The Etihad Journey to a Secure Cloud

Similar documents
Best Practices in Securing a Multicloud World

Securing Digital Transformation

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

Run the business. Not the risks.

IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO

Capgemini Dynamic Services

General Data Protection Regulation (GDPR) The impact of doing business in Asia

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

Importance of the Data Management process in setting up the GDPR within a company CREOBIS

Moving Workloads to the Public Cloud? Don t Forget About Security.

Secure & Unified Identity

Securing Your Digital Transformation

EU General Data Protection Regulation (GDPR) Achieving compliance

Building Trust in the Era of Cloud Computing

WHITEPAPER. How to secure your Post-perimeter world

Modern Database Architectures Demand Modern Data Security Measures

MITIGATE CYBER ATTACK RISK

Security Readiness Assessment

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

CipherCloud CASB+ Connector for ServiceNow

Securing Your Cloud Introduction Presentation

Building YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services

2018 THALES DATA THREAT REPORT

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

WHITE PAPER. The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help

IT Needs More Control

State of Cloud Adoption. Cloud usage is over 90%, are you ready?

Cloud Customer Architecture for Securing Workloads on Cloud Services

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

Accelerate Your Enterprise Private Cloud Initiative

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

The Oracle Trust Fabric Securing the Cloud Journey

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Accelerate GDPR compliance with the Microsoft Cloud

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

GDPR: The Day After. Pierre-Luc REFALO

Auditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Managing SaaS risks for cloud customers

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Helping Address GDPR Compliance Using Oracle Security Solutions ORACLE WHITE PAPER SEPTEMBER 2017

Governing cyber security risk: It s time to take it seriously Seven principles for Boards and Investors

CAN MICROSOFT HELP MEET THE GDPR

REALIZE YOUR. DIGITAL VISION with Digital Private Cloud from Atos and VMware

Data Management and Security in the GDPR Era

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

Angela McKay Director, Government Security Policy and Strategy Microsoft

THE GDPR PCLOUD'S ROAD TO FULL COMPLIANCE

Cybersecurity Auditing in an Unsecure World

Clarity on Cyber Security. Media conference 29 May 2018

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

How to Prepare a Response to Cyber Attack for a Multinational Company.

Mitigating Risks with Cloud Computing Dan Reis

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

Next-Gen CASB. Patrick Koh Bitglass

Microsoft Security Management

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Go mobile. Stay in control.

Beyond Your Device. Control, Connect, Experience. BT GS Analyst and consultant call 2 July 2013

DELIVERING SIMPLIFIED CYBER SECURITY JOURNEYS

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

Securing Data in the Cloud: Point of View

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

Cybersecurity Roadmap: Global Healthcare Security Architecture

State of Office 365 Adoption & Risk A Dive into the Data. Jim Reavis, CEO, Cloud Security Alliance Brandon Cook, VP, Marketing, Skyhigh Networks

Securing Your Most Sensitive Data

Cloud Services. Infrastructure-as-a-Service

Vulnerability Assessments and Penetration Testing

GUIDE. Navigating the General Data Protection Regulation Mini Guide

Business Technology Briefing: Fear of Flying, And How You Can Overcome It

Encryption Vision & Strategy

IBM Future of Work Forum

INTELLIGENCE DRIVEN GRC FOR SECURITY

Transforming Security Part 2: From the Device to the Data Center

5 Things to Consider when Moving to the Cloud. Dr Chris Folkerd

Getting Hybrid IT Right. A Softchoice Guide to Hybrid Cloud Adoption

Accelerate Your Cloud Journey

Identiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

CA Security Management

Welcome to the SafeNet Day! Prague 1st of October Insert Your Name Insert Your Title Insert Date

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Perfect Balance of Public and Private Cloud

Security Diagnostics for IAM

3-Part Guide to Developing a BYOD Strategy

Security Operations & Analytics Services

Leveraging Adaptive Auth and Device Trust for Enhanced Security and Compliance

GDPR Update and ENISA guidelines

Version 1/2018. GDPR Processor Security Controls

Jim Reavis CEO and Founder Cloud Security Alliance December 2017

Transcription:

SESSION ID: CCS-T07 The Etihad Journey to a Secure Cloud Georges de Moura Head of Group Information Security, Risk & Compliance Etihad Aviation Group

History: Before The Cloud Devolved IT Decision-Making Traditional Approach to Computing On-Premises Apps IT Security Controlled The Perimeter Believed this was Sufficient to Control Threats & Stop Data Loss 2

The Clouds are coming Challenges: Proliferation of Cloud services (SAAS, PAAS, IAAS) Rise of ShadowIT leading to uncontrollable risks Consumerization of IT (BYOD, ) emergence Finding a balance between productivity, agility and, security Risks: Violation of compliance requirements with regulatory laws (GDPR, ) No governance and inadequate due diligence on shadowit services (supplier, cost, security, architecture) Data breaches which can result in high fines, damage brand and impact revenues Compromised credentials and broken authentication Password fatigue and poor digital hygiene 3

Visibility, Then Manage How Many Cloud Services Are We Using? Quick Realization That Use Was Widespread & Uncontrolled Identified Risks (Technical, Legal, Data, User etc.) Needed To Assess Risk of Each Service Outcome: We Have To Manage Cloud, not Avoid or Eliminate, but Control 4

Managing the Cloud Establish a clear Cloud strategy policy that defines the adequate controls to be in place depending on the data sensitivity and regulatory requirements (GDPR, NESA, ) Extend your security services to Cloud environments to provide visibility and manage Implement a risk management framework that cover Cloud providers Block non sanctioned high risk cloud services Select certified Tier-1 cloud providers to host your most sensitive data 5

Cloud Security Governance EAP Cloud Security Strategy and Policy Governance, Risk and Compliance Management processes for Cloud services (CSA, ISO27018) IDAAS for SSO and Secure authentication of Cloud services CASB for ShadowIT visibility CASB for monitoring and data protection 6

Cloud Security Strategic Objectives 7

Benefits of IDAAS and CASB solutions Consolidation and standardization Visibility into the usage of unsanctioned cloud applications can help identity redundant services Understand the Business needs Better align with business requirements by having insights into cloud applications usage Enable the Digital Transformation Improve the connections between people and tools to make the Organization more Productive and Secure Drive Business value Protect content that has business benefits in order to drive business value and improve cloud adoption: Just-in-Time provisionning, SSO, remove password management headaches Integrated Security Technologies Security powered by the Cloud Faster delivery, scalable, simplified architecture, predictable TCO, leverage cloud security experts Extension of current controls environment Identity management, access management, monitoring, DLP, encryption Improved Compliance Identify áreas that may expsose the Organization to regulations (GDPR) and fine and enforce required security controls Mitigate risks of Security breaches Protect the Organization against Internal and External threats 8

Build a holistic Data Security Program Data protection is a holistic program involving all the organizations users and not a technology project 9

Build a solid foundation Think big, start small and grow gradually for full coverage 10

Spent your time and money protecting the data that matters the most Detect and prevent inappropriate transfers of sensitive data from the internal network to the internet Ensure that authorized transfers of sensitive data are appropriately encrypted Identify and secure data at rest Control endpoints, including workstations and mobile devices Technology is not a magic bullet 11

Change the culture and measure performance Build a culture of data protection Establish meaningful metrics Report to the business and continually improve Allow Collaboration Internally & External, but with Controls Senior Management Support Crucial Strong Message to Users Around Central Management & Control Cloud Security is a Team Sport 12

Cloud Security: Advice For Your Journey Establish a Cloud Security Framework Ensure effective governance, risk and compliance processes exist Manage people, roles and identities Ensure proper protection of data and information Enforce privacy policies Assess the security provisions for cloud applications Ensure cloud networks and connections are secure Evaluate security controls Senior Management Support is Crucial 13

THANK YOU

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback