SlideShare a Scribd company logo

On Demand Cloud Services Coury

Download as PPTX, PDF
Arman Sadat Hossain
Arman Sadat Hossain
1 of 32
Oracle On Demand Cloud Services: Security Strategy Mitigates Risk and Enables Compliance Gail Coury Vice President, Global IT Risk Management
Changing Landscape  Businesses are increasingly dependent on IT in order to deliver products and services  Intellectual property and business records are becoming wholly electronic  Business collaboration is driving a disappearing perimeter  On demand computing requires anywhere & anytime access  Stealth & targeted attacks challenge our defenses  Information has value – hacking is profitable Copyright ©2011, Oracle. All rights reserved.
More Data Than Ever… 35 Zettabytes (ZB =1 Trillion Gigabytes) 62% increase over 2008 Source: IDC Digital Universe Study, May 2010 Copyright ©2011, Oracle. All rights reserved.
More Breaches Than Ever… Data Breach Once exposed, the data is out there – the bell can’t be un-rung PUBLICLY REPORTED DATA BREACHES 600 500 1084% 400 Increase 300 200 Total Personally 100 Identifying Information 0 Records Exposed 2005 2006 2007 2008 2009 2010 (Millions) Cumulative Growth  Average cost of a data breach $204 per record  Average total cost exceeds $6.7 million per breach Sources: http://datalossdb.org / 2009 Annual Study: US Cost of a Data Breach, Ponemon Institute, 2010 Copyright ©2011, Oracle. All rights reserved.
More Threats Than Ever…  On average there are about 6,000,000 new botnet infections per month  External breaches are largely the work of organized criminals Sources: McAfee Threats Report: 3rd Quarter 2010 / 2010 Verizon Data Breach Investigations Report Copyright ©2011, Oracle. All rights reserved.
More Regulations Than Ever… • Federal, state, local, industry…adding more mandates every year! – Health Information Technology for Economic and Clinical Health Act of 2009 – Massachusetts Law 201 CMR 17.00: Standards For The Protection Of Personal Information • Need to meet AND demonstrate compliance Report and Audit • Compliance costs are unsustainable 90% Companies Behind in Compliance Source: IT Policy Compliance Group, 2007 Copyright ©2011, Oracle. All rights reserved.
More Demands Than Ever… Regulators Demand More from IT “In the future, policy makers and regulators will probably demand that IT systems capture more and better data in order to gain greater insight into and control over how banks manage risk, pharma companies manage drugs, and industrial companies affect the environment. Successful CIOs should enhance their relationships with internal legal and corporate-affairs teams and be prepared to engage productively with regulators. They will need to seek solutions that meet government mandates at manageable cost and with minimal disruption.” Source: Mckinsey, 5 Trends that will Shape Business Technology in 2009 Copyright ©2011, Oracle. All rights reserved.
Cloud Service Adoption Security Continues to be the #1 Concern It could actually be a benefit….. “So if you flip that apprehension on its head, there may be benefits in leveraging a cloud offering with the [security] focus and core competence that a cloud provider brings to the table.” -Michael Pearl, PricewaterhouseCoopers Source: www.networkcomputing.com / IDC Survey: Risk In The Cloud, June 16, 2010 Copyright ©2011, Oracle. All rights reserved.
Oracle On Demand Security Strategy Copyright ©2011, Oracle. All rights reserved.
Oracle On Demand Benefits of New Software Delivery Models, Minimizing Risk • Over 5.5 million users • 89% of customers on most current releases Applications • Lower Risk Middleware – Proven Best Practices Database – Unparalleled Oracle Operating System Expertise Infrastructure – Scalable, World Class Technology Platform and Infrastructure Copyright ©2011, Oracle. All rights reserved.
Oracle On Demand Protects Customer Data & Systems Copyright ©2011, Oracle. All rights reserved.
Oracle Security Organization LINES OF BUSINESS On Demand Risk Government Management Legal Affairs Information Security Manager Product Support, Prod Security & Global uct Privacy Public Policy Development, Counsel etc. Copyright ©2011, Oracle. All rights reserved.
Utilize International Security Standard Security Operations System Acquisition Organization Management & Maintenance Security Policy Asset Management Physical & Legal Compliance Environmental Business Privileged Security Human Continuity Access Incident Resources & DR Control Management Security Copyright ©2011, Oracle. All rights reserved.
Security Strategy Risk Management • Security Technical Design Reviews Layered Defense in Depth • Security Technical Assessments • Secure Configuration Security Technologies • Secure Web Gateways • End User Security • Intrusion Detection & Prevention • File Integrity Monitoring using Change Control Console • Full Disk and Tape Encryption • Multi-Factor Authentication for Administrators • Segregated Networks • Power Broker for Privileged Management • Network & Host Data Loss Prevention • Security Configuration Monitoring using EM Security Services Information • Regular Scheduled Scanning of Hosts Strategy • Automated Compliance Testing • Real-time Security Event Correlation & Monitoring Technologies Services Governance Governance • Auditing and Self-Assessment • Business Continuity Planning & Testing • Regulatory Compliance (SOX, PCI, HIPAA, Federal) • Accessible Services • Partner Security • Governance, Risk & Compliance Documentation Copyright ©2011, Oracle. All rights reserved.
Top 10 Practices to Improve IT Security Organizations with the best outcomes are prioritizing their top 10 practices very differently from other organizations; and are fully automating most of the top 10 practices: 1. Technical controls are mapped to IT policies, regulatory mandates & legal statutes. 2. Antivirus signatures are updated & applied frequently. 3. Roles and responsibilities of policy owners are defined & maintained. 4. Evidence about IT configurations and technical controls is gathered for evaluation & analysis. 5. Gaps in procedural controls are identified, remediated and tested on a regular basis. 6. Vulnerability scanning and penetration testing of IT assets is conducted on a regular basis. 7. IT assets and audit trails are monitored on a continuous basis. 8. IT assets and software service configurations are tested regularly. 9. Unauthorized access to IT assets is automatically detected or prevented using IT controls. 10. Lists of IT assets and configurations are maintained in central repositories for easy access & analysis. Source: IT Policy Compliance Group Copyright ©2011, Oracle. All rights reserved.
Leverage On Demand… Compliance Certifications ISO Certification SAS 70 Type II For Commercial Services • 108 Controls Tested Biannually Federal Certification & Accreditation (C&A) ISO 27001 ISO 27002 Certification Certificate of Department of Defense (DoD) and Agencies Conformity • 700+ Controls Tested Annually 112 Controls Tested 132 Controls Tested • NIST & DIACAP Annually Annually HIPAA Compliance Payment Card Industry (PCI) Compliant Level 1 Service Provider • 217 Controls Tested Annually 21 CFR Part 11 Service Offering Under Development 64 Controls Tested Annually Copyright ©2011, Oracle. All rights reserved.
Common Controls Fulfill Multiple Requirements Standards/ Regs ISO SAS 70 HIPAA PCI DSS NIST 21 CFR 11 Industry 270002 (Public (Health (FSI, (Federal (Life Process Controls Firms) Care) Retail) Agencies) Sciences) Policy Development & Maintenance Asset Management Access Control & Mgmt HR Security Controls Change Control Procedures Segregation of Duties Cryptographic Controls Backup and Recovery Media Handling Monitoring, Auditing & Logging Copyright ©2011, Oracle. All rights reserved.
Cloud Security Alliance To Assist Prospective Cloud Customers in Assessing the Overall Security Risk of a Cloud Provider Source: CSA Cloud Controls Matrix http://www.cloudsecurityalliance.org/cm.html Copyright ©2011, Oracle. All rights reserved.
Services Address Security Needs & Leverage Oracle Technology ORACLE PRODUCTS  Audit Vault HIPAA PCI  Transparent Data Security Security Encryption (TDE) Services Services  Change Control Console  Data Masking Federal Enhanced On Security Demand Services  Adaptive Access Manager  Configuration Management Copyright ©2011, Oracle. All rights reserved.
HIPAA Security Services Advanced Service Offerings for Health Information Value • Designed to protect Customer’s electronic protected health information (ePHI) in environments managed by Oracle • Assists the Customer to meet its legal obligations under the HIPAA1 as amended by the HITECH2 Act • Service Data Sheet 1 Health Insurance Portability and Accountability Act of 1996 2 Health Information Technology for Economic and Clinical Health Act of 2009 Copyright ©2011, Oracle. All rights reserved.
PCI Security Services Advanced Service Offerings To Meet Payment Card Industry (PCI) Data Security Standards (DSS) Value • Oracle On Demand is a Level 1 PCI Compliant Service Provider since 2006 • Oracle can reduce the time and cost associated with PCI compliance • Customers can gain access to a complete solution using Oracle PCI Partners • Service Data Sheet Copyright ©2011, Oracle. All rights reserved.
Federal On Demand Advanced Service Offerings For the US Federal Government Value • Designed to enable our customers to be compliant with federal legislative and executive mandates / directives • Helping government run business operations more effectively, and at lower costs • @Customer & @Partner options also available • Service Data Sheet Copyright ©2011, Oracle. All rights reserved.
Enhanced Security Services Advanced Service Offerings to Meet Customer Compliance Needs Value • Supplements standard security services • Facilitates customer’s compliance needs • Advanced Services are “cafeteria style” • Service Data Sheet Copyright ©2011, Oracle. All rights reserved.
DR Solutions Two Basic Requirements • Deliverable: – Data (tape, disk, other media, or hot failover system) • In the Event of a Disaster: – Backup data needs to be shipped to the customer or a customer-specified site or a recovery-site • Solution Cost Drivers: – Amount of Data to be Protected – Frequency of Backup (RPO) • Deliverable: – Service back up, running & accessible, after a disaster • In the Event of a Disaster: – Backed-up data is used to bring service back up on an alternate system at a distant site (note that this requires a data protection as a prerequisite) • Solution Cost Drivers: – RTO | Service Capacity | Testing Frequency Copyright ©2011, Oracle. All rights reserved.
Disaster Recovery Solutions Standard Solutions • Maximum Availability • 24 hours/24 hours • 3 days/3 days • Austin Primary, RMDC Secondary Custom Solutions • 48 hours/48 hours Copyright ©2011, Oracle. All rights reserved.
Security Capabilities Summary Protect Customer Data & Systems Copyright ©2011, Oracle. All rights reserved.
Looking Ahead  Complex & Stealth  More & More Legislation  ‘Due Diligence’ High Attack Vectors Growing Water Mark Rising  Increased Effort to Prove  Commercial Hacking Compliance Gaining Ground Copyright ©2011, Oracle. All rights reserved.
Final Thoughts Leverage Oracle On Demand…  Expertise  Architecture  Technology  Demonstrated Compliance Copyright ©2011, Oracle. All rights reserved.
The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle's products remains at the sole discretion of Oracle. Copyright ©2011, Oracle. All rights reserved.
On Demand Cloud Services Coury
On Demand Cloud Services Coury

Recommended

Sw keynote
Sw keynoteSw keynote
Sw keynotegueste69f645
 
Cyber Threat Management Services
Cyber Threat Management ServicesCyber Threat Management Services
Cyber Threat Management ServicesMarlabs
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanianeletseditorial
 
PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715Jim Romeo
 
Winkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and MobilityWinkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and MobilityVic Winkler
 
Electronic Data Discovery
Electronic Data DiscoveryElectronic Data Discovery
Electronic Data DiscoveryCarahsoft
 
Towards Patient Controlled Privacy
Towards Patient Controlled PrivacyTowards Patient Controlled Privacy
Towards Patient Controlled PrivacyOwen Sacco
 
2013 global security report
2013 global security report2013 global security report
2013 global security reportYury Chemerkin
 

Recommended

Sw keynote
Sw keynoteSw keynote
Sw keynotegueste69f645
 
Cyber Threat Management Services
Cyber Threat Management ServicesCyber Threat Management Services
Cyber Threat Management ServicesMarlabs
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanianeletseditorial
 
PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715Jim Romeo
 
Winkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and MobilityWinkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and MobilityVic Winkler
 
Electronic Data Discovery
Electronic Data DiscoveryElectronic Data Discovery
Electronic Data DiscoveryCarahsoft
 
Towards Patient Controlled Privacy
Towards Patient Controlled PrivacyTowards Patient Controlled Privacy
Towards Patient Controlled PrivacyOwen Sacco
 
2013 global security report
2013 global security report2013 global security report
2013 global security reportYury Chemerkin
 
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutThe 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutBernard Marr
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File VirtualizationFindWhitePapers
 
Big data security
Big data securityBig data security
Big data securityCloudBees
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
 
Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010thaiantivirus
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Otherbradley_g
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseReadWrite
 
Regulations in IoT - Innovation Stifle or Urgent Need
Regulations in IoT - Innovation Stifle or Urgent NeedRegulations in IoT - Innovation Stifle or Urgent Need
Regulations in IoT - Innovation Stifle or Urgent NeedRajesh Chitharanjan
 
Insights success the 10 most trusted networking solution provider companies 2...
Insights success the 10 most trusted networking solution provider companies 2...Insights success the 10 most trusted networking solution provider companies 2...
Insights success the 10 most trusted networking solution provider companies 2...Insights success media and technology pvt ltd
 
Securing a mobile oriented enterprise
Securing a mobile oriented enterpriseSecuring a mobile oriented enterprise
Securing a mobile oriented enterpriseinfra-si
 
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:HyTrust
 
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School FDMagazine
 
The Cellular Business Model 2010
The Cellular Business Model 2010The Cellular Business Model 2010
The Cellular Business Model 2010Steve Garnett, MBA, CSC
 
7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing InvestmentsCaston Thomas
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Redspin, Inc.
 
Information Governance
Information GovernanceInformation Governance
Information GovernanceAtle Skjekkeland
 
News letter oct 12
News letter oct 12News letter oct 12
News letter oct 12Capt SB Tyagi, COAC'CC*,FISM,CSC,
 
Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success media and technology pvt ltd
 
Latest news phoenix
Latest news phoenixLatest news phoenix
Latest news phoenixJeff Pearce
 
Information Management in a Web 2.0 World May 2009
Information Management in a Web 2.0 World May 2009Information Management in a Web 2.0 World May 2009
Information Management in a Web 2.0 World May 2009Collabor8now Ltd
 
Talk IT_ Oracle_김상엽_110822
Talk IT_ Oracle_김상엽_110822Talk IT_ Oracle_김상엽_110822
Talk IT_ Oracle_김상엽_110822Cana Ko
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 

More Related Content

What's hot

The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutThe 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutBernard Marr
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File VirtualizationFindWhitePapers
 
Big data security
Big data securityBig data security
Big data securityCloudBees
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
 
Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010thaiantivirus
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Otherbradley_g
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseReadWrite
 
Regulations in IoT - Innovation Stifle or Urgent Need
Regulations in IoT - Innovation Stifle or Urgent NeedRegulations in IoT - Innovation Stifle or Urgent Need
Regulations in IoT - Innovation Stifle or Urgent NeedRajesh Chitharanjan
 
Securing a mobile oriented enterprise
Securing a mobile oriented enterpriseSecuring a mobile oriented enterprise
Securing a mobile oriented enterpriseinfra-si
 
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:HyTrust
 
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School FDMagazine
 
7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing InvestmentsCaston Thomas
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Redspin, Inc.
 
Latest news phoenix
Latest news phoenixLatest news phoenix
Latest news phoenixJeff Pearce
 
Information Management in a Web 2.0 World May 2009
Information Management in a Web 2.0 World May 2009Information Management in a Web 2.0 World May 2009
Information Management in a Web 2.0 World May 2009Collabor8now Ltd
 

What's hot (20)

The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutThe 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File Virtualization
 
Big data security
Big data securityBig data security
Big data security
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
 
Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's Enterprise
 
Regulations in IoT - Innovation Stifle or Urgent Need
Regulations in IoT - Innovation Stifle or Urgent NeedRegulations in IoT - Innovation Stifle or Urgent Need
Regulations in IoT - Innovation Stifle or Urgent Need
 
Insights success the 10 most trusted networking solution provider companies 2...
Insights success the 10 most trusted networking solution provider companies 2...Insights success the 10 most trusted networking solution provider companies 2...
Insights success the 10 most trusted networking solution provider companies 2...
 
Securing a mobile oriented enterprise
Securing a mobile oriented enterpriseSecuring a mobile oriented enterprise
Securing a mobile oriented enterprise
 
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
 
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
 
The Cellular Business Model 2010
The Cellular Business Model 2010The Cellular Business Model 2010
The Cellular Business Model 2010
 
7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011
 
Information Governance
Information GovernanceInformation Governance
Information Governance
 
News letter oct 12
News letter oct 12News letter oct 12
News letter oct 12
 
Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...
 
Latest news phoenix
Latest news phoenixLatest news phoenix
Latest news phoenix
 
Information Management in a Web 2.0 World May 2009
Information Management in a Web 2.0 World May 2009Information Management in a Web 2.0 World May 2009
Information Management in a Web 2.0 World May 2009
 

Similar to On Demand Cloud Services Coury

Talk IT_ Oracle_김상엽_110822
Talk IT_ Oracle_김상엽_110822Talk IT_ Oracle_김상엽_110822
Talk IT_ Oracle_김상엽_110822Cana Ko
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Ulf Mattsson
 
Thy myth of hacking Oracle
Thy myth of hacking OracleThy myth of hacking Oracle
Thy myth of hacking OracleErmando
 
Opening Keynote and Welcome
Opening Keynote and WelcomeOpening Keynote and Welcome
Opening Keynote and WelcomeCarahsoft
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Oracle BH
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protectionAndrew Wong
 
Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Avirot Mitamura
 
Udi and juniper networks BYOD
Udi and juniper networks BYODUdi and juniper networks BYOD
Udi and juniper networks BYODstefriche0199
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect stormUlf Mattsson
 
Mesa Big Data 2nd Screen Final
Mesa Big Data 2nd Screen FinalMesa Big Data 2nd Screen Final
Mesa Big Data 2nd Screen FinalTripp Payne
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.pptssusera76ea9
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudCompTIA UK
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloudInterop
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfCYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfJenna Murray
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 

Similar to On Demand Cloud Services Coury (20)

Talk IT_ Oracle_김상엽_110822
Talk IT_ Oracle_김상엽_110822Talk IT_ Oracle_김상엽_110822
Talk IT_ Oracle_김상엽_110822
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
 
Thy myth of hacking Oracle
Thy myth of hacking OracleThy myth of hacking Oracle
Thy myth of hacking Oracle
 
Opening Keynote and Welcome
Opening Keynote and WelcomeOpening Keynote and Welcome
Opening Keynote and Welcome
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protection
 
Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10
 
Udi and juniper networks BYOD
Udi and juniper networks BYODUdi and juniper networks BYOD
Udi and juniper networks BYOD
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
 
Mesa Big Data 2nd Screen Final
Mesa Big Data 2nd Screen FinalMesa Big Data 2nd Screen Final
Mesa Big Data 2nd Screen Final
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.ppt
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the Cloud
 
Greenplum hadoop
Greenplum hadoopGreenplum hadoop
Greenplum hadoop
 
Greenplum hadoop
Greenplum hadoopGreenplum hadoop
Greenplum hadoop
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfCYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
 
Chris Boyer
Chris BoyerChris Boyer
Chris Boyer
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
 

On Demand Cloud Services Coury

  • 1.
  • 2. Oracle On Demand Cloud Services: Security Strategy Mitigates Risk and Enables Compliance Gail Coury Vice President, Global IT Risk Management
  • 3. Changing Landscape  Businesses are increasingly dependent on IT in order to deliver products and services  Intellectual property and business records are becoming wholly electronic  Business collaboration is driving a disappearing perimeter  On demand computing requires anywhere & anytime access  Stealth & targeted attacks challenge our defenses  Information has value – hacking is profitable Copyright ©2011, Oracle. All rights reserved.
  • 4. More Data Than Ever… 35 Zettabytes (ZB =1 Trillion Gigabytes) 62% increase over 2008 Source: IDC Digital Universe Study, May 2010 Copyright ©2011, Oracle. All rights reserved.
  • 5. More Breaches Than Ever… Data Breach Once exposed, the data is out there – the bell can’t be un-rung PUBLICLY REPORTED DATA BREACHES 600 500 1084% 400 Increase 300 200 Total Personally 100 Identifying Information 0 Records Exposed 2005 2006 2007 2008 2009 2010 (Millions) Cumulative Growth  Average cost of a data breach $204 per record  Average total cost exceeds $6.7 million per breach Sources: http://datalossdb.org / 2009 Annual Study: US Cost of a Data Breach, Ponemon Institute, 2010 Copyright ©2011, Oracle. All rights reserved.
  • 6. More Threats Than Ever…  On average there are about 6,000,000 new botnet infections per month  External breaches are largely the work of organized criminals Sources: McAfee Threats Report: 3rd Quarter 2010 / 2010 Verizon Data Breach Investigations Report Copyright ©2011, Oracle. All rights reserved.
  • 7. More Regulations Than Ever… • Federal, state, local, industry…adding more mandates every year! – Health Information Technology for Economic and Clinical Health Act of 2009 – Massachusetts Law 201 CMR 17.00: Standards For The Protection Of Personal Information • Need to meet AND demonstrate compliance Report and Audit • Compliance costs are unsustainable 90% Companies Behind in Compliance Source: IT Policy Compliance Group, 2007 Copyright ©2011, Oracle. All rights reserved.
  • 8. More Demands Than Ever… Regulators Demand More from IT “In the future, policy makers and regulators will probably demand that IT systems capture more and better data in order to gain greater insight into and control over how banks manage risk, pharma companies manage drugs, and industrial companies affect the environment. Successful CIOs should enhance their relationships with internal legal and corporate-affairs teams and be prepared to engage productively with regulators. They will need to seek solutions that meet government mandates at manageable cost and with minimal disruption.” Source: Mckinsey, 5 Trends that will Shape Business Technology in 2009 Copyright ©2011, Oracle. All rights reserved.
  • 9. Cloud Service Adoption Security Continues to be the #1 Concern It could actually be a benefit….. “So if you flip that apprehension on its head, there may be benefits in leveraging a cloud offering with the [security] focus and core competence that a cloud provider brings to the table.” -Michael Pearl, PricewaterhouseCoopers Source: www.networkcomputing.com / IDC Survey: Risk In The Cloud, June 16, 2010 Copyright ©2011, Oracle. All rights reserved.
  • 10. Oracle On Demand Security Strategy Copyright ©2011, Oracle. All rights reserved.
  • 11. Oracle On Demand Benefits of New Software Delivery Models, Minimizing Risk • Over 5.5 million users • 89% of customers on most current releases Applications • Lower Risk Middleware – Proven Best Practices Database – Unparalleled Oracle Operating System Expertise Infrastructure – Scalable, World Class Technology Platform and Infrastructure Copyright ©2011, Oracle. All rights reserved.
  • 12. Oracle On Demand Protects Customer Data & Systems Copyright ©2011, Oracle. All rights reserved.
  • 13. Oracle Security Organization LINES OF BUSINESS On Demand Risk Government Management Legal Affairs Information Security Manager Product Support, Prod Security & Global uct Privacy Public Policy Development, Counsel etc. Copyright ©2011, Oracle. All rights reserved.
  • 14. Utilize International Security Standard Security Operations System Acquisition Organization Management & Maintenance Security Policy Asset Management Physical & Legal Compliance Environmental Business Privileged Security Human Continuity Access Incident Resources & DR Control Management Security Copyright ©2011, Oracle. All rights reserved.
  • 15. Security Strategy Risk Management • Security Technical Design Reviews Layered Defense in Depth • Security Technical Assessments • Secure Configuration Security Technologies • Secure Web Gateways • End User Security • Intrusion Detection & Prevention • File Integrity Monitoring using Change Control Console • Full Disk and Tape Encryption • Multi-Factor Authentication for Administrators • Segregated Networks • Power Broker for Privileged Management • Network & Host Data Loss Prevention • Security Configuration Monitoring using EM Security Services Information • Regular Scheduled Scanning of Hosts Strategy • Automated Compliance Testing • Real-time Security Event Correlation & Monitoring Technologies Services Governance Governance • Auditing and Self-Assessment • Business Continuity Planning & Testing • Regulatory Compliance (SOX, PCI, HIPAA, Federal) • Accessible Services • Partner Security • Governance, Risk & Compliance Documentation Copyright ©2011, Oracle. All rights reserved.
  • 16. Top 10 Practices to Improve IT Security Organizations with the best outcomes are prioritizing their top 10 practices very differently from other organizations; and are fully automating most of the top 10 practices: 1. Technical controls are mapped to IT policies, regulatory mandates & legal statutes. 2. Antivirus signatures are updated & applied frequently. 3. Roles and responsibilities of policy owners are defined & maintained. 4. Evidence about IT configurations and technical controls is gathered for evaluation & analysis. 5. Gaps in procedural controls are identified, remediated and tested on a regular basis. 6. Vulnerability scanning and penetration testing of IT assets is conducted on a regular basis. 7. IT assets and audit trails are monitored on a continuous basis. 8. IT assets and software service configurations are tested regularly. 9. Unauthorized access to IT assets is automatically detected or prevented using IT controls. 10. Lists of IT assets and configurations are maintained in central repositories for easy access & analysis. Source: IT Policy Compliance Group Copyright ©2011, Oracle. All rights reserved.
  • 17. Leverage On Demand… Compliance Certifications ISO Certification SAS 70 Type II For Commercial Services • 108 Controls Tested Biannually Federal Certification & Accreditation (C&A) ISO 27001 ISO 27002 Certification Certificate of Department of Defense (DoD) and Agencies Conformity • 700+ Controls Tested Annually 112 Controls Tested 132 Controls Tested • NIST & DIACAP Annually Annually HIPAA Compliance Payment Card Industry (PCI) Compliant Level 1 Service Provider • 217 Controls Tested Annually 21 CFR Part 11 Service Offering Under Development 64 Controls Tested Annually Copyright ©2011, Oracle. All rights reserved.
  • 18. Common Controls Fulfill Multiple Requirements Standards/ Regs ISO SAS 70 HIPAA PCI DSS NIST 21 CFR 11 Industry 270002 (Public (Health (FSI, (Federal (Life Process Controls Firms) Care) Retail) Agencies) Sciences) Policy Development & Maintenance Asset Management Access Control & Mgmt HR Security Controls Change Control Procedures Segregation of Duties Cryptographic Controls Backup and Recovery Media Handling Monitoring, Auditing & Logging Copyright ©2011, Oracle. All rights reserved.
  • 19. Cloud Security Alliance To Assist Prospective Cloud Customers in Assessing the Overall Security Risk of a Cloud Provider Source: CSA Cloud Controls Matrix http://www.cloudsecurityalliance.org/cm.html Copyright ©2011, Oracle. All rights reserved.
  • 20. Services Address Security Needs & Leverage Oracle Technology ORACLE PRODUCTS  Audit Vault HIPAA PCI  Transparent Data Security Security Encryption (TDE) Services Services  Change Control Console  Data Masking Federal Enhanced On Security Demand Services  Adaptive Access Manager  Configuration Management Copyright ©2011, Oracle. All rights reserved.
  • 21. HIPAA Security Services Advanced Service Offerings for Health Information Value • Designed to protect Customer’s electronic protected health information (ePHI) in environments managed by Oracle • Assists the Customer to meet its legal obligations under the HIPAA1 as amended by the HITECH2 Act • Service Data Sheet 1 Health Insurance Portability and Accountability Act of 1996 2 Health Information Technology for Economic and Clinical Health Act of 2009 Copyright ©2011, Oracle. All rights reserved.
  • 22. PCI Security Services Advanced Service Offerings To Meet Payment Card Industry (PCI) Data Security Standards (DSS) Value • Oracle On Demand is a Level 1 PCI Compliant Service Provider since 2006 • Oracle can reduce the time and cost associated with PCI compliance • Customers can gain access to a complete solution using Oracle PCI Partners • Service Data Sheet Copyright ©2011, Oracle. All rights reserved.
  • 23. Federal On Demand Advanced Service Offerings For the US Federal Government Value • Designed to enable our customers to be compliant with federal legislative and executive mandates / directives • Helping government run business operations more effectively, and at lower costs • @Customer & @Partner options also available • Service Data Sheet Copyright ©2011, Oracle. All rights reserved.
  • 24. Enhanced Security Services Advanced Service Offerings to Meet Customer Compliance Needs Value • Supplements standard security services • Facilitates customer’s compliance needs • Advanced Services are “cafeteria style” • Service Data Sheet Copyright ©2011, Oracle. All rights reserved.
  • 25. DR Solutions Two Basic Requirements • Deliverable: – Data (tape, disk, other media, or hot failover system) • In the Event of a Disaster: – Backup data needs to be shipped to the customer or a customer-specified site or a recovery-site • Solution Cost Drivers: – Amount of Data to be Protected – Frequency of Backup (RPO) • Deliverable: – Service back up, running & accessible, after a disaster • In the Event of a Disaster: – Backed-up data is used to bring service back up on an alternate system at a distant site (note that this requires a data protection as a prerequisite) • Solution Cost Drivers: – RTO | Service Capacity | Testing Frequency Copyright ©2011, Oracle. All rights reserved.
  • 26. Disaster Recovery Solutions Standard Solutions • Maximum Availability • 24 hours/24 hours • 3 days/3 days • Austin Primary, RMDC Secondary Custom Solutions • 48 hours/48 hours Copyright ©2011, Oracle. All rights reserved.
  • 27. Security Capabilities Summary Protect Customer Data & Systems Copyright ©2011, Oracle. All rights reserved.
  • 28. Looking Ahead  Complex & Stealth  More & More Legislation  ‘Due Diligence’ High Attack Vectors Growing Water Mark Rising  Increased Effort to Prove  Commercial Hacking Compliance Gaining Ground Copyright ©2011, Oracle. All rights reserved.
  • 29. Final Thoughts Leverage Oracle On Demand…  Expertise  Architecture  Technology  Demonstrated Compliance Copyright ©2011, Oracle. All rights reserved.
  • 30. The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle's products remains at the sole discretion of Oracle. Copyright ©2011, Oracle. All rights reserved.