Understanding Enterprise Cloud Governance

Similar documents
Logging and Alerting for the Cloud

Identity and Access Management for the Cloud

Hybrid Cloud Computing

Top 10 Most Popular Reports in Enterprise Reporter

Navigating the NIST Cybersecurity Framework

Solving the Security Puzzle

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Managing the Risk of Privileged Accounts and Privileged Passwords in Civilian Agencies

Dell One Identity Manager Scalability and Performance

How To Manage A Cloud System

DevOps for the Cloud. Achieving agility throughout the application lifecycle. The business imperative of agility

Eight Ways Better Software Deployment and Management Can Save You Money

Understanding and Configuring Password Manager for Maximum Benefits

10 easy steps to secure your retail network

Ensuring High Availability for Critical Systems and Applications

Proactive Performance Management for Enterprise Databases

How to Deploy Models using Statistica SVB Nodes

Organized, Hybridized Network Monitoring

Data center and cloud management. Enabling data center modernization and IT transformation while simplifying IT management

SharePlex for SQL Server

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Security Features in Password Manager

Simplify Your Migrations and Upgrades. Part 1: Avoiding risk, downtime and long hours

Reverse Proxy Three Myths Busted

Security Analytics Engine 1.0. Help Desk User Guide

Achieve Deeper Network Security

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Dell Statistica. Statistica Document Management System (SDMS) Requirements

Governed Migration using Dell One Identity Manager

Managing the Risk of Privileged Accounts and Privileged Passwords in Defense Organizations

4.0. Offline Folder Wizard. User Guide

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Defender Delegated Administration. User Guide

Dell One Identity Cloud Access Manager SonicWALL Integration Overview

Types of cyber-attacks. And how to prevent them

Dell InTrust Preparing for Auditing Cisco PIX Firewall

Object Level Authentication

Spotlight Management Pack for SCOM

Dell InTrust Preparing for Auditing and Monitoring Microsoft IIS

How To Use Shareplex

Introduction to Version Control in

Best Practices for an Active Directory Migration

Best Practices for Secure Mobile Access

Dell InTrust Preparing for Auditing Microsoft SQL Server

Achieve Deeper Network Security and Application Control

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

formerly Help Desk Authority Quest Free Network Tools User Manual

formerly Help Desk Authority HDAccess Administrator Guide

Identity and Access Management for the Cloud What You Need to Know About Managing Access to Your Clouds

Dell One Identity Cloud Access Manager Installation Guide

How To Protect Your Active Directory (Ad) From A Security Breach

Dell One Identity Cloud Access Manager How to Configure for High Availability

Move Data from Oracle to Hadoop and Gain New Business Insights

Quest ChangeAuditor 4.8

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

Go beyond basic up/down monitoring

ChangeAuditor 6.0 For Windows File Servers. Event Reference Guide

Moving Single Sign-on (SSO) Beyond Convenience

ChangeAuditor 5.6. For Windows File Servers Event Reference Guide

Quick Connect Express for Active Directory

Adopting a service-centric approach to backup & recovery

Quest ChangeAuditor 5.1 FOR ACTIVE DIRECTORY. User Guide

Dell vworkspace Supports Higher Education s Desktop Virtualization Needs

Quest Collaboration Services How it Works Guide

Dell Unified Communications Command Suite - Diagnostics 8.0. Data Recorder User Guide

Dell NetVault Backup Plug-in for Advanced Encryption 2.2. User s Guide

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

Dell Statistica Statistica Enterprise Installation Instructions

Dell Migration Manager for Enterprise Social What Can and Cannot Be Migrated

How To Improve Performance Monitoring

Real-world Identity and Access Management (IAM) for Unix-based Systems

Seven Steps to Designating Owners of Unstructured Data

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

Dell InTrust Preparing for Auditing CheckPoint Firewall

Copyright 2013 enstratius, Inc.

Web Portal Installation Guide 5.0

Quest vworkspace Virtual Desktop Extensions for Linux

Active Directory Auditing: What It Is, and What It Isn t

content-aware identity & access management in a virtual environment

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

2.0. Quick Start Guide

Strengthen security with intelligent identity and access management

How to Quickly Create Custom Applications in SharePoint 2010 or 2013 without Custom Code

Dell Statistica Document Management System (SDMS) Installation Instructions

FOR WINDOWS FILE SERVERS

Desktop Authority vs. Group Policy Preferences

About Recovery Manager for Active

Spotlight Management Pack for SCOM

Quest Collaboration Services 3.5. How it Works Guide

Defender 5.7. Remote Access User Guide

Dell Client Profile Updating Utility 5.5.6

Identifying Problematic SQL in Sybase ASE. Abstract. Introduction

Dell One Identity Manager 7.0. Help Desk Module Administration Guide

Dell InTrust 11.0 Best Practices Report Pack

Dell NetVault Backup Plug-in for SharePoint 1.3. User s Guide

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

ChangeAuditor 5.7. What s New

Transcription:

Understanding Enterprise Cloud Governance Maintaining control while delivering the agility of cloud computing Most large enterprises have a hybrid or multi-cloud environment comprised of a combination of private and public clouds. But they have legitimate concerns about ensuring proper governance of these environments. To help you overcome governance challenges, this paper answers three critical questions: How does IT maintain security across the cloud environment? How can IT demonstrate compliance with required laws and regulations? How can IT control spending in the cloud? Cloud governance is becoming an even larger issue as private and public cloud deployments become increasingly important to IT strategy. The number of applications in the cloud, the scale of those applications, and the number of people involved in managing and operating those applications is growing dramatically. But many organizations are worried about moving more applications to the cloud due to concerns about governance. This paper explains how organizations can address these three key requirements. Using best practices you can overcome the challenges associated with maintaining control of your enterprise cloud environment. Examples of enterprise cloud governance use Enterprises today are incorporating various aspects of governance, agility and choice into their cloud management strategies. Here are some real-world examples of common challenges that enterprises face. Centralized security and compliance management A leading global financial information and education company must remain compliant with a variety of regulatory and corporate compliance and security regimes. They require an operations environment that allows them to centrally coordinate security and auditing without restricting authorized self-service use of cloud services by end users.

Hosting resources in the cloud whether public or private can actually enable organizations to improve their security profiles. Multi-tenant operations A leading national telecommunications provider is supplying cloud services to a very large number of clients. They require a cloud management platform that allows them to cleanly separate client concerns, ensuring that the actions of any one client cannot impact the environments of others. Financial tracking and chargebacks A large advertising agency needs to track costs for their cloud infrastructure for various projects and clients. Charging clients and projects with the appropriate use of their clouds is difficult and timeconsuming. Automating these processes both increases efficiency and client satisfaction. How can IT maintain cloud security? Choosing the right tools enables organizations to maintain security across multiple clouds Security requirements are driven by fear fear of data being compromised or lost; fear of failing to meet compliance regulations; and fear of falling behind the competition. These are valid fears. The good news is that hosting resources in the cloud whether public or private can actually enable organizations to improve their security profiles. Typically, large enterprises have a hybrid cloud environment (also known as multi-cloud ), comprised of a combination of private and public clouds. Ideally these are controlled by IT. But more and more often, business users are going directly to cloud providers to obtain the services they need and bypassing IT altogether. So, how can an organization maintain cloud security with this decentralization? By choosing tools that manage encryption and access controls across hundreds or thousands of users, and by using automation for easy and secure implementation of tight security restrictions across multiple clouds. Putting the right tools in place can make it easier for business units to accomplish their goals with IT acting as a trusted helper rather than a hindrance. Encryption Every organization should already be using encryption technology. Encryption key management, however, can be challenging. At a bare minimum, each server should have its own keys for file system encryption, and ideally use a different encryption key for backups. Some organizations even create separate encryption keys for each data volume. Managing the sheer volume of keys generated plus ensuring they are securely stored, protected and retrievable when needed can quickly become overwhelming. Choosing a key management system The best way to deal with encryption key management is to integrate your key management solution with your cloud management solution. You then are able to leverage built-in automation features, such as support for automatic file system decryption and backup encryption. This also removes the need for admins to handle actual keys, which reduces the chances of keys being lost or stolen. Some of the basic things to look for are: Cloud credentials maintained outside of any cloud provider Communication secured by trusted third parties Strong VM file system and data encryption Cloud Manager provides the most secure cloud solution for your applications. Dell Cloud Manager provides rolebased security, allowing you to access or manage resources as required. Users can be alerted to specific actions or issues and billing codes can be allocated to budget resources. Cloud Manager supports LDAP and Active Directory to allow you to leverage existing enterprise identities, groups and roles. Cloud Manager also lets you define the security profiles applied to user authentication. 2

Cloud Manager is capable of integrating with and augmenting user authentication via several methods, including: Username and password authentication Multi-factor authentication Security Assertion Markup Language (SAML) Federation OpenID with trusted providers LDAP authentication Cloud Manager also provides single sign-on support for multi-cloud management. By retaining all cloud credentials outside the cloud provider, Cloud Manager provides the most secure cloud solution for your applications. It acts as the guardian of your security keys and credentials, but has no access to your data and runs outside your cloud. All communication between the provisioning system and the credentials system occurs over SSL web services using an SSL certificate signed by GeoTrust, VeriSign, or GlobalSign. Access Control Access control ensures that the right people, and only the right people, have access to the right information, when they need it. For example, employees within an organization s Human Resources department need access to the salary and performance review history of employees company-wide. There could be serious legal repercussions if an unauthorized employee was granted the same access rights as that HR representative and started sharing confidential information. Access control can be divided into two categories: authentication and authorization. Authentication is the accurate identification of users. Authorization is mapping the actions that a user is allowed to take. Both are problematic for large enterprises. The larger the organization or the more servers and applications in use, the more likely it is that security will be breached, or at least diminished. How do access controls work? The authentication piece happens first, whether it is via username and password login, a multi-factor login (for example, with a generated token), through an encrypted key, or through OpenID with a trusted provider. Then, authorization comes into play. You should be able to apply fine-grained role-based policies for all resources, tie resource usage back to budgetary policies, apply those policies to existing IT groups, and set alerts for specific actions or issues. Through the use of LDAP or Active Directory, you can leverage your existing groups and roles and use them to define cloud management policies. Automated deployment Cloud automation capabilities makes it far easier for organizations to implement encrypted file systems and backups, even within public clouds. Automated deployment greatly reduces the risk of user error and malicious actions. How can IT demonstrate compliance with required laws and regulations? The second critical requirement for security is being able to not only comply with required laws and regulations, but to demonstrate that compliance. Failing to meet compliance requirements can have legal and financial ramifications, so as cloud operations continue to grow, organizations must be able to clearly demonstrate compliance with required laws and regulations. Most likely, your organization is already taking measures to ensure its policies, processes and environments are in compliance with the relevant regulations. But how do you prove this during an audit? Within cloud environments, logging, monitoring and alerting are three common approaches. Logging ensures that organizations can show that they are in full control of their systems, and it can also be useful for long-term analysis. Cloud providers generally do not provide their customers with logs of what actions have been taken by those customers via the provider s console or API. 3

There is no reason why organizations should not be able to apply the same budget tracking processes they already use to the cloud. Monitoring is the process of keeping an eye on the logs to ensure that there are no potential security threats. Alerting helps staff proactively identify and solve emerging issues. Logging All compliance regulations require that organizations provide appropriate logging to demonstrate that they are in compliance with regulations. This documentation is used as proof that the organization is monitoring and can audit what is happening across all their systems. The ability to easily track user activity is also useful for maintaining security, and logs can also be used to show and forecast trends in usage. When dealing with cloud especially public cloud organizations should be aware that there is a gap in the logging that is available. Cloud providers generally do not provide their customers with logs of what actions have been taken by their employees via the provider s console or API. As a result, the customer, by default, does not have any way of tracking which users performed what actions. Therefore, it is important to have another solution in place for obtaining these logs. Cloud management can address this issue by acting as a proxy between your organization and your cloud providers. This enables your organization to capture all console or API-level logs in an easy-to-manage format. Monitoring and alerting Logging may be a requirement for compliance, but it is not a proactive solution. It s important to monitor and review the logs on a regular, ongoing basis, and provide the appropriate response to any suspicious activity. The easiest and most secure way to do this is to have a system monitoring the logs and generating automated alerts. The alerts should trigger on whatever conditions are important to your organization. This information is useful for the security, operations and applications teams for knowing both when unexpected events happen and when expected actions don t happen on schedule. Managing logging, monitoring, and alerting Cloud Manager offers built-in logging, monitoring and alerting services, plus the ability to integrate with a variety of third-party products, including Splunk, ArcSight and PagerDuty. Auditing The audit process is another integral part of any compliance regime. Organizations must be assessed by authorized third parties and achieve certification asserting that the organization is compliant with the relevant regulations. Auditors rely heavily on logging as both direct and indirect evidence of compliance. Logs allow organizations to demonstrate that they are taking certain actions, such as regularly evaluating who has access to what resources. Log audits show that there is sufficient evidence being gathered for the organization to be able to detect and respond to potential security incidents. How can IT control spending in the cloud? Maintaining control of your environment requires maintaining control of your finances. But accurately tracking and limiting cloud spend across a myriad of groups, departments and projects can be a daunting task. To maintain control of budgets at a granular level, enterprises must be able to: Track multi-cloud spending to the resource level Associate cloud resources with distinct cloud budgets Accurately calculate spend based on multiple currencies There is no reason why organizations can't use the same budget-tracking processes for cloud resources that they use for the rest of their business. Having controls in place that allow users to set and assign budget codes to specific resources, individuals or groups can also allow them to save money. By setting quotas, IT can monitor and even cut off cloud spending at the individual resource level. 4

Soft quotas allow alerts to be generated when resource costs tied to a certain budget code reach an assigned value. This allows the individuals within that group, or the administrator, to conserve additional resources. Hard quotas deny creation of new resources under that budget code until either other resources are released or the limit is increased. Each time a new cloud resource is provisioned, Cloud Manager will track the cost and limit spending per your specific budget requirements. You can: Set budget codes by project, department, division or customer Monitor spending and receive alerts when forecasted spending is higher than the quota Cut off access to resources if spend reaches the budget cap View and track in the currency of your choice no conversion required About Cloud Manager Cloud Manager is a cloud infrastructure management solution for deploying and managing enterprise-class applications in public, private and hybrid clouds. The solution s multicloud architecture provides enterprises around the world with agility, governance, and choice: Agility Cloud Manager enables you to easily deploy and manage cloud applications across public and private clouds. Developers can leverage self-service provisioning, deploy applications to the cloud, and automate scaling based on system or application triggers. Governance through simplified, standardized security management, elimination of over-privileged users, and consistent delegation. Choice by delivering alerts on AD and GPO changes to reduce network and user downtime and by ensuring rapid recovery from accidental changes, deletions and administrative errors. Cloud Manager also enables enterprises to leverage leading configuration management solutions Chef and Puppet across all supported clouds. Dell provides consulting services to assist you in your migration into the cloud. We can help you design a deployment to meet your target SLAs and address issues such as scaling parameters, security and compliance. For more information on Dell Cloud Manager, visit www.enstratius.com. Cloud Manager is a cloud infrastructure management solution for deploying and managing enterpriseclass applications in public, private and hybrid clouds. Users Dell Cloud Manager API Console LDAP/AD SSO Security access and identity management Billing systems Budget controls Containerization ITSM Provisioning Management Monitoring systems Service catalog Automation Configuration management Dasein open source cloud abstraction layer Public clouds Private clouds Digital Ocean Dell/RedHat SUSE Cloud 4 Figure 1. Cloud Manager is a cloud infrastructure management solution for deploying and managing enterprise-class applications in public, private and hybrid clouds. 5

For More Information 2015 Dell, Inc. ALL RIGHTS RESERVED. This document contains proprietary information protected by copyright. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose without the written permission of Dell, Inc. ( Dell ). Dell, Dell Software, the Dell Software logo and products as identified in this document are registered trademarks of Dell, Inc. in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners. The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPT AS SET FORTH IN DELL S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Dell does not make any commitment to update the information contained in this document. About Dell Software Dell Software helps customers unlock greater potential through the power of technology delivering scalable, affordable and simple-to-use solutions that simplify IT and mitigate risk. The Dell Software portfolio addresses five key areas of customer needs: data center and cloud management, information management, mobile workforce management, security and data protection. This software, when combined with Dell hardware and services, drives unmatched efficiency and productivity to accelerate business results. www.dellsoftware.com. If you have any questions regarding your potential use of this material, contact: Dell Software 5 Polaris Way Aliso Viejo, CA 92656 www.dellsoftware.com Refer to our Web site for regional and international office information. 6 Techbrief-EnterpriseCloudGovernance-US-KS-26778

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information