Trust in the Cloud
Upcoming SlideShare
Loading in...5
×
 

Trust in the Cloud

on

  • 565 views

Trust in the Cloud

Trust in the Cloud

Statistics

Views

Total Views
565
Views on SlideShare
565
Embed Views
0

Actions

Likes
0
Downloads
12
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Trust in the Cloud Trust in the Cloud Presentation Transcript

    • Trust in the Cloud Sam Curry Chief Technical Officer (GTM) RSA, the Security Division of EMC Copyright © 2011 EMC Corporation. All rights reserved.© Copyright 2011 EMC Corporation. All rights reserved. 1
    • Trust in the Cloud: Proof Not Promises Organizations around the world have high hopes for the cloud s ability to transform IT infrastructures, applications, and information management. They truly believe it can revolutionize business. But, before they can trust that the cloud is safe for real business, they need a secure foundation of dynamic controls and trustworthy measurement.© Copyright 2011 EMC Corporation. All rights reserved. 2
    • Challenges for Trust in the Cloud Sustaining Compliance in an environment with numerous and complex requirementsImproving Operational Resource and IT Effectiveness Constraints Acquiring skills, knowledge and expertise Enabling Business growth and evolving eGRC needs © Copyright 2011 EMC Corporation. All rights reserved. 3
    • Increasing Compliance Requirements SOX PCI DSS State, Federal Forecast Regulation & International Calls for Privacy More Mandates Regulation We made it through SOX, then PCI. But I m faced with more and more regulations. We need a more efficient way to manage compliance with multiple regulations and standards. 4© Copyright 2011 EMC Corporation. All rights reserved. 4
    • Negative Consequences of Inadequate GRC Reduced Operational effectiveness with inefficient workflows and processes Higher Potential for failed Implementation audits andLack of consensus costs and solution assessments leading to performance underfunded issues Attrition and initiatives missed deadlines© Copyright 2011 EMC Corporation. All rights reserved. 5
    • Implications of Challenges CISOs need to Security and manage security compliance Missing opportunity for and compliance concerns stall the better than physical across virtual and adoption of security physical IT virtualization © Copyright 2011 EMC Corporation. All rights reserved. 6
    • eGRC Strategy can Help Achieve Consensus Business Process Automation Clear Priorities ROI 7© Copyright 2011 EMC Corporation. All rights reserved. 7
    • Business Impact without eGRC Resources are wasted manually collecting and re-assembling data rather than analyzing the impact of Business is the data on the business Managers struggle assessed multiple Compliance data to prioritizeCompliance times for the same scattered across resources toinitiatives are requirements multiple silos mitigate risks andtackled as deficiencies basedindividual projects on risk exposure.© Copyright 2011 EMC Corporation. All rights reserved. 8
    • Business Outcomes Business Impacts Compliance Policy exceptions reporting is stored go untracked and in spreadsheets pose risk to the Compliance data Managers struggle Compliance and represent one scattered across to prioritize threats business initiatives are point-in-time multiple silos by their potential tackled as impact to the individual projects business. Efficiency Automation Accountability Collaboration Visibility Ask once, Answer Transparency and Threats are Many: Reduction or accountability: identified and elimination of redundant Isolated data is Partnerships and remediation Knowing the consistency assessments transformed into actions are easily status or across business sustainable prioritized and exceptions and silos processes tracked unresolved issues Solution Outcomes9 © Copyright 2011 EMC Corporation. All rights reserved. 9
    • Enabling the Cycle of Risk and Compliance Document Your Control Framework and Identify Risks Consolidate and Prioritize Visualize Deficiencies and Compliance Risks Efforts Remediate Findings and Manage Exceptions 10© Copyright 2011 EMC Corporation. All rights reserved. 10
    • Enabling GRC11 © Copyright 2011 EMC Corporation. All rights reserved. 11
    • The Case for eGRC Strategy Planning Business (Finance & Legal) Laws Regulations Business Optimization eGRC Strategy Planning aligns requirements across organizational Operations functions with different and sometimes Workflow Personnel Procedures Management competing or conflicting priorities IT & Technology Applications Databases Information Infrastructure© Copyright 2011 EMC Corporation. All rights reserved. 12
    • Bringing in the Business Context OPERATIONAL BUSINESS DRIVERS INFRASTRUCTURE Applications Laws Business Domains Information DatabasesRegulations IT Devices Finance Legal BusinessObjectives Operations Workstations Threats Vendors Customers eGRC facilitates the processes, information, technology and people required to recognize context that enables business decisions 13 © Copyright 2011 EMC Corporation. All rights reserved. 13
    • Success Metrics # regulatory Time to # closed Time to Decreasing requirements demonstrate findings prepare risk of met compliance monthly regulatory with new reporting audit fines regulations Where before we managed work in two or three places, with RSA Archer you have one place to manage all of your work. People are completing assessments and mitigating risks, not focusing on administrative tasks. 14© Copyright 2011 EMC Corporation. All rights reserved. 14
    • Achieving TrustRight Information Trusted Infrastructure Right People© Copyright 2011 EMC Corporation. All rights reserved. 15
    • Realizing This Goal Has Become Exponentially Harder Infrastructure Risks Evolves Multiply Access Points Proliferate Information Grows© Copyright 2011 EMC Corporation. All rights reserved. 16
    • The Result? A dangerous void of trust has opened up, standing squarely between organizations and their ability to reap the cloud s well documented benefits.© Copyright 2011 EMC Corporation. All rights reserved. 17
    • What s Needed: Proof Management Auditors Regulators© Copyright 2011 EMC Corporation. All rights reserved. 18
    • Facets of Multi-TenancyTrusted Multi-tenancy model is builton the following six foundationalelements:• Secure separation• Service assurance• Security and compliance• Availability and data protection• Tenant management and control• Service provider management andcontrol© Copyright 2011 EMC Corporation. All rights reserved. 19
    • Solving the Trust Equation© Copyright 2011 EMC Corporation. All rights reserved. 20
    • Inspect and Monitor…© Copyright 2011 EMC Corporation. All rights reserved. 21
    • Using the CSA domains Cloud Architecture Governance and Enterprise Risk Management Cloud Security Alliance s 13 Legal and Electronic Discovery domains of focus for cloud computing Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Assessing Service Provider Data Center Operations Compliance Incident Response, Notification, Remediation Application Security Encryption and Key Management Virtualization Identity and Access Management© Copyright 2011 EMC Corporation. All rights reserved. 22
    • In Fact… The cloud presents opportunities to strengthen information security and streamline compliance beyond anything we ve ever seen before.© Copyright 2011 EMC Corporation. All rights reserved. 23
    • Virtualization Transforms Control & Visibility© Copyright 2011 EMC Corporation. All rights reserved. 24
    • Built-in and AutomatedBest Practices Regulations Policies© Copyright 2011 EMC Corporation. All rights reserved. 25
    • What s Needed Synergy of Power of Proof through expertise virtualization verification Our deep insight We’ve integrated Our services and into the virtual our domain solutions are layer greatly expertise to see enhances the focused on what others don’t visibility and providing proof, see and to create control possible in not promises. new value. the cloud.© Copyright 2011 EMC Corporation. All rights reserved. 26
    • Visibility Across Physical & Virtual Environments Cloud Security Alliance Regulations, standards Questions and Policies Generalized security controls VMware-specific security controls Automated RSA assessment enVision Security Configuration Events State VMware cloud infrastructure Virtualization Ecosystem© Copyright 2011 EMC Corporation. All rights reserved. 27
    • Achieving that Goal Securely Means…© Copyright 2011 EMC Corporation. All rights reserved. 28
    • Delivered Within an Ecosystem of Trust Security & Compliance Identities Infrastructure Information© Copyright 2011 EMC Corporation. All rights reserved. 29
    • © Copyright 2011 EMC Corporation. All rights reserved. 30
    • THANK YOU© Copyright 2011 EMC Corporation. All rights reserved. 31