Virtual Machine Encryption Security & Compliance in the Cloud

Similar documents
A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

1 Introduction to Identity Management. 2 Access needs evolve. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

Access Management Handbook

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

Top Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk

Five Reasons It s Time For Secure Single Sign-On

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

VMware, SQL Server and Encrypting Private Data Townsend Security

Evolved Backup and Recovery for the Enterprise

Crash course in Azure Active Directory

Secure single sign-on for cloud applications

Mapping BeyondTrust Solutions to

SQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD

IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO

the SWIFT Customer Security

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Cloud Customer Architecture for Securing Workloads on Cloud Services

Adobe Sign and 21 CFR Part 11

Centrify for Dropbox Deployment Guide

Identity Management as a Service

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

Introduction to AWS GoldBase

Deliver Data Protection Services that Boost Revenues and Margins

Disk Encryption Buyers Guide

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

The Road to a Secure, Compliant Cloud

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

VMware, SQL Server and Encrypting Private Data Townsend Security

FIVE REASONS IT S TIME FOR FEDERATED SINGLE SIGN-ON

Access Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

Cloud Security: Constant Innovation

GDPR How we can help. Solvit Networks CA. ALL RIGHTS RESERVED.

To the Designer Where We Need Your Help

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Compliance with CloudCheckr

SYMANTEC DATA CENTER SECURITY

Google Identity Services for work

CipherCloud CASB+ Connector for ServiceNow

Next Generation Authentication

Managing the Risk of Privileged Accounts and Passwords

Make security part of your client systems refresh

Securing Your Most Sensitive Data

Modern Database Architectures Demand Modern Data Security Measures

SMARTCRYPT CONTENTS POLICY MANAGEMENT DISCOVERY CLASSIFICATION DATA PROTECTION REPORTING COMPANIES USE SMARTCRYPT TO. Where does Smartcrypt Work?

Partner Center: Secure application model

Top. Reasons Legal Teams Select kiteworks by Accellion

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Watson Developer Cloud Security Overview

Choosing a Full Disk Encryption solution. A simple first step in preparing your business for GDPR

2017 Annual Meeting of Members and Board of Directors Meeting

Canadian Access Federation: Trust Assertion Document (TAD)

Managing SaaS risks for cloud customers

The Device Has Left the Building

ProteggereiDatiAziendalion-premises e nel cloud

Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter

locuz.com SOC Services

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Securing Containers Using a PNSC and a Cisco VSG

KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

ArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young

Managing Microsoft 365 Identity and Access

Mitigating Risks with Cloud Computing Dan Reis

THE HYBRID CLOUD. Private and Public Clouds Better Together

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

GLBA. The Gramm-Leach-Bliley Act

The benefits of synchronizing G Suite and Active Directory passwords

Table of Contents. Table of Figures. 2 Wave Systems Corp. Client User Guide

Twilio cloud communications SECURITY

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

Identity & Access Management

General Data Protection Regulation (GDPR) and the Implications for IT Service Management

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK

Choosing the level that works for you!

Agenda. Introduction. Key Concepts. The Role of Internal Auditors. Business Drivers Identity and Access Management Background

CSN38: Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO

TRACKVIA SECURITY OVERVIEW

1 Hitachi ID Suite. 2 Agenda. 3 Corporate. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

Canadian Access Federation: Trust Assertion Document (TAD)

The Realities of Data Security and Compliance: Compliance Security

Secured by RSA Implementation Guide. Last Modified: August 2, 2013

Ramnish Singh IT Advisor Microsoft Corporation Session Code:

Product Brief. Circles of Trust.

Introduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Keep the Door Open for Users and Closed to Hackers

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Netwrix Auditor for SQL Server

Businesses under pressure

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

Liferay Security Features Overview. How Liferay Approaches Security

Security & Compliance in the AWS Cloud. Amazon Web Services

The Nasuni Security Model

SafeNet ProtectApp APPLICATION-LEVEL ENCRYPTION

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

Transcription:

Virtual Machine Encryption Security & Compliance in the Cloud Pius Graf Director Sales Switzerland 27.September 2017

Agenda Control Your Data In The Cloud Overview Virtual Machine Encryption Architecture

Putting Your Data in The Cloud has Its Challenges Can we protect sensitive data stored in and moving to and from the cloud? How do we meet compliance obligations in cloud environments? How do we prevent cloud administrators and other tenants from accessing data? How do we control what data is accessed in the event of a government subpoena? How do we ensure data is securely decommissioned from the cloud? Who owns our encryption keys in the cloud? How do we centralize data security across environments? 3

54% of companies take a proactive approach to managing security and complying with privacy and data protection regulations in the cloud Maintaining Control of Data in the Cloud is Critical to Security MORE THAN HALF of companies have cloud services and corporate data stored in cloud not controlled by the IT department ONLY 1/3 of sensitive data stored in cloud-based applications is encrypted 56% of organizations do not agree they are careful about sharing sensitive information in the cloud with third parties such as business partners, contractors and vendors 4 Source: The 2016 Global Data Security Study, Gemalto/Ponemon Institute, July 2016.

Stay Compliant in the Cloud Virtual Machine Encryption gives data control squarely to the customer and lets them demonstrate undisputed command and proof of ownership for both data and keys. Addresses compliance standards for cloud environments such as PCI DSS, SOX, and HIPAA. Centralized policy enforcement provides a single audit point to facilitate proof of governance a key factor in compliance.

Run Workloads Securely in the Cloud Virtual Machine Encryption helps customers maintain full control of their data by encrypting entire virtual machines and all of the data residing in the instance. Once encrypted, all archives, snapshots, and backups of these instances remain secure regardless of their location. Illegitimate or hidden copies of data are rendered useless, and trusted audit logs cover access events.

Virtual Machine Instances Are Only Available To Authorized Users Virtual Machine Encryption provides encryption- based separation of duties that isolates data from AWS, Microsoft Azure and IBM Bluemix organization s IT administrators, and different business units within the organization s virtual environment. Granular role-based control of who can start a virtual instance with pre- boot authentication policies. Copies and snapshots of Virtual Machines instances and volumes are tracked and impossible to instantiate without authorized access.

Deployment Options Virtual Machine Encryption On-Premises Cloud/Virtual Security and compliance across virtual and cloud-enabled infrastructure to secure sensitive workloads and confidential data in the cloud Isolate virtual machines and storage through encryption of OS and data partitions Authorize virtual machine launches Track key access to all copies of your data Revoke key access after terminating an instance or in the event of a breach Single pane of glass for management across clouds 8

Virtual Machine Encryption: Secures the Entire VM Lifecycle Encrypted VM Lifecycle

Virtual Machine Encryption for Microsoft Azure with trusted Central Key Management Azur e Trusted on-premises location Protected Storage Protected Instance HA Generate and Store Keys Central Key Management Virtual Machine Encryption Manager: Manages Clients Virtual Machine Encryption Client: Encrypt all I/O, Partitions, OS

Virtual Machine Encryption: Common Use Cases Run workloads securely and isolation in a multitenant environment Meet compliance and regulatory mandates Enable separation of duties between cloud service provider, storage, security and other administrators Safely decommission data from the cloud Track access and audit Data Protect data against lawful seizure 11

Beyond 2FA The Smart Way to Manage Cloud Access Presented by Pius Graf Director Sales Gemalto AG Title 12 24.09.17

Objectives To understand how cloud access management can help your organization adopt cloud apps without compromising on: User Convenience Ease of Management Security Compliance

Agenda Cloud Identity and security trends Challenges to enterprise cloud adoption 2FA vs. access management What s the difference? Cloud access management 101

Cloud Identity and Security Trends

Multi-factor Assimilation Identity verification methods in enterprise and consumer apps are assimilating Cloud SSO sorely sought 88% of organizations have already implemented or plan to implement cloud SSO Cloud is mainstream 93% of organizations use cloud-based IT services, according to Spiceworks survey Identity federation at work & home Consumer and enterprise services want to let users log in with their current identity 16 Title

Challenges to enterprise cloud adoption

The use of cloud apps has become mainstream according to joint Ponemon-Gemalto research. 18

But cloud apps create challenges 87yht%4 2849357485 1234563 according to joint Ponemon-Gemalto research. 23459473a& For users: Frustration PW Fatigue Security work arounds For IT: PW resets Security risk Lack of visibility 19

SSO offers a partial solution For users: Convenient and hassle free One Credential Not Ideal for IT: Security risk: if the credential is compromised, all apps will be vulnerable Visibility: Can t track which apps are being accessed and when 20

Access Management = SSO + IT Control Win-Win for users and IT For users: Authenticate once and step up only when required For IT: Set the access policy per cloud app Get visibility into who is accessing what, when and how Maintain security, reduce password workarounds 21

Access Management addresses enterprise cloud adoption roadblocks Password Fatigue Poor Security Multiple Consoles Compliance Risk Password Resets according to joint Ponemon-Gemalto research. NIST found that its employees authenticate 23 times within a 24- hour period. 22 20% of help desk tickets are a result of lost or forgotten passwords. 62% of IT professionals say the use of cloud resources increases their compliance risk

2FA vs. access management What s the difference?

2FA is a subset of Access Management Authorization Enforcement Session Management Authentication Access Management Identity Admin Auditing & Reporting SSO 24 Title 24.09.17

Access Management is a subset of IAM IAM Identity and Access Management Authorization Enforcement Session Management Policy and role management Identity Lifecycle Authentication Access Management Identity Admin Password Management IGA Identity, Governance & Administration Entitlements Management Auditing & Reporting SSO Reporting & Analytics Access approval workflow

IAM Identity and Access Management ACCESS MANAGEMENT Who accessed what and when? How was their identity verified? IDENTITY GOVERNANCE AND ADMINISTRATION Who was granted access to what? By whom and when?

Cloud access management 101

What is access management? Access management is a functionality that enables providing the right user access to the right app at the appropriate level of trust. Key functionalities Single Sign On Granular access policies Context-based Authentication 28 Title 24.09.17

Single Sign-On 29 24.09.17

Benefits of Single Sign On For Users - a single credential set for all apps For IT - single pane of glass management For security officers - a single audit trail For security officers - session management 30 Title 24.09.17

Granular Access Policies 31 24.09.17

Granular Access Policies App Sensitivity High risk Low risk User Role C-Suite IT Admin Standard user Partner Contextual Data Known Device Trusted Network Location Time of Day 32

User Experience: Context-based Authentication Transparent Authentication 1 USERNAME Gemalto\IRONMAN Step Up as required based on Access Policy 2 PASSWORD USERNAME Gemalto\IRONMAN OTP 33

Contextual Authentication enables Continuous Authentication Login to App 1 Evaluate context: Are you in the office? Is this your laptop? Evaluate context: Are you in the office? Is this your laptop? MONITOR Check the access policy: Has it changed? Check the access policy What level of authentication is needed? Login to App 2

Conclusion

Cloud access management solutions enables smooth cloud adoption in the enterprise Visibility Security Scalability Convenience Know who is accessing which app and when Apply the appropriate security policy for each access attempt Add new users, apps and access policies as needs evolve Ensures users gain convenient access to apps through smart Single Sign On (SSO) Know which access controls are applied to user access Enforce the appropriate level of trust Eliminate help desk overheads associated with password resets Lets users maintain a single identity for all their cloud apps Centrally define access policies for all cloud apps 36

Thank You Questions? Pius.Graf@Gemalto.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback