SlideShare a Scribd company logo
1 of 29
Download to read offline
Building a Cloud-Ready
Security Program

Be ready. Get ahead…stay ahead.




@NetIQ - #NetIQCloud
Overview
    •     Cloud makes the world complex.
    •     There are some things you control.
    •     Get those right.
    •     Stay relevant.
    •     Extend and reinforce success.
    •     How (specifically) NetIQ helps.




2       © 2012 NetIQ Corporation. All rights reserved.   @NetIQ - #NetIQCloud
At the Crossroads
What Keeps You up at Night?




                                           Expanding       Staff           Business
     New                                   Computing     Stretched          Keeps
    Threats                                Environment      Thin            Moving



    Change + Complexity = Loss of Control and Visibility




4    © 2012 NetIQ Corporation. All rights reserved.                  @NetIQ - #NetIQCloud
Fueling the Rush to the Cloud
    •   Greater customer and partner
        integration and intimacy
    •   Faster response to
        competitive threats
    •   Faster time to market




5       © 2012 NetIQ Corporation. All rights reserved.   @NetIQ - #NetIQCloud
Cloud Brings Many Challenges
    •   Security
    •   Visibility
    •   Cost Management
    •   Alignment
    •   Compliance




6       © 2012 NetIQ Corporation. All rights reserved.
Things Are Getting
   Complicated


7   © 2012 NetIQ Corporation. All rights reserved.   @NetIQ - #NetIQCloud
Things Are Getting
MORE Complicated


8   © 2012 NetIQ Corporation. All rights reserved.   @NetIQ - #NetIQCloud
Interdependencies Grow
    •   Systems and services extend into third-party
        cloud offerings.
    •   Creates interdependencies that never existing before.
    •   These are highly complex, and potentially very
        difficult to manage.




9       © 2012 NetIQ Corporation. All rights reserved.   @NetIQ - #NetIQCloud
BYO…(Anything)
     •   …Device
     •   …Cloud
     •   …Applications
     •   …Identity




10       © 2012 NetIQ Corporation. All rights reserved.   @NetIQ - #NetIQCloud
Integration and Proliferation

                                                      •   Cloud usage proliferates.
                                                      •   Integration with existing
                                                          services is complex.
                                                      •   Integration between „clouds‟
                                                          can be even harder.




11   © 2012 NetIQ Corporation. All rights reserved.                         @NetIQ - #NetIQCloud
All The Risk… None of the Reward
     •   IT continues to hold liability:
            •   Controls access to critical services and data
            •   Manages organizational risk
            •   Deals with compliance
     •   Yet business users continue to directly engage with
         the cloud and unmanaged personal devices.




12       © 2012 NetIQ Corporation. All rights reserved.         @NetIQ - #NetIQCloud
It’s Getting Crazy Out There




13   © 2012 NetIQ Corporation. All rights reserved.   @NetIQ - #NetIQCloud
It’s Getting Crazy Out There




11,500+ files, every second, every day



14   © 2012 NetIQ Corporation. All rights reserved.   @NetIQ - #NetIQCloud
Cloud Brings Challenges

     •   Security
     •   Visibility
     •   Cost Management
     •   Alignment
     •   Compliance


                                                 You are here.


15       © 2012 NetIQ Corporation. All rights reserved.
Maintain the Status Quo
     •     There is little-to-no knowledge of internal activities –
           or potential threats.
     •     Most breaches are discovered by a third party –
           not the breached party.




16       © 2012 NetIQ Corporation. All rights reserved.   @NetIQ - #NetIQCloud
Gain Visibility and Control
     •     Focus on organizational risk management
     •     Greater context for security and risk data
     •     Know what your internal users are doing
     •     Monitor and audit all activity around sensitive assets




17       © 2012 NetIQ Corporation. All rights reserved.   @NetIQ - #NetIQCloud
Ready, set..transform!
Risk: Define It, Manage It




19   © 2012 NetIQ Corporation. All rights reserved.   @NetIQ - #NetIQCloud
What Does That Mean?
     Focus resources on the most critical assets,
     then make sure the “basics” are in place:
         •   System configuration
         •   Reduce privileged users
         •   Reduce privileges
         •   Monitor activity
         •   Integrate identity
         •   Improve access controls
         •   Keep it visible, keep it real




20    © 2012 NetIQ Corporation. All rights reserved.   @NetIQ - #NetIQCloud
Focus on the Data, Then Layer Defenses




21   © 2012 NetIQ Corporation. All rights reserved.   @NetIQ - #NetIQCloud
It’s All About The Data

     Data-centric,
     risk-focused
     security




22   © 2012 NetIQ Corporation. All rights reserved.   @NetIQ - #NetIQCloud
Surround with Layers of Data-Centric
     Solutions….
     •   Manage who has access
     •   Monitor what they do
     •   Secure where the data is
     •   Build intelligence and use it
     •   Integrate other data-centric
         technologies




23       © 2012 NetIQ Corporation. All rights reserved.   @NetIQ - #NetIQCloud
Keep It Rolling
     •   Continuous compliance
     •   Automate where you can, when you can
     •   Smarter security is better than more security
     •   Don‟t just believe the vendors
     •   Make sure it‟s easy to show value




24       © 2012 NetIQ Corporation. All rights reserved.
Extending…

     It‟s easier to extend what‟s right
               into the cloud.




25   © 2012 NetIQ Corporation. All rights reserved.
Fight Fire With Fire
     •   OK, cloud with cloud
     •   Increasing interest
         in SecaaS
     •   NetIQ closely involved
         in this
     •   Partnering with cloud
         providers




26       © 2012 NetIQ Corporation. All rights reserved.   @NetIQ - #NetIQCloud
NetIQ Will Help
     •   Faster identification of threats
     •   Clearer understanding
         of “who”
     •   Simpler management of
         access to services
     •   Reduced risk from poor
         configuration
     •   Tighter controls on privileged
         users




27       © 2012 NetIQ Corporation. All rights reserved.   @NetIQ - #NetIQCloud
cloud nine
     noun Informal.
     a state of elation or happiness
     (usually in the phrase on cloud nine)




28    © 2012 NetIQ Corporation. All rights reserved.
Building A Cloud-Ready Security Program

More Related Content

What's hot

Bring Your Own Identity
Bring Your Own IdentityBring Your Own Identity
Bring Your Own IdentityNetIQ
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaborationcentralohioissa
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013Wolfgang Kandek
 
Security Management in the Cloud
Security Management in the CloudSecurity Management in the Cloud
Security Management in the CloudGaryArdito
 
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsCybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsIvanti
 
The Future of Technology Operations
The Future of Technology OperationsThe Future of Technology Operations
The Future of Technology OperationsIvanti
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...CableLabs
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...centralohioissa
 
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™Intralinks
 
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight:Deploying a Data Protection Program in less than 120 DaysCustomer Spotlight:Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysDigital Guardian
 
Security in the News
Security in the NewsSecurity in the News
Security in the NewsJames Sutter
 
Regulations in IoT - Innovation Stifle or Urgent Need
Regulations in IoT - Innovation Stifle or Urgent NeedRegulations in IoT - Innovation Stifle or Urgent Need
Regulations in IoT - Innovation Stifle or Urgent NeedRajesh Chitharanjan
 
Cloud Computing: New Approaches for Security
Cloud Computing: New Approaches for SecurityCloud Computing: New Approaches for Security
Cloud Computing: New Approaches for SecurityJohn Rhoton
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineeringPeter Wood
 
There's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalThere's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalNETSCOUT
 
INTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONSINTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONSIvanti
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iotCaston Thomas
 
2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation SlidesIvanti
 

What's hot (20)

Bring Your Own Identity
Bring Your Own IdentityBring Your Own Identity
Bring Your Own Identity
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaboration
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
 
Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation Enabler
 
Security Management in the Cloud
Security Management in the CloudSecurity Management in the Cloud
Security Management in the Cloud
 
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsCybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
 
The Future of Technology Operations
The Future of Technology OperationsThe Future of Technology Operations
The Future of Technology Operations
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...
 
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
 
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight:Deploying a Data Protection Program in less than 120 DaysCustomer Spotlight:Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
 
Security in the News
Security in the NewsSecurity in the News
Security in the News
 
Regulations in IoT - Innovation Stifle or Urgent Need
Regulations in IoT - Innovation Stifle or Urgent NeedRegulations in IoT - Innovation Stifle or Urgent Need
Regulations in IoT - Innovation Stifle or Urgent Need
 
Cloud Computing: New Approaches for Security
Cloud Computing: New Approaches for SecurityCloud Computing: New Approaches for Security
Cloud Computing: New Approaches for Security
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
 
There's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalThere's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a Hospital
 
INTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONSINTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONS
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot
 
2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides
 

Similar to Building A Cloud-Ready Security Program

Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Brian K. Dickard
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...Janine Anthony Bowen, Esq.
 
cloud computing - isaca conference 2012
cloud computing - isaca conference 2012cloud computing - isaca conference 2012
cloud computing - isaca conference 2012Jonathan Houston
 
Oracle here. now. your choice.
Oracle   here.  now.  your choice.Oracle   here.  now.  your choice.
Oracle here. now. your choice.CIOEastAfrica
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - KloudlearnKloudLearn
 
Bt idc event cloud adoption in ireland
Bt  idc event cloud adoption in irelandBt  idc event cloud adoption in ireland
Bt idc event cloud adoption in irelandFiona Sexton
 
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredDo Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredNetIQ
 
Infor i Business Cloud
Infor i Business CloudInfor i Business Cloud
Infor i Business CloudInforsystemi
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Livingstone Advisory
 
Realizing the Promise of the Cloud
Realizing the Promise of the CloudRealizing the Promise of the Cloud
Realizing the Promise of the CloudNovell
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedNorm Barber
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused EnterpriseNovell
 
Cloud Technology to Facilitate Growth
Cloud Technology to Facilitate GrowthCloud Technology to Facilitate Growth
Cloud Technology to Facilitate GrowthIconnyx
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Denim Group
 
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation  - Cloud Security Alliance East Europe Congress 2013Cloud security innovation  - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Moshe Ferber
 

Similar to Building A Cloud-Ready Security Program (20)

Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
 
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
 
cloud computing - isaca conference 2012
cloud computing - isaca conference 2012cloud computing - isaca conference 2012
cloud computing - isaca conference 2012
 
Oracle here. now. your choice.
Oracle   here.  now.  your choice.Oracle   here.  now.  your choice.
Oracle here. now. your choice.
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - Kloudlearn
 
Bt idc event cloud adoption in ireland
Bt  idc event cloud adoption in irelandBt  idc event cloud adoption in ireland
Bt idc event cloud adoption in ireland
 
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredDo Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get Fired
 
Infor i Business Cloud
Infor i Business CloudInfor i Business Cloud
Infor i Business Cloud
 
OWF12/Java Sacha labourey
OWF12/Java Sacha laboureyOWF12/Java Sacha labourey
OWF12/Java Sacha labourey
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
 
Realizing the Promise of the Cloud
Realizing the Promise of the CloudRealizing the Promise of the Cloud
Realizing the Promise of the Cloud
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused Enterprise
 
Possibility Thinking about Cloud Computing
Possibility Thinking about Cloud ComputingPossibility Thinking about Cloud Computing
Possibility Thinking about Cloud Computing
 
Cloud Technology to Facilitate Growth
Cloud Technology to Facilitate GrowthCloud Technology to Facilitate Growth
Cloud Technology to Facilitate Growth
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
 
Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?
 
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation  - Cloud Security Alliance East Europe Congress 2013Cloud security innovation  - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
 

More from NetIQ

Open Enterprise Server With Windows
Open Enterprise Server With Windows Open Enterprise Server With Windows
Open Enterprise Server With Windows NetIQ
 
Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility NetIQ
 
Mobile Apps in Your Business
Mobile Apps in Your BusinessMobile Apps in Your Business
Mobile Apps in Your BusinessNetIQ
 
BrainShare 2014
BrainShare 2014 BrainShare 2014
BrainShare 2014 NetIQ
 
Paraca Inc.
Paraca Inc.Paraca Inc.
Paraca Inc.NetIQ
 
The University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerThe University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerNetIQ
 
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...NetIQ
 
Swisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessSwisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessNetIQ
 
Vodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQVodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQNetIQ
 
University of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerUniversity of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerNetIQ
 
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNetIQ
 
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNetIQ
 
Netiq css huntington_bank
Netiq css huntington_bankNetiq css huntington_bank
Netiq css huntington_bankNetIQ
 
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...NetIQ
 
NetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ
 
Handelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQHandelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQNetIQ
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQMillions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQNetIQ
 
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Servicebluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed ServiceNetIQ
 
Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...NetIQ
 
2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report2014 Cyberthreat Defense Report
2014 Cyberthreat Defense ReportNetIQ
 

More from NetIQ (20)

Open Enterprise Server With Windows
Open Enterprise Server With Windows Open Enterprise Server With Windows
Open Enterprise Server With Windows
 
Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility
 
Mobile Apps in Your Business
Mobile Apps in Your BusinessMobile Apps in Your Business
Mobile Apps in Your Business
 
BrainShare 2014
BrainShare 2014 BrainShare 2014
BrainShare 2014
 
Paraca Inc.
Paraca Inc.Paraca Inc.
Paraca Inc.
 
The University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerThe University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity Manager
 
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
 
Swisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessSwisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User Access
 
Vodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQVodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQ
 
University of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerUniversity of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log Manager
 
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
 
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
 
Netiq css huntington_bank
Netiq css huntington_bankNetiq css huntington_bank
Netiq css huntington_bank
 
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
 
NetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal University
 
Handelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQHandelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQ
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQMillions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQ
 
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Servicebluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
 
Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...
 
2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report
 

Recently uploaded

The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)IES VE
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationKnoldus Inc.
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxSatishbabu Gunukula
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxNeo4j
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingMAGNIntelligence
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInThousandEyes
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4DianaGray10
 
Automation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsAutomation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsDianaGray10
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FESTBillieHyde
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTxtailishbaloch
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2DianaGray10
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTopCSSGallery
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdfThe Good Food Institute
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfTejal81
 
How to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxHow to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxKaustubhBhavsar6
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updateadam112203
 

Recently uploaded (20)

The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its application
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptx
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4
 
Automation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsAutomation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projects
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FEST
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development Companies
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
 
How to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxHow to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptx
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 update
 
SheDev 2024
SheDev 2024SheDev 2024
SheDev 2024
 

Building A Cloud-Ready Security Program

  • 1. Building a Cloud-Ready Security Program Be ready. Get ahead…stay ahead. @NetIQ - #NetIQCloud
  • 2. Overview • Cloud makes the world complex. • There are some things you control. • Get those right. • Stay relevant. • Extend and reinforce success. • How (specifically) NetIQ helps. 2 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 4. What Keeps You up at Night? Expanding Staff Business New Computing Stretched Keeps Threats Environment Thin Moving Change + Complexity = Loss of Control and Visibility 4 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 5. Fueling the Rush to the Cloud • Greater customer and partner integration and intimacy • Faster response to competitive threats • Faster time to market 5 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 6. Cloud Brings Many Challenges • Security • Visibility • Cost Management • Alignment • Compliance 6 © 2012 NetIQ Corporation. All rights reserved.
  • 7. Things Are Getting Complicated 7 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 8. Things Are Getting MORE Complicated 8 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 9. Interdependencies Grow • Systems and services extend into third-party cloud offerings. • Creates interdependencies that never existing before. • These are highly complex, and potentially very difficult to manage. 9 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 10. BYO…(Anything) • …Device • …Cloud • …Applications • …Identity 10 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 11. Integration and Proliferation • Cloud usage proliferates. • Integration with existing services is complex. • Integration between „clouds‟ can be even harder. 11 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 12. All The Risk… None of the Reward • IT continues to hold liability: • Controls access to critical services and data • Manages organizational risk • Deals with compliance • Yet business users continue to directly engage with the cloud and unmanaged personal devices. 12 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 13. It’s Getting Crazy Out There 13 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 14. It’s Getting Crazy Out There 11,500+ files, every second, every day 14 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 15. Cloud Brings Challenges • Security • Visibility • Cost Management • Alignment • Compliance You are here. 15 © 2012 NetIQ Corporation. All rights reserved.
  • 16. Maintain the Status Quo • There is little-to-no knowledge of internal activities – or potential threats. • Most breaches are discovered by a third party – not the breached party. 16 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 17. Gain Visibility and Control • Focus on organizational risk management • Greater context for security and risk data • Know what your internal users are doing • Monitor and audit all activity around sensitive assets 17 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 19. Risk: Define It, Manage It 19 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 20. What Does That Mean? Focus resources on the most critical assets, then make sure the “basics” are in place: • System configuration • Reduce privileged users • Reduce privileges • Monitor activity • Integrate identity • Improve access controls • Keep it visible, keep it real 20 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 21. Focus on the Data, Then Layer Defenses 21 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 22. It’s All About The Data Data-centric, risk-focused security 22 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 23. Surround with Layers of Data-Centric Solutions…. • Manage who has access • Monitor what they do • Secure where the data is • Build intelligence and use it • Integrate other data-centric technologies 23 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 24. Keep It Rolling • Continuous compliance • Automate where you can, when you can • Smarter security is better than more security • Don‟t just believe the vendors • Make sure it‟s easy to show value 24 © 2012 NetIQ Corporation. All rights reserved.
  • 25. Extending… It‟s easier to extend what‟s right into the cloud. 25 © 2012 NetIQ Corporation. All rights reserved.
  • 26. Fight Fire With Fire • OK, cloud with cloud • Increasing interest in SecaaS • NetIQ closely involved in this • Partnering with cloud providers 26 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 27. NetIQ Will Help • Faster identification of threats • Clearer understanding of “who” • Simpler management of access to services • Reduced risk from poor configuration • Tighter controls on privileged users 27 © 2012 NetIQ Corporation. All rights reserved. @NetIQ - #NetIQCloud
  • 28. cloud nine noun Informal. a state of elation or happiness (usually in the phrase on cloud nine) 28 © 2012 NetIQ Corporation. All rights reserved.

Editor's Notes

  1. Today we’re going to talk about ‘cloud-ready’ security. We’re going to talk about the ways in which cloud computing makes your world a lot more complex. We do know however that there are, however, some things that you do have under your control, and what we’re going to talk about is how to get those things right. How to get what you can do in such a state that it is ready for the cloud, that you’ve got your security in a state that enables you to meet the demands of cloud security, and how do you stay relevant within the business which is critical factor as you think about planning for the impact of cloud. And then finally, how do you extend what you are doing right now, how to re-enforce what is successful and then how NetIQ as an organization, our partners, and the organizations we work with and industry bodies in which were involved, h – how we all can sort of provide help, support, information, technology and so on to enable you to do all the above, to get ready, to be successful and to move into the cloud safely and securely and we would hope, somewhat sanely. 
  2. Set up: Why change now?It’s a brave new world. There are new threats and an expanding computing environment that won’t go away soon. Cloud, BYOD (really BYO – anything), mobility and other major technology trends offer increased flexibility, lower costs, and improved productivity. Yet today, IT orgs are challenged with balancing the demands of users who want 24-hour, instant access to services with those of business stakeholders. All while having less visibility and control of their sensitive assets than ever before.
  3. Cloud computing greatly increases an organization’s ability to achieve its business goals. One of the main reasons we see companies moving more aggressively to cloud computing is a much more aggressive business environment. They are finding new competitors and new competitive offerings coming from angles they weren’t expecting in the past. Benefits:Clouds helps businesses to scale. Primarily, scale is with regards to personnel. “I don't have enough people and they don't have the skills to do the job.” Also refers to datacenter or IT infrastructure. “I don't have the latest technology or the servers or the capacity. I want to build for a medium level and burst into the cloud as needed.”Cloud improves agility and innovation. Cloud computing as an effective means to implementing new applications quickly to keep pace with application backlogs and business demands. “Give it to me now, don’t get in my way.” Gives you the ability to access data from any device, from anywhere on the Internet, at anytime. Meets customer needs for greater intimacy and integration with the business – for a competitive edge! Also offers opportunities for greater integration with partners – more competitive edge!Cloud helps manage costs. Businesses must operate globally. Datacenters are expensive to build. “I need to build smaller data centers, and have the ability to ‘burst’ into the cloud to support larger workloads.” Companies need to go to market quickly and need a very low cost model that allows them to---with cloud they can take advantage of the pay per use cost model that allows them to experiment and try new things without a heavy amount of investment up front.
  4. http://www.istockphoto.com/stock-photo-18566764-tornado.php?st=99a683bSet up: Why change now?But what organizations find is that when they start to look at strategicallymoving to the cloud, many, many organizations will discover that they are already there!There are countless examples of organizations that start to look into just how much cloud they are actually using, only to find that there are hundreds – literally hundreds - of cloud services already in place, already being used by business users that no one had any oversight over or grand plan to implement - it just sort of “happened.” What results is a very chaotic and “bottoms up” environment, driven by the business needs to solve short term problems now. So you can see how cloud computing is highly disruptive. Not only does it change the way an organization gets its services, it also changes the way in which users (individuals and business units) interact with central IT and security teams. Data, systems and services are moving rapidly outside of the control of centralized IT organizations, presenting significant risks to the security of sensitive data and the ability of the organization to maintain compliance with industry regulations and corporate security policies. You need a way to effectively mitigate these risks while ensuring that you achieve your business, security and compliance objectives.Challenges:A cloud service can go live without the IT security team’s knowledge, and therefore outside of their control, introducing risk of breaches and compliance failures.Private cloud implementations can increase the complexity of security management and mix high and low value virtual systems on the same hardware, introducing greater risk that a breach to one system cascades to many others.Use of cloud computing environments, including private clouds or infrastructure provided by a service (IaaS), may trigger regulatory violations due to lack of visibility and control over where data is stored. We believe that security teams need heightened visibility and control of their mixed environments to more quickly detect and disrupt threats to sensitive data and systems.
  5. However, I will make the point , and I think this is something I would argue very strongly –these things are all real challenges – we all have to deal with these parts as costs of moving to the cloud but I think ultimately, you can make a very strong case that these are challenges, but they are also really symptoms of a fundamental and deeper challenge associated with the move to cloud and I think none of the above wouldn’t be as difficult if it wasn’t for the fact that as a result of the move to the cloud, things are getting complicated . all of the above have really driven us to a position where a great deal of complexity in the infrastructure we have to deal with and the way we manage risk and even the way we understand risk and as security professionals, we all know, complexity is the enemy of security, the more complex the world gets, the more complex these enviornments get, the worse the security is and frankly it isn’t like it wasn’t particularly complex to begin with – what’s happening is that things are getting more complicated than they were and if you think about how that greater complexity really impacts us – well, lets think about some of the challenges we see when we think about complexity,
  6. However, I will make the point , and I think this is something I would argue very strongly –these things are all real challenges – we all have to deal with these parts as costs of moving to the cloud but I think ultimately, you can make a very strong case that these are challenges, but they are also really symptoms of a fundamental and deeper challenge associated with the move to cloud and I think none of the above wouldn’t be as difficult if it wasn’t for the fact that as a result of the move to the cloud, things are getting complicated . all of the above have really driven us to a position where a great deal of complexity in the infrastructure we have to deal with and the way we manage risk and even the way we understand risk and as security professionals, we all know, complexity is the enemy of security, the more complex the world gets, the more complex these enviornments get, the worse the security is and frankly it isn’t like it wasn’t particularly complex to begin with – what’s happening is that things are getting more complicated than they were and if you think about how that greater complexity really impacts us – well, lets think about some of the challenges we see when we think about complexity
  7. well – interdependencies grow almost exponentially as all these different parts of the business go out and grab cloud services off the shelf and start running with them, So the systems and services I already have in place now have to deal with the impact of being connected to, serving, responding to and being involved with all kinds of 3rd party cloud offerings and that interdependency becomes really challenging because now I have to manage a whole bunch of additional interdependencies and not just around the sorts of challenges around confidentiality and the sort of informational integrity dealing with security but you’ve got the availability piece too – I’ve got to make sure these systems remain available, that someone doesn’t take them down and that those interdependencies don’t cause me to have problems with availability even of my own systems  So you’ve got a great deal of complexity with a lot of systems now tied together many of which are no longer directly under my own control and that interdependency drives a massive amount of complexity and that complexity is a really signicant problem to deal with  
  8. Set up: Why Change Now?Other things that pour gasoline on problem of cloud security is BYO ‘whatever’ – bringing your own device, bringing your own cloud, bringing your own applications and social identity, etc. As these things really start to take hold— prepare for even more IT headaches.BYOD Benefits:BYOD offers greater flexibility for how users access information and the opportunity for productivity gains.BYOD Challenges:Sensitive company information is getting onto personal devices—often in violation of company policy - and increasing the risk of theft or loss of company data. IT remains responsible for the security and compliance of that data. Specifically, BYODcreates increased complexity for IT security teams who must now make sense of unmanaged devices accessing, creating, and storing information which IT Security must ensure remains secure and compliant. The lack of control and visibility to who is accessing what, when, how and from where introduces a level of risk to critical systems and data which may not be acceptable to the business - and which may ultimately create compliance gaps with corporate security policies and regulatory mandates. Additionally, youcan’t deal with cloud or social identity or mobility or BYOD or any of the other pieces independently, they all intimately tied together. Because when business users want to access a cloud service – now more than ever, they want to access it from their smart phone and their tablet device, neither of which the organization owns, over which you have little control and vice versa, the information you’re being required to feed into those devices are from your own corporate network ---so these things are all essentially tied together as part of this growing decentralization of IT,---increasing complexity on the business and you’ve got to deal with all of them at once, making security efforts a lot more challenging ……because as we all know complexity is the enemy of security.Other things that pour gasoline on to the burning flame of problems with cloud security is BYO whatever – bringing your own device, bringing your own cloud, bringing your own applications and social identity, these things really start to take hold  Again the above mentioned complexity to become even more of a problem, even more complex, even more of a challenge and I think partly, it’s because you can’t sort of deal with cloud or social identity or mobility or byod or any of the other pieces independently, they all so intimately tied together that you must deal with the implications of, well, my business users want to access a cloud service and surprisingly, they want to access it from their smart phone and their tablet device, neither of which my organization owns, over which I have little control and vice versa the information I’m being required to feed into those devices are from my own corporate network so these things are all essentially tied together as part of this growing decentralization of IT, growing impacts of complexity on the business and you’ve got to deal with all of them at once and again, it makes things a lot more complex ……
  9. http://www.videoamusement.com/whac-a-mole.php….and you start to get the sense of more and more, this idea I’m really starting to play security ‘whack a mole’ with the integration of all these pieces and the proliferation of cloud services and everybody goes out and signs up for ‘stuff’ is really driving at almost a frantic pace within the security and risk management organization as they desparately try to get their arms around who’s doing what, where with what information so that as cloud usage proliferates across the business and as I’m required to tie them together in increasingly complex ways and worse, I’m now having to tie together two or three different cloud service to meet the needs of a business user -- not really sure where the data is going to reside is important and that’s especially important if those services are moved out into a 3rd party cloud infrastructure  I’m running around from place to place whacking security risks on the head and trying to keep the wheels on as the business moves forward and I think we’re reaching that point where I’m actually past the point where the approaches we’re trying to take are simply not scaling . we are fundamentally as organizations as people trying to enable cloud services, -----
  10. IT at the Crossroads (will you choose Irrelevance or Significance?)With development of Shadow IT, data, systems, and services are moving outside the control of centralized IT departments. IT still has the liability and responsibility to be secure, compliant, and to govern the business while still delivering business services at the right time, to the right user, in the right place. Controlling Access to Cloud Services and Data…since SaaS is purchased directly by the business, there is a tendency for users to sign up directly, rather than through IT controlsIncreased Risk in Mixed Environments…mixing high and low value workloads on the same hardware introduces risk that a breach to one can cascade to othersCompliance in the Cloud…compliance doesn’t stop at the firewall. Organizations lack controls and cannot effectively certify and report on cloud services, to meet compliance standards
  11. ….And I’m going to give you a quick classic example of how fast that’s happening. I’m going to use drop box – and not because I think there’s any problem with drop box, actually I think drop box is a great service, in fact I’ll prove to you drop box is a great service because they just recently announced they have 100M signed up users right now - and if you look at the installation screen for drop box, you know that’ s not an installation screen aimed at your IT organization, that’s an installation screen aimed at your end users, at home users, and at people that  Within your business, not to say that drop box is inherently a security problem, but its absolutely a poster child for the consumerization of cloud services that happen under the radar of the IT and security organizations and it’s happening really fast – if you look at their figures 11 and a half thousand, more than 11 and a half thousand files are being stored on drop box every second of every day – they get a billion files a day saved on drop box and I guarantee those are not just a billion files of peoples holiday snapshots, right,--there is business data being moved into drop box to be shared with other business users and it’s happening all the time.-----
  12. IT at the Crossroads (will you choose Irrelevance or Significance?)
  13. Can add some Verizon Report stats from 2012 here.An example of aHow do I know what’s going on in the cloud? How do I find out where my data is? How do I know who has access to it within the cloud service provider itself? How do I know what they’re doing to keep their systems secure and equally important, how do I know who they’re doing business with when they’re processing my information? So visibility is a key challenge. data breach, etc.
  14. An approach is needed that helps IT teams gain visibility and control of their sensitive data and systems wherever it resides, enabling them to effectively mitigate organizational risks associated with the impact or occurrence of threats that are introduced by these disruptive technologies, while ensuring that business, security, and compliance objectives are achieved. Effective solutions should deliver greater context for security and risk data, enabling security teams to respond rapidly and effectively to the greatest organizational threats. This context must include a combination of information about the system, the event, and the user involved, in order to view the security significance of the event and risk associated with it. Security event data generated by these solutions should be enriched with context about user identity, data, applications, assets, threats and vulnerabilities to help teams discern true threats from “noise.” The data must be presented in an easy-to-consume manner, delivering the timely and effective decision support security teams must have if they are to respond rapidly to threats.
  15. How can organizations overcome transform the challenges presented by these disruptive trends into opportunities that define a better way to manage security processes? Is it one that enables the business to achieve its objectives in a way that is faster, more agile, and ultimately more secure?
  16. http://www.istockphoto.com/stock-photo-19747710-risk-and-scissors-clipping-path-included.php?st=1c6be61Step 1: Make IT risk mitigation an imperativeHere are a few simple steps to get you on the path to a lower risk IT environment: 1.      Define the Risk:  When security organizations work early on in a project with key business stakeholders to identify those threats that pose the most risk to the enterprise, they can ensure scarce IT resources are used to maximum effect by focusing efforts on only those assets that are at most risk.  2.      Implement the Basics: Once the critical assets and risk thresholds have been identified, security teams can implement a security program that helps put security best practices in place. Research shows that a lack of basic security controls, such as weak passwords or server misconfigurations, is at the root of countless data breaches.  By selectively deploying solutions that help implement security best practices, security teams can get more “bang for their buck.”3.      Keep Risk at Desired Thresholds:  Once in place, security best practices and controls must be kept in place in order to keep organizational risks low.  Scheduled compliance assessments and risk reporting, along with automation of workflows, can go a long ways towards helping teams achieve and maintain a state of “continuous security and compliance.”  
  17. Strive for a lower risk IT environment Security teams that are, first and foremost, focused on minimizing organizational risk can achieve better business outcomes by ensuring good security practices are continuously in place.Staying focused on risk mitigation can be tough, especially when you are tasked with achieving and maintaining alignment with key business objectives, while balancing the demands of users who want instant access to their data, applications, and services from anywhere in the world. The first step to proactive risk management is to get a seat at the table. When you work proactively with the business to identify critical assets and risk thresholds, you are effectively able to direct resources towards addressing those threats that pose the most risk to the organization. This approach, rather than “one-size-fits-all”, enables efficient use of IT resources and helps you act in alignment with the business to mitigate security and compliance risks of sensitive data and systems.Once the critical assets and risk thresholds have been identified, security teams should implement a program that helps put security best practices in place. Research shows that a lack of basic security controls, such as weak passwords or server misconfigurations, is at the root of countless data breaches.
  18. http://i.istockimg.com/file_thumbview_approve/20503296/2/stock-illustration-20503296-locks-black-amp-white-icon-set.jpgStep 2: Layer on securityOnce the basics are in place, security teams can effectively protect critical data and meet organizational compliance requirements by adopting a data-centric approach to threat defense. To protect even the most complex IT environments, security teams should first deploy basic security solutions to reduce their risk of a data breach and meet compliance gaps. This will help lay a solid foundation of security best practices to build upon.
  19. Protect your data with layers of security Once the basics are in place, security teams can effectively protect critical data and meet organizational compliance requirements by adopting a data-centric approach to threat defense. BYOD, cloud, mobility and other major technology trends offer increased flexibility, lower costs, and improved productivity. However, as data, systems and services move outside of the control of central IT, organizations expose themselves to serious security and compliance challenges. Rather than focus protection on a perimeter that now extends well beyond traditional borders, security teams need to target proven security controls at the data itself—wherever it may reside. Data-centric approaches to threat defense, the classic examples being encryption and tokenization, are  among the most effective ways to protect critical data and meet compliance objectives. Security teams should extend the data-centric approach to the sensitive systems and users that regularly access and interact with critical data. When teams surround these systems and users with layers of security defense solutions that deliver visibility and control of the IT environment, they enable themselves to respond rapidly and effectively to potential threats. Examples of data-centric security solutions that focus on sensitive systems and users are those that monitor privileged user activity for unusual behavior or unauthorized access to sensitive files, or that monitor security events and changes in real time to detect accidental or malicious variations to sensitive files and systems. Effective solutions should deliver greater context for security and risk data, enabling security teams to respond rapidly and effectively to the greatest organizational threats. This context must include a combination of information about the system, the event, and the user involved, in order to view the security significance of the event and risk associated with it. Security event data generated by these solutions should be enriched with context about user identity, data, applications, assets, threats and vulnerabilities to help teams discern true threats from “noise.” The data must be presented in an easy-to-consume manner, delivering the timely and effective decision support security teams must have if they are to respond rapidly to threats.By adopting the data-centric approach, security teams can increase their effectiveness at detecting and mitigating risk to sensitive data and systems in a proactive manner, deliver secure business services and applications, and achieve compliance with necessary regulations and policies. This approach enables teams to reliably achieve security, compliance, and business objectives - even when the IT environment is becoming increasingly complex with the adoption of disruptive technologies.
  20. http://www.istockphoto.com/stock-photo-19426351-database-archive.php?st=9987216
  21. http://ioutdoor.com/air-ground/a-real-florida-cattle-drive/Ensure continuous security and complianceKeep the foundational security processes in place using scheduled, automated compliance assessment and reportingAutomation helps to augment the resources of IT staffs and helps to ensure that security controls and assessment scale reliably and seamlessly across your IT environment of today…and tomorrow.Choose solutions that deliver out of box security intelligence and content.Security is the goal; compliance is the “by-product” of good security practices.Ensure greater visibility of risk for executive stakeholders to enable them to make better business-risk decisions both now and in the long term.
  22. http://www.istockphoto.com/stock-photo-20088269-woman-standing-on-top-of-a-mountain-raising-her-arms.php?st=f249c0a…And what what you can do then is, it become much more straight forward to get it right now within your business and extend what’s right out into the cloud as you need to do so. 
  23. …Speaking specifically about what we do as an organization, NetIQ is a large organization focused on identity and security and IT operational details we can help you to identify threats more quickly, have a clearer understanding of the ‘who’ youknow the integration of identity as we talked about, simplify management of access to services, reduce the risk from poor configuration and provide tighter controls over what priviledged users are doing
  24. Free share photohttp://fc00.deviantart.net/fs71/i/2012/102/6/5/fluffy_puffy_clouds_by_mysteriousfantasy-d4vz509.jpg