Cloud gateways for regulatory compliance
-
Upload
ulf-mattsson -
Category
Technology
-
view
113 -
download
2
description
Transcript of Cloud gateways for regulatory compliance
Cloud Gateways for Regulatory ComplianceCloud Gateways for Regulatory Compliance
Ulf MattssonCTO, Protegrity
Public Cloud – No Control
2
Consumers have no control over security once data is inside the public cloud. Completely reliant on provider for application and storage security.
Private Cloud – Limited Control
Outsourced Private Cloud
Consumer has limited capability to manage security within outsourced
3
On-sitePrivate Cloud
within outsourced IaaS private cloud.
Mapping the Cloud Model to Security Control & Compliance
ApplicationsApplicationsApplicationsApplications
DataDataDataData
4
5
Cloud Encryption Gateways • SaaS encryption
Cloud Security Gateways• Policy enforcement
Cloud Access Security Brokers (CASBs)
Cloud Gateways – Enterprise Control
Cloud Access Security Brokers (CASBs)
Cloud Services Brokerage (CSB)
Secure Email Gateways
Secure Web gateway
6
Public Cloud Gateway Example
GatewayAppliance
7
Cloud Gateway Example – Public Cloud
Cloud Gateway
08
High-Performance Gateway Architecture
Enterprise-extensible platform
Tokenization and encryption
Enterprise-grade key management
Flexible policy controls
Example of Cloud Security Gateway Features
Flexible policy controls
• File or Field Security
• Advanced function & usability preservation
Comprehensive activity monitoring & reporting
Support for internal, remote & mobile users
Multiple deployment options
9
Corporate Network
Security Gateway Deployment – Example
BackendSystem
CloudGateway
ExternalService
010
EnterpriseSecurity
AdministratorSecurity Officer
Enterprise Data Security Policy
What is the sensitive data that needs to be protected.
How you want to protect and present sensitive data. There are several methods for protecting sensitive data. Encryption, tokenization, monitoring, etc.
Who should have access to sensitive data and who should not. Security access control. Roles & Users
What
Who
How
11
When should sensitive data access be granted to those who have access. Day of week, time of day.
Where is the sensitive data stored? This will be where the policy is enforced.
Audit authorized or un-authorized access to sensitive data.
When
Where
Audit
Centralized Policy Management - ExampleApplication
RDBMS
MPP
AuditLog
AuditLog
AuditLog
EnterpriseSecurity
Administrator
PolicyPolicyPolicyPolicyPolicyPolicyPolicyPolicyPolicy
Cloud
Security Officer
AuditLog
AuditLog
AuditLog
12
File Servers
Big Data
Gateway Servers
HP NonStopBase24
IBM Mainframe Protector
AuditLog
AuditLog Audit
Log
AuditLog
Protection Servers
AuditLog
AuditLog