www.hitachiconsulting.com      A Cloud Framework for Integrated      Security, Governance, Compliance,      Content and Se...
Topics for Today’s Session Review Cloud Security Risks Cloud Framework Overview Focus on Security Summary & Q&A       ...
Integrated Cloud Framework - Security, Governance, Compliance,Content ,Application & Service Management  Our framework pr...
What are the top 3 greatest risks of moving to a cloud?  The right answer depends on the type of business and what is mos...
What are the top 3 greatest risks of moving to a cloud?  Confidentiality   Preventing   sensitive information from being...
What are the top 3 greatest risks of moving to a cloud?  Integrity   Trustworthiness of information resources   Modifyi...
What are the top 3 greatest risks of moving to a cloud?  Availability   Ensures  systems operate as required   And auth...
Cloud Security Risks        Misuse of cloud computing                                        Account / service hijacking  ...
How to mitigate the risks of moving to the cloud?   To reduce your risks…     Risk must first be understood and calculat...
Integrated Cloud Framework - Security, Governance, Compliance & Content & Application Management Helps Organizations Leve...
Integrated Cloud Framework - Security, Governance, Compliance,Content ,Application & Service Management                   ...
Cloud Framework – Platform & Hosting Environment                     Cloud Platform & Hosting Environment                 ...
Cloud Framework – Content Management Services                             Content Management Services           Service De...
Cloud Framework - Security Services                                          Security Services   Single Sign On (SSO) Iden...
Cloud Framework – Program Governance Framework                           Program Governance Framework   Governance Policy ...
Cloud Framework – Content Mgmt, Security, Governance Dashboard Portal                   Content Management, Security, Gove...
Summary & Reccomendations  Understand that security in the cloud must be managed  Implement a policy that calculates and...
Contact us to Learn More about our Cloud Solutions Today                  Chad M. Lawler, Ph.D.                  Director ...
© Copyright 2012 Hitachi Consulting
Upcoming SlideShare
Loading in …5
×

Integrated Cloud Framework: Security, Governance, Compliance, Content Application, and Service Management - Gartner Symposium ITXPO 2011

2,003 views
1,702 views

Published on

Integrated Cloud Framework: Security, Governance, Compliance, Content Application, and Service Management - Gartner Symposium ITXPO, October 25, 2011, Author Chad M. Lawler, Ph.D., Director, Consulting Services, Cloud Computing, U.S. Strategic Technology Solutions, Hitachi Consulting

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,003
On SlideShare
0
From Embeds
0
Number of Embeds
25
Actions
Shares
0
Downloads
128
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Integrated Cloud Framework: Security, Governance, Compliance, Content Application, and Service Management - Gartner Symposium ITXPO 2011

  1. 1. www.hitachiconsulting.com A Cloud Framework for Integrated Security, Governance, Compliance, Content and Service ManagementGartner Symposium ITXPO, October 25, 2011 Chad M. Lawler, Ph.D.http://www.gartner.com/technology/symposium/orlando/ Director of Consulting Services, Cloud Computing chad.lawler@hitachiconsulting.com © 2012 Hitachi Consulting Corporation Proprietary & Confidential, All Rights Reserved www.hitachiconsulting.com/cloud © Copyright 2012 Hitachi Consulting
  2. 2. Topics for Today’s Session Review Cloud Security Risks Cloud Framework Overview Focus on Security Summary & Q&A © Copyright 2012 Hitachi Consulting
  3. 3. Integrated Cloud Framework - Security, Governance, Compliance,Content ,Application & Service Management  Our framework provides businesses with a streamlined capability to rapidly, and securely transition application and services to the cloud.  Our cloud framework helps organizations plan for appropriate cloud application deployment  Includes the necessary services for deploying well-managed applications in the cloud.  This framework provides for integrated governance policies  Provides a well-managed cloud environment that is compliant with internal policies and external requirements  With security services to protect from both vulnerabilities and intrusions  Services that protect against loss or compromise of sensitive data.  The framework provides for integrated content management and has automated capabilities for appropriate cloud platform selection, content migration and application importing. © Copyright 2012 Hitachi Consulting 2
  4. 4. What are the top 3 greatest risks of moving to a cloud?  The right answer depends on the type of business and what is most critical  Businesses must evaluate applications  Determine appropriate use in the cloud  Consider the Pillars of IT security (CIA):  Confidentiality  Integrity  Availability © Copyright 2012 Hitachi Consulting
  5. 5. What are the top 3 greatest risks of moving to a cloud? Confidentiality Preventing sensitive information from being disclosed to unauthorized recipients Limiting information access and disclosure to authorized users Risk - Private Data Exposure Riskof potential data or private information leakage Can threaten your customer data As well as your business services on operations © Copyright 2012 Hitachi Consulting
  6. 6. What are the top 3 greatest risks of moving to a cloud? Integrity Trustworthiness of information resources Modifying information resources only in a specified and authorized manner Ensuring data remains consistent and changes to data are authorized by appropriate personnel Risk - Data Tampering Risk of potential manipulation or altering of critical data Can lead to making business decisions based on invalid information © Copyright 2012 Hitachi Consulting
  7. 7. What are the top 3 greatest risks of moving to a cloud? Availability Ensures systems operate as required And authorized users are not denied service Allowing systems to be available whenever needed Risk - Business Continuity Risk of potential interruption to or compromise of your service operations Service outage, security attack or compromise that may lead to data loss Operations are interrupted or your data is compromised © Copyright 2012 Hitachi Consulting
  8. 8. Cloud Security Risks Misuse of cloud computing Account / service hijacking resources Remote facilities / Security Secure Interfaces and APIs Perimeter Risks associated with Securing personal identification multi-tenancy information (PII) Risk of data loss and leakage IP Collateral management © Copyright 2012 Hitachi Consulting
  9. 9. How to mitigate the risks of moving to the cloud?  To reduce your risks…  Risk must first be understood and calculated  Understand residual risk that you can influence  Develop a standardized cloud risk decision process  Help decide which applications are most appropriate  Leverage cloud application assessment process to define requirements  Understand and quantify your risk  Implement a policy that calculates and quantifies cloud application risk  Includes criteria for:  Application Risk Tolerance  Application Security Fit  Data Protection & SLA Requirements  Business to Business Policies  Confidentiality Risk - Private Data Exposure  Integrity Risk - Data Tampering  Availability Risk - Business Continuity © Copyright 2012 Hitachi Consulting
  10. 10. Integrated Cloud Framework - Security, Governance, Compliance & Content & Application Management Helps Organizations Leverage the Cloud in a Secure Fashion  Understand cloud application security risk and key areas of consideration  Evaluates and helps define application and data security requirements  Enables appropriate planning for cloud security, content and governance  Serves as a comprehensive guide to reduce cloud adoption risks Integrated Cloud Framework: A Roadmap to the Cloud  Security  to protect against vulnerabilities, intrusions & compromise of sensitive data  Governance & Compliance  for an environment compliant with policies and requirements  Content Management  for control of cloud information  Application Development & Migration  development, transition and re-platform of enterprise applications Provides streamlined capability to rapidly & securely transition to the cloud © Copyright 2012 Hitachi Consulting 9
  11. 11. Integrated Cloud Framework - Security, Governance, Compliance,Content ,Application & Service Management Cloud Framework for Integrated Security, Governance, Compliance, Content & Service ManagementConsulting Services Program Governance Framework Content Management, Security, Governance Dashboard Portal Strategic Cloud Advisory Governance Policy Cloud Governance, Certification & Compliance Workflow-Checklist, Certification & Approval Services Central Cloud Platform Management Console Enforcement Policy Interface Cloud Readiness Assessment Master Security Policy & Services Security Privacy Hosting Continuous Audit Program Interface Site Compliance Reporting Dashboard Interface Exceptions Infrastructure, Transition & Vulnerability Scanning, Monitoring, & PII Risk Impact Monitoring Metering, Billing & Charge-Back Interface Migration Services Criteria Criteria Cloud App Risk Reporting Interface Cloud Security & Governance Data Class Hosting Services Legal Audit Excellence Secure Cloud Environment Incident Reporting Role & Access Administration Interface Criteria Criteria Cloud Starter Kit Privacy Marketing Corporate RACI FIT Site Requirements, Content Publication Priority & Criteria Criteria Performance SLA Interface ITIL Service Management Cloud Template Interface Security Standards - NIST, Client Standards & Best Practices - Governance Policy, Portal & Training Feedback Collection Interface PCI,CSA,TwC, HIPAA,GLBA,Vendor Procurement, Security, Marketing/CMG, Privacy Documentation Interface Cloud Security, Content & Application ServicesApplication Services Security Services Content Management Services Single Sign On (SSO) Identity Management Vulnerability Scanning, Monitoring, & PII Service Desk Integration Cloud Assessment Content Data Classification & Authentication Detection Engine (Communication, Collaboration, Reporting) SIEM with Root Cause Analysis & Risk Content Compatibility & Compliance Decision Cloud Architecture & Design PKI & Certificate Management System Change Management Integration Assessment Engine Cloud Application Site Requirements, Publication Priority & Cloud Patch & Log Management System Continuous Auditing Program Engine Content Conversion & Standardization Development Template Launch Engine IPS/IDS Event Management & Data Loss Secure Cloud to Cloud & Cloud to Cloud Application Delivery Feedback Collection Compliant Content Migration Process Prevention Systems Datacenter VPN Connectivity Managed Cloud Service AntiVirus & AntiMalware System Secure Cloud Platform Content Migration Performance SLA Engine Non-Compliant Content Migration Process Deep Code-Level Security Vulnerability Workflow-Checklist & Approval Engine Cloud Platform Selection Automation Virtualized Application Automated Migration Review Cloud Platform & Hosting Environment System OS Patch AntiVirus Data Loss Single Sign On Cloud Applications Management Management AntiMalware Prevention (SSO) Identity Metering, Billing Backup & Log IPS/IDS Event Management, & Charge Back OS Web Server Database Middleware Content Secure VPN Restore Management Management Authentication Cloud Platform & Infrastructure © Copyright 2012 Hitachi Consulting 10
  12. 12. Cloud Framework – Platform & Hosting Environment Cloud Platform & Hosting Environment Cloud Applications OS Web Server Database Middleware Content System OS Patch AntiVirus Data Loss Single Sign On Management Management AntiMalware Prevention (SSO) Identity Metering, Billing & Backup & IPS/IDS Event Management, Charge Back Log Management Secure VPN Restore Management Authentication Cloud Platform & Infrastructure © Copyright 2012 Hitachi Consulting
  13. 13. Cloud Framework – Content Management Services Content Management Services Service Desk Integration Content Data Classification (Communication, Collaboration, Reporting) Content Compatibility & Compliance Decision Change Management Integration Engine Site Requirements, Publication Priority & Cloud Content Conversion & Standardization Template Launch Engine Feedback Collection Compliant Content Migration Process Performance SLA Engine Non-Compliant Content Migration Process Cloud Platform Selection Automation Virtualized Application Automated Migration © Copyright 2012 Hitachi Consulting
  14. 14. Cloud Framework - Security Services Security Services Single Sign On (SSO) Identity Management & Vulnerability Scanning, Monitoring, & PII Detection Authentication Engine PKI & Certificate Management System SIEM with Root Cause Analysis & Risk Assessment Patch & Log Management System Continuous Auditing Program Engine IPS/IDS Event Management & Data Loss Prevention Secure Cloud to Cloud & Cloud to Datacenter VPN Systems Connectivity Data Encryption & Secure Cloud Platform Content AntiVirus & AntiMalware System Migration Workflow-Checklist & Approval Engine Deep Code-Level Security Vulnerability Review © Copyright 2012 Hitachi Consulting
  15. 15. Cloud Framework – Program Governance Framework Program Governance Framework Governance Policy Enforcement Cloud Governance, Certification & Compliance Policy Master Security Policy & Exceptions Security Privacy Hosting Risk Impact Monitoring Cloud App Risk Criteria Criteria Data Class Hosting Criteria Legal Audit Excellence Criteria Privacy Criteria Other Criteria Corporate RACI IT Security Standards - NIST, Client Standards & Best Practices - PCI,CSA,TwC, HIPAA,GLBA,Vendor Procurement, Security, Organization, Privacy © Copyright 2012 Hitachi Consulting
  16. 16. Cloud Framework – Content Mgmt, Security, Governance Dashboard Portal Content Management, Security, Governance Dashboard Portal Workflow-Checklist, Certification & Approval Central Cloud Platform Management Console Interface Continuous Audit Program Interface Site Compliance Reporting Dashboard Interface Vulnerability Scanning, Monitoring, & PII Reporting Metering, Billing & Charge-Back Interface Interface Secure Cloud Environment Incident Reporting Role & Access Administration Interface Site Requirements, Content Publication Priority & Cloud Performance SLA Interface Template Interface Governance Policy, Portal & Training Feedback Collection Interface Documentation Interface © Copyright 2012 Hitachi Consulting
  17. 17. Summary & Reccomendations  Understand that security in the cloud must be managed  Implement a policy that calculates and quantifies cloud application risk  Evaluate application and data security requirements  Plan and budget for implementing security services  Leverage a framework which covers all the key areas  Implement and adhere to the framework as a roadmap guide to reduce cloud adoption risks © Copyright 2012 Hitachi Consulting
  18. 18. Contact us to Learn More about our Cloud Solutions Today Chad M. Lawler, Ph.D. Director of Consulting Services Cloud Computing 14643 Dallas Parkway, Suite 800, Dallas, Texas 75254 Office: 469.221.2894 Email: chad.lawler@hitachiconsulting.com www.hitachiconsulting.com www.cardcloud.com/chadlawler Sign up for a free trial to explore our Cloud Ecosystem Management Platform. Learn More About the Benefits of Hitachi Consulting Cloud Services at www.hitachiconsulting.com/cloud © Copyright 2012 Hitachi Consulting
  19. 19. © Copyright 2012 Hitachi Consulting

×