appgate: achieving compliance in the cloud
TRANSCRIPT
AppGate:Achieving Compliance in the Cloud
Challenges to Achieving Compliance in the CloudCompliance uncertainty is barrier in moving workloads to the cloud
Audit Requirements
Prove the level of access that each user has and how those levels are maintained
Evidence collection in a dynamic environment
Demonstrate the effectiveness of controls
Regulatory Requirements
Ensuring proper controls are in place over system
and data access
Separation of duties by function
Data encryption and protection
2
SOX
CFPB
NIST 800.53FedRAMP
NY DFS CyberSecurity
ITAR
PCI DSSCompliance
GDPR
Privacy ShieldReduce Scope
HIPAAFCRA
GLBA
FISM
A Privacy
Individualized perimeter for each user
What Does AppGate Look Like?
3
Fine-grained authorization for on-premises and cloud
What Does AppGate Look Like?
4
Dynamically adjusts to new cloud server instances
What Does AppGate Look Like?
5
Consistent access policies across heterogeneous environments
What Does AppGate Look Like?
Contextual awareness drives access and authentication
What Does AppGate Look Like?
7
What is AppGate?
Network security software that dynamicallycreates 1:1 network connections between users and the data they access
8
AppGate Architecture
ControllerAuthentication and
token-issuing service
Distributed Architecture
with 3 FunctionsGateway
Distributed, dynamic access control
LogServerProvides secure logging services
9
VirtualNetworkAdapter
Secure, Encrypted Tunnel
Case Study: Secure, Compliant Cloud MigrationChallenges• A financial services regulatory agency needed to migrate workloads
to the AWS• Granular control of users and environment – per user and per
instance dynamic deployments• Strict controls of admin and DevOps access (separation of duties)• Heavy compliance and reporting requirements
Solutions• AppGate provides granular access control, and a migration path that
allows specific users and specific devices• AppGate provides a complete audit trail and logging of all
user/device/system events • Logs can be passed to enterprise SIEM system• Automatically adjusts admin user access based on DevOps changes
10
Case Study: User Access Control to CloudChallenges• Brainspace needed a comprehensive solution to secure access to
the cloud that delivers their SaaS solution• Stringent audit requirements were under a tight timeline• Required encrypting all traffic, multi-factor authentication, client
side validation and comprehensive logging
Results with AppGate• Provided secure access control, work station auditing and policy
controls• Enforced security policies across employee, vendor and customer
groups whether resources are on-premises or in the cloud• Easy-to-implement and manage, user-friendly application • Allows more flexibility around bring your own device
AppGate instantly secured our environment, without adding any complexity to it.
“
11
Case Study: Reducing PCI Scope and EffortChallenges• SageNet secures, manages and audits a multi-tenant, colocation
data center• SageNet is subject to subject to rigorous PCI compliance • Enabling detailed logging of user access and activities • Leveraging role based context to determine network access• Using network segmentation to reduce the scope of PCI audits
Solutions• AppGate time and effort required to collect PCI data by more than
50%• Onboarding new customer cardholder data environments was
reduced by over 90%• Created new security offering resulting in new revenue
12
AppGate dramatically reduced our audit complexity, while simultaneously opening a new revenue channel for us.
“
Achieving Compliance in the Cloud
13
ROBUSTLOGGING
SCOPE REDUCTION
USER-CENTRIC RESOURCE CONTROL
• User must authenticate to gain access to protected resources • The resource is not
visible or accessible to users without the proper credentials
• Reduce the scope of audits• Immaterial resources are
no longer part of the audit
• Meets the logging and auditing requirements for compliance frameworks• Logs can be managed by
third-party log management/SIEMs
