Integrated Cloud Framework: Security, Governance, Compliance, Content Application, and Service Management - Gartner Symposium ITXPO 2011
•
5 likes•4,014 views
Integrated Cloud Framework: Security, Governance, Compliance, Content Application, and Service Management - Gartner Symposium ITXPO, October 25, 2011, Author Chad M. Lawler, Ph.D., Director, Consulting Services, Cloud Computing, U.S. Strategic Technology Solutions, Hitachi Consulting
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Integrated Cloud Framework: Security, Governance, Compliance, Content Application, and Service Management - Gartner Symposium ITXPO 2011
Similar to Integrated Cloud Framework: Security, Governance, Compliance, Content Application, and Service Management - Gartner Symposium ITXPO 2011 (20)
Recently uploaded
Recently uploaded (20)
Integrated Cloud Framework: Security, Governance, Compliance, Content Application, and Service Management - Gartner Symposium ITXPO 2011
- 1. www.hitachiconsulting.com A Cloud Framework for Integrated Security, Governance, Compliance, Content and Service Management Gartner Symposium ITXPO, October 25, 2011 Chad M. Lawler, Ph.D. http://www.gartner.com/technology/symposium/orlando/ Director of Consulting Services, Cloud Computing chad.lawler@hitachiconsulting.com © 2012 Hitachi Consulting Corporation Proprietary & Confidential, All Rights Reserved www.hitachiconsulting.com/cloud © Copyright 2012 Hitachi Consulting
- 2. Topics for Today’s Session Review Cloud Security Risks Cloud Framework Overview Focus on Security Summary & Q&A © Copyright 2012 Hitachi Consulting
- 3. Integrated Cloud Framework - Security, Governance, Compliance, Content ,Application & Service Management Our framework provides businesses with a streamlined capability to rapidly, and securely transition application and services to the cloud. Our cloud framework helps organizations plan for appropriate cloud application deployment Includes the necessary services for deploying well-managed applications in the cloud. This framework provides for integrated governance policies Provides a well-managed cloud environment that is compliant with internal policies and external requirements With security services to protect from both vulnerabilities and intrusions Services that protect against loss or compromise of sensitive data. The framework provides for integrated content management and has automated capabilities for appropriate cloud platform selection, content migration and application importing. © Copyright 2012 Hitachi Consulting 2
- 4. What are the top 3 greatest risks of moving to a cloud? The right answer depends on the type of business and what is most critical Businesses must evaluate applications Determine appropriate use in the cloud Consider the Pillars of IT security (CIA): Confidentiality Integrity Availability © Copyright 2012 Hitachi Consulting
- 5. What are the top 3 greatest risks of moving to a cloud? Confidentiality Preventing sensitive information from being disclosed to unauthorized recipients Limiting information access and disclosure to authorized users Risk - Private Data Exposure Riskof potential data or private information leakage Can threaten your customer data As well as your business services on operations © Copyright 2012 Hitachi Consulting
- 6. What are the top 3 greatest risks of moving to a cloud? Integrity Trustworthiness of information resources Modifying information resources only in a specified and authorized manner Ensuring data remains consistent and changes to data are authorized by appropriate personnel Risk - Data Tampering Risk of potential manipulation or altering of critical data Can lead to making business decisions based on invalid information © Copyright 2012 Hitachi Consulting
- 7. What are the top 3 greatest risks of moving to a cloud? Availability Ensures systems operate as required And authorized users are not denied service Allowing systems to be available whenever needed Risk - Business Continuity Risk of potential interruption to or compromise of your service operations Service outage, security attack or compromise that may lead to data loss Operations are interrupted or your data is compromised © Copyright 2012 Hitachi Consulting
- 8. Cloud Security Risks Misuse of cloud computing Account / service hijacking resources Remote facilities / Security Secure Interfaces and APIs Perimeter Risks associated with Securing personal identification multi-tenancy information (PII) Risk of data loss and leakage IP Collateral management © Copyright 2012 Hitachi Consulting
- 9. How to mitigate the risks of moving to the cloud? To reduce your risks… Risk must first be understood and calculated Understand residual risk that you can influence Develop a standardized cloud risk decision process Help decide which applications are most appropriate Leverage cloud application assessment process to define requirements Understand and quantify your risk Implement a policy that calculates and quantifies cloud application risk Includes criteria for: Application Risk Tolerance Application Security Fit Data Protection & SLA Requirements Business to Business Policies Confidentiality Risk - Private Data Exposure Integrity Risk - Data Tampering Availability Risk - Business Continuity © Copyright 2012 Hitachi Consulting
- 10. Integrated Cloud Framework - Security, Governance, Compliance & Content & Application Management Helps Organizations Leverage the Cloud in a Secure Fashion Understand cloud application security risk and key areas of consideration Evaluates and helps define application and data security requirements Enables appropriate planning for cloud security, content and governance Serves as a comprehensive guide to reduce cloud adoption risks Integrated Cloud Framework: A Roadmap to the Cloud Security to protect against vulnerabilities, intrusions & compromise of sensitive data Governance & Compliance for an environment compliant with policies and requirements Content Management for control of cloud information Application Development & Migration development, transition and re-platform of enterprise applications Provides streamlined capability to rapidly & securely transition to the cloud © Copyright 2012 Hitachi Consulting 9
- 11. Integrated Cloud Framework - Security, Governance, Compliance, Content ,Application & Service Management Cloud Framework for Integrated Security, Governance, Compliance, Content & Service Management Consulting Services Program Governance Framework Content Management, Security, Governance Dashboard Portal Strategic Cloud Advisory Governance Policy Cloud Governance, Certification & Compliance Workflow-Checklist, Certification & Approval Services Central Cloud Platform Management Console Enforcement Policy Interface Cloud Readiness Assessment Master Security Policy & Services Security Privacy Hosting Continuous Audit Program Interface Site Compliance Reporting Dashboard Interface Exceptions Infrastructure, Transition & Vulnerability Scanning, Monitoring, & PII Risk Impact Monitoring Metering, Billing & Charge-Back Interface Migration Services Criteria Criteria Cloud App Risk Reporting Interface Cloud Security & Governance Data Class Hosting Services Legal Audit Excellence Secure Cloud Environment Incident Reporting Role & Access Administration Interface Criteria Criteria Cloud Starter Kit Privacy Marketing Corporate RACI FIT Site Requirements, Content Publication Priority & Criteria Criteria Performance SLA Interface ITIL Service Management Cloud Template Interface Security Standards - NIST, Client Standards & Best Practices - Governance Policy, Portal & Training Feedback Collection Interface PCI,CSA,TwC, HIPAA,GLBA,Vendor Procurement, Security, Marketing/CMG, Privacy Documentation Interface Cloud Security, Content & Application Services Application Services Security Services Content Management Services Single Sign On (SSO) Identity Management Vulnerability Scanning, Monitoring, & PII Service Desk Integration Cloud Assessment Content Data Classification & Authentication Detection Engine (Communication, Collaboration, Reporting) SIEM with Root Cause Analysis & Risk Content Compatibility & Compliance Decision Cloud Architecture & Design PKI & Certificate Management System Change Management Integration Assessment Engine Cloud Application Site Requirements, Publication Priority & Cloud Patch & Log Management System Continuous Auditing Program Engine Content Conversion & Standardization Development Template Launch Engine IPS/IDS Event Management & Data Loss Secure Cloud to Cloud & Cloud to Cloud Application Delivery Feedback Collection Compliant Content Migration Process Prevention Systems Datacenter VPN Connectivity Managed Cloud Service AntiVirus & AntiMalware System Secure Cloud Platform Content Migration Performance SLA Engine Non-Compliant Content Migration Process Deep Code-Level Security Vulnerability Workflow-Checklist & Approval Engine Cloud Platform Selection Automation Virtualized Application Automated Migration Review Cloud Platform & Hosting Environment System OS Patch AntiVirus Data Loss Single Sign On Cloud Applications Management Management AntiMalware Prevention (SSO) Identity Metering, Billing Backup & Log IPS/IDS Event Management, & Charge Back OS Web Server Database Middleware Content Secure VPN Restore Management Management Authentication Cloud Platform & Infrastructure © Copyright 2012 Hitachi Consulting 10
- 12. Cloud Framework – Platform & Hosting Environment Cloud Platform & Hosting Environment Cloud Applications OS Web Server Database Middleware Content System OS Patch AntiVirus Data Loss Single Sign On Management Management AntiMalware Prevention (SSO) Identity Metering, Billing & Backup & IPS/IDS Event Management, Charge Back Log Management Secure VPN Restore Management Authentication Cloud Platform & Infrastructure © Copyright 2012 Hitachi Consulting
- 13. Cloud Framework – Content Management Services Content Management Services Service Desk Integration Content Data Classification (Communication, Collaboration, Reporting) Content Compatibility & Compliance Decision Change Management Integration Engine Site Requirements, Publication Priority & Cloud Content Conversion & Standardization Template Launch Engine Feedback Collection Compliant Content Migration Process Performance SLA Engine Non-Compliant Content Migration Process Cloud Platform Selection Automation Virtualized Application Automated Migration © Copyright 2012 Hitachi Consulting
- 14. Cloud Framework - Security Services Security Services Single Sign On (SSO) Identity Management & Vulnerability Scanning, Monitoring, & PII Detection Authentication Engine PKI & Certificate Management System SIEM with Root Cause Analysis & Risk Assessment Patch & Log Management System Continuous Auditing Program Engine IPS/IDS Event Management & Data Loss Prevention Secure Cloud to Cloud & Cloud to Datacenter VPN Systems Connectivity Data Encryption & Secure Cloud Platform Content AntiVirus & AntiMalware System Migration Workflow-Checklist & Approval Engine Deep Code-Level Security Vulnerability Review © Copyright 2012 Hitachi Consulting
- 15. Cloud Framework – Program Governance Framework Program Governance Framework Governance Policy Enforcement Cloud Governance, Certification & Compliance Policy Master Security Policy & Exceptions Security Privacy Hosting Risk Impact Monitoring Cloud App Risk Criteria Criteria Data Class Hosting Criteria Legal Audit Excellence Criteria Privacy Criteria Other Criteria Corporate RACI IT Security Standards - NIST, Client Standards & Best Practices - PCI,CSA,TwC, HIPAA,GLBA,Vendor Procurement, Security, Organization, Privacy © Copyright 2012 Hitachi Consulting
- 16. Cloud Framework – Content Mgmt, Security, Governance Dashboard Portal Content Management, Security, Governance Dashboard Portal Workflow-Checklist, Certification & Approval Central Cloud Platform Management Console Interface Continuous Audit Program Interface Site Compliance Reporting Dashboard Interface Vulnerability Scanning, Monitoring, & PII Reporting Metering, Billing & Charge-Back Interface Interface Secure Cloud Environment Incident Reporting Role & Access Administration Interface Site Requirements, Content Publication Priority & Cloud Performance SLA Interface Template Interface Governance Policy, Portal & Training Feedback Collection Interface Documentation Interface © Copyright 2012 Hitachi Consulting
- 17. Summary & Reccomendations Understand that security in the cloud must be managed Implement a policy that calculates and quantifies cloud application risk Evaluate application and data security requirements Plan and budget for implementing security services Leverage a framework which covers all the key areas Implement and adhere to the framework as a roadmap guide to reduce cloud adoption risks © Copyright 2012 Hitachi Consulting
- 18. Contact us to Learn More about our Cloud Solutions Today Chad M. Lawler, Ph.D. Director of Consulting Services Cloud Computing 14643 Dallas Parkway, Suite 800, Dallas, Texas 75254 Office: 469.221.2894 Email: chad.lawler@hitachiconsulting.com www.hitachiconsulting.com www.cardcloud.com/chadlawler Sign up for a free trial to explore our Cloud Ecosystem Management Platform. Learn More About the Benefits of Hitachi Consulting Cloud Services at www.hitachiconsulting.com/cloud © Copyright 2012 Hitachi Consulting
- 19. © Copyright 2012 Hitachi Consulting