The document discusses access assurance in the cloud. It defines the cloud as a network of servers hosting information away from physical devices. Cloud computing provides IT services and data storage over the internet. While the cloud increases flexibility and scalability, it also increases risks around access control and regulatory compliance if not managed properly. The document argues that access assurance is critical in the cloud to ensure the right people have the right access to resources, maintain compliance, and manage risks around sensitive data, administrative privileges, and privacy. It presents Courion's access assurance suite as a way to achieve transparency, policy definition, and access certification across cloud environments and applications.
#MFSummit2016 Secure: Introduction to identity, access and securityMicro Focus
Understanding and managing identity is behind effective Information security. It enables control of internal and external threats. Our solutions can help you understand and better manage these threats. Find out how. Presenter: Dave Mount, UK Solutions Consulting Director
Introduction
Survey Risk Assessment for Cloud Computing
Assessing the Security Risks of Cloud Computing
Security and Privacy Challenges in Cloud Computing
Conclusion
2010 07 BSidesLV Mobilizing The PCI Resistance 1cGene Kim
Properly Mobilizing the PCI Resistance: Lessons Learned From Fighting Prior Wars (SOX-404)"
I have noticed that there is a growing wave of discontent and disenchantment from information security and compliance practitioners around the PCI DSS. Josh Corman has been an effective voice for these concerns, providing an intellectually honest and earnest analysis in his talk “Is PCI The No Child Left Behind Act For Infosec?”
The problem are well-known and significant: too much ambiguity in the PCI DSS, Qualified Security Assessors (QSAs) and consultant using subjective interpretations, existing guidance either too prescriptive or too vague, scope missing critical systems that could risk cardholder data, overly broad scope and excessive testing costs, excessive subjectivity and inconsistency, poor use of scarce resources, no meaningful reduction in risk of data breaches, and so forth.
For years, I have been studying the PCI DSS compliance problem, as well. I have noticed many similarities to the PCI compliance challenges and the “SOX-404 Is The Biggest IT Time Waster” wars in 2005. I was part of the leadership team at the Institute of Internal Auditors (IIA) where we did something about the it. We identified inability to accurately scope the IT portions of SOX-404 as the root cause of the billions of dollars of wasted time and effort, while not reducing the risk of financial misstatements.
I propose to present the two-year success story of the IIA GAIT project and how we changed the state of the IT audit practice in support of SOX-404 financial reporting audits. We defined the four GAIT Principles, which could be used to correctly scope the IT portions of SOX-404. We mobilized over 100K internal auditors, the SEC and PCAOB regulatory and enforcement bodies, as well as the external auditors from the 8 big CPA firms (e.g, Big Four and other firms doing SOX advisory work). In short, we made a difference, in a highly political process that involved many constituencies.
I am attempting to do something similar with the PCI Security Standards Council, through my work as part one of the leaders of the PCI Scoping SIG (Special Interest Group). My personal goal is to find a “third way” to better enable correct scoping of the PCI Cardholder Data Environment, and create a risk-based approach of substantiating the effective controls to ensure that cardholder data breaches can be prevented, and quickly detected and corrected when they do occur.
My desired outcome is to find fellow travelers who also see the pile of dead bodies in PCI compliance efforts, and work with those practitioners to catalyze a similar movement to achieve the spirit and intent of PCI DSS.
UNIFIED MESSAGE ARCHIVING – WHY IT IS IMPORTANTMicro Focus
Micro Focus Retain provides unified archiving of all
business communication, including email, social media,
and mobile communication data for case assessment,
search, and eDiscovery.
Use it in house or in the Cloud. So what does that
mean to you, and why do you need it? Check out the charts
and find out for yourself.
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
Presented at Orang Siber Indonesia webinar.
11 July 2020
Topic: Data Protection: Basic Regulation and Technical Aspects
This presentation covers:
> Indonesia Data Protection Bill
> Data Masking
> Identity & Access Management
> Data Loss Prevention
Join us (for Indonesian):
t.me/orangsiber
t.me/dataprotectionid
#MFSummit2016 Secure: Introduction to identity, access and securityMicro Focus
Understanding and managing identity is behind effective Information security. It enables control of internal and external threats. Our solutions can help you understand and better manage these threats. Find out how. Presenter: Dave Mount, UK Solutions Consulting Director
Introduction
Survey Risk Assessment for Cloud Computing
Assessing the Security Risks of Cloud Computing
Security and Privacy Challenges in Cloud Computing
Conclusion
2010 07 BSidesLV Mobilizing The PCI Resistance 1cGene Kim
Properly Mobilizing the PCI Resistance: Lessons Learned From Fighting Prior Wars (SOX-404)"
I have noticed that there is a growing wave of discontent and disenchantment from information security and compliance practitioners around the PCI DSS. Josh Corman has been an effective voice for these concerns, providing an intellectually honest and earnest analysis in his talk “Is PCI The No Child Left Behind Act For Infosec?”
The problem are well-known and significant: too much ambiguity in the PCI DSS, Qualified Security Assessors (QSAs) and consultant using subjective interpretations, existing guidance either too prescriptive or too vague, scope missing critical systems that could risk cardholder data, overly broad scope and excessive testing costs, excessive subjectivity and inconsistency, poor use of scarce resources, no meaningful reduction in risk of data breaches, and so forth.
For years, I have been studying the PCI DSS compliance problem, as well. I have noticed many similarities to the PCI compliance challenges and the “SOX-404 Is The Biggest IT Time Waster” wars in 2005. I was part of the leadership team at the Institute of Internal Auditors (IIA) where we did something about the it. We identified inability to accurately scope the IT portions of SOX-404 as the root cause of the billions of dollars of wasted time and effort, while not reducing the risk of financial misstatements.
I propose to present the two-year success story of the IIA GAIT project and how we changed the state of the IT audit practice in support of SOX-404 financial reporting audits. We defined the four GAIT Principles, which could be used to correctly scope the IT portions of SOX-404. We mobilized over 100K internal auditors, the SEC and PCAOB regulatory and enforcement bodies, as well as the external auditors from the 8 big CPA firms (e.g, Big Four and other firms doing SOX advisory work). In short, we made a difference, in a highly political process that involved many constituencies.
I am attempting to do something similar with the PCI Security Standards Council, through my work as part one of the leaders of the PCI Scoping SIG (Special Interest Group). My personal goal is to find a “third way” to better enable correct scoping of the PCI Cardholder Data Environment, and create a risk-based approach of substantiating the effective controls to ensure that cardholder data breaches can be prevented, and quickly detected and corrected when they do occur.
My desired outcome is to find fellow travelers who also see the pile of dead bodies in PCI compliance efforts, and work with those practitioners to catalyze a similar movement to achieve the spirit and intent of PCI DSS.
UNIFIED MESSAGE ARCHIVING – WHY IT IS IMPORTANTMicro Focus
Micro Focus Retain provides unified archiving of all
business communication, including email, social media,
and mobile communication data for case assessment,
search, and eDiscovery.
Use it in house or in the Cloud. So what does that
mean to you, and why do you need it? Check out the charts
and find out for yourself.
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
Presented at Orang Siber Indonesia webinar.
11 July 2020
Topic: Data Protection: Basic Regulation and Technical Aspects
This presentation covers:
> Indonesia Data Protection Bill
> Data Masking
> Identity & Access Management
> Data Loss Prevention
Join us (for Indonesian):
t.me/orangsiber
t.me/dataprotectionid
Cloud computing in Australia - Separating hype from realityRussell_Kennedy
The growth of cloud computing in Australia has been exponential and analysts forecast that cloud computing will dominate the Australian IT landscape within the next decade.
It has a reputation for delivering economies of scale, reducing overheads and driving increased efficiencies within organisations. However, the reality is that, like any IT procurement, implementing a cloud computing solution for your business still requires careful planning, effective project management, robust contracts and sound oversight.
Russell Kennedy Lawyers delve into the risks and rewards of adopting Cloud Computing in Australia.
Cloud Email Firewall – Spamina utilizza tecnologie brevettate per analizzare miliardi di email ogni giorno grazie alle quali e’ in grado di individuare e bloccare in tempo reale phishing, cyber attacchi e falle di sicurezza con una efficienza del 99,9%. Utilizzando i nostri servizi di filtraggio le aziende solo email pulite mentre lo spam e’ mantenuto sulla piattaforma online per 28 giorni.
What Data Center Compliance Means for Your BusinessData Foundry
GDPR, SSAE, PCI, HIPAA - You often see these logos on providers' websites, but does it mean your company has no responsibility if you choose a data center provider with these certifications? Not so...
Softchoice - Microsoft Office 365 - Discussing legal concerns and informatio...Softchoice Corporation
While security and legal fears have gone down, they still account for 5% of enterprises not planning a migration to Office 365, according to Gartner.
This is a real shame, because as you know, O365 can drive considerable business productivity, employee engagement and can enable digital workforce greatness.
Moreover, O365 has 70 million commercial active users per month and according to Gartner, controls over 80% of the email share.
Well, have no fear (literally). Our experts have put together an insightful hour to explore, discuss and appease any fears you may have around compliance, security and data control in the Microsoft cloud.
Hosted jointly by Microsoft and Softchoice Office 365 pros, you will learn about:
- Keeping privacy and control of your data on Office 365
- Overcoming legal and compliance concerns
- The advantages of cloud security versus on-premise, and much more
Présentation du 4 Mars 2011 au Comité de Direction l'Entreprise des Postes et Télécommunications au Luxembourg - Sujet: Services Cloud Computing au sein des Filiales du Groupe P&T - Lieu: Luxembourg
California Consumer Protection Act (CCPA) is
one such law that empowers the residents of
California, United States to have enhanced
privacy rights & consumer protection. It is the
most comprehensive US state privacy law to
date.
Brainwave General Manager Cyril Gollain delivers this Solution Showcase session.
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
Realizing the Value of Social: Evolving from Social Media to Customer ExperienceTata Consultancy Services
Attivio provides a unified information access (UIA) platform called the Active Intelligence Engine (AIE), having capabilities of enterprise search and business intelligence (BI) to JOIN related and relevant ‘content’ and ‘data’ with Google-like full text search and analytics with standard SQL.
Is your company prepared over the security and privacy of its data? Check out the 4 recommended aspects that we think deserve a bit more thought. http://bit.ly/1EqKe5P
Cloud computing in Australia - Separating hype from realityRussell_Kennedy
The growth of cloud computing in Australia has been exponential and analysts forecast that cloud computing will dominate the Australian IT landscape within the next decade.
It has a reputation for delivering economies of scale, reducing overheads and driving increased efficiencies within organisations. However, the reality is that, like any IT procurement, implementing a cloud computing solution for your business still requires careful planning, effective project management, robust contracts and sound oversight.
Russell Kennedy Lawyers delve into the risks and rewards of adopting Cloud Computing in Australia.
Cloud Email Firewall – Spamina utilizza tecnologie brevettate per analizzare miliardi di email ogni giorno grazie alle quali e’ in grado di individuare e bloccare in tempo reale phishing, cyber attacchi e falle di sicurezza con una efficienza del 99,9%. Utilizzando i nostri servizi di filtraggio le aziende solo email pulite mentre lo spam e’ mantenuto sulla piattaforma online per 28 giorni.
What Data Center Compliance Means for Your BusinessData Foundry
GDPR, SSAE, PCI, HIPAA - You often see these logos on providers' websites, but does it mean your company has no responsibility if you choose a data center provider with these certifications? Not so...
Softchoice - Microsoft Office 365 - Discussing legal concerns and informatio...Softchoice Corporation
While security and legal fears have gone down, they still account for 5% of enterprises not planning a migration to Office 365, according to Gartner.
This is a real shame, because as you know, O365 can drive considerable business productivity, employee engagement and can enable digital workforce greatness.
Moreover, O365 has 70 million commercial active users per month and according to Gartner, controls over 80% of the email share.
Well, have no fear (literally). Our experts have put together an insightful hour to explore, discuss and appease any fears you may have around compliance, security and data control in the Microsoft cloud.
Hosted jointly by Microsoft and Softchoice Office 365 pros, you will learn about:
- Keeping privacy and control of your data on Office 365
- Overcoming legal and compliance concerns
- The advantages of cloud security versus on-premise, and much more
Présentation du 4 Mars 2011 au Comité de Direction l'Entreprise des Postes et Télécommunications au Luxembourg - Sujet: Services Cloud Computing au sein des Filiales du Groupe P&T - Lieu: Luxembourg
California Consumer Protection Act (CCPA) is
one such law that empowers the residents of
California, United States to have enhanced
privacy rights & consumer protection. It is the
most comprehensive US state privacy law to
date.
Brainwave General Manager Cyril Gollain delivers this Solution Showcase session.
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
Realizing the Value of Social: Evolving from Social Media to Customer ExperienceTata Consultancy Services
Attivio provides a unified information access (UIA) platform called the Active Intelligence Engine (AIE), having capabilities of enterprise search and business intelligence (BI) to JOIN related and relevant ‘content’ and ‘data’ with Google-like full text search and analytics with standard SQL.
Is your company prepared over the security and privacy of its data? Check out the 4 recommended aspects that we think deserve a bit more thought. http://bit.ly/1EqKe5P
Call it the great Data Breach Disconnect. A recent survey of IT security executives revealed the gap between knowing about access risk and an organization’s ability to remediate that risk. For example, 97% of respondents are aware that access risk is created by misused or stolen credentials, but only 29% are confident that their organization is able to detect improper access.
While everyone is worried about their firewall, what they should be worried about are the internal vulnerabilities facing their organization. Learn more about how you can defend against these internal attacks.
How to Audit Firewall, what are the standard Practices for Firewall Auditkeyuradmin
Firewalls continue to secure a countless number of organizations across the world and remain first line of defense against known cyber attacks and network risks. Avalanche of IT-led forces and evolution in threat landscape has brought increased onus on firewalls. On the other side, as enterprises extend their business leveraging internet driven business models and increasingly collaborative networks, embracing cloud and virtual environments, there's a need to understand how this ties with the changing role of security technologies such as a firewall. This webinar explains how a tectonic shift in enterprise networking requires rethinking firewall deployment and management for effective security management.
Spam Detection with a Content-based Random-walk Algorithm (SMUC'2010)Javier Ortega
Presentation of PolaritySpam, a graph-based ranking algorithm intended to demote the spam web pages in the ranking provided by a web search engine.
Cite as:
F. Javier Ortega; Craig Macdonald; José A. Troyano; Fermín L. Cruz. “Spam Detection with a Content-based Random-Walk Algorithm”. Proceedings of the Second International Workshop on Search and Mining User-Generated Contents, International Conference on Information and Knowledge Management. 2010. Toronto, Canadá
8 Tips on Creating a Security Culture in the WorkplaceTripwire
October is National Cyber Security Awareness Month (NCSAM). We asked experts in the field how companies can motivate their workforce to help strengthen their IT security posture. Read the full article on The State of Security here: http://tripwire.me/2d2INVY
Cloud computing security is the set of control-based technologies and policies designed to adhere to regulatory compliance rules and protect information, data applications and infrastructure associated with cloud computing use
Guide to security patterns for cloud systems and data security in aws and azureAbdul Khan
Cloud has many advantages over the traditional on-premise infrastructure; however, this does bring many new concerns around issues of system security, communication security, data security, privacy, latency and availability. When designing and developing Cloud SaaS application, these security issues need to be addressed in order to ensure regulatory compliance, security and trusted environment in AWS and Azure.
The presentation provides real-world cloud security scenarios (problem statements) and proposed solutions for each security design pattern. Also covers the different security aspects of system including, data security to privacy and GDPR related problems.
Cloud computing 10 cloud security advantages and challengesVaibhav Khanna
Cloud security is the protection of data stored online via cloud computing platforms from theft, leakage, and deletion. Methods of providing cloud security include firewalls, penetration testing, obfuscation, tokenization, virtual private networks (VPN), and avoiding public internet connections
Cloud is not an option, but is security?Jody Keyser
A "cloudless" computing environment in your enterprise is not an option, due to the coming wave of the Cloud. Cloud Security is an option of course. Spend an hour with one of the industries top cloud security consultants, Graham Silver.
Webinar / Discussion / Q&A
AGENDA:
- Common understanding of Cloud
- Look at Cloud Computing Trends
- Examine Cloud Security Concerns
- Introduce Cloud Life Cycle
- Cloud Security Assessment
In Cloud, existing vulnerabilities, threats, and associated attacks raise several security concerns. Vulnerabilities in Cloud can be defined as the loopholes in the security architecture of Cloud, which can be exploited by an adversary via sophisticated techniques to gain access to the network and other infrastructure resources. In these slides, we discuss major Cloud specific vulnerabilities, which pose serious threats to Cloud computing.
Cloud Computing the new buzz word.
This presentation was presented by CA Anand Prakash Jangid at a regional conference of The Institute of Chartered Accountants of India at Hyderabad.
With cloud technology, lawyers have greater power to control their work/life balance, cut costs, and deliver better services to their clients.
The catch is that lawyers must now extend their traditional duties of competency and confidentiality into these new tools. But how can they do so in a safe and ethical way?
In this CLE-eligible webinar, you’ll learn:
What is the cloud?
The benefits and risks of cloud technology
Cloud concerns specific to legal professionals
How to select a cloud vendor
Recording: https://landing.clio.com/does-cloud-technology-belong-at-your-law-firm-recording.html
Cloud computing can be safe, uncomplicated and move the organization forward IF YOU DO YOUR DUE DILIGENCE!!
It's your data and your neck so don't be afraid to ask the right questions and get them in writing
Your organisation’s data are now everywhere: on your servers and your desktop PCs; on your employees’ smart phones, tablet computers and laptops; on social networks; and in public clouds. Some of these data require special protection but they also need to be accessed remotely, which makes security a considerable challenge. Can you trust public clouds to keep your data safe and secure? Can you trust your own internal systems? And on what criteria and risk management strategies should you base your trust? -- Dr Mark Ian Williams's presentation at the April 2012 'Why Cloud? Why now?' conference at the headquarters of the Institute of Chartered of Accountants of England Wales.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
2. 2
What is the Cloud?
The cloud is a network of
servers, and each server has a
different function. Some servers
use computing power to run
applications or "deliver a
service.“*
Basically, it’s a network of
servers and computers hosting
your information away from your
physical device.
*From The Beginners Guide to the Cloud: Mashable
“Thunder and lightning
isn’t God being angry,
its just Microsoft and
Google fighting in the
clouds.”
- Anonomyus
3. 3
What is Cloud Computing ?
Noun: the practice of using a network of remote servers hosted on the
Internet to store, manage, and process data, rather than a local server or a
personal computer.
Many different varieties:
• IT computing accessible online
• Available from anywhere
• Virtualization
• Interchangeable services
• On-demand for peak loads and needs
• IaaS, PaaS, SaaS
6. 6
Enabling the Business
If business drivers for cloud
computing are:
• Agility and flexibility
• Performance and scale
• Operational efficiency
• Universal access
Security must be:
• Transparent
• Dynamic
• Flexible
• Operationally Efficient
7. 7
The Business Needs for IAM
Transparent compliance
Sustained efficiencies
Improved business agility
Access Assurance visibility to
LOB
8. 8
Access Assurance for the Cloud
Ensuring the right people have the right access to the right resources
regardless of where those resources are physically located and managed
• Hosted applications
• SaaS applications
• Private clouds
• Public clouds
Providing the basis for:
• Access policy definition
• Preventative controls and enforcement via provisioning
• Access verification of user access to cloud applications
9. 9
Cloud Does Not Change Requirements
Same information
PHI & privacy data
(HIPPA, etc)
Key financial data
(SOX)
Card holder information
(PCI)
Other high risk
(shareholders)
Same IAM requirements
All access must connect to
enterprise identities
Access certification
Separation of duties for
operators and users
Privileged access management
Access management
• Who has access?
• Who has accessed?
12. 12
What Comes with the Cloud?
No more closed and controlled surfaces
• You no longer have direct control or oversight
You are still accountable to the law and shareholders
• You may be subject to new regulations
Vendors will try to lock-in
Level of auditability of their controls
Key is transparency, embedded controls, and agility
13. 13
Risks and Considerations
Disabling network access does not prevent access to key applications and
data
Ensure new users get access quickly and changes are reflected accurately
Management of identity information in the cloud
• Delegation and assurance
Where is sensitive data located and how managed?
Privacy management
Administrative access to sensitive data and users
Compliance and regulatory requirements
Security aspects as part of partner agreements
22. 22
Courion Access Assurance Suite
Secure the Enterprise, don’t slow it down…
Designed for Your Complex Environment
23. 23
The Secret to Making it All Work
A user interface that business users understand
Ability to gather information from numerous sources
Information that is actionable for remediation
Fast, reliable, scalable implementation
Breadth of capability to reach to variety of systems and resources
• Off-premise applications
• Virtualization
• Platform and infrastructure
• Federation
Proven customer success in a cloud environment
24. 24
IAM and the Cloud
Risks and required controls may increase due to cloud:
• Removal of corporate network access no longer a compensating control
• Sensitive data is now in different locations and may be:
More accessible
Subject to different regulations
• Additional technologies for provisioning and access compliance
Must span the traditional enterprise and the cloud
• Policy definition
• Accurate tracking and periodic review of access
• Balance of preventative and detective controls
25. 25
Bottom Line
The cloud and cloud computing are a reality
Closed and controlled moves to dynamic, open, and accessible
Identity plays a critical role in cloud environments
Need to deal with…
• Lack of control of data
• Extended reach of administrative privileges
• Privacy and trust
• Complexity of handling identities
An Access Assurance strategy is critical
26. 26
What Now?
If you’re looking for more information on how an Access Assurance Suite
can transform your company’s information, contact us today. We can
provide a quick scan of your system and let you know where your hidden
risks lie and how to take care of them.
info@Courion.com
www.Courion.com
Get My Quick Scan >>