Professional Documents
Culture Documents
Interactivity Tips
1. Ask A Question 2. Download a PDF copy of todays presentation 3. Group Chat 4. Social Networking Tools
Todays Agenda
Moderator: Elliot Markowitz - Vice President of Strategic Content Development - Ziff Davis Enterprise Guy Currier - Executive Director, Research - Ziff Davis Enterprise Joe Leonard - Security Practice Manager Presidio Ric Telford - Vice President - IBM Cloud Services
Versatility:
low cost and high speed of entry and exit particlization broad range of customization
Information
Hardware
Software
Interface
User
So there are different offerings for eachyou can use different vendors or solutions for each (More confusion: IaaS also stands for integration as a service, which is actually PaaS )
Public Private
0%
5%
Public Private
0%
5%
The Kinds of Flexibility and Speed You Get with Cloud Computing
Elasticity (scalability up or down)
Scope of service
The Cloud Computing Template Holds the Seeds of Its Own Destruction
aspect of a cloud solution security verdict
S S S S Public Private
0%
5%
Information
Hardware
Software
Interface
User
Uncertainty in data access points Greater variation in system transparency, depending on solution needed
Better balance of security and application investment Ability to pick the cloud scheme that fits with current capabilities
Organizations still must seek, and can get, the control and performance theyre used tothey just havent demanded it yet.
Joe Leonard, CISA, CISM, CRISC, CISSP, CCSK, CCSP, CEH Secure Networks Practice Manager June 27, 2011
Agenda Security in the News Security Consulting Portfolio Presidio Typical Assessment Findings Recommendations to protect your organization SANS Consensus Audit Guidelines
23
Details
SecureID breach Daily news articles Cost of breach TBD 77M records compromised Network down 1 week Minimum damage estimate $170M Cyber incident Replaced 90,000 SecureID Tokens Economic Espionage Theft of large quantities of data Spear fishing attack (digital insider) Not detected for months 360,000 accounts compromised Hacktivists Multiple attacks Sites inaccessible (DoS)
MAR
APR
MAY
JUN
Sony Network
http://www.privacyrights.org/data-breach
24
Benefits
Design and implement information security program to protect data. Vulnerability Risk Network Virtualization Cloud
Security Integration
25
Recommendations
Security Strategy - Senior management develop, implement, and enforce a comprehensive information security program that defines security policies, standards and procedures that are part of culture. Education & Training - Educate users on security policies and threats to the organization. Continuous Monitoring - Test systems regularly and perform remediation. (Quarterly and Annual vulnerability assessments use to be recommended, however it is now recommended to perform daily monitoring.) Controls - Deploy strong perimeter controls FW, IPS, Web/Email and Web Application Firewalls.
27
Recommendations (cont.)
Segmentation - Segment sensitive data and systems from the general network. Configuration Management - Develop, implement, and enforce configuration management policies and procedures for all systems. Authentication - Utilize strong authentication for all administrative and remote access connections. Least Privilege - Control user access based on least privilege and need to know. Endpoint security controls Deploy AV/AS/MDM/HIPS Incident Response Plan - Develop and test incident response plan.
28
Can be automated
Cannot be automated 29
http://www.sans.org/critical-security-controls/
CIO visionary plans are evolving: business intelligence and analytics remain at the top, with cloud computing moving into the top four
Most important visionary plan elements
(Interviewed CIOs could select as many as they wanted)
Business Intelligence and analytics Mobility solutions Virtualization Cloud computing Business process management Risk management and compliance Self-service portals Collaboration and Social Networking
60% 33% 60% 64% 58% 71% 57% 66% 55% 54% 74% 68%
83% 83%
68%
75%
2009
Source: 2011 CIO Study, Q12: Which visionary plans do you have to increase competitiveness over the next 3 to 5 years?(n=3,018) 32
2011
Appl Appl
Cloud Computing
Information Intensive
Highly Customized
Isolated Workloads
Pre-Production Systems
Batch Processing
34
Decide which of the Cloud deployment options is right for each IT service
Private Cloud
Enterprise Data Center
Third-party operated
Private
IT capabilities are provided as a service, over an intranet, within the enterprise and behind the firewall
Public
IT activities / functions are provided as a service, over the Internet
Hybrid
35
Cloud Services
API
OSS
Operational Support System
Service Delivery Catalog Service Templates Service Request Mgmt Provisioning Monitoring & Event Mgmt Service Automation Management Configuration Mgmt Incident, Problem & Change Management IT Asset & License Mgmt Virtualization Mgmt Image Lifecycle Mgmt IT Service Level Mgmt Capacity & Performance Mgmt
Tomorrow
Individual Deployment
Application Middleware Operating System Hardware
OS
OS
OS
Shared Hardware
Shared Infrastructure
Benefits Increased utilization of infrastructure Location independent deployment Challenges Low hardware utilization Heavily customized infrastructure Challenges Building images Image proliferation Governance of changes Creation of composite applications Connectivity to legacy and off premises applications
Benefits Standardized middleware Increased utilization of software Improved deployment speed Simplified applications management
37
38
Thank You,
QUESTIONS?
Attendee Services
Download a copy of todays presentation