SlideShare ist ein Scribd-Unternehmen logo

Comprehensive Cloud Security Requires an Automated Approach

Als PPTX, PDF herunterladen
CloudPassage
CloudPassage

Andras Cser, VP Principal Analyst at Forrester Research and Carson Sweet, CEO at CloudPassage discussed a new enterprise security architecture that will: -Apply elastic compute power, big data, and massively horizontal distribution of security controls and telemetry. -Automate security and compliance monitoring in a scalable and portable manner across both traditional datacenter and cloud environments. -Address both data at rest and in motion and create minimal resource impact across environments.

Technologie
1 von 36
Comprehensive Cloud Security Requires an Automated Approach Andras Cser, VP and Principal Analyst Forrester Research Carson Sweet, CEO and Co-founder CloudPassage November 12, 2013
Cloud Security: Automation and Centralization Matters Andras Cser, VP and Principal Analyst November 12, 2013
Agenda › Why is Cloud Security Important › Challenges with Cloud Security › Forrester’s Recommendations © 2013 Forrester Research, Inc. Reproduction Prohibited 3
Agenda › Why is Cloud Security Important › Challenges with Cloud Security › Recommendations © 2013 Forrester Research, Inc. Reproduction Prohibited 4
Cloud-based Services Employed Regularly “Which of the following cloud-based services have you employed on a regular basis?" Compute (e.g., Amazon EC2, Microsoft Azure VM Role) 50% Storage 49% Relational database (e.g. SQL Azure) 42% Development tools/IDE (e.g. Cloud9, Cloud Foundry) 37% Social (e.g., Salesforce Chatter) 33% Messaging 33% Content management 31% Message queuing 26% Integration (e.g., Dell Boomi, IBM Cast Iron) 23% Application-level caching 23% Content delivery network 21% Mobile back end 18% BPM 16% Nonrelational database Don't know Other 14% 3% 2% Base = 175 software developers from companies with 1,000 or more employees Source: Forrsights Developer Survey, Q1 2013 © 2013 Forrester Research, Inc. Reproduction Prohibited 5
“Which of the following initiatives are likely to be your IT organization's top project and organizational priorities over the next 12 months?” Increase our use of software-as-a-service (cloud applications) Critical or High priority 48% Low priority 35% Not on our agenda Don't know 15% 1% Base: 1,176 North American and European IT decision-makers at firms with 1,000 or more employees Source: Forrester Software Survey, Q4 2012 © 2013 Forrester Research, Inc. Reproduction Prohibited 6
Why Cloud Security is like a two component glue, a unique blend: A: The Cloud is not just a new delivery platform B: Cloud Security is NOT just continuing security and extending it to the cloud © 2013 Forrester Research, Inc. Reproduction Prohibited 7
Cloud Pulls the CISO in Many Directions 1. Cloud Offers Irresistible Benefits 2. LOB procures cloud services CISO and Security Organization Changes, aka Uneven Handshake 5. Security Struggles to Reduce Cloud Security Risks © 2013 Forrester Research, Inc. Reproduction Prohibited 4. Data Center Is Loosely Coupled 3. CISO Can’t Say No All the Time 8
Cloud Security Means a Lot of Things to a Lot of People › What interfaces our company has to have to work well with our Cloud Providers? (Security To the Cloud) › › › How can a Cloud Provider (like Amazon Web Services or SalesForce.com) prove to us that they are secure? (Security In the Cloud) How can our company make its internal (and in some cases, Cloud Provider) security better? (Security From the Cloud) What are the organizational implications of Cloud and Cloud Security to our IT security organization? © 2013 Forrester Research, Inc. Reproduction Prohibited 9
Cloud Security Prepositions
Agenda › Why is Cloud Security Important › Challenges with Cloud Security › Recommendations © 2013 Forrester Research, Inc. Reproduction Prohibited 11
General Challenges with Cloud Security › Ease of Use for End Users (you can’t control end users) • Cloud security should not require users to change behaviors or tools › Inconsistent Control (you don’t own everything) • The only thing you can count on is guest VM ownership › Elasticity (not all servers are steady-state) • Cloudbursting, stale servers, dynamic provisioning › Scalability (highly variable server counts) • May have one dev server or 1,000 production web servers › Portability (same controls work anywhere) • Nobody wants multiple tools or IaaS provider lock-in © 2013 Forrester Research, Inc. Reproduction Prohibited 12
Challenges with Cloud Security › Data protection › Workload separation and multi tenancy › Information Rights Management › SaaS providers don’t help much with security related concerns › › › › Network Security Identity and Access Management (IAM) and Privileged Identity Management (PIM) Business Continuity and Disaster Recovery (BCDR) Log Management (SIEM) © 2013 Forrester Research, Inc. Reproduction Prohibited 13
Cloud Does NOT Shift the Responsibility of Data Protection › “When data is transferred to a cloud, the responsibility for protecting and securing the data typically remains with the collector or custodian of that data.” Cloud Security Alliance, Guidance v3.0 © 2013 Forrester Research, Inc. Reproduction Prohibited 14
Agenda › Why is Cloud Security Important › Challenges with Cloud Security › Protecting Data In the Cloud › Recommendations © 2013 Forrester Research, Inc. Reproduction Prohibited 15
When it comes to responsibilities… How do we avoid this?
Who’s Responsible for IaaS Security? AWS Shared Responsibility Model “…the customer should assume responsibility and management of, but not limited to, the guest operating system and associated application software...” App Code App Framework Operating System Amazon Web Services: Overview of Security Processes Virtual Machine Hypervisor Compute & Storage Shared Network Physical Facilities Provider Responsibility “it is possible for customers to enhance security and/or meet more stringent compliance requirements with the addition of host based firewalls, host based intrusion detection/prevention, encryption and key management.” Customer Responsibility Data
Think Security From the Cloud Typical questions and requirements: • How can you source security services from MSSPs? • How can you protect security and data at our cloud providers? • In general: How do we integrate on existing onpremise security with the MSSPs security products?
Do your homework… › › › › › › › Get as much detail around security from your SaaS provider as you can Set clear boundaries for security responsibilities between you and your IaaS/PaaS provider Data protection, data protection, data protection Don’t build your own tools Apply comprehensive approach to cloud security Centralize and scale security policy management for your cloud Automate your security (you can’t manually configure thousands of servers) © 2013 Forrester Research, Inc. Reproduction Prohibited 19
© 2013 Forrester Research, Inc. Reproduction Prohibited 20
Thank you Andras Cser +1 617.613.6365 acser@forrester.com
Security automation for virtualized & cloud environments
Problem: Infrastructure Security Is Behind › › › › Infrastructure more distributed and dynamic than ever Current security models neither dynamic nor distributed Perimeters, appliances, hardware reliance, stable configurations, change control, endpoint security solutions… all marginalized to worthless in new models Without infrastructure security, all other security measures are weak (castle on sand, not bedrock) Security teams can’t assure security or compliance, being dragged behind business
The Old Model: everything behind firewall, low rate of change, very few infrastructure stacks
The New Model: multiple stacks, broadly distributed, legacy approaches fail
Security Buyer Challenges › Achieving compliance in cloud environments • PCI, HIPAA, ISO 27002, SOC2, SANS Top 20, NIST › Disparate systems & high rate of change • “Dynamic” is core to cloud, new mode of operation • Security orchestration & automation underserved needs › Existing products don’t work well (if at all) • Technically designed for a different time • Do not match up to dynamic cloud operational models
Why Do Existing Solutions Fail? Network & hardware dependencies Cannot operate across cloud models Lack of meteredusage licensing Cannot handle elasticity or wide distribution
How we built high-scale security & compliance automation
Objective: Consolidate & Automate Controls
Halo Security Automation Platform
Automation Needs To Work Anywhere
Automation Must Extend Current Tools
Security Automation Outcomes › Massive reduction in security ops overhead • Automated control deployment & orchestration • Consolidation of otherwise disparate functions • Single point of security & compliance management › Security and compliance consistency • Security & compliance that’s truly built-in • Eliminates opportunities for human error • Deploy once, certify many (complex compliance) › Enables safe use of cloud models • Security teams have confidence in controls • Cloud projects don’t require manual intervention
Key Takeaway: Automating security enables saying “yes” to cloud, improves security, and makes complex compliance achievable.
Questions?

Empfohlen

Avoiding Limitations of Traditional Approaches to Security
Avoiding Limitations of Traditional Approaches to SecurityAvoiding Limitations of Traditional Approaches to Security
Avoiding Limitations of Traditional Approaches to Security
Mighty Guides, Inc.
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT Practices
Mighty Guides, Inc.
 
Avoiding Container Vulnerabilities
Avoiding Container VulnerabilitiesAvoiding Container Vulnerabilities
Avoiding Container Vulnerabilities
Mighty Guides, Inc.
 
CSA Standards Development Summary
CSA Standards Development SummaryCSA Standards Development Summary
CSA Standards Development Summary
CloudSecurityAllianceAustralia
 
Making Cloud Security Part of Your DNA Webinar Slides
Making Cloud Security Part of Your DNA Webinar SlidesMaking Cloud Security Part of Your DNA Webinar Slides
Making Cloud Security Part of Your DNA Webinar Slides
Netskope
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
YounesChafi1
 
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar DeckHow PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
Amazon Web Services
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
Amazon Web Services
 

Empfohlen

Avoiding Limitations of Traditional Approaches to Security
Avoiding Limitations of Traditional Approaches to SecurityAvoiding Limitations of Traditional Approaches to Security
Avoiding Limitations of Traditional Approaches to Security
Mighty Guides, Inc.
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT Practices
Mighty Guides, Inc.
 
Avoiding Container Vulnerabilities
Avoiding Container VulnerabilitiesAvoiding Container Vulnerabilities
Avoiding Container Vulnerabilities
Mighty Guides, Inc.
 
CSA Standards Development Summary
CSA Standards Development SummaryCSA Standards Development Summary
CSA Standards Development Summary
CloudSecurityAllianceAustralia
 
Making Cloud Security Part of Your DNA Webinar Slides
Making Cloud Security Part of Your DNA Webinar SlidesMaking Cloud Security Part of Your DNA Webinar Slides
Making Cloud Security Part of Your DNA Webinar Slides
Netskope
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
YounesChafi1
 
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar DeckHow PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
How PagerDuty Achieved End-to-End Visibility with Splunk and AWS Webinar Deck
Amazon Web Services
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
Amazon Web Services
 
Elastic Security Brochure
Elastic Security BrochureElastic Security Brochure
Elastic Security Brochure
Joseph DeFever
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overview
Allessandra Negri
 
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
Herding Pets and Cattle: Extending Foundational Controls Into the CloudHerding Pets and Cattle: Extending Foundational Controls Into the Cloud
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
Tripwire
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale
 
Crisis Management & Remote Work w/ Microsoft 365
Crisis Management & Remote Work w/ Microsoft 365Crisis Management & Remote Work w/ Microsoft 365
Crisis Management & Remote Work w/ Microsoft 365
Perficient, Inc.
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
RightScale
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and Zscaler
Ankit Dua
 
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Netskope
 
7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel
Mighty Guides, Inc.
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls Security
Hari Kumar
 
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesForrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Netskope
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your Data
Procore Technologies
 
VMware Technical Overview (2012)
VMware Technical Overview (2012)VMware Technical Overview (2012)
VMware Technical Overview (2012)
Steven Aiello
 
Security Challenges in Cloud
Security Challenges in CloudSecurity Challenges in Cloud
Security Challenges in Cloud
MarketingArrowECS_CZ
 
CSA Security Guidance Cloud Computing v3.0
CSA Security Guidance Cloud Computing v3.0CSA Security Guidance Cloud Computing v3.0
CSA Security Guidance Cloud Computing v3.0
CloudSecurityAllianceAustralia
 
Defense In-Depth
Defense In-DepthDefense In-Depth
Defense In-Depth
Will Kelly
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips
Mario Worwell
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
Amazon Web Services
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021
Matt Soseman
 
Best-Practices-Web-Usability
Best-Practices-Web-UsabilityBest-Practices-Web-Usability
Best-Practices-Web-Usability
Larry Wilson
 
Demystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public SectorDemystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public Sector
Amazon Web Services
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud security
Andy Powell
 

Weitere ähnliche Inhalte

Was ist angesagt?

RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
RightScale
 
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesForrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Netskope
 
Defense In-Depth
Defense In-DepthDefense In-Depth
Defense In-Depth
Will Kelly
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
Amazon Web Services
 
Best-Practices-Web-Usability
Best-Practices-Web-UsabilityBest-Practices-Web-Usability
Best-Practices-Web-Usability
Larry Wilson
 

Was ist angesagt? (20)

Elastic Security Brochure
Elastic Security BrochureElastic Security Brochure
Elastic Security Brochure
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overview
 
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
Herding Pets and Cattle: Extending Foundational Controls Into the CloudHerding Pets and Cattle: Extending Foundational Controls Into the Cloud
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
 
Crisis Management & Remote Work w/ Microsoft 365
Crisis Management & Remote Work w/ Microsoft 365Crisis Management & Remote Work w/ Microsoft 365
Crisis Management & Remote Work w/ Microsoft 365
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and Zscaler
 
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
 
7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls Security
 
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesForrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your Data
 
VMware Technical Overview (2012)
VMware Technical Overview (2012)VMware Technical Overview (2012)
VMware Technical Overview (2012)
 
Security Challenges in Cloud
Security Challenges in CloudSecurity Challenges in Cloud
Security Challenges in Cloud
 
CSA Security Guidance Cloud Computing v3.0
CSA Security Guidance Cloud Computing v3.0CSA Security Guidance Cloud Computing v3.0
CSA Security Guidance Cloud Computing v3.0
 
Defense In-Depth
Defense In-DepthDefense In-Depth
Defense In-Depth
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021
 
Best-Practices-Web-Usability
Best-Practices-Web-UsabilityBest-Practices-Web-Usability
Best-Practices-Web-Usability
 

Ähnlich wie Comprehensive Cloud Security Requires an Automated Approach

Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
fanc1985
 
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Bill Annibell
 
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
TT L
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud Security
VAST
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]
Tudor Damian
 

Ähnlich wie Comprehensive Cloud Security Requires an Automated Approach (20)

Demystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public SectorDemystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public Sector
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud security
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud security
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
 
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud Security
 
Unit-II-part 3.pdf
Unit-II-part 3.pdfUnit-II-part 3.pdf
Unit-II-part 3.pdf
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
Cloud security
Cloud security Cloud security
Cloud security
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105
 

Mehr von CloudPassage

Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business Enabler
CloudPassage
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
CloudPassage
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
CloudPassage
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
CloudPassage
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
CloudPassage
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
CloudPassage
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
CloudPassage
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
CloudPassage
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
CloudPassage
 
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityWhat You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud Security
CloudPassage
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
CloudPassage
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
CloudPassage
 

Mehr von CloudPassage (20)

Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
 
CloudPassage Careers
CloudPassage CareersCloudPassage Careers
CloudPassage Careers
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business Enabler
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityWhat You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud Security
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
 
Delivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsDelivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS Products
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
 
Halo Installfest Slides
Halo Installfest SlidesHalo Installfest Slides
Halo Installfest Slides
 

Kürzlich hochgeladen

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Kürzlich hochgeladen (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Comprehensive Cloud Security Requires an Automated Approach

  • 1. Comprehensive Cloud Security Requires an Automated Approach Andras Cser, VP and Principal Analyst Forrester Research Carson Sweet, CEO and Co-founder CloudPassage November 12, 2013
  • 2. Cloud Security: Automation and Centralization Matters Andras Cser, VP and Principal Analyst November 12, 2013
  • 3. Agenda › Why is Cloud Security Important › Challenges with Cloud Security › Forrester’s Recommendations © 2013 Forrester Research, Inc. Reproduction Prohibited 3
  • 4. Agenda › Why is Cloud Security Important › Challenges with Cloud Security › Recommendations © 2013 Forrester Research, Inc. Reproduction Prohibited 4
  • 5. Cloud-based Services Employed Regularly “Which of the following cloud-based services have you employed on a regular basis?" Compute (e.g., Amazon EC2, Microsoft Azure VM Role) 50% Storage 49% Relational database (e.g. SQL Azure) 42% Development tools/IDE (e.g. Cloud9, Cloud Foundry) 37% Social (e.g., Salesforce Chatter) 33% Messaging 33% Content management 31% Message queuing 26% Integration (e.g., Dell Boomi, IBM Cast Iron) 23% Application-level caching 23% Content delivery network 21% Mobile back end 18% BPM 16% Nonrelational database Don't know Other 14% 3% 2% Base = 175 software developers from companies with 1,000 or more employees Source: Forrsights Developer Survey, Q1 2013 © 2013 Forrester Research, Inc. Reproduction Prohibited 5
  • 6. “Which of the following initiatives are likely to be your IT organization's top project and organizational priorities over the next 12 months?” Increase our use of software-as-a-service (cloud applications) Critical or High priority 48% Low priority 35% Not on our agenda Don't know 15% 1% Base: 1,176 North American and European IT decision-makers at firms with 1,000 or more employees Source: Forrester Software Survey, Q4 2012 © 2013 Forrester Research, Inc. Reproduction Prohibited 6
  • 7. Why Cloud Security is like a two component glue, a unique blend: A: The Cloud is not just a new delivery platform B: Cloud Security is NOT just continuing security and extending it to the cloud © 2013 Forrester Research, Inc. Reproduction Prohibited 7
  • 8. Cloud Pulls the CISO in Many Directions 1. Cloud Offers Irresistible Benefits 2. LOB procures cloud services CISO and Security Organization Changes, aka Uneven Handshake 5. Security Struggles to Reduce Cloud Security Risks © 2013 Forrester Research, Inc. Reproduction Prohibited 4. Data Center Is Loosely Coupled 3. CISO Can’t Say No All the Time 8
  • 9. Cloud Security Means a Lot of Things to a Lot of People › What interfaces our company has to have to work well with our Cloud Providers? (Security To the Cloud) › › › How can a Cloud Provider (like Amazon Web Services or SalesForce.com) prove to us that they are secure? (Security In the Cloud) How can our company make its internal (and in some cases, Cloud Provider) security better? (Security From the Cloud) What are the organizational implications of Cloud and Cloud Security to our IT security organization? © 2013 Forrester Research, Inc. Reproduction Prohibited 9
  • 11. Agenda › Why is Cloud Security Important › Challenges with Cloud Security › Recommendations © 2013 Forrester Research, Inc. Reproduction Prohibited 11
  • 12. General Challenges with Cloud Security › Ease of Use for End Users (you can’t control end users) • Cloud security should not require users to change behaviors or tools › Inconsistent Control (you don’t own everything) • The only thing you can count on is guest VM ownership › Elasticity (not all servers are steady-state) • Cloudbursting, stale servers, dynamic provisioning › Scalability (highly variable server counts) • May have one dev server or 1,000 production web servers › Portability (same controls work anywhere) • Nobody wants multiple tools or IaaS provider lock-in © 2013 Forrester Research, Inc. Reproduction Prohibited 12
  • 13. Challenges with Cloud Security › Data protection › Workload separation and multi tenancy › Information Rights Management › SaaS providers don’t help much with security related concerns › › › › Network Security Identity and Access Management (IAM) and Privileged Identity Management (PIM) Business Continuity and Disaster Recovery (BCDR) Log Management (SIEM) © 2013 Forrester Research, Inc. Reproduction Prohibited 13
  • 14. Cloud Does NOT Shift the Responsibility of Data Protection › “When data is transferred to a cloud, the responsibility for protecting and securing the data typically remains with the collector or custodian of that data.” Cloud Security Alliance, Guidance v3.0 © 2013 Forrester Research, Inc. Reproduction Prohibited 14
  • 15. Agenda › Why is Cloud Security Important › Challenges with Cloud Security › Protecting Data In the Cloud › Recommendations © 2013 Forrester Research, Inc. Reproduction Prohibited 15
  • 16. When it comes to responsibilities… How do we avoid this?
  • 17. Who’s Responsible for IaaS Security? AWS Shared Responsibility Model “…the customer should assume responsibility and management of, but not limited to, the guest operating system and associated application software...” App Code App Framework Operating System Amazon Web Services: Overview of Security Processes Virtual Machine Hypervisor Compute & Storage Shared Network Physical Facilities Provider Responsibility “it is possible for customers to enhance security and/or meet more stringent compliance requirements with the addition of host based firewalls, host based intrusion detection/prevention, encryption and key management.” Customer Responsibility Data
  • 18. Think Security From the Cloud Typical questions and requirements: • How can you source security services from MSSPs? • How can you protect security and data at our cloud providers? • In general: How do we integrate on existing onpremise security with the MSSPs security products?
  • 19. Do your homework… › › › › › › › Get as much detail around security from your SaaS provider as you can Set clear boundaries for security responsibilities between you and your IaaS/PaaS provider Data protection, data protection, data protection Don’t build your own tools Apply comprehensive approach to cloud security Centralize and scale security policy management for your cloud Automate your security (you can’t manually configure thousands of servers) © 2013 Forrester Research, Inc. Reproduction Prohibited 19
  • 20. © 2013 Forrester Research, Inc. Reproduction Prohibited 20
  • 21. Thank you Andras Cser +1 617.613.6365 acser@forrester.com
  • 22. Security automation for virtualized & cloud environments
  • 23. Problem: Infrastructure Security Is Behind › › › › Infrastructure more distributed and dynamic than ever Current security models neither dynamic nor distributed Perimeters, appliances, hardware reliance, stable configurations, change control, endpoint security solutions… all marginalized to worthless in new models Without infrastructure security, all other security measures are weak (castle on sand, not bedrock) Security teams can’t assure security or compliance, being dragged behind business
  • 24. The Old Model: everything behind firewall, low rate of change, very few infrastructure stacks
  • 25. The New Model: multiple stacks, broadly distributed, legacy approaches fail
  • 26. Security Buyer Challenges › Achieving compliance in cloud environments • PCI, HIPAA, ISO 27002, SOC2, SANS Top 20, NIST › Disparate systems & high rate of change • “Dynamic” is core to cloud, new mode of operation • Security orchestration & automation underserved needs › Existing products don’t work well (if at all) • Technically designed for a different time • Do not match up to dynamic cloud operational models
  • 27. Why Do Existing Solutions Fail? Network & hardware dependencies Cannot operate across cloud models Lack of meteredusage licensing Cannot handle elasticity or wide distribution
  • 28. How we built high-scale security & compliance automation
  • 29. Objective: Consolidate & Automate Controls
  • 31.
  • 32. Automation Needs To Work Anywhere
  • 33. Automation Must Extend Current Tools
  • 34. Security Automation Outcomes › Massive reduction in security ops overhead • Automated control deployment & orchestration • Consolidation of otherwise disparate functions • Single point of security & compliance management › Security and compliance consistency • Security & compliance that’s truly built-in • Eliminates opportunities for human error • Deploy once, certify many (complex compliance) › Enables safe use of cloud models • Security teams have confidence in controls • Cloud projects don’t require manual intervention
  • 35. Key Takeaway: Automating security enables saying “yes” to cloud, improves security, and makes complex compliance achievable.