sec4608 journey to your cloud governance and security in your cloud n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
SEC4608 Journey to Your Cloud: Governance and Security In Your Cloud PowerPoint Presentation
Download Presentation
SEC4608 Journey to Your Cloud: Governance and Security In Your Cloud

Loading in 2 Seconds...

play fullscreen
1 / 38

SEC4608 Journey to Your Cloud: Governance and Security In Your Cloud - PowerPoint PPT Presentation


  • 106 Views
  • Uploaded on

SEC4608 Journey to Your Cloud: Governance and Security In Your Cloud . Name, Title, Company. Disclaimer. This session may contain product features that are currently under development.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'SEC4608 Journey to Your Cloud: Governance and Security In Your Cloud' - ira


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
disclaimer
Disclaimer
  • This session may contain product features that are currently under development.
  • This session/overview of the new technology represents no commitment from VMware to deliver these features in any generally available product.
  • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
  • Technical feasibility and market demand will affect final delivery.
  • Pricing and packaging for any new technologies or features discussed or presented have not been determined.
vmware s role in the cloud
VMware’s Role in the Cloud

VMware provides virtualization and automation technology to over 250,000 customers worldwide. Since 1998, VMware has worked with 25,000 partners to reduce IT costs, increase business agility, and provide the fundamental building blocks for the modern Cloud.

VMware Vision Team member John Steiner, a Business Solution Architect, collaborates with customers to define and communicate their roadmap to a successful virtualization strategy bringing 15 years total IT experience

John brings an in depth combination of both technical knowledge and business experience to help clients design complex, actionable roadmaps for their journey to the cloud. He has been involved in designing and delivering virtualization solutions to the market for over 8 years. Prior to joining the Vmware Vision team as a solution Architect, he was an infrastructure lead and Consulting Architect for Vmware professional field services

agenda
Agenda
  • Cloud Computing and Security
  • Questions to Ask and Best Practices
  • Creating Your Security and Governance Plan
agenda1
Agenda
  • Cloud Computing and Security
  • Questions to Ask and Best Practices
  • Creating Your Security and Governance Plan
virtualization paves the way to a new era in it
Virtualization Paves the Way to a New Era in IT

Virtualization

Cloud

Web

PC / Client-Server

Mainframe

Cloud Computing will transform the delivery and consumption of IT services

security and compliance are key concerns for cios
Security and Compliance are Key Concerns for CIOs

What are the top challenges or barriers to implementing a cloud computing strategy?

Top 4 Concerns are on Security and Compliance

Source: 2010 IDG Enterprise Cloud-based Computing Research, November 2010

security and compliance concerns in detail
Security and Compliance Concerns in Detail…..

How can I manage security policies across virtual desktops, servers and networks?

I have too many VLANs for segmenting traffic, and securing applications. I can’t keep up

How do I verify that confidential & regulated data is secure in the cloud? How do I implement compliance audits for resources in the cloud?

Security OperationsTeam

InfrastructureTeam

Compliance Officer

Both Security and Proof of Compliance are Required to Build Trust

slide9
A well defined governance and security practice in conjunction with refined process and automation are imperative to the success of YOUR cloud.Fact

What does your enterprise look like from a cloud readiness perspective?

vision for itaas cloud
Vision for ITaaS/Cloud

Secured

Secured

Secured

Secured

agenda2
Agenda
  • Cloud Computing and Security
  • Questions to Ask and Best Practices
  • Creating Your Security and Governance Plan
governance and security in your cloud
Governance and Security in Your Cloud
  • Traditional
    • Infrastructure
    • Application
    • End User
    • Development
    • Management
  • New
    • Virtualization
    • Social Media
  • Core
    • Security
    • Governance
traditional models
Traditional Models

What applications are eligible for Cloud?

Will we increase our reliance on virtual networking and security appliances?

How will my data be transported?

Applications

Legacy, Current, & New

Where will my data live?

How does my security & compliance posture affect applications in the cloud?

traditional models1
Traditional Models

Very few applications can truly leverage the full potential in their current state

Virtual security and networking appliances greatly increase agility in the cloud

VPN, extended private cloud

Applications

Legacy, Current, & New

Trust, risk & compliance

A systematic review is required for potential policy revision

traditional models2
Traditional Models

Do we have a defined, repeatable build process?

What is the current security posture?

Will we be able to minimize data center access as a result of leveraging clould?

What data security regulations must be considered?

Do we intend to move off of legacy hardware in order to better leverage the cloud? How will controls be affected?

Where will my data live?

Infrastructure

Servers, Storage, Networking, Data Center Facilities and Legacy Systems

traditional models3
Traditional Models

Documented build standards assure repeatable, secure systems

Security should be taking an active role in all virtualization initiatives

Virtualization and cloud computing bring near lights out Data Centers a reality

PCI, HIPPA, NSTISSP, Sarbanes, FIPS, etc…

Legacy system migration assures reliable, flexible, elastic computing. Controls must evolve accordingly

Virtualized,

tiered storage in private and public

Infrastructure

Servers, Storage, Networking, Data Center Facilities and Legacy Systems

traditional models4
Traditional Models

Software development life cycle, where is the code at any given time?

Will Agile development methodologies impact our current security, compliance and governance processes?

Can we create a more controlled software code repository?

Development

Are my developers using cloud based development tools? Do we need to be concerned with intellectual property?

How do we assure self service development appropriately serves the business but does not seed rogue development efforts?

traditional models5
Traditional Models

Code repository should remain in a controlled, managed state

Existing processes should be reviewed to accommodate new potential impacts

Development

Inventory all development models, create policies to control where development is executed

Build policies around acceptable usage of self service resources, show back mechanisms will permit distributed control

traditional new models
Traditional / New Models

How will an App Store effect or change authentication and credential stores?

End User Computing

Desktop, Tablet, Mobile Device, Public Device

Have we defined a list of approved access devices or do we loosely manage what can connect?

Can we improve desktop and security compliance by moving our desktops into a cloud model?

How can we protect the desktops of the future from attacks and viruses?

How do we secure the data both on the devices and in transport?

traditional new models1
Traditional / New Models

Build standard processes around acceptable application store development and distro

End User Computing

Desktop, Tablet, Mobile Device, Public Device

Create or modify security standards regarding mobile devices

Security and controls can be greatly improved by leveraging standardized builds in a centralized location

Minimal O/S virtual desktop / app store model

Categorized by data type, sensitivity and transport

new model
New Model

Have we made accommodations for virtualization in our existing process, procedures, security and governance policies?

Should we be leveraging virtualization to realize our BC/DR RPO/RTO requirements?

Virtualization

Do we have a virtualization first policy and where does the sponsorship reside?

new model1
New Model

Review security and governance documentation and augment for a virtual/cloud based infrastructure

Virtualization can dramatically improve BC/DR capabilities and should be leveraged in any opportunity available to meet compliance regulations

Virtualization

A virtualization First policy requires executive governance to be effectively executed

new models
New Models

Will social media play a role in our formal cloud strategy?

Have we looked into the implications of social media and the potentially positive and/or negative impact it could have to our organization?

What is already out on this forum with or without our permission?

SocialMedia

Does social media play a role in business critical applications or procedures?

Does a social media policy exist? Has it been accounted for in any other governance or compliance documentation?

new models1
New Models

Social Media should be included as a part of your cloud strategy

Socialize and Educate your staff on the opportunities presented by social media

An inventory of all social media outlets accessed should be created

SocialMedia

Identify any mission critical process that relies on social media and plan appropriately

Create a formal social media policy that meets security and governance requirements

core models
Core Models

What is running in the cloud today outside of your enterprise governing policies?

How will cloud computing impact your current governance model?

Are the current policies broad enough to appropriately govern a self service, cloud based business model?

Governance

Is my staff appropriately educated to fully understand the implications and act on them?

Can the proper controls be put into place for a corporate public cloud computing strategy?

core models1
Core Models

Inventory and understand all application usage patterns

Comprehensively review all aspects affected by virtualization and cloud computing

Understand the business requirements of all service catalog items, assure existing security policies and procedures can accommodate the model

Governance

Create centers of excellence to appropriately disseminate information across all teams affected

The controls can be accommodated with proactive planning and preparation

core models2
Core Models

Are our scanning and intrusion policies robust enough to for near real time provisioning?

How will our security access policies and procedures need to change?

What kind of a containment policy should be in place to stop improper activity should it occur?

Security

Should we consider leveraging virtual routing and firewalls as a part of our private cloud strategy?

How should our security policies change to accommodate new data security issues?

core models3
Core Models

Scanning process and procedures must move to a higher lever of proactivity

ACL policies most certainly require review and design enhancement

Appropriate logging and access control lists must be maintained to quickly contain and avioid

Security

Virtual security and networking devices are key to cloud, physical controls must be extended to accomodate

Stronger enforcement of data encryption to cloud database entities should exist

core models4
Core Models

Is our management infrastructure beyond reactive?

How much additional automation is required to keep up with the rapid provisioning capabilities of cloud computing?

Management

How will we meter resources, provide show back and manage SLA’s?

What is needed to move beyond proactive and into predictive?

core models5
Core Models

Enterprise monitoring components must move beyond reactive to predictive

Automation must strive to approach 100% which will require security and compliance to be baked in

Management

Automation is key, architect the solution prior to implementation

Create a reference architecture related to management infrastructure

agenda3
Agenda
  • Cloud Computing and Security
  • Questions to Ask and Best Practices
  • Creating Your Security and Governance Plan
your cloud security architecture
Your Cloud Security Architecture

On-Demand Self-Service

Flexibility, Portability, Elasticity

End User Computing

Applications

Management

Governance

Social Media

Security

Development

Virtualization

Infrastructure

your cloud security architecture1
Your Cloud Security Architecture

On-Demand Self-Service

Flexibility, Portability, Elasticity

End User Computing

Applications

Management

Governance

Social Media

Security

Development

Virtualization

Infrastructure

your cloud security architecture2
Your Cloud Security Architecture

On-Demand Self-Service

Flexibility, Portability, Elasticity

End User Computing

Applications

Management

Governance

Social Media

Security

Development

Virtualization

Infrastructure

implications of failure
Implications of Failure

FAILURE = BAD

Failure to prepare for the rules of this new compute model will result in either an inability for IT to meet business needs or an environment that lacks the controls and measures necessary to appropriately secure the enterprise

final thoughts
Final Thoughts
  • Understand the business drivers before making technology decisions
  • Heat map your entire IT infrastructure in order to forecast bumps well before you see them in the road
  • Set reasonable goals in an actionable roadmap
  • Outline a holistic view of what is truly required from a governance, compliance and security perspective to safely leverage both a private and public cloud infrastructure