Optimize Security Operations Cloud Security d Services

International Financial Services Consortium deploys Cloud hosted document exchange for Customer provided on IBM and IBM Security, builds transitive compliant solution Access Data Gain IBM Marketplace Hosted MssP Cloud Identity Services Cloud Sign On Service Cloud Access r Cloud PIM Security Intelligence and Operations Consulting Services Cloud Web and Mobile Application Analyzers Cloud Data Activity Monitoring Data Privacy Optimize Security Operations, Compliance Activities Data Encryption Cloud Security d Services Intelligent Threat ion Cloud Unified Threat Monitoring

National retailer deploys loyalty program extension including mobile accessibility, builds transitive compliant solution Access Data Gain Hosted MssP Cloud Identity Services Intelligent Threat ion Cloud IBM Marketplace Cloud Sign On Service Cloud Access r Cloud PIM Cloud Application Analyzers Cloud Data Activity Monitoring Cloud Security Intelligence Unified Threat Monitoring Security Intelligence and Operations Consulting Services Data Privacy Optimize Security Operations, Compliance Activities Cloud Security d Services

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information