Weitere ähnliche Inhalte
Ähnlich wie Integrated Cloud Framework: Security, Governance, Compliance, Content Application, and Service Management - Gartner Symposium ITXPO 2011 (20)
Kürzlich hochgeladen (20)
Integrated Cloud Framework: Security, Governance, Compliance, Content Application, and Service Management - Gartner Symposium ITXPO 2011
- 1. www.hitachiconsulting.com
A Cloud Framework for Integrated
Security, Governance, Compliance,
Content and Service Management
Gartner Symposium ITXPO, October 25, 2011 Chad M. Lawler, Ph.D.
http://www.gartner.com/technology/symposium/orlando/ Director of Consulting Services, Cloud Computing
chad.lawler@hitachiconsulting.com
© 2012 Hitachi Consulting Corporation
Proprietary & Confidential, All Rights Reserved www.hitachiconsulting.com/cloud
© Copyright 2012 Hitachi Consulting
- 2. Topics for Today’s Session
Review Cloud Security Risks
Cloud Framework Overview
Focus on Security
Summary & Q&A
© Copyright 2012 Hitachi Consulting
- 3. Integrated Cloud Framework - Security, Governance, Compliance,
Content ,Application & Service Management
Our framework provides businesses with a streamlined capability to rapidly, and securely
transition application and services to the cloud.
Our cloud framework helps organizations plan for appropriate cloud application deployment
Includes the necessary services for deploying well-managed applications in the cloud.
This framework provides for integrated governance policies
Provides a well-managed cloud environment that is compliant with internal policies and
external requirements
With security services to protect from both vulnerabilities and intrusions
Services that protect against loss or compromise of sensitive data.
The framework provides for integrated content management and has automated capabilities
for appropriate cloud platform selection, content migration and application importing.
© Copyright 2012 Hitachi Consulting 2
- 4. What are the top 3 greatest risks of moving to a cloud?
The right answer depends on the type of business and what is most
critical
Businesses must evaluate applications
Determine appropriate use in the cloud
Consider the Pillars of IT security (CIA):
Confidentiality
Integrity
Availability
© Copyright 2012 Hitachi Consulting
- 5. What are the top 3 greatest risks of moving to a cloud?
Confidentiality
Preventing sensitive information from being disclosed to unauthorized
recipients
Limiting information access and disclosure to authorized users
Risk - Private Data Exposure
Riskof potential data or private information leakage
Can threaten your customer data
As well as your business services on operations
© Copyright 2012 Hitachi Consulting
- 6. What are the top 3 greatest risks of moving to a cloud?
Integrity
Trustworthiness of information resources
Modifying information resources only in a specified and authorized
manner
Ensuring data remains consistent and changes to data are authorized
by appropriate personnel
Risk - Data Tampering
Risk of potential manipulation or altering of critical data
Can lead to making business decisions based on invalid information
© Copyright 2012 Hitachi Consulting
- 7. What are the top 3 greatest risks of moving to a cloud?
Availability
Ensures systems operate as required
And authorized users are not denied service
Allowing systems to be available whenever needed
Risk - Business Continuity
Risk of potential interruption to or compromise of your service
operations
Service outage, security attack or compromise that may lead to data
loss
Operations are interrupted or your data is compromised
© Copyright 2012 Hitachi Consulting
- 8. Cloud Security Risks
Misuse of cloud computing
Account / service hijacking
resources
Remote facilities / Security
Secure Interfaces and APIs
Perimeter
Risks associated with Securing personal identification
multi-tenancy information (PII)
Risk of data loss and leakage IP Collateral management
© Copyright 2012 Hitachi Consulting
- 9. How to mitigate the risks of moving to the cloud?
To reduce your risks…
Risk must first be understood and calculated
Understand residual risk that you can influence
Develop a standardized cloud risk decision process
Help decide which applications are most appropriate
Leverage cloud application assessment process to define requirements
Understand and quantify your risk
Implement a policy that calculates and quantifies cloud application risk
Includes criteria for:
Application Risk Tolerance
Application Security Fit
Data Protection & SLA Requirements
Business to Business Policies
Confidentiality Risk - Private Data Exposure
Integrity Risk - Data Tampering
Availability Risk - Business Continuity
© Copyright 2012 Hitachi Consulting
- 10. Integrated Cloud Framework - Security, Governance,
Compliance & Content & Application Management
Helps Organizations Leverage the Cloud in a Secure Fashion
Understand cloud application security risk and key areas of consideration
Evaluates and helps define application and data security requirements
Enables appropriate planning for cloud security, content and governance
Serves as a comprehensive guide to reduce cloud adoption risks
Integrated Cloud Framework: A Roadmap to the Cloud
Security
to protect against vulnerabilities, intrusions & compromise of sensitive data
Governance & Compliance
for an environment compliant with policies and requirements
Content Management
for control of cloud information
Application Development & Migration
development, transition and re-platform of enterprise applications
Provides streamlined capability to rapidly & securely transition to the cloud
© Copyright 2012 Hitachi Consulting 9
- 11. Integrated Cloud Framework - Security, Governance, Compliance,
Content ,Application & Service Management
Cloud Framework for Integrated Security, Governance, Compliance, Content & Service Management
Consulting Services Program Governance Framework Content Management, Security, Governance Dashboard Portal
Strategic Cloud Advisory Governance Policy Cloud Governance, Certification & Compliance Workflow-Checklist, Certification & Approval
Services Central Cloud Platform Management Console
Enforcement Policy Interface
Cloud Readiness Assessment Master Security Policy &
Services Security Privacy Hosting Continuous Audit Program Interface Site Compliance Reporting Dashboard Interface
Exceptions
Infrastructure, Transition & Vulnerability Scanning, Monitoring, & PII
Risk Impact Monitoring Metering, Billing & Charge-Back Interface
Migration Services Criteria Criteria
Cloud App Risk Reporting Interface
Cloud Security & Governance Data Class Hosting
Services Legal Audit Excellence Secure Cloud Environment Incident Reporting Role & Access Administration Interface
Criteria Criteria
Cloud Starter Kit Privacy Marketing
Corporate RACI FIT Site Requirements, Content Publication Priority &
Criteria Criteria Performance SLA Interface
ITIL Service Management
Cloud Template Interface
Security Standards - NIST, Client Standards & Best Practices - Governance Policy, Portal & Training
Feedback Collection Interface
PCI,CSA,TwC, HIPAA,GLBA,Vendor Procurement, Security, Marketing/CMG, Privacy Documentation Interface
Cloud Security, Content & Application Services
Application Services Security Services Content Management Services
Single Sign On (SSO) Identity Management Vulnerability Scanning, Monitoring, & PII Service Desk Integration
Cloud Assessment Content Data Classification
& Authentication Detection Engine (Communication, Collaboration, Reporting)
SIEM with Root Cause Analysis & Risk Content Compatibility & Compliance Decision
Cloud Architecture & Design PKI & Certificate Management System Change Management Integration
Assessment Engine
Cloud Application Site Requirements, Publication Priority & Cloud
Patch & Log Management System Continuous Auditing Program Engine Content Conversion & Standardization
Development Template Launch Engine
IPS/IDS Event Management & Data Loss Secure Cloud to Cloud & Cloud to
Cloud Application Delivery Feedback Collection Compliant Content Migration Process
Prevention Systems Datacenter VPN Connectivity
Managed Cloud Service AntiVirus & AntiMalware System Secure Cloud Platform Content Migration Performance SLA Engine Non-Compliant Content Migration Process
Deep Code-Level Security Vulnerability
Workflow-Checklist & Approval Engine Cloud Platform Selection Automation Virtualized Application Automated Migration
Review
Cloud Platform & Hosting Environment
System OS Patch AntiVirus Data Loss Single Sign On
Cloud Applications
Management Management AntiMalware Prevention (SSO) Identity Metering, Billing
Backup & Log IPS/IDS Event Management, & Charge Back
OS Web Server Database Middleware Content Secure VPN
Restore Management Management Authentication
Cloud Platform & Infrastructure
© Copyright 2012 Hitachi Consulting 10
- 12. Cloud Framework – Platform & Hosting Environment
Cloud Platform & Hosting Environment
Cloud Applications
OS Web Server Database Middleware Content
System OS Patch AntiVirus Data Loss Single Sign On
Management Management AntiMalware Prevention (SSO) Identity Metering, Billing &
Backup & IPS/IDS Event Management, Charge Back
Log Management Secure VPN
Restore Management Authentication
Cloud Platform & Infrastructure
© Copyright 2012 Hitachi Consulting
- 13. Cloud Framework – Content Management Services
Content Management Services
Service Desk Integration
Content Data Classification
(Communication, Collaboration, Reporting)
Content Compatibility & Compliance Decision
Change Management Integration
Engine
Site Requirements, Publication Priority & Cloud
Content Conversion & Standardization
Template Launch Engine
Feedback Collection Compliant Content Migration Process
Performance SLA Engine Non-Compliant Content Migration Process
Cloud Platform Selection Automation Virtualized Application Automated Migration
© Copyright 2012 Hitachi Consulting
- 14. Cloud Framework - Security Services
Security Services
Single Sign On (SSO) Identity Management & Vulnerability Scanning, Monitoring, & PII Detection
Authentication Engine
PKI & Certificate Management System SIEM with Root Cause Analysis & Risk Assessment
Patch & Log Management System Continuous Auditing Program Engine
IPS/IDS Event Management & Data Loss Prevention Secure Cloud to Cloud & Cloud to Datacenter VPN
Systems Connectivity
Data Encryption & Secure Cloud Platform Content
AntiVirus & AntiMalware System
Migration
Workflow-Checklist & Approval Engine Deep Code-Level Security Vulnerability Review
© Copyright 2012 Hitachi Consulting
- 15. Cloud Framework – Program Governance Framework
Program Governance Framework
Governance Policy Enforcement Cloud Governance, Certification & Compliance Policy
Master Security Policy & Exceptions Security Privacy Hosting
Risk Impact Monitoring
Cloud App Risk
Criteria Criteria
Data Class
Hosting Criteria Legal Audit Excellence
Criteria
Privacy Criteria Other Criteria Corporate RACI IT
Security Standards - NIST, Client Standards & Best Practices -
PCI,CSA,TwC, HIPAA,GLBA,Vendor Procurement, Security, Organization, Privacy
© Copyright 2012 Hitachi Consulting
- 16. Cloud Framework – Content Mgmt, Security, Governance Dashboard Portal
Content Management, Security, Governance Dashboard Portal
Workflow-Checklist, Certification & Approval
Central Cloud Platform Management Console
Interface
Continuous Audit Program Interface Site Compliance Reporting Dashboard Interface
Vulnerability Scanning, Monitoring, & PII Reporting
Metering, Billing & Charge-Back Interface
Interface
Secure Cloud Environment Incident Reporting Role & Access Administration Interface
Site Requirements, Content Publication Priority & Cloud
Performance SLA Interface
Template Interface
Governance Policy, Portal & Training
Feedback Collection Interface
Documentation Interface
© Copyright 2012 Hitachi Consulting
- 17. Summary & Reccomendations
Understand that security in the cloud must be managed
Implement a policy that calculates and quantifies cloud application risk
Evaluate application and data security requirements
Plan and budget for implementing security services
Leverage a framework which covers all the key areas
Implement and adhere to the framework as a roadmap guide to reduce
cloud adoption risks
© Copyright 2012 Hitachi Consulting
- 18. Contact us to Learn More about our Cloud Solutions Today
Chad M. Lawler, Ph.D.
Director of Consulting Services
Cloud Computing
14643 Dallas Parkway, Suite 800, Dallas, Texas 75254
Office: 469.221.2894
Email: chad.lawler@hitachiconsulting.com
www.hitachiconsulting.com
www.cardcloud.com/chadlawler
Sign up for a free trial to explore our Cloud Ecosystem Management Platform.
Learn More About the Benefits of Hitachi Consulting Cloud Services at
www.hitachiconsulting.com/cloud
© Copyright 2012 Hitachi Consulting