Cloud gateways for regulatory compliance

•

0 gefällt mir•651 views

Consumers have no control over security once data is inside the public cloud. Completely reliant on provider for application and storage security. A private cloud gives a single Cloud Consumers organization the exclusive access to and usage of the infrastructure and computational resources. But Consumer has limited capability to manage security within outsourced IaaS private cloud. a cloud service mapping can be compared against a catalogue of security controls to determine which controls exist and which do not — as provided by the consumer, the cloud service provider, or a third party. This can in turn be compared to a compliance framework or set of requirements such as PCI DSS. The PCI guidance is defining how Cloud security is a shared responsibility between the cloud service provider (CSP) and its clients. If payment card data is stored, processed or transmitted in a cloud environment, PCI DSS will apply to that environment, and will typically involve validation of both the CSP’s infrastructure and the client’s usage of that environment. Gartner studied Cloud Gateways and came up with the definition of six different types. A Public Cloud Gateways. Provides isolation for the sensitive data from the Public Cloud and the security control stays within your organization. A Cloud Gateway can Protect any data sent or received via HTTP or FTP through enterprise, remote, or mobile channels and Securely integrate enterprise data into cloud applications, emailed reports, and process analytics on protected data from remote requests. You control all security functions from inside your enterprise – vital for compliance with many regulations and laws. You can Protect Data with Tokenization or Encryption. This solution enforces fine grained, field-level data protection with Vaultless Tokenization or encryption, and comprehensive activity monitoring. It should support Multiple Deployment Options with a flexible gateway architecture that allows you to easily deploy the Cloud Gateway on physical or virtual servers, to protect data in public, private, or hybrid cloud environments. It should offer protection by column, field, or even by character without any back-end system modifications or loss in functionality. Files should also be fully encrypted or tokenized.

Technologie

Cloud Gateways for Regulatory ComplianceCloud Gateways for Regulatory Compliance
Ulf Mattsson
CTO, Protegrity
Ulf.Mattsson@protegrity.com

Public Cloud – No Control
2
Consumers have no control over security once data is inside the public
cloud. Completely reliant on provider for application and storage security.

Private Cloud – Limited Control
Outsourced
Private Cloud
Consumer has
limited capability to
manage security
within outsourced
3
On-site
Private Cloud
within outsourced
IaaS private cloud.

Mapping the Cloud Model to
Security Control & Compliance
ApplicationsApplicationsApplicationsApplications
DataDataDataData
4

Cloud Encryption Gateways
• SaaS encryption
Cloud Security Gateways
• Policy enforcement
Cloud Access Security Brokers (CASBs)
Cloud Gateways – Enterprise Control
Cloud Access Security Brokers (CASBs)
Cloud Services Brokerage (CSB)
Secure Email Gateways
Secure Web gateway
6

Public Cloud Gateway Example
Gateway
Appliance
7

Cloud Gateway Example – Public Cloud
Cloud Gateway
08

High-Performance Gateway Architecture
Enterprise-extensible platform
Tokenization and encryption
Enterprise-grade key management
Flexible policy controls
Example of Cloud Security Gateway Features
Flexible policy controls
• File or Field Security
• Advanced function & usability preservation
Comprehensive activity monitoring & reporting
Support for internal, remote & mobile users
Multiple deployment options
9

Corporate Network
Security Gateway Deployment – Example
Backend
System
Cloud
Gateway
External
Service
010
Enterprise
Security
Administrator
Security Officer

Enterprise Data Security Policy
What is the sensitive data that needs to be protected.
How you want to protect and present sensitive data. There are several methods
for protecting sensitive data. Encryption, tokenization, monitoring, etc.
Who should have access to sensitive data and who should not. Security access
control. Roles & Users
What
Who
How
11
When should sensitive data access be granted to those who have access. Day
of week, time of day.
Where is the sensitive data stored? This will be where the policy is enforced.
Audit authorized or un-authorized access to sensitive data.
When
Where
Audit

Centralized Policy Management - Example
Application
RDBMS
MPP
Audit
Log
Audit
Log
Audit
Log
Enterprise
Security
Administrator
PolicyPolicyPolicyPolicyPolicyPolicyPolicyPolicyPolicy
Cloud
Security Officer
Audit
Log
Audit
Log
Audit
Log
12
File Servers
Big Data
Gateway
Servers
HP NonStop
Base24
IBM Mainframe
Protector
Audit
Log
Audit
Log Audit
Log
Audit
Log
Protection
Servers
Audit
Log
Audit
Log

Weitere ähnliche Inhalte

Was ist angesagt?

Network Security Thesis Topics

Phdtopiccom

How we think about and architect network security has stayed fairly constant for quite some time. Until we moved to the cloud. Things may look the same on the surface, but dig a little deeper and you quickly realize that network security for cloud computing and hybrid networks requires a different mindset, different tools, and a new approach. Hybrid networks complicate management, both in your data center and in the cloud. Each side uses a different basic configuration and security controls, so the challenge is to maintain consistency across both, even though the tools you use – such as your nifty next generation firewall – might not work the same (if at all) in both environments. Presented by AlgoSec and Rich Mogull, Analyst and CEO at Securosis, this webinar explains how cloud network security is different, and how to pragmatically manage it for both pure cloud and hybrid cloud networks. We will start with some background material and Cloud Networking 101, then move into cloud network security controls, and specific recommendations on how to use and manage them in a hybrid environment.

A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment

AlgoSec

A Data Privacy and Security by Design Platform‐as‐a‐Service Framework

PaaSword EU Project

Dome9 is the leader in public cloud infrastructure security. The innovative Dome9 Arc SaaS platform offers technologies to assess security posture, detect misconfigurations, model gold standard policies, protect against attacks and insider threats, and conform to security best practices in the cloud. Enterprises use Dome9 Arc for faster and more effective cloud security operations, pain-free compliance and governance, and rugged DevOps practices. Learn more at https://dome9.com.

Dome9 Public Cloud Security

Sudarshan Srinivasan

A regular web application firewall (WAF) provides security by operating through an application or service. Blocking service calls, inputs and outputs that do not meet the policy of a firewall, i.e. set of rules to a HTTP conversation. The rules to blocking an attack can be customized depending on the role in protecting websites that WAFs need to have. This is considered an evolving information security technology, more powerful than a standard network firewall, or a regular intrusion detection system. WAFs become integrated with the cloud

Cloud Web Application Firewall - GlobalDots

GlobalDots

Cisco amp for meraki

Cisco Canada

This document is a sample report on the POC (proof of concept) document of MVISION Cloud (MVC), McAfee's Cloud Access Security Broker (CASB) solution - formerly Skyhigh Networks. It includes the following: - MVISION Cloud (MVC) Overview - MVISION Cloud (MVC) Architecture - MVISION Cloud (MVC) for Shadow IT -- Observations and Recommendations - MVISION Cloud (MVC) for Sanctioned SaaS -- Observations and Recommendations - MVISION Cloud (MVC) for Sanctioned IaaS -- Observations and Recommendations - End User Experience - Administrator Experience Goes well with the MVC POC document uploaded. Please note all the information is based prior to July 2019.

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report

Iftikhar Ali Iqbal

What is cloud encryption

Prancer Io

This infographic highlights the key findings from the survey "Examining the Impact of Security Management on the Business" which includes responses from 240 infosecurity, networking and application development professionals from more than 50 countries on topics such as how long does it take to deploy a new application in the data center, how long does it take to make application connectivity changes, how do you want to prioritize risk, what's the chance of outage or disruption when migrating applications to the cloud, and much more

Examining the Impact of Security Management on the Business (Infographic)

AlgoSec

No More Dark Clouds With PaaSword - An Innovative Security By Design Framework

PaaSword EU Project

Automate compliance with cloud guard dome9

John Varghese

Securing Traditional Workloads on AWS

Tim Feng

Today, most enterprises are moving at least some of their business applications to the cloud. Yet while the cloud is extremely agile, it also adds a new level of complexity when it comes to network security. The cloud introduces a software-defined security architecture that is fundamentally different from the organization’s existing on-premise network, and as a result, many enterprises now struggle with migrating application connectivity to the cloud, and managing the cloud security controls alongside their traditional firewalls in a secure and compliant way. In this webinar, Edy Almer, VP Product at AlgoSec, provides technical insight and security best practices for migrating and managing security across the hybrid AWS environment. This webinar will cover: · Understanding network security before, during and after migrating your applications to AWS · How to identify and migrate the relevant application connectivity flows to AWS · Managing AWS Security Groups alongside your traditional firewalls – uniformly and securely · Making the most of AWS Network ACLs – to enhance traffic filtering and maximize capacity

Migrating and Managing Security in an AWS Environment- Best Practices

shira koper

best practices-managing_security_in_the hybrid cloud

AlgoSec

It’s now a given – most enterprises are moving at least some of their business applications to the cloud. Yet while the cloud is an extremely agile platform, it also adds a new level of complexity. Because, when it comes to network security, the cloud introduces a software-defined security architecture that is fundamentally different from the organization’s existing on-prem network. As a result, many enterprises are now struggling to migrate application connectivity to the cloud, and then manage cloud security controls alongside their traditional firewalls in a way that ensures security and compliance across their entire hybrid architecture. Presented by renowned industry expert Prof. Avishai Wool, this new webinar will provide technical insight and security best practices for migrating and managing security across a hybrid on-premise - Amazon Web Services (AWS) environment

Migrating Application Connectivity and Network Security to AWS

AlgoSec

Simplify security with Trend Micro's Managed Rules

Amazon Web Services

Providing user security guarantees in public infrastructure clouds

Shakas Technologies

In today’s fast-paced world, supporting an ever-growing number of applications across the data center poses significant security management challenges. Managing policies across physical and virtual networks and multivendor security devices requires a delicate balance between ensuring security, reducing risk and provisioning connectivity for critical business applications to increase productivity. Cisco ACI reduces TCO, automates IT tasks, and accelerates data center application deployments, using a business-relevant software defined networking (SDN) policy model. Through a seamless integration, AlgoSec extends Cisco ACI’s security policy-based automation to all security devices across the enterprise network, both inside and outside the data center. Join Ranga Rao, Director of Solutions Engineering at Cisco, and Anner Kushnir, VP of Technology at AlgoSec on Wednesday, February 1, at 12pm ET/9am PT for a technical webinar where they will discuss how to leverage the integrated Cisco ACI-AlgoSec solution to process and apply security policy changes quickly, assess and reduce risk, ensure continuous compliance, and maintain a strong security posture across your entire network estate. Attend this must-see webinar and learn how to: - Get visibility into the Cisco ACI security environment and extend Cisco ACI policy-based automation across the enterprise network - Proactively assess risk for the Cisco ACI fabric and recommend changes to eliminate misconfigurations and compliance violations - Automate the configuration of security devices on the ACI fabric - Generate audit-ready regulatory compliance reports for the entire Cisco ACI fabric

Cisco aci and AlgoSec webinar

Maytal Levi

Technology_solution

Securing the ‘Wild Wild West’: USM for Universities

AlienVault

Was ist angesagt? (20)

Network Security Thesis Topics

A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment

A Data Privacy and Security by Design Platform‐as‐a‐Service Framework

Dome9 Public Cloud Security

Cloud Web Application Firewall - GlobalDots

Cisco amp for meraki

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report

What is cloud encryption

Examining the Impact of Security Management on the Business (Infographic)

No More Dark Clouds With PaaSword - An Innovative Security By Design Framework

Automate compliance with cloud guard dome9

Securing Traditional Workloads on AWS

Migrating and Managing Security in an AWS Environment- Best Practices

best practices-managing_security_in_the hybrid cloud

Migrating Application Connectivity and Network Security to AWS

Simplify security with Trend Micro's Managed Rules

Providing user security guarantees in public infrastructure clouds

Cisco aci and AlgoSec webinar

Securing the ‘Wild Wild West’: USM for Universities

Ähnlich wie Cloud gateways for regulatory compliance

The rapid rise of cloud data storage and applications has led to unease among adopters over the security of their data. Whether it is data stored in a public, private or hybrid cloud, or used in third party SaaS applications, companies have good reason to be concerned. In this session Protegrity CTO and data security thought leader Ulf Mattsson will focus on practical advice on what to look for in cloud service providers and a review of the technologies and architectures available to protect sensitive data in the cloud, both on- and off-site. Through real life use cases, Ulf will discuss solutions to some of the most common issues of data governance, usability, compliance and security in the cloud environment.

Cloud data governance, risk management and compliance ny metro joint cyber...

Cloud gateways for regulatory compliance

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Cloud gateways for regulatory compliance

Ähnlich wie Cloud gateways for regulatory compliance (20)

Mehr von Ulf Mattsson

Mehr von Ulf Mattsson (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Cloud gateways for regulatory compliance