5 things to consider when designing a security strategy for the Cloud William Crank, MEDHOST, Blake Sutherland, VP, Enterprise Business, Trend Micro



Similar documents
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Securing OS Legacy Systems Alexander Rau

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

How To Protect Your Cloud From Attack

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Cloud Computing Risks & Reality. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

Security Intelligence

End-user Security Analytics Strengthens Protection with ArcSight

Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Cyber Security An Exercise in Predicting the Future

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

Windows Server 2003 End of Support. What does it mean? What are my options?

OVERVIEW. Enterprise Security Solutions

Cloud Data Security. Sol Cates

PCI DSS Top 10 Reports March 2011

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

PCI Compliance for Cloud Applications

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security.

Cloud Security and Managing Use Risks

INTRODUCING isheriff CLOUD SECURITY

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

The Sumo Logic Solution: Security and Compliance

Security of Cloud Computing for the Power Grid

NE T GENERATION CLOUD SECURITY PLATFORM

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager

Cloud and Data Center Security

Putting the cloud to work for your organization. A buyers guide to cloud solutions.

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

Information Security for the Rest of Us

Modular Network Security. Tyler Carter, McAfee Network Security

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Logging In: Auditing Cybersecurity in an Unsecure World

Building a Business Case:

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

Lot 1 Service Specification MANAGED SECURITY SERVICES

Netzwerkvirtualisierung? Aber mit Sicherheit!

1 Introduction Product Description Strengths and Challenges Copyright... 5

and Security in the Era of Cloud

Cloud Vendor Evaluation

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

PROTECTED CLOUDS: Symantec solutions for consuming, building, or extending into the cloud

The Current State of Cyber Security

Total Cloud Protection

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

Trend Micro Cloud Security for Citrix CloudPlatform

Cloud Security Who do you trust?

IBM Security IBM Corporation IBM Corporation

Global IT Security Risks

Everything You Need to Know About Effective Mobile Device Management. mastering the mobile workplace

RETHINKING CYBER SECURITY Changing the Business Conversation

Bringing Continuous Security to the Global Enterprise

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Endpoint protection for physical and virtual desktops

journey to a hybrid cloud

Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology

Endpoint protection for physical and virtual desktops

Secure Cloud Computing

Addressing Security for Hybrid Cloud

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

Introduction to QualysGuard IT Risk SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Security Analytics for Smart Grid

The Hillstone and Trend Micro Joint Solution

Cyber Security for your Connected Health Device

Cloud models and compliance requirements which is right for you?

Websense Data Security Gateway and Citrix NetScaler SDX Platform Overview

EHS Privacy and Information Security

Boosting enterprise security with integrated log management

1518 Best Practices in Virtualization & Cloud Security with Symantec

SECURE YOUR BUSINESS WHEREVER IT TAKES YOU. Protection Service for Business

Transcription:

5 things to consider when designing a security strategy for the Cloud William Crank, MEDHOST, Blake Sutherland, VP, Enterprise Business, Trend Micro May 2015

Speakers Blake Sutherland, VP Enterprise Business, Trend Micro With over 25 years of security experhse, Trend Micro is recognized as the market leader in server security, cloud security, breach detechon and small business content security. We make the world safe for exchanging digital informahon. William Crank, MEDHOST MEDHOST provides sonware and services to about 1,000 healthcare facilihes nahonwide, from large mulh- facility hospital systems to independent community facilihes and IDNs.

The Cloud is changing healthcare improving pahent health, engagement and wellness 6000 Apps in itunes Telemedicine, e- Health Internet of Things Medical Devices Cloud Portals Mobile Clinician Copyright 2015 Trend Micro Inc. 3

But healthcare is at risk of data loss, breaches and gaps in security Fall 2014: 4.5 million records stolen from a healthcare organizahon Spring 2015: Another breach at a healthcare insurer has 80 million records affected Spring 2015: A third major incident affechng 11 million customer records including medical and financial data ConfidenHal 2015 Trend Micro Inc. 4

Cloud usage in Healthcare is healthy, but security could use improvement! In the latest SANS Healthcare study, 60% of respondents indicated that they are either using or planning to use the cloud for mulhple applicahons containing sensihve data New Threats Drive Improved PracHces: State of Cybersecurity in Health Care OrganizaHons, December 2014, SANS In a recent Trend Micro study, less than 40% of surveyed companies felt that their cloud applicahons were secure or very secure Trend Micro Healthcare Security Survey, February 2015 68% state that their security budget will DECREASE in the next 12 months! Trend Micro Healthcare Security Survey, February 2015 ConfidenHal 2015 Trend Micro Inc. 5

Payment Card Industry (PCI) Protected Health InformaHon (PHI) INFORMATION HAS BECOME YOUR MOST STRATEGIC ASSET Intellectual Property (IP) Personally IdenHfiable InformaHon (PII)

Payment Card Industry (PCI) Protected Health InformaHon (PHI) 552 90 % $3.7M COMMERCIAL EXPLOIT KITS INSURANCE AVERAGE NEW ORGANIZATIONS NOT THREATS EVEN CAREATED WARE HAVE OEF VERY USED BY VIRTUALLY A PAYOUT LL MALWARE FROM DATA SECOND ACTIVE INTRUSIONS EASTERN EUROPEAN CYBERCRIMINALS BREACH Intellectual Property (IP) Personally IdenHfiable InformaHon (PII)

Copyright 2015 Trend Micro Inc. 8 5 Things for Healthcare to Think About DESIGNING A SECURITY STRATEGY FOR THE CLOUD

Healthcare Cloud AdopHon What is healthcare doing in the cloud? UHlizing SaaS offerings from third- party vendors. MigraHng crihcal/sensihve workloads to the cloud leveraging PaaS and IaaS providers. Why are they doing it? Total Cost of SubscripHon (TCS) Scalability and Availability Accessibility Speed and Flexibility Copyright 2015 Trend Micro Inc. 9

The 5 Things Control Categories Copyright 2015 Trend Micro Inc. 10

Data ProtecHon What does this mean? EncrypHon (at rest, in transit) SegregaHon RedacHon (if necessary & capable) Geo- PoliHcal boundaries Data classificahon & retenhon Integrity What you should do? This includes both process and data work and includes technologies that can assist you Copyright 2015 Trend Micro Inc. 11

OperaHons What does this mean? Asset Management Back- Ups Patch Management Threat & Vulnerability Management Network Security What should you do? Ensure regular maintenance and schedules of operahonal systems. Apply virtual patching if you have legacy systems or not able to do immediate updates and upgrades Copyright 2015 Trend Micro Inc. 12

Access Control What does this mean? Access Control List s (whitelishng & blacklishng) User Access (Provisioning, Change, Removal) Role Based Access Control (Permission and AuthoriHes) What should you do? Managing access control for roles, locking down systems, having ability to control what makes it through or not Copyright 2014 Trend Micro Inc. 13

Logging, Monitoring & AlerHng What does this mean? Security Incidents Data Access AlerHng Incident Response Team/Process What should you do? Includes process and technology soluhons that can provide instant alerts and help understand when an issue is present, what to do about it, or resolve issues that require inveshgahon and going backwards in Hme Copyright 2014 Trend Micro Inc. 14

Legal & Contractual considerahons What does this mean? Business Associate Agreements Data Use Agreement Policy Policies & Procedures What should you do? With assistance from legal and policy makers, ensure paperwork and processes are in place. Follow compliance regulahons and simplify your security management with tools that will help you maintain this type of obligahon easily Copyright 2015 Trend Micro Inc. 15

Copyright 2015 Trend Micro Inc. 16 We Thank You For ParHcipaHng QUESTIONS?

Trend Micro has soluhons to address mulhple Healthcare Issues CENTRALIZED VISIBILITY & CONTROL Legacy Systems PaHent Portals EMR/EHR Security Breaches Phishing Avacks Gaps due to Medical Devices Data Loss PrevenHon Endpoints, Mobile Malware, AV