Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)
|
|
- Sabrina Day
- 5 years ago
- Views:
Transcription
1 Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP) May 16, 2016
2 Speakers Ron Moser, Managing Director, Moserhaus Consulting, LLC and Sr. Consultant, EHNAC Scott Paddock, Security Solutions Architect, Amazon Web Services Kurt Hagerman, Chief Information Security Officer, Armor Defense, Inc. Scott Schimpf, Vice President of Technology, Alpha II, LLC
3 Agenda Introduction Cloud Service Providers (CSPs): Assumptions versus realities Security Framework: Creating a methodology for identifying risk Privacy and Security: Who is responsible for what? Assessment: Completing the Risk Assessment and identifying controls Audit: Value of third party audits Q & A
4 Agenda Introduction Cloud Service Providers (CSPs): Assumptions versus realities Security Framework: Creating a methodology for identifying risk Privacy and Security: Who is responsible for what? Assessment: Completing the Risk Assessment and identifying controls Audit: Value of third party audits Q & A
5 Case Study: EHNAC Electronic Healthcare Network Accreditation Commission An independent 501(c)(6) not-for-profit agency Voluntary, self-governing standards development organization (SDO) Accreditation programs for organizations that electronically exchange healthcare data including: EHNs, HIEs, ACOs, MSOs, TPAs, HISPs, eprescribing, EPCS, HISPs, Financial Services, Medical Billers, and others
6 The Demand for Cloud Computing 83% Of Healthcare Organizations Are Using Cloud-Based Apps Today (HIMSS) The bulk of new IT spending by 2016 will be for cloud computing. (Gartner) Nearly ½ of large enterprises will have cloud deployments by EOY 2017 (Gartner) Money talks. (Anon.)
7 EHNAC Support for CSPs CSPs supported using a primarily risk-based approach Controls identified that must be met Responsibility for controls must be identified (client/csp/both) Proof of compliance with each control must be demonstrated For those controls under CSP responsibility, FedRAMP and SOC 2 audits may be referenced and cross-mapped FedRAMP will be accepted in lieu of physical site visits CEAP Program developed through advisory team of CSP experts
8 Agenda Introduction Cloud Service Providers (CSPs): Assumptions versus realities Security Framework: Creating a methodology for identifying risk Privacy and Security: Who is responsible for what? Assessment: Completing the Risk Assessment and identifying controls Audit: Value of third party audits Q & A
9 The Winding Road to Security & Compliance In the Cloud
10 Security & Compliance as a Journey Achieving and maintaining a truly secure posture and meeting your compliance obligations is an ongoing, living process that involves much more than just technology: Governance Risk Management People Processes Technology 1. It s difficult to do it right by yourself 2. No single service provider has a complete solution 3. Vendors over simplify the requirements to sell their services as a silver bullet
11 Challenges Facing Cloud Consumers and Providers Consumers want to outsource both technology and security & compliance responsibilities Consumers cannot completely offload their responsibilities Providers may not adequately define the division of responsibilities between themselves and their customers Providers often do not clearly articulate what security they take on or how they help customers meet compliance requirements All can lead to confusion in the purchasing decision and create conflicts during an audit
12 NIST Cloud Model Definitions Five Essential Characteristics On-demand self-service Broad network access Resource pooling Rapid elasticity Measured Service Three Service Models Cloud Software as a Service (SaaS) Cloud Platform as a Service (PaaS) Cloud Infrastructure as a Service (IaaS) Four Deployment Models Private cloud Community cloud Public cloud Hybrid cloud
13 Security & Compliance Responsibility Your responsibilities, and those of your cloud vendor, vary based on the model offered by the vendor. Security & Compliance THEM Security & Compliance YOU Applications & Data Middleware APIs Facilities, Hardware & Abstraction Infrastructure as a Service Infrastructure as a Service Platform as a Service Infrastructure as a Service Platform as a Service Software as a Service
14 Security & Compliance Responsibility IAAS Providers: AWS, Azure, Rackspace, SoftLayer, etc. Only provide security for the underlying infrastructure Compliance attestations only apply to underlying infrastructure with minimal leverage available to customer servers Customer owns nearly 100 percent of the compliance responsibility PAAS Providers: AWS (Elastic Beanstalk), Salesforce (Force.com), CloudFoundry, HP Helion Provide development tools and other building blocks for applications and secure these services Compliance attestations apply to the service with limited leverage available to customers Customer owns a majority of the compliance responsibility SaaS Providers: Salesforce, Box, Oracle, Office 365, etc. Own and secure the entire stack up through the application Any compliance attestations apply to the entire service with significant available to customers Customer owns very little of the compliance responsibility
15 Six Common Challenges 1. Identifying the division of responsibility for security and compliance between you and your cloud vendor 2. Ensuring the services your vendor is providing are properly mapped to your risk assessment 3. Getting the evidence you need for your audit 4. Obtaining objective attestation documentation from the vendor for the controls they have full or partial responsibility for 5. Monitoring ongoing compliance of your vendors 6. Receiving support from vendor during a breach event
16 A To-Do List For Cloud Consumers & Providers Consumers need to fully understand all of their security and compliance responsibilities Consumers need to effectively evaluate and understand the various cloud provider models Consumers need to ask for clear definition of all services and the division of responsibilities between them and their providers Consumers must put programs in place to ensure that their providers are meeting their responsibilities. Providers must be more transparent about their security programs and deliver adequate details about offered services Providers must clearly articulate the delineation of responsibilities between themselves and customers Providers must be clear about how their offered services can assist consumers in meeting compliance requirements
17 Agenda Introduction Cloud Service Providers (CSPs): Assumptions versus realities Security Framework: Creating a methodology for identifying risk Privacy and Security: Who is responsible for what? Assessment: Completing the Risk Assessment and identifying controls Audit: Value of third party audits Q & A
18 Risk and Governance Frameworks Helps you to identify and address the most significant issues first Promotes the efficient allocation of resources and effort Benefits in the area of organizational maturity and audit readiness No need to roll your own There are many great options available
19 Example Governance Frameworks
20 Which help certification efforts, like: Possibly helpful call out- EHNAC has accepted FedRAMP
21 Customers Security & compliance is a shared responsibility Customer applications & content Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customers are responsible for their security IN the Cloud Client-side Data Encryption Foundation Services Server-side Data Encryption Network Traffic Protection Compute Storage Database Networking Global Infrastructure Availability Zones Regions Edge Locations The cloud provider is responsible for the security OF the Cloud
22 Common questions about compliance If I sign on with a cloud provider that is certified/compliant with HIPAA/PCI/Whatever, am I then certified/complaint also? No. It s important to understand the shared nature of compliance when using any outsourcing providers How can I tell if a cloud provider is certified or compliant with a given standard or regulation? Audit reports from trusted third party attestation organizations are normally available and detail any major findings. Is compliance something that is regional, or service based? The applicability of a compliance report should define the services and locations that are in scope.
23 Agenda Introduction Cloud Service Providers (CSPs): Assumptions versus realities Security Framework: Creating a methodology for identifying risk Privacy and Security: Who is responsible for what? Assessment: Completing the Risk Assessment and identifying controls Audit: Value of third party audits Q & A
24 Introduction Alpha II, LLC Healthcare SaaS provider Claim Scrubber (over 25 million claims per month) Utilizing the cloud for over 4 years Two sites: Active/Active Configuration Two EHNAC Accreditations (HNAP-EHN 2013, DRAP 2015)
25 Topics Assessment: Completing the Risk Assessment and identifying controls Audit: Value of third party audit/review of cloud deployment
26 Assessment: Completing the Risk Assessment Completing a Risk Assessment properly is a daunting task Talk to other companies who have gone through this exercise Third Party Consultant Bite size chunks Multiple sessions to complete Involve Team members for each department Ensure the proper risk factors are considered IT, Development, Accounting, Etc. Upper Management Involvement
27 Identifying controls Be honest about your assessment This is a tool to help you mitigate risk Every company has room to improve Once the Risk Assessment is complete you can identify areas of the most significant risk and implement controls Examples Implemented a web based password repository for every user Implemented Intrusion Detection/Protection systems (IDS/IPS)
28 Audit: Value of third party audit/review of cloud deployment You do not know what you do not know Third Party Audit and Review: Helps you ask the right questions of your cloud provider Where is my data stored? Does the data ever move over seas? Who has access to the hardware? What Certifications and Accreditations do they have? And what they mean for your business Shared/Non-Shared Infrastructure
29 Audit: Value of third party audit/review of cloud deployment Security, Security, Security How Secure is my data Security Firewalls IDS/IPS Site to Site Communication Security Scans Internal and External What is their physical security like? Threat recognition and mitigation
30
Privacy hacking & Data Theft
Privacy hacking & Data Theft Cloud Computing risks & the Patricia A RoweSeale CIA, CISA, CISSP, CRISC, CRMA The IIA (Barbados Chapter) Internal Audit Portfolio Director CIBC FirstCaribbean Objectives Cloud
More informationINTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE
INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing
More informationIBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan
IBM Cloud Security for the Cloud Amr Ismail Security Solutions Sales Leader Middle East & Pakistan Today s Drivers for Cloud Adoption ELASTIC LOWER COST SOLVES SKILLS SHORTAGE RAPID INNOVATION GREATER
More informationBuilding your Castle in the Cloud for Flash Memory
Building your Castle in the Cloud for Flash Memory Effectively using flash in the cloud Steve Knipple Principal Consultant CloudShift Advisors Santa Clara, CA 1 Agenda Speaker Perspective State of Cloud
More informationIntroduction to AWS GoldBase
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS October 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationCloud Computing, SaaS and Outsourcing
Cloud Computing, SaaS and Outsourcing Michelle Perez, AGC Privacy, IPG Bonnie Yeomans, VP, AGC & Privacy Officer, CA Technologies PLI TechLaw Institute 2017: The Digital Agenda Introduction to the Cloud
More informationClouds in the Forecast. Factors to Consider for In-House vs. Cloud-Based Systems and Services
Clouds in the Forecast Factors to Consider for In-House vs. Cloud-Based Systems and Services Speakers Sam Gabal Sam Gabal is a Sales Executive with Origami Risk, based in Orange County and experienced
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationIntroduction To Cloud Computing
Introduction To Cloud Computing What is Cloud Computing? Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g.,
More informationLeveraging the Cloud & Managing Compliance HITRUST Alliance.
Leveraging the Cloud & Managing Compliance Introduction Greg Miller Principal Schellman & Company, Inc. Blake Sutherland Vice President, Enterprise Business Trend Micro Agenda Cloud Increase Characteristics
More informationCloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 5th March 2015 Duration 2 Days Location Dublin Course Code SS15-13 Programme Overview Cloud Computing is gaining increasing attention
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationAuditing the Cloud. Paul Engle CISA, CIA
Auditing the Cloud Paul Engle CISA, CIA About the Speaker Paul Engle CISA, CIA o Fifteen years performing internal audit, IT internal audit, and consulting projects o Internal audit clients include ADP,
More information10 Considerations for a Cloud Procurement. March 2017
10 Considerations for a Cloud Procurement March 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationThe Emerging Role of a CDN in Facilitating Secure Cloud Deployments
White Paper The Emerging Role of a CDN in Facilitating Secure Cloud Deployments Sponsored by: Fastly Robert Ayoub August 2017 IDC OPINION The ongoing adoption of cloud services and the desire for anytime,
More informationCloud Computing: Is it safe for you and your customers? Alex Hernandez DefenseStorm
Presentation Title Cloud Computing: Is it safe for you and your customers? Alex Hernandez DefenseStorm Background A career of helping companies integrate new technologies into their existing infrastructure
More informationBuilding Trust in the Era of Cloud Computing
Building Trust in the Era of Cloud Computing ICMC 2017 Conference May 17, 2017 v1.0 David Gerendas Group Product Manager TRUST A FIRM belief in the! Reliability! Truth! Ability of someone or something.
More informationSupporting the Cloud Transformation of Agencies across the Public Sector
SOLUTION SERVICES Supporting the Cloud Transformation of Agencies across the Public Sector BRIEF Digital transformation, aging IT infrastructure, the Modernizing Government Technology (MGT) Act, the Datacenter
More information2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification
2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification Presenters Jared Hamilton CISSP CCSK, CCSFP, MCSE:S Healthcare Cybersecurity Leader, Crowe Horwath Erika Del Giudice CISA, CRISC,
More informationThe Oracle Trust Fabric Securing the Cloud Journey
The Oracle Trust Fabric Securing the Cloud Journey Eric Olden Senior Vice President and General Manager Cloud Security and Identity 05.07.2018 Safe Harbor Statement The following is intended to outline
More informationA CISO GUIDE TO MULTI-CLOUD SECURITY Achieving Transparent Visibility and Control and Enhanced Risk Management
A CISO GUIDE TO MULTI-CLOUD SECURITY Achieving Transparent Visibility and Control and Enhanced Risk Management CONTENTS INTRODUCTION 1 SECTION 1: MULTI-CLOUD COVERAGE 2 SECTION 2: MULTI-CLOUD VISIBILITY
More informationCloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION
Cloud Computing January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION Purpose and Methodology Survey Sample Field Work December 20, 2011 January 9, 2012 Total Respondents 554 Margin of Error +/- 4.2%
More informationCloud First Policy General Directorate of Governance and Operations Version April 2017
General Directorate of Governance and Operations Version 1.0 24 April 2017 Table of Contents Definitions/Glossary... 2 Policy statement... 3 Entities Affected by this Policy... 3 Who Should Read this Policy...
More informationWhy the cloud matters?
Why the cloud matters? Speed and Business Impact Expertise and Performance Cost Reduction Trend Micro Datacenter & Cloud Security Vision Enable enterprises to use private and public cloud computing with
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationProtecting PHI in the Cloud. Session #47, February 20, 2017 Kurt J. Long, Founder & CEO, FairWarning, Inc.
Protecting PHI in the Cloud Session #47, February 20, 2017 Kurt J. Long, Founder & CEO, FairWarning, Inc. 1 Speaker Introduction Kurt J. Long Founder & CEO FairWarning, Inc. 2 Conflict of Interest Kurt
More informationMIS Week 9 Host Hardening
MIS 5214 Week 9 Host Hardening Agenda NIST Risk Management Framework A quick review Implementing controls Host hardening Security configuration checklist (w/disa STIG Viewer) NIST 800-53Ar4 How Controls
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationDriving Cloud Governance and Avoiding Cloud Chaos
Driving Cloud Governance and Avoiding Cloud Chaos Key Take Aways What is Cloud Chaos? Why Do You Need Cloud Governance? Intro: Timothy P. McAliley timothy.mcaliley@microsoft.com Microsoft Premier Field
More informationAZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments
AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES To Secure Azure and Hybrid Cloud Environments Introduction Cloud is at the core of every successful digital transformation initiative. With cloud comes new
More informationCOMPLIANCE IN THE CLOUD
COMPLIANCE IN THE CLOUD 3:45-4:30PM Scott Edwards, President, Summit 7 Dave Harris Society for International Affairs COMPLIANCE IN THE CLOUD Scott Edwards scott.edwards@summit7systems.com 256-541-9638
More informationProgramowanie w chmurze na platformie Java EE Wykład 1 - dr inż. Piotr Zając
Programowanie w chmurze na platformie Java EE Wykład 1 - dr inż. Piotr Zając Cloud computing definition Cloud computing is a model for enabling ubiquitous, convenient, ondemand network access to a shared
More informationVirtustream Cloud and Managed Services Solutions for US State & Local Governments and Education
Data Sheet Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education Available through NASPO ValuePoint Cloud Services VIRTUSTREAM CLOUD AND MANAGED SERVICES SOLUTIONS
More informationData Security: Public Contracts and the Cloud
Data Security: Public Contracts and the Cloud July 27, 2012 ABA Public Contract Law Section, State and Local Division Ieuan Mahony Holland & Knight ieuan.mahony@hklaw.com Roadmap Why is security a concern?
More informationIntroduction to Cloud Computing
Introduction to Cloud Computing Nabil Abdennadher nabil.abdennadher@hesge.ch 2017/2018 1 Plan Context Definition Market Cloud service models Cloud deployments models Key drivers to adopting the Cloud Barriers
More informationMulti Packed Security Addressing Challenges in Cloud Computing
Global Journal of Computer Science and Technology Cloud and Distributed Volume 13 Issue 1 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals
More informationHow to avoid storms in the cloud. The Australian experience and global trends
How to avoid storms in the cloud The Australian experience and global trends Discussion Topics 1. Understanding Cloud and Benefits 2. KPMG research The Australian Experience and Global Trends 3. Considerations
More informationLeveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group
Leveraging the Cloud for Law Enforcement Richard A. Falkenrath, PhD Principal, The Chertoff Group Law Enforcement Information Management Training Conference & Technology Exposition May 21,2013 Outline
More informationIntroduction to Cloud Computing. [thoughtsoncloud.com] 1
Introduction to Cloud Computing [thoughtsoncloud.com] 1 Outline What is Cloud Computing? Characteristics of the Cloud Computing model Evolution of Cloud Computing Cloud Computing Architecture Cloud Services:
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationPractical Guide to Platform as a Service.
Practical Guide to Platform as a Service http://cloud-council.org/resource-hub.htm#practical-guide-to-paas December 3, 2015 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards!
More informationContemporary Challenges for Cloud Service Providers Seeking FedRAMP Compliance
Contemporary Challenges for Cloud Service Providers Seeking FedRAMP Compliance July 2017 Jeff Roth, CISSP-ISSEP, CISA, CGEIT, QSA Regional Director NCC Group Agenda FedRAMP - Foundations/Frameworks Cloud
More informationLayer Security White Paper
Layer Security White Paper Content PEOPLE SECURITY PRODUCT SECURITY CLOUD & NETWORK INFRASTRUCTURE SECURITY RISK MANAGEMENT PHYSICAL SECURITY BUSINESS CONTINUITY & DISASTER RECOVERY VENDOR SECURITY SECURITY
More informationExam C Foundations of IBM Cloud Reference Architecture V5
Exam C5050 287 Foundations of IBM Cloud Reference Architecture V5 1. Which cloud computing scenario would benefit from the inclusion of orchestration? A. A customer has a need to adopt lean principles
More informationCloud solution consultant
Cloud solution consultant Role brief Directorate Jisc technologies Base location Harwell or Bristol Grade B Level 18 Job family Professional services Date November 2017 Reports to Cloud services group
More informationData safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.
WHITE PAPER Data safety for digital business. One solution for hybrid, physical, and virtual environments. It s common knowledge that the cloud plays a critical role in helping organizations accomplish
More informationData Management and Security in the GDPR Era
Data Management and Security in the GDPR Era Franck Hourdin; Vice President, EMEA Security Russ Lowenthal; Director, Database Security Product Management Mike Turner; Chief Operating Officer, Capgemini
More informationCommunity Clouds And why you should care about them
Community Clouds And why you should care about them Matt Johnson, Ed Zedlewski, Eduserv Introduction What is Cloud Computing? National Institute of Standards & Technology (NIST) a model for enabling convenient,
More informationWhite Paper Impact of DoD Cloud Strategy and FedRAMP on CSP, Government Agencies and Integrators.
White Paper Impact of DoD Cloud Strategy and FedRAMP on CSP, Government Agencies and Integrators. www.spirentfederal.com Table of Contents 1.0 DOD CLOUD STRATEGY IMPACT.............................................................
More informationGain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services
Solution Overview Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services OPTIMIZE YOUR CLOUD SERVICES TO DRIVE BETTER BUSINESS OUTCOMES Reduce Cloud Business Risks and Costs
More informationSecuring Your SWIFT Environment Using Micro-Segmentation
Securing Your SWIFT Environment Using Micro-Segmentation WP201801 Overview By January 1, 2018, all SWIFT customers must self-attest to their compliance with the new SWIFT Customer Security Program (CSP).
More informationYour Data Demands More NETAPP ENABLES YOU TO LEVERAGE YOUR DATA & COMPUTE FROM ANYWHERE
Your Data Demands More NETAPP ENABLES YOU TO LEVERAGE YOUR DATA & COMPUTE FROM ANYWHERE IN ITS EARLY DAYS, NetApp s (www.netapp.com) primary goal was to build a market for network-attached storage and
More informationGDPR Update and ENISA guidelines
GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure
More informationYour Trusted Partner in Europe European Business Reliance Centre
Your Trusted Partner in Europe European Business Reliance Centre Fit4Exchange 23 Septembre 2015 ebrc.com 24/09/2015 Public 1 EBRC -European Business Reliance Centre Our vision: To be the Centre of Excellence
More informationSecurity Survey Executive Summary October 2008
A government technology Executive Survey Summary: HP Security Survey Executive Summary October 2008 Produced by: In Partnership With: Introduction Information is paramount to the survival of government
More informationSoftLayer Security and Compliance:
SoftLayer Security and Compliance: How security and compliance are implemented and managed Introduction Cloud computing generally gets a bad rap when security is discussed. However, most major cloud providers
More informationMigrating Enterprise Applications to the Cloud Session 672. Leighton L. Nelson
Migrating Enterprise Applications to the Cloud Session 672 Leighton L. Nelson Leighton L. Nelson Instructional Technology Principal Oracle ACE & Oracle Certified Expert Oracle Database Administrator Author/blogger
More informationRSA Solution Brief. The RSA Solution for Cloud Security and Compliance
The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their
More informationSecuring Applications in the Cloud
Securing Applications in the Cloud Introduction to Cloud Application Security... 2 About the authors...3 About the Cloud Security Alliance... 3 Problem Statement... 4 Issues and Guidance... 4 Infrastructure
More informationCLOUD COMPUTING WHAT HEALTH CARE INTERNAL AUDITORS NEED TO KNOW GABRIELA MERINO DIRECTOR BUSINESS ADVISORY SERVICES
1 CLOUD COMPUTING WHAT HEALTH CARE INTERNAL AUDITORS NEED TO KNOW GABRIELA MERINO DIRECTOR BUSINESS ADVISORY SERVICES AHIA 33 rd Annual Conference September 21-24, 2014 Austin, Texas www.ahia.org Learning
More informationSecuring Your Cloud Introduction Presentation
Securing Your Cloud Introduction Presentation Slides originally created by IBM Partial deck derived by Continental Resources, Inc. (ConRes) Security Division Revision March 17, 2017 1 IBM Security Today
More informationData center interconnect for the enterprise hybrid cloud
WHITEPAPER Data center interconnect for the enterprise hybrid cloud The world is moving to the cloud. Everything from entertainment and consumer mobile applications to enterprise software and government
More informationManaging SaaS risks for cloud customers
Managing SaaS risks for cloud customers Information Security Summit 2016 September 13, 2016 Ronald Tse Founder & CEO, Ribose For every IaaS/PaaS, there are 100s of SaaS PROBLEM SaaS spending is almost
More informationFROM TACTIC TO STRATEGY:
FROM TACTIC TO STRATEGY: The CDW-G 2011 Cloud Computing Tracking Poll 2011 CDW Government LLC TABLE OF CONTENTS Introduction 3 Key findings 4 Planning for the cloud 16 Methodology and demographics 19 Appendix
More informationActual Agility with SDN: Weaving SDN into Data Center Automation May 6, John Burke Principal Research Analyst & CIO
Actual Agility with SDN: Weaving SDN into Data Center Automation May 6, 2016 John Burke Principal Research Analyst & CIO john@nemertes Agenda ± Introductions ± SDN Adoption ± Cloud Management Adoption
More informationWhat does IPv6 mean to me and my organization?
What is IPv6? IPv6 is short for "Internet Protocol version 6." IPv6 is the "next generation" protocol designed by The Internet Engineering Task Force (www.ietf.org) to replace the current version of Internet
More informationIT Vulnerabilities: What an IT Auditor Should be Thinking About
IT Vulnerabilities: What an IT Auditor Should be Thinking About Evolving in a Changing Landscape OCTOBER 23-25 HOTEL NIKKO - SF Agenda 1. About the Speaker 2. IT Vulnerability: The Term Defined 3. Identification
More informationSIEMLESS THREAT DETECTION FOR AWS
SOLUTION OVERVIEW: ALERT LOGIC FOR AMAZON WEB SERVICES (AWS) SIEMLESS THREAT DETECTION FOR AWS Few things are as important to your business as maintaining the security of your sensitive data. Protecting
More informationCLOUD SECURITY CRASH COURSE
CLOUD SECURITY CRASH COURSE ADDRESSING REAL WORLD CONCERNS Joel Friedman, CTSO ABOUT ME Name: Joel Friedman Title: Chief Technology & Security Officer of Datapipe Certifications: CISSP, CISA, CISM, CRISC,
More informationCLOUD-CON: Management & Security
October 18, 2012 CLOUD-CON: Management & Security Deploy, Manage & Secure Private & Hybrid Clouds Vance McCarthy Program Director Today s Expert Speakers Jyothi Swaroop Product Director Robert Vila WebSphere
More informationVMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment
VMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment RELIABLE, FAMILIAR INFRASTRUCTURE BACKED BY VMWARE AND DELIVERED THROUGH PARTNERS HELPS OPTIMIZE CLOUD INVESTMENTS AS ENTERPRISES
More informationSecurity and Compliance at Mavenlink
Security and Compliance at Mavenlink Table of Contents Introduction....3 Application Security....4....4....5 Infrastructure Security....8....8....8....9 Data Security.... 10....10....10 Infrastructure
More informationMicrosoft Security Management
Microsoft Security Management MICROSOFT SECURITY MANAGEMENT SECURITY MANAGEMENT CHALLENGES Some large financial services organizations have as many as 40 or more different security vendors inside their
More informationCLOUD COMPUTING ABSTRACT
Ruchi Saraf CSE-VII Sem CLOUD COMPUTING By: Shivali Agrawal CSE-VII Sem ABSTRACT Cloud computing is the convergence and evolution of several concepts from virtualization, distributed application design,
More information2013 AWS Worldwide Public Sector Summit Washington, D.C.
Washington, D.C. Web Mapping and Security A View From Esri Bonnie Stayer Solutions Engineer Dan O Leary Director, D.C. Software Development Center Introduction Cloud security affected by many moving parts
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationNEXT GENERATION CLOUD SECURITY
SESSION ID: CMI-F02 NEXT GENERATION CLOUD SECURITY Myles Hosford Head of FSI Security & Compliance Asia Amazon Web Services Agenda Introduction to Cloud Security Benefits of Cloud Security Cloud APIs &
More informationThe Challenge of Cloud Security
The Challenge of Cloud Security Dr. Ray Klump Chair, Mathematics & Computer Science Director, MS in Information Security Lewis University Poll Question #1: What type of cloud service are you
More informationCustomer s journey into the private cloud with Cisco Enterprise Cloud Suite
Customer s journey into the private cloud with Cisco Enterprise Cloud Suite Peter Charpentier, Senior Solution Architect, Cisco AS Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker
More informationBuilding a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.
Building a Secure and Compliant Cloud Infrastructure Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc. Why Are We Here? Expanded Enterprise Data access anywhere, anytime
More informationCompliance and Security in a Cloud-First Era
Compliance and Security in a Cloud-First Era Regions: Dublin (EU-West) 3 x Availability Zones Launched in 2007 Frankfurt (EU-Central) 2 x Availability Zones Launched 2014 Edge Locations: Amsterdam,
More informationHow NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity
How NSFOCUS Protected the G20 Summit Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity SPONSORED BY Rosefelt is responsible for developing NSFOCUS threat intelligence and web
More informationMitigating Risks with Cloud Computing Dan Reis
Mitigating Risks with Cloud Computing Dan Reis Director of U.S. Product Marketing Trend Micro Agenda Cloud Adoption Key Characteristics The Cloud Landscape and its Security Challenges The SecureCloud Solution
More informationAzure SQL Database Basics
Intro: Timothy P. McAliley timothy.mcaliley@microsoft.com Microsoft Account Technology Strategist, Washington, DC CISA, CISM, CISSP, ITIL V3, MCSA, MCSE, MCITP, MCTS, MCT, PMP www.itprocamp.com www.meetup.com/mfcf-dc
More informationCloud solution consultant
Cloud solution consultant Role brief Directorate Jisc technologies Base location Harwell or Bristol Grade B Job level 18 Job family Professional services Date 23/10/2017 Reports to Cloud services group
More informationTHALES DATA THREAT REPORT
2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security INDIA EDITION EXECUTIVE SUMMARY #2018DataThreat THE TOPLINE Rising risks for sensitive data in India In India, as in the rest of the
More informationThe Business of Security in the Cloud
The Business of Security in the Cloud Dr. Pamela Fusco Vice President Industry Solutions Solutionary Inc. CISSP, CISM, CHSIII, IAM, NSA/CSS Adjunct Faculty Promises Promises The promise of cloud computing
More informationCopyright 2011 EMC Corporation. All rights reserved.
1 2 How risky is the Cloud? 3 Is Cloud worth it? YES! 4 Cloud adds the concept of Supply Chain 5 Cloud Computing Definition National Institute of Standards and Technology (NIST Special Publication 800-145
More informationHow To Build or Buy An Integrated Security Stack
SESSION ID: PDIL-W03 How To Build or Buy An Integrated Security Stack Jay Leek CISO Blackstone Haddon Bennett CISO Change Healthcare Defining the problem 1. Technology decisions not reducing threat 2.
More informationCloud Computing Overview. The Business and Technology Impact. October 2013
Cloud Computing Overview The Business and Technology Impact October 2013 Cloud Computing offers new types of IT services and models On-demand self-service Rapid elasticity Pay per use Increase Agility
More informationASD CERTIFICATION REPORT
ASD CERTIFICATION REPORT Amazon Web Services Elastic Compute Cloud (EC2), Virtual Private Cloud (VPC), Elastic Block Store (EBS) and Simple Storage Service (S3) Certification Decision ASD certifies Amazon
More informationCHEM-E Process Automation and Information Systems: Applications
CHEM-E7205 - Process Automation and Information Systems: Applications Cloud computing Jukka Kortela Contents What is Cloud Computing? Overview of Cloud Computing Comparison of Cloud Deployment Models Comparison
More informationData Security, Integrity and Accessibility in the Cloud
Data Security, Integrity and Accessibility in the Cloud Shared Responsibility Principles for Financial Services Institutions & Cloud Service Providers Introduction This document presents principles intended
More informationDimension Data IaaS Services. Gary Ramsay
Dimension Data IaaS Services Gary Ramsay 29.08.2017 In a world first, Dimension Data provided real-time data analytics on each of the 198 riders in this year s Tour de France. accelerate your ambition
More informationChoosing a Secure Cloud Service Provider
Choosing a Secure Cloud Service Provider Dr. Ricci IEONG, CISSP, CISA, CISM, CCSK, CCSP, CEH,GPEN, GIAC Advisory Board, ISSAP, ISSMP, F.ISFS Vice President Professional Development Cloud Security Alliance
More informationFedRAMP Security Assessment Plan (SAP) Training
FedRAMP Security Assessment Plan (SAP) Training 1. FedRAMP_Training_SAP_v6_508 1.1 FedRAMP Online Training: SAP Overview Splash Screen Transcript Title of FedRAMP logo. FedRAMP Online Training; Security
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationCloud Connect. Gain highly secure, performance-optimized access to third-party public and private cloud providers
Cloud Connect Gain highly secure, performance-optimized access to third-party public and private cloud providers of the workload to run in the cloud by 2018 1 60 % Today s enterprise WAN environments demand
More informationPerfect Balance of Public and Private Cloud
Perfect Balance of Public and Private Cloud Delivered by Fujitsu Introducing A unique and flexible range of services, designed to make moving to the public cloud fast and easier for your business. These
More informationNetwork Visibility and Segmentation
Network Visibility and Segmentation 2019 Cisco and/ or its affiliates. All rights reserved. Contents Network Segmentation A Services Approach 3 The Process of Segmentation 3 Segmentation Solution Components
More information