Cloud gateways for regulatory compliance
Upcoming SlideShare
Loading in...5
×
 

Cloud gateways for regulatory compliance

on

  • 103 views

Consumers have no control over security once data is inside the public cloud. Completely reliant on provider for application and storage security. A private cloud gives a single Cloud Consumers ...

Consumers have no control over security once data is inside the public cloud. Completely reliant on provider for application and storage security. A private cloud gives a single Cloud Consumers organization the exclusive access to and usage of the infrastructure and computational resources. But Consumer has limited capability to manage security within outsourced IaaS private cloud.
a cloud service mapping can be compared against a catalogue of security controls to determine which controls exist and which do not — as provided by the consumer, the cloud service provider, or a third party. This can in turn be compared to a compliance framework or set of requirements such as PCI DSS. The PCI guidance is defining how Cloud security is a shared responsibility between the cloud service provider (CSP) and its clients. If payment card data is stored, processed or transmitted in a cloud environment, PCI DSS will apply to that environment, and will typically involve validation of both the CSP’s infrastructure and the client’s usage of that environment. Gartner studied Cloud Gateways and came up with the definition of six different types. A Public Cloud Gateways. Provides isolation for the sensitive data from the Public Cloud and the security control stays within your organization. A Cloud Gateway can Protect any data sent or received via HTTP or FTP through enterprise, remote, or mobile channels and Securely integrate enterprise data into cloud applications, emailed reports, and process analytics on protected data from remote requests. You control all security functions from inside your enterprise – vital for compliance with many regulations and laws. You can Protect Data with Tokenization or Encryption. This solution enforces fine grained, field-level data protection with Vaultless Tokenization or encryption, and comprehensive activity monitoring. It should support Multiple Deployment Options with a flexible gateway architecture that allows you to easily deploy the Cloud Gateway on physical or virtual servers, to protect data in public, private, or hybrid cloud environments. It should offer protection by column, field, or even by character without any back-end system modifications or loss in functionality. Files should also be fully encrypted or tokenized.

Statistics

Views

Total Views
103
Views on SlideShare
102
Embed Views
1

Actions

Likes
0
Downloads
3
Comments
0

1 Embed 1

https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Cloud gateways for regulatory compliance Cloud gateways for regulatory compliance Presentation Transcript

  • Cloud Gateways for Regulatory ComplianceCloud Gateways for Regulatory Compliance Ulf Mattsson CTO, Protegrity Ulf.Mattsson@protegrity.com
  • Public Cloud – No Control 2 Consumers have no control over security once data is inside the public cloud. Completely reliant on provider for application and storage security.
  • Private Cloud – Limited Control Outsourced Private Cloud Consumer has limited capability to manage security within outsourced 3 On-site Private Cloud within outsourced IaaS private cloud.
  • Mapping the Cloud Model to Security Control & Compliance ApplicationsApplicationsApplicationsApplications DataDataDataData 4
  • 5
  • Cloud Encryption Gateways • SaaS encryption Cloud Security Gateways • Policy enforcement Cloud Access Security Brokers (CASBs) Cloud Gateways – Enterprise Control Cloud Access Security Brokers (CASBs) Cloud Services Brokerage (CSB) Secure Email Gateways Secure Web gateway 6
  • Public Cloud Gateway Example Gateway Appliance 7
  • Cloud Gateway Example – Public Cloud Cloud Gateway 08
  • High-Performance Gateway Architecture Enterprise-extensible platform Tokenization and encryption Enterprise-grade key management Flexible policy controls Example of Cloud Security Gateway Features Flexible policy controls • File or Field Security • Advanced function & usability preservation Comprehensive activity monitoring & reporting Support for internal, remote & mobile users Multiple deployment options 9
  • Corporate Network Security Gateway Deployment – Example Backend System Cloud Gateway External Service 010 Enterprise Security Administrator Security Officer
  • Enterprise Data Security Policy What is the sensitive data that needs to be protected. How you want to protect and present sensitive data. There are several methods for protecting sensitive data. Encryption, tokenization, monitoring, etc. Who should have access to sensitive data and who should not. Security access control. Roles & Users What Who How 11 When should sensitive data access be granted to those who have access. Day of week, time of day. Where is the sensitive data stored? This will be where the policy is enforced. Audit authorized or un-authorized access to sensitive data. When Where Audit
  • Centralized Policy Management - Example Application RDBMS MPP Audit Log Audit Log Audit Log Enterprise Security Administrator PolicyPolicyPolicyPolicyPolicyPolicyPolicyPolicyPolicy Cloud Security Officer Audit Log Audit Log Audit Log 12 File Servers Big Data Gateway Servers HP NonStop Base24 IBM Mainframe Protector Audit Log Audit Log Audit Log Audit Log Protection Servers Audit Log Audit Log