Business Technology Briefing: Fear of Flying, And How You Can Overcome It

Similar documents
Best Practices in Securing a Multicloud World

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.

CLOUD COMPUTING READINESS CHECKLIST

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

How to avoid storms in the cloud. The Australian experience and global trends

Cloud Computing, SaaS and Outsourcing

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

THALES DATA THREAT REPORT

Managing SaaS risks for cloud customers

Government IT Modernization and the Adoption of Hybrid Cloud

MySQL CLOUD SERVICE. Propel Innovation and Time-to-Market

Copyright 2011 EMC Corporation. All rights reserved.

Practical Guide to Cloud Computing Version 2. Read whitepaper at

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

Version 1/2018. GDPR Processor Security Controls

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Modernising the public sector through the cloud

Cloud Customer Architecture for Securing Workloads on Cloud Services

Empowering Business Adoption of the Cloud through Intelligent Security Solutions and Active Defense Platforms

Practical Guide to Hybrid Cloud Computing. Cloud-Computing.

CipherCloud CASB+ Connector for ServiceNow

Choosing the Right Solution for Strategic Deployment of Encryption

Design and deliver cloud-based apps and data for flexible, on-demand IT

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Virtual Machine Encryption Security & Compliance in the Cloud

The Challenge of Cloud Security

Cloud solution consultant

Welcome & Introductions

Cloud solution consultant

Granted: The Cloud comes with security and continuity...

Contents. Navigating your way to the cloud

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

Google Cloud & the General Data Protection Regulation (GDPR)

Disaster recovery strategic planning: How achievable will it be?

Cloud First Policy General Directorate of Governance and Operations Version April 2017

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

What is cloud computing? The enterprise is liable as data controller. Various forms of cloud computing. Data controller

Building Trust in the Era of Cloud Computing

Public vs private cloud for regulated entities

Building a Resilient Security Posture for Effective Breach Prevention

Securing Your Cloud Introduction Presentation

TechValidate Survey Report: SaaS Application Trends and Challenges

Angela McKay Director, Government Security Policy and Strategy Microsoft

SD-WAN Solution How to Make the Best Choice for Your Business

Architecting for Greater Security in AWS

The Etihad Journey to a Secure Cloud

Privacy hacking & Data Theft

An Introduction to the ISO Security Standards

Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter

THALES DATA THREAT REPORT

Cloud Transformation Program Cloud Change Champions June 20, 2018

General Data Protection Regulation (GDPR) and the Implications for IT Service Management

Cloud Computing Lectures. Cloud Security

Migrating Enterprise Applications to the Cloud Session 672. Leighton L. Nelson

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Cisco CloudCenter Solution Use Case: Application Migration and Management

Third Party Cloud Services Its Adoption in the New Age

Exam C Foundations of IBM Cloud Reference Architecture V5

Technicalities of Living in the JD Edwards Cloud Cloud Options and Strategies

How to ensure control and security when moving to SaaS/cloud applications

Cloud Computing Overview. The Business and Technology Impact. October 2013

2018 THALES DATA THREAT REPORT

Healthcare IT Modernization and the Adoption of Hybrid Cloud

Microsoft Security Management

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Capgemini Dynamic Services

Cloud computing the use of contracts as a means of governing networked computer services.

About the DISA Cloud Playbook

Why the cloud matters?

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

Maintaining Security Parity in the Shift to Cloud and Mobile Applications. Jamie Yu, Clark Sessions Cisco Systems October 2016

10 FOCUS AREAS FOR BREACH PREVENTION

Future Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013

Fabrizio Patriarca. Come creare valore dalla GDPR

Cloud Computing An IT Paradigm Changer

10 Considerations for a Cloud Procurement. March 2017

Total Cost of Ownership: Benefits of the OpenText Cloud

The Device Has Left the Building

Total Cost of Ownership: Benefits of ECM in the OpenText Cloud

Crash course in Azure Active Directory

Building your Castle in the Cloud for Flash Memory

Data Privacy Corporate Responsibility in Multi Polar World

CompTIA Cloud Essentials Certification Exam Objectives EXAM NUMBER: CLO-001

Data Governance: Data Usage Labeling and Enforcement in Adobe Cloud Platform

Choosing a Secure Cloud Service Provider

The Oracle Trust Fabric Securing the Cloud Journey

Securing Cloud Applications with a Distributed Web Application Firewall Riverbed Technology

Cloud Computing Risks & Reality. Sandra Liepkalns, CRISC

Brochure. Data Masking. Cost-Effectively Protect Data Privacy in Production and Nonproduction Systems

Cisco Webex Messenger

Oracle bakes security into its DNA

Cloud Transformation: Data center usage models driving Cloud computing innovation. Jake Smith, Advanced Server Technologies Data Center Group Intel

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

Motorola Mobility Binding Corporate Rules (BCRs)

Cloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson

ngenius Products in a GDPR Compliant Environment

How to Prepare a Response to Cyber Attack for a Multinational Company.

Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)

WORKSHARE SECURITY OVERVIEW

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Transcription:

Business Technology Briefing: Fear of Flying, And How You Can Overcome It Joseph Tobloski Senior Director for Data & Platforms R&D Accenture Technology Labs

Fear of Flying And How You Can Overcome It May 2011 Accenture, its logo, and High Performance Delivered are trademarks of Accenture.

Agenda The environment Five principles for crafting a security strategy Where Accenture stands

The Environment

Ready or not, the cloud is here Enterprise data no longer rests solely within the enterprise data center, nor is it necessarily owned by the enterprise. Legal and regulatory barriers, real or perceived, have significantly slowed enterprise cloud adoption. Transition to cloud is inevitable remaining on sidelines is not an option.

Preparing for the inevitable transition Understand the risks associated with the cloud, including multi-tenancy, regulatory and commercial. Develop a risk management framework for securing and governing applications, data and processes. Architect solutions (composed of people, processes, and technology) to consistently address these risks.

Five principles for crafting a security strategy

Five principles for crafting a security strategy 1. Know your appetite for privacy and security risk. 2. Expect to share responsibility. 3. Demand transparency and accountability from cloud providers. 4. Use the cloud to solve identity and access management issues. 5. Architect solutions that address the risk.

Know your appetite for privacy and security risk Legal and regulatory issues are exacerbated in a cloud setting Classify your data and your applications to make strategic decisions about what you re moving to the cloud Consider data location issues Regulated data remains regulated regardless of location. Cloud computing risk management framework Rationalize legal, reputational, cost impacts of security and compliance breaches

Risk management framework Defining a cloud risk framework helps organizations with the following activities: Move to the cloud Gain visibility in the cloud Secure the cloud Find the right mix of guidance and standards. Use mechanisms to check cloud provider security health. Add new applications and users in a manner that works for your organization. Harmonize regulatory regimes and legal requirements from different industries, countries, jurisdictions. Verify SLA/contract terms established with the cloud service provider. Verify continuation of technical and operational security controls. Sense and predict when systems will deviate from the norm. Stay on the right side of privacy law. Provide checklist of musthave security criteria. Ensure vulnerabilities are caught early. Ensure strong coordination with and direction of system integrators.

Expect to share responsibility Clarify roles (data controller, data processor, cloud provider, systems integrator) Cloud providers must share the risk and data owners must bear their legal obligations Choose a cloud model that works for you Regulatory Compliance Burden Customer Supplier IaaS PaaS SaaS

Hybrid business models Application Styles Web Extensions to Core Applications Core Applications Content Collaboration and Distribution Marketing Portals and Applications Vertical specific high performance applications Hybrid Cloud Computing Private Cloud Public Cloud Internal Data Center Dedicated Hosting Co-location SAAS Service Models Deployment Options PAAS IAAS

Demand transparency and accountability from cloud providers Require reasonable transparency & accountability Cloud providers as customers may lack visibility into the other provider s security Ask questions from the bottom up (through technology) and the top down (through security, compliance, governance) Ariba, Akritiv, AWS VMForce, Force.com AT&T, Verizon, AWS The deeper the stack, the less visibility you have Enterprise Acquisition Strategies Systems Integrator Software Cloud Supplier Platform Cloud Supplier Infrastructure Cloud Supplier Direct Purchase Outsourcing Arrangements Stack Risk SLA Dependence Supplier/SW Pedigree Compliance Traceability Security Courses of Action In-house Implementation Degree of Control and Visibility

Use the cloud to solve identity and access management issues Shift identity approach for added complexity of the cloud. Identity management might soon become a cloud service. Tie privileges to roles, not applications. Authenticate people, supporting processes, software.

Architect solutions that address the risk Consider hybrid cloud as a bridge solution for now. Evaluate each application individually. Implement security through a blend of methods: Apply data encryption. Limit the information sent to the cloud. Mask sensitive information. Consider multiple cloud vendors. Apply encryption and/or tokenization at a proxy server.

Our point of view

It depends on the data Non-regulated, non-personal data Few barriers to cloud use. Regulated, personal data Regulatory compliance requires more than good security. Security requires more than regulatory compliance Control is an illusion

Important principles Obtain necessary contractual terms. Understand privacy laws, ensure no violations. Involve the right people. Prohibit ad hoc cloud computing (or at the very least, audit). Read terms of service and then read them again. Have a backup plan

The day is coming Accenture is helping cloud providers understand regulatory environment. Providers will begin to accept necessary contractual requirements. You must recognize taking smart risk as a positive behavior. Companies will safely put more on the cloud, gaining immediate economic benefits.

Contact us Joe Tobolski Senior Director for Data & Platforms R&D Accenture Technology Labs joseph.f.tobolski@accenture.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback