140 likes | 358 Vues
Cloud Security Consulting Services AT&T Security Consulting. March 2012. Technology Trends Reshaping Business. Powerful Mobile Computing Devices. Fast, Widespread Wireless/Wireline IP Networks. Cloud Computing. Companies are reengineering the way they do business.
E N D
Cloud Security Consulting ServicesAT&T Security Consulting March 2012
Technology Trends Reshaping Business Powerful Mobile Computing Devices Fast, Widespread Wireless/Wireline IP Networks Cloud Computing Companies are reengineering the way they do business.
What is “Cloud Computing”? “…a model for enabling ubiquitous, convenient, on-demandnetwork access to a sharedpool of configurable computing resourcesthat can be rapidly provisioned and released with minimal managementeffort or service provider interaction.” - National Institutes of Standards and Technology
Business Drivers for Cloud • Improve My Productivity • Real time collaboration across employees, partners, customers • Requirements for applications to work across devices • Reduce My Cost • Low storage and server utilization in non-peak periods • Desire to pivot from Capexto Opex • Remove the Complexity • Simplification due to limited IT staff down market • End-to-end ownership vs. multi-vendor service integrations Demand to mobilize and virtualize assets, applications and activities • Off-premise • On-demand • Easy to Use • Web-enabled • Device Agnostic • Tiered Support
Cloud Deployment Models Transfer Responsibility CustomerManagement Responsibility Service Provider Management Responsibility
Cloud Security Challenges • Applicable Compliance Requirements • Current Good Manufacturing Practices (cGMPs) for human pharmaceuticals • FDA Audit Processes, field trials, exception approvals • ARA, HIPPA, HITRUST, PCI, NIST, FTC, State Regulations • Risk Management • Monitoring • Governance • Visibility • Advanced technology adoption • Complicates security, compliance & validation efforts
Success Through “Data Centricity” Define the Workload (isolate a function) Classify the Relevant Data Establish Contractual Obligations Assess the Associated Risks Sensitive Data DefineAppropriate Controls Determine Applicable Compliance Requirements
Layered Approach to Cloud Security Security LayersApplications Security THREATS VULNERABILITIES Services Security Destruction Access Management Access Control Authentication Authentication repudiation Non-repudiation Data Confidentiality Data Confidentiality Communication Security Communication Security Data Integrity Integrity Availability Availability Privacy Privacy Corruption Removal Infrastructure Security Disclosure Interruption ATTACKS 8 Security Dimensions End User Security Adapted based on X.805 Model
Compliance & Security Lessons Learned • The responsibility for security and compliance cannot be outsourced • Proper Asset Classification is critical - understand what you are putting into the cloud • Understand that assets can exist in various physical locations • Determine who can affect the security of the data • Do Your Homework to find the right Security Solutions Provider! • Evaluate providers based on your security requirements • Document accountability demarcation points
Cloud Security and Compliance Assessment Service Overview What We Provide What We Deliver • AT&T’s Cloud Security and Compliance Assessment helps you understand your security posture, polices and compliance exposure. • Cloud Security and Compliance Assessment Executive Summary • Provides key findings of the assessment. • The Cloud Security and Compliance Assessment provides an onsite consulting engagement to examine and maintain your security posture by identifying potential data security risk(s) involved in moving targeted workloads to the Cloud. • Cloud Security and Compliance Assessment Report • Comprehensive findings report with technical detail and recommendations resulting from the assessment service. • AT&T is committed to providing pre and post assessment requirements, access to information and transparency.
Why AT&T for Cloud Security and Advisory Services? Where experience counts AT&T Expertise • A rich history of building highly-secure domestic and global networks including expertise in large scale, complex and custom network infrastructures and solutions. • Comprehensive Consulting portfolio across eight strategic services in addition to cloud advisory services. • Combined network implementation experience and consulting capabilities that is aligned with your business needs and vision. • AT&T Consulting provides “trusted advisor” expertise with “C” level executives based upon many years of experience of addressing strategic business initiatives with best of breed solutions. Managed WAN for single communication fabric worldwide Security Managed Applications, Managed UC Services, Collaboration Services and Cloud Solutions