SUPPORTING CIO STRATEGIES AND PRIORITIES...security-as-a-service from the cloud. Our suite of robust...
10
Transcript of SUPPORTING CIO STRATEGIES AND PRIORITIES...security-as-a-service from the cloud. Our suite of robust...
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
SUPPORTING CIO STRATEGIES AND PRIORITIES:
FROM THE CLOUD
The biggest eye-opener in Gartner’s
recently-published study on the
current agenda regarding the digital
landscape for Chief Information
Officers is that CIO’s recognize that
cloud computing will not only be a
significant part of the future, but that their own roles and behavior
need to be updated to survive in the modern enterprise.
“CIOs will have to develop new IT strategies and plans that go beyond
the usual day-to-day maintenance of an enterprise IT infrastructure….
technologies provide a platform to achieve results, but only if CIOs
adopt new roles and behaviors to find digital value.”
Most CIOs recognize that the future of enterprise IT lay not with
sitting and writing code and patching servers, but rather one of
strategic development and as an integrator of business goals: riding
the sea change from a person plugging in cables to an analyst; from a
compiler of stacks to a broker of business needs.
For more on ths subject, read our
article, Rethinking IT: Using the Cloud
as a Change Catalyst: HERE
Presented by:
CloudAccess:
CloudAccess provides comprehensive
security-as-a-service from the
cloud. Our suite of robust and scalable
solutions eliminates the challenges of
deploying enterprise-class security
solutions including costs, risks,
resources, time-to-market, and
administration. By providing such
integral services as SIEM, Identity
Management, Log Management, Single
Sign On, Web SSO, Access
Management, Cloud Access offers cost-
effective, high-performance
solutions controlled and managed from
the cloud that meet compliance
requirements, diverse business needs
and ensure the necessary protection of
IT assets.
www.CloudAccess.com
877-550-2568
CloudAccess, Inc 12121 Wilshire Blvd
Suite 1111 Los Angeles, CA 90025
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
The Gartner survey of more than 2000 CIOs, was indeed fascinating -
”Hunting and Harvesting in a Digital World: The 2013 CIO Agenda“-
and one of the highlights was a wish list of Technology and Business
Priorities for 2013. I, of course, was encouraged (yet not surprised) to
see cloud computing, workflow, business intelligence and security on
the list. Although they appear on separate wish lists, they represent
the key transitions and challenges of the evolving paradigm CIOs
must confront to keep their resources relevant and facilitate
progress…it’s no leap that the successful achievement of any or all the
items on the lists require a unification of technology, process and
analysis.
Before you can say “Obvious Things, for $1000, Alex,” what I would
like to do is highlight some specific tactics or advantages that integrate
the Top Business Priorities with Top Technology Priorities. For this, I
am advocating a holistic and unified security platform to demonstrate
how a CIO can advance their agenda and ensure the smooth operation
of their enterprise IT landscape.
First, the complete lists:
6 REQUIREMENTS FOR
EFFECTIVE FRAUD
PREVENTION:
Layered Security
Real-time, intelligence-based
risk assessment
Rapid adaptation against
evolving threats
Transaction Anomaly
Prevention
Minimize end user impact
Minimizing deployment,
management and
operational costs
Learn how to achieve this from the
cloud: www.cloudaccess.com
Metrics should be established
that facilitate common ground
for measuring effectiveness of
security measures
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
I will combine several elements because a strong cloud-based security
program unifies several technologies and provides the necessary
business priorities. This is not to say other technologies within the
purview of the CIO don’t apply, but as this is a security document, I
will keep it within the context to illustrate that the attainment of
several goals can be correlated from the cloud. For that let’s look at
some of the common threads that stitch together these “wish” lists.
Better visibility (analytics & business intelligence/collaboration/better
operation results)-With better visibility comes better, faster decisions
based on relevant data. If you can see the giant asteroid speeding
towards the planet, better visibility provides the time and the layers of
input to devise multiple options to prevent disaster! Yet as so much
data criss-crosses the enterprise in so many forms, formats, and
shared ownerships; across so many applications for a multitude of
purposes, it can be difficult (and resource-heavy) to monitor and fill
vulnerability gaps. Many CIOs have invested in multiple technologies
and processes to mitigate risk, however unless they are linked, or
work collaboratively, it’s like hiring several children to plug dykes with
their fingers. I’ve seen in too many companies that although they have
the right intention, the left hand does not always know what the right
is doing. There are simply too many devices, agendas, access
opportunities and external and internal threats NOT to centralize and
unify tools like SIEM, Log Management, single sign on and identity
management. The idea here is that each controls a segment of
enterprise security. By allowing them to leverage each other’s
capabilities—to collaborate and communicate—under a centralized
monitoring platform, you get contextual information that otherwise
would take considerable more time and resourced expertise to
compile, analyze and react.
SHOULD YOUR COMPANY
EMBRACE BYOD?:
Source: Logicalis Survey 2013
70% of IT decision makers
agreed that BYOD already
has or will improve their
work processes
59% believe that they would
be at a competitive
disadvantage without BYOD
74% of companies with user-
centric BYOD strategies
claimed to experience
improved employee
productivity.
It may not be whether or not you
should, but simply know the best
way to ensure security…
Learn how to achieve this from
the cloud: www.cloudaccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
Unification (centralization in real time), promotes three dimensional
data (or 360 degree visibility) which, in turn, improves responsiveness
and control. This allows you to deploy critical resources with pinpoint
accuracy based on the full measure of intelligence and policy
priorities. This is the key to better operational results.
For more on ths subject, read our
article, the New Standard: Intelligence
Driven Security: HERE
Cost-effectiveness (efficiency/cloud computing/reducing enterprise
costs). Security is not cheap. You should not nickel and dime costs
when the smooth operation of your enterprise, your reputation
amongst customers and partners, and the protection of your IP assets
are at stake With that said, not only can security be affordable, but it
can actually create ROI if deployed and managed intelligently. No one
disputes the need to deploy something more than a firewall or
password protection, but I understand that CIOs are now looking for
better ROI on their existing poker hand. That’s where the cloud makes
so much sense. By packaging (deployed and managed from the cloud)
the 4 solution types mentioned in “better visibility,” CIOs avoid the
dragging anchor of CapEx. In fact I have seen several case studies that
show such an attachment strategy (adding pieces that are not
currently an owned asset) operates at a savings that the subscription
cost for the entire initiative is less than annual support and
maintenance for on premise. So if acquisition costs are significantly
manageable, what you are left with is enterprise capabilities that
increase your efficiency to resource quotient.
The whole concept of efficiency is more than just saving money and
getting more bang for your buck on a cloud computing solution. If the
THE PROBLEM WITH
PASSWORDS:
Source: Flying Penguin Consultants
43% admit that employees
manage passwords in
spreadsheets or on sticky
notes and
34% share passwords with
their co-workers for
applications like FedEx,
Twitter, Staples, LinkedIn.
20% experienced an
employee still able to login
after leaving the company.
Learn how to AVOID this from the
cloud: www.cloudaccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
security protocols and processes are configured using a combination
of internal resources and security-as-a-service expertise, you expand
your sphere of effectiveness and “protect” more virtual territory using
less resources. Efficiency is about doing things better while
expounding a minimum of resources. The idea of on-demand
scalability (to expand or contract immediately based on business
needs and not budget dictates) is another resource, cost savings
concept that cloud security offers that makes your initiative right-
sized. Too often initiatives are weighed down by bloated costs like
investments in hardware/servers, unused licenses and lost protection
time while trying to develop and deploy more complex versions.
For more on ths subject, read our article, Are the costs of cloud security to good to be true?: HERE
Core competency focus (enterprise growth, legacy modernization,
innovation) This is about working smarter. The reality of maintaining
security across your enterprise is that the skills required to monitor,
protect, update, respond, report and comply does not exist within one
dedicated person, but 1/10th of 10 different people. Within a tenuous
economy it is not a stretch to say IT has been the focus of a great deal
of job fusion as many companies are forced to pare down staffs.
Many companies without the means to hire a large and experienced
staff have found that outsourcing to an MSP (managed service
provider) is a sound management decision. Taking this one step
further, when you consider outsourcing features such as security-as-a-
service or policy-as-a-service options, you create new benefits of
security expertise (continuous tribal knowledge) without additional
man hours or expense. Not only does this allow precision budgeting,
but more importantly allows you to prioritize and focus on your
THE 7 C’s OF SECURITY
MONITORING:
Source: CloudAccess White Paper:
Sailing the Seven C’s of Security
Monitoring
Consistency
Continuous
Correlation
Contextual
Compliant
Centralization
Cloud
Learn how to monitor 24/7/365
from the cloud:
www.cloudaccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
company’s core competency. As CIO, your job transforms from
resetting passwords and patching updates to applications to finding
and supporting new ways to expand your business through
technology.
For more on ths subject, read our article, A preposition makes all the difference in/of/for/from the cloud: HERE
Improved automation: (customer retention, Improving IT
applications and infrastructure)Unified cloud based security makes it
easier to manage users. Through automated provisioning and multi-
level authentication, not only is it easier for your customers to do
business with you, but you maintain their ongoing trust by being a
proper steward of their private and sensitive information. More so are
the behind-the-scenes policies and procedures enforced by a system
that is looking at information) in real time) beyond log ins or
passwords. By leveraging various aspects of identity and access
management with that of SIEM’s intrusion detection and Log
Management’s historical archiving, a unified system can automatically
understand behavior patterns (adaptive risk) of users. Just because a
log in has the right user name and password (which could have been
stolen from a malware implant that records keystrokes) doesn’t mean
it is the user. Using situational context, the system “sees” that the last
100 log ins came from an IP address in Provo, Utah…but this one is
coming from overseas at 3am and is trying to access information not
often viewed. The improved automated policy now sends an alert to
the analyst who can put a block in place and shut down the incursion.
But automation keeps your infrastructure in good working order too.
Not only does it help maintain whichever industry compliance
regulation you company is required to follow, but through automatic
provisioning controls what your internal users can do and see. Joe gets
hired as a sales exec. As soon as he is added to Active Directory or
INTELLIGENCE-DRIVEN
SECURITY MODELS:
An intelligence-driven security
system consisting of multiple
components:
A thorough understanding of
risk
The use of agile controls based
on pattern recognition and
predictive analytics
The use of big data analytics to
give context to vast streams of
data to produce timely,
actionable info
Personnel with the right skill
set to operate the systems
Information sharing at scale
Learn how to ACHIEVE this from
the cloud:
www.cloudaccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
LDAP and his role is identified, he is given a certain view of the
network. And the reverse happens immediately once he leaves the
company; removing the threat of sabotage or data theft or an access
vulnerability left open to exploit.
For more on ths subject, read our article, So, just what is REACT? And why does it matter?: HERE
Facilitating productivity (Legacy modernization, mobile tech, retaining
workforce) The highest goal for any CIO is to find ways to make the
enterprise more resilient, stronger and to fulfill its needs. Going back
to mapping behavior patterns (as discussed above), another benefit of
unified cloud based security is that it allows a CIO to see not just the
negative tendencies (and vulnerabilities that keep you up at night),
but the way employees work. Using technology, how can the CIO
improve productivity? Tablets, phones and other personal devices?
The best applications and solutions? The trick is to examine the needs
and then broker the best way to facilitate the need without
compromising security.
In the case of new applications, a variety of solutions can be
designated across the enterprise and directed at specific users
through rule and responsibility-based provisioning. This way access is
controlled to only those who need to see certain features and the
data is secure from unauthorized sources. In terms of BYOD, each
company must make a decision on what these devices are allowed to
access—from email to ERP data—and what is the policy on securing
the individual devices.
Some analysts see 2013 as a tipping point in terms of technologies.
This includes mobile, analytics, big data, social and cloud technologies.
The CIO needs to be ready for this paradigm change.
TOP 10 BIG DATA
SECURITY & PRIVACY
CHALLENGES
Source: Cloud Security Alliance
Secure computations in distributed programming frameworks
Security best practices for non-relational data stores
Secure data storage and transactions logs
End-point input validation/filtering
Real-time security/compliance monitoring
Scalable and composable privacy-preserving data mining and analytics
Cryptographically enforced access control and secure communication
Granular access control
Granular audits
Data provenance
Learn how to OVERCOME these
from the cloud:
www.cloudaccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
One of the more salient points from the Gartner survey stems from
the fact that only 43% of technology’s true business potential is being
exploited to give companies a competitive edge. This, Gartner says,
can’t continue, and if IT is to remain relevant in an increasingly digital
world then there will have to be a substantial increase in this
percentage.
Where this Gartner survey refers to cloud computing in general, this
blog could apply to virtually any cloud-supported strategy. It’s a big
fluffy cloud out their and the 21st century needs to take full advantage
of the agility and manageability the cloud provides. Move beyond the
hype. Go beyond the buzzwords and the flavors of the month and see
how a virtualized strategy improves your productivity, vision-to-reality
proposals and your bottom line. To this, I am saying that cloud-based
security needs to be incorporated as part of this sea-change so that
any sized company in any industry may realize the long term benefits
of achieving the priorities noted on the Gartner lists. The features,
functions, capabilities and reliability have matured to where they can
easily and effectively support the vision of any forward-thinking CIO.
UNIFIED SECURITY FROM
THE CLOUD
Realtime Event and Access Correlation Technology is a unified security platform that leverages the cooperative functionality of key toolsets and/or deployed solutions monitored in REAL TIME.
WHO is logging in?
WHAT assets are they viewing/accessing?
WHERE is the device?
WHEN was the asset changed?
HOW is the user/visitor credentialed/authorized?
Learn how to REACT from the
cloud: www.cloudaccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
MENTION THIS WHITE PAPER AND WE WILL EXTEND A FREE MONTH OF SERVICE WHEN YOU SIGN UP FOR A YEAR OR MORE PAY-AS-YOU-GO SUBSCRIPTION
CONTACT CLOUDACCESS FOR A
LIVE ONLINE DEMONSTRATION OF OUR SIEM AND LOG MANAGEMENT SOLUTIONS DELIVERED AND MANAGED FROM THE CLOUD.
MORE INFORMATION:
CONTACT: 877-550-2568
Read Our Blog: http://cloudaccesssecurity.wordpress.com/
LIKE Us on Facebook Follow Us On Twitter Join us on LinkedIn
The sky is no longer the limit
with secure, affordable cloud
security solutions from
CloudAccess.
WANT TO LEARN
MORE ABOUT
CLOUD SECURITY?
www.CloudAccess.com
