Cloud Security Allianz Webinar
•Download as PPTX, PDF•
1 like•402 views
Keeping Your Cloud Private - an ObserveIT Webinar featuring Michael Holder, Head of Global Identity and Access Management.
More Related Content
What's hot
What's hot (10)
Viewers also liked
Viewers also liked (12)
Similar to Cloud Security Allianz Webinar
Similar to Cloud Security Allianz Webinar (20)
More from ObserveIT
More from ObserveIT (20)
Recently uploaded
Recently uploaded (20)
Cloud Security Allianz Webinar
- 1. KEEPING YOUR CLOUD PRIVATE Michael Holder Head of Global Identity and Access Management
- 2. AGENDA About Allianz Data Center Migration Program (Private Cloud) German Regulations With External Partners Use Cases For User Activity Monitoring Michael Holder Munich, Germany Allianz AMOS CUSTOMERSPEAKER
- 3. ABOUT ALLIANZ International Insurance & Financial Services Company 80 Million Customers 150,000 Employees 70 Countries 140 Data Centers
- 4. DATA CENTER MIGRATION PROGRAM (PRIVATE CLOUD) Build Private Cloud (Engagement officially started in April 2014) Consolidate data centers from 140 to six The data centers will be networked into a new platform called the Allianz provide cloud Private cloud will deliver services to employees and customers worldwide Standardize technology operations across all of global operating centers (Hand Off Tech Ops to IBM) Expects the setup to be fully functional by the end of 2017
- 5. German Restrictions with external partners All Insurance data needs to be protected Special protection for customer Health Information (Criminal Code) Tight controls on all external work Outsourcers (IBM & CSC) Contractors (50+ companies in Germany alone) Consultants (all major, e.g. KPMG, BCG) GERMAN REGULATIONS WITH EXTERNAL PARTNERS
- 6. 1. Balance your risk with level of access 2. Have ONE centralized access point for all external partners 3. Get the right tools in place: CyberArk (PIM) HP ArcSight (SIEM) ObserveIT (UAM) USER-CENTRIC SECURITY TO CONTROL & MITIGATE RISK
- 7. USE CASES FOR USER ACTIVITY MONITORING Perform User Activity Audits Incident Response (at a user-level) Productivity Reports & Documentation
- 8. PERFORM USER ACTIVITY AUDITS View any on-screen event Applications Run Windows Opened System Commands Executed Check Boxes Clicked Text Entered/Edited URLs Visited Verify samples of user activity pose no risk to the organization
- 9. INCIDENT RESPONSE (AT A USER-LEVEL) Receive alerts from HP ArcSight and investigate with ObserveIT User-level (screenshots) offers a clear view of any out-of-scope activities Usage of unauthorized applications RDP sessions to particular servers
- 10. PRODUCTIVITY REPORTS & DOCUMENTATION Review changes and search all remote vendor activity Make sure vendors meet obligations Ensure that vendors are staying within their assigned tasks
- 11. LESSONS LEARNED If possible, start with business critical applications (if not, monitor everything) User monitoring adds Transparency with External Partners (good partners want to be monitored) If you don’t observe user activity— you’ll never know what’s actually happening in your environment— you’ll only be able infer what’s happening
- 12. Michael Holder Munich, Germany Allianz AMOS THANK YOU! TRY IT YOURSELF: observeit.com/tryitnow Q&A
Editor's Notes
- 01/2013 - present Service Team Manager Allianz Managed Operations & Services SE 10/2011 - 12/2012 Principal Consultant Allianz Managed Operations & Services SE 11/2006 - 09/2011 Project Manager, IT Architecture Lead Allianz Global Corporate & Specialty AG 10/1999 - 11/2006 Projektleiter Allianz Dresdner Information system GmbH 09/1996 - 09/1999 IT Verantwortlicher Universtät Tübingen 10/1995 - 08/1996 System Administrator Universität Tübingen
- Japan incident – recovery program and consistent quality of data center
- DNL – Insurer of Data Managers (Criminal Code) Consultants (BCG, McK) Meet strict regulation restrictions to protect data while working with external partners such as consultants, service providers, and/or contractors Review and search remote vendor activity to ensure that vendors are staying within their assigned tasks, are meeting their obligations and posing no risk to the organization Perform user activity audits of applications run, windows opened, system commands executed, check boxes clicked, text entered/edited, URLs visited and nearly every other on-screen event
- Balance your external partner risk with level of access Ensure external partners are only performing necessary activity to accomplish assigned tasks Mitigate the risk of vendors touching sensitive data outside their scope Setup specific parameters of what remote vendors have access to – accomplished via PIM HAVE ONE Centralized access point for all vendors Lockdown the remote vendor environment while ensure you can still provide the tools they need to do their job VDI / citrix XenDesktop ; Build a Desktop environment that’s catered to specific vendor Setup a thin client so they only have the tools they need to perform their task Terminal server / published applications; Web console with only applications that only you’re supposed to use, SQL Server management studio
- IT troubleshooting * software with graphical interface * write down * have an easy way to see what they’ve down – document work & to see what you did if something went wrong
- Example of where you found Wireshark being used… 1 terabyte of data of rich information form 300-400 operations people, search for: Applications Run Windows Opened System Commands Executed Check Boxes Clicked Text Entered/Edited URLs Visited
- Network Scanners
- Give example of Low activity via arcsight – look at screenshots (find workarounds) External partners work in the way they want them to work * do samples of how external partners did changes * spent 5 days @ Allianz and only worked 8 hours on system (controlling vendors work)
- A lot of user activity takes place in your environment that you don’t know about & activity isn’t happening even if you think
- Build the right OIT solution - should have a good dry run to determine amount the of data a solution with generate