applying security holistically from the cloud€¦ · saas single sign on (using saml federated...
TRANSCRIPT
APPLYING SECURITY HOLISTICALLY FROM THE CLOUD A Paradigm Shift of Applying Situational Awareness in SIEM deployments
EXECUTIVE SUMMARY
Ten years ago we would have never thought about security in the Cloud. If
you think about where you were a decade ago with Information Technology,
you’ll remember it was a time before server farms, before the rise of SaaS
(software-as-a-service); before many of the protocols we use as standards
today. It has always been an ever-evolving system of innovations,
improvements and, yes, challenges. The business computing landscape has
always changed rapidly. And in most cases, it falls to the IT department to
figure out not only how to integrate the latest and greatest advance, but,
periodically, change the entire paradigm of how business is done. As we
are fully entrenched in the second decade of the new millennium, many
organizations are facing such a change. The landscape of a typical business
no longer reflects ones that were operating 10 years ago. The
advancements in communication, collaboration, information and/or
currency exchange/processing and the speed in which they are done have
truly created new opportunities to the modern enterprise. But these
benefits have also opened up a Pandora’s Box of challenges-especially to
the overall security of an enterprise whose reach is no longer just the
extent of their firewall.
The network perimeter is gone. By means of suppliers, customers, vendors,
employees and other users gaining access to intellectual property,
transiting personal and financial data on a network from a variety of secure
and non-secure end points, the old notion of network security is
antiquated and dangerously narrow. In some respect it’s like herding cats.
But putting the issue into clearer context it is like herding cats knowing
there is a hungry coyote lurking just beyond your view.
But this presentation is not about ringing alarm bells and screaming the
house is on fire. You are well aware of the issues that are unique to your
Presented by:
CloudAccess:
CloudAccess provides comprehensive
security-as-a-service from the
cloud. Our suite of robust and scalable
solutions eliminates the challenges of
deploying enterprise-class security
solutions including costs, risks,
resources, time-to-market, and
administration. By providing such
integral services as SIEM, Identity
Management, Log Management, Single
Sign On, Web SSO, Access
Management, Cloud Access offers cost-
effective, high-performance
solutions controlled and managed from
the cloud that meet compliance
requirements, diverse business needs
and ensure the necessary protection of
IT assets.
www.CloudAccess.com
877-550-2568
CloudAccess, Inc 12121 Wilshire Blvd
Suite 1111 Los Angeles, CA 90025
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
own organizations. This paper looks to present a new way of looking at
security strategies; one that can cost-effectively implement a holistic
means to upgrade the protection of IT and IP assets; one that conforms to
the idea of the perimeter-less network, and one that provides the
functionality, necessary controls and flexibility of an enterprise in motion.
This paradigm shift is security developed, deployed and managed from
the cloud. In terms of a holistic approach, we are speaking specifically to
integrating such purposes managed across an entire enterprise including
SIEM and Log Management. The shift can also be seen as movement out of
the operational and into the strategic thinking of organizations. In short, a
truly holistic security strategy will connect the multiple, and often
independent, silos of data across the enterprise and create a centralized
means of monitoring and control. For this, the following elements must
be considered.
Intrusion detection and 7/24/365 monitoring
Situational Context
Escalation alerts
Audit analysis for compliance
Log Management
SaaS Single Sign On (using SAML Federated connectors)
Multi-factor Credentialing
Auto Provisioning
Web Authorization
Workflow processing
Password Management
Control of User ID lifecycle
For many security specialists and IT professionals alike, these general
solutions and features are well-known in terms of their ability to protect
networks from bad guys, careless users and (at times) from themselves.
However, for companies not in the Fortune 500, these options read more
like a wish list—or a selection of a few solutions applied, but not fully
realized because of staffing restraints or other priority business need
SECURITY IN THE CLOUD
VERSUS SECURITY FROM THE
CLOUD…
Security IN the cloud frames the
overarching issue. It is the problems
often discussed by IT professionals
today. They range from questions
about the safety of data held within a
virtualized environment to that of
cyber hactivism or why do my users
keep insisting on using their
smartphones to access the network?
Security FROM the cloud is the
means to protect IT assets without
having the heavy investments in
servers, software and a variety of
other related costs. For some it is the
holistic application of best practices,
real time visibility and best of breed
solutions. “From” the cloud is
providing a scalable layer of security
that was typically reserved for trillion
dollar companies easily deployed for
any company of any size .Security
FROM the cloud answers the
questions posed by security IN the
cloud.
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
factors. Thing of it is, before cloud-based security, these solutions caused
CFO to dig deep into a capital expenditures budget and still required a
great deal of manpower to develop, deploy and manage from the IT staff.
The chief benefits of cloud-based security (and to some degree cloud-
computing) are the abilities to optimize resources, minimize costs, and
expand functionality.
Too many companies fall short in their approach to security. Not by lack of
competence, but IT departments are typically hamstrung by a variety of
issues that prevent full realization of an integrated holistic approach. These
issues are not limited to budgetary hurdles, but span a variety of cost-
related, conceptual, process, personnel, and technical concerns including:
Tightening budgets against raised expectations of
performance
The proliferation of multiple endpoints
Exponential development and launching of malware, botnets,
viruses and other intrusive and debilitating programming
Increasing compliance requirements surrounding issues of
privacy, data storage, and transactional security
Disappearing (or ever expanding) network perimeter
Job description blending: no single person dedicated to security
issues
Upper management ostriches: putting their head in the sand
because you have never encountered a direct attack (or so you
believe)
Over-extended investments in on-premise, legacy initiatives
Lack of available personnel and visibility to manage 24/7/365
real time monitoring for an overwhelming amount of digital
data. To react faster to recognize and remediate threats.
If CIO/CSO/CTO or relevant Directors and VPs are true to themselves, they
will recognize one or more of the above list is currently reducing the
potential effectiveness of their security strategy. This is by no means to say
the efforts are sub-standard, but it seems every week a large corporation
has been breached or fails to meet the requirements for federal, state or
industrial compliance. Security for a 21st century business is no longer
THE DNA OF CLOUD BASED
SECURITY…
Just because you access an
application from the Internet, does
NOT make it a cloud solution. It
might look like a duck and quack like
a duck, but when you look at its DNA,
it’s more like an old goose. So what?
If it doesn’t have the proper “cloud
DNA,” it means the end user
organization is not realizing the oft-
hyped benefits and true ROI the
cloud promises. AND, if an
organizations goal is meant to
embrace the cloud as a go-forward
enterprise IT strategy, it will discover
that applications and solutions
without the right DNA will need to be
replaced.
So, what kind of DNA does cloud-
based security require to have the
right pedigree?
1. Multi-tenancy
2. OpX over CapX investment
3. Programmed in DevOps
4. Scalable and flexible right
sizing
5. Security-as-a-service
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
setting up up a virus scan and firewall. Without a strategic initiative to
protect the whole of the enterprise (including those tangentially touching
the network), companies remain susceptible to attack, compromise, cyber
crime and fraud.
What is needed is a means to improve and expand current security
protocols and processes without:
1. Compromising security controls
2. Diverting or spending additional capital expenditures
3. Siphoning internal personnel resources
4. Adding productivity-killing layers for users
5. Creating major disruption to existing processes
This can all be accomplished through security deployed and managed from
the cloud.
As a practice, IT professionals have embraced the cloud for so many
various conveniences, cost reductions and expansion of services. The SaaS
market continues to grow year after year. Technology has now reached a
level of maturity and sophistication whereby the once-thought of sacred
cow strategies like security are being considered as cloud based initiatives.
FACT: 35% of US companies found security measures to be highly
improved after migrating to the cloud. An additional 32% noted that move
to the cloud has decreased security issues to the point where an SMB can
focus on more important things. –Microsoft study “Cloud Security Benefits
for SMBs” 2012
The rest of this paper delves into the powerful business case and potential
returns on investment for an integrated, holistic approach using cloud-
based security (aka security-as-a-service). For the purposes of this
demonstration, we will examine two cloud-based solutions (which include
security-as-a-service): Security Information Event Management (SIEM) and
Log Management. To a lesser degree we will allude to complimentary
cloud-based solutions such as Identity Management, Single Sign-On and
Access Management.
CloudAccess provides all the above-mentioned solutions as individual
components to leverage any existing security initiative or as a
comprehensive suite to fully integrate a holistic approach to security.
CLOUD SECURITY AS A
CHANGE CATALYST…
We (in IT) are at a crossroads for change. The landscape of the role, the challenges of the responsibilities, the tools of the trade are all evolving.
Much of the change revolves around the migration to cloud-based solutions. This has transformed and upgraded the value of the IT professional. Whereas there is a sincere appreciation for the professional who writes code, manages a help desk and maintains computed assets, I am speaking more of the sea change from a person plugging in cables to an analyst; from a compiler of stacks to a broker of business needs.
Cloud security provides this opportunity to enable best practices workflows, monitors your progress, and manages various business needs. Instead of writing that code for an application, you simply subscribe and acquire the functionality. Instead of moving from endpoint to endpoint, the provisioning and ongoing maintenance is instantaneous. Instead of infrastructure-based, you get to be information-centric. As such you get to make better decisions, faster.
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
PART 1- DOING MORE WITH LESS
Budgets have been slashed, and/or heavily scrutinized, staffing has either
been “right-sized” or frozen, but the pressure to “do more with less” has
come down from the highest levels of the company. For many it means
holding the status quo. And unless there is a catastrophic issue such as a
breach, security tends to occupy a lower priority.
It is this same thinking that prevents a driver from replacing a car’s breaks
when they hear squeaks. The car still stops, right? But it is common
knowledge that someday soon, the rotors will grind and eventually the
brakes will fail.
Then why the reticence to address the issue? Returning to the business
world, it is often because security initiatives do not generate revenue. They
are often seen as an expense. Even those who have the further burdens of
compliance, the lingering effects of the latest recession put these
expenditures in direct competition with those that are seen to drive
revenue.
Problem is, the vulnerabilities will continue to exist; the audits will
continue to be required, and attackers (both external and internal) will
continue to loom. Any security issue, whether an organization has been
attacked yet, or not, is a matter of when, not if.
With that, there is only a finite amount of resources IT manager has to
properly secure network assets. If the money isn’t there to build a rampart
and moat around the castle firewall and there isn’t a dedicated person to
monitor every burp, hiccup and intrusion 7/24, the IT manager needs to
find creative ways to do more with less. He or she must develop a strategy
that better protects IP and other data AND doesn’t reprioritize existing
staff resources.
This is how cloud-based SIEM and Log management fit that bill.
Initially there are several immediate benefits of managing security from
the clouds. In terms of cost, there is no software to install or hardware to
buy. Anybody selling you anything different is not providing a true cloud
solution.
CYBER CRIME FACTS…
From the Ponemon Institute.
Cyber crimes are costly. The median
annualized cost of the 45
organizations in the study is $3.8
million per year, but can range from
$1 million to $52 million per year per
company.
The most costly cyber crimes are
those caused by web attacks,
malicious code and malicious
insiders. These account for more
than 90 percent of all cyber crime
costs per organization on an annual
basis. Mitigation of such attacks
requires enabling technologies such
as SIEM and enterprise threat and
risk management solutions.
SIEM is a strong deterrent
Companies that had deployed a SIEM
system achieved a 24 percent cost
savings when dealing with cyber
attacks versus those that had not.
Cyber Crimes are Intrusive and
Frequent
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
The bigger picture here is ensuring that cloud deployment supports a positive
cash flow-or at the very least a ROI break even! If we are talking enterprise
applications, traditionally you are buying hardware and software. That cash is
spent right up front and deployment takes considerable time. A SIEM
appliance might cost $75,000 in security budget dollars, but how much more
needs to be spent in the next 3 years deploying, integrating, using, tuning,
etc... It is here that capital expense languishes and provides no business need
value. Moreover it spreads any potential ROI years down the road. And there
are NO guarantees that the set up will work.
Conversely, a cloud–based security solution improves cash flow because
all you are paying for is an operational service. No servers, no endless days
of configuration and set up, no 3:1 implementation costs (ratio of
professional services costs to software licenses). You receive the ROI
immediately. Because this is an OpX initiative, it significantly lowers the
total cost of ownership and provides instantaneous benefits.
No hardware or software to purchase
No Administration
Pay-as-you-go subscription (No CapX)
Scalable-you pay for only what you need
Zero-day start-instant deployment
Ability to leverage existing initiatives
Minimal disruption to workflow
But what about the “doing more” part? All too often the expectations of
management increase without giving due consideration to the budgetary
restrictions placed on IT. Luckily, by exploring the capabilities and security
of the cloud, IT managers can begin to increase scope and functionality
while potentially lowering existing costs.
When using best of breed technology in conjunction with security-as-a-
service, you gain immeasurable benefit of expanded scope monitoring
your entire network 24/7/365. With the knowledge and comfort that your
enterprise is being monitored continuously, creating alerts based on
specific rules, compliance models, you gain the flexibility to reprioritize
internal resources to other core competency projects.
THE POWER OF LAYERED
PROTECTION
To look at the future of security configuration we have to look back 500 years into the mists of history to see a model that worked well then…and works just as well today. I’m talking specifically of the castle. In terms of a current strategic deployment let’s call it the layered prevention model. In its day the castle was a state of the art defense strategy. In the center you have the king (and the crown jewels). Surrounding the king are his elite and trusted armed guards. Beyond, there are a variety of buildings where other important assets are stored. Go a bit further and you have the castle walls. Now along the imposing walls, archers line the battlements scanning the horizon for any intruders. More guards protect the gate monitoring everyone coming in. Beyond the castle wall, there is typically a moat containing nasty beasts.
If you equate anti-virus software to your archers and your firewall to one castle wall, there are still too many endpoints exposed to consider your situation secure. There are many organizations that only build a single perimeter and hope it is sufficient. In today’s corporate world, that is simply not enough. Security-as-a-service allows companies with more modest budgets and/or limited in-house resources to add layers of protection without adding equivalent in-house costs.
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
In many cases, companies do not have a dedicated forensic security analyst
whose sole responsibility it is to run the compliance program, vigilantly
patrol for anomalies, maintain network access consistency, respond to user
issues like password resets. Too often these responsibilities are a single line
item on various IT professionals’ to-do list. Therefore, the expected results
from the proper and thorough completion of these tasks have a higher
likelihood of falling short.
Security-as-a-service, not only provides the necessary and cost-effective
expansion of security functionality and automation, but adds the level of
human expertise companies depend on to forensically analyze and enforce
processes and policies.
If you consider the costs of this additional benefit, companies can
experience an immediate savings and ROI is upwards of $500,000 per year
(average salary derived from salary.com). According to the Info-Sec
Research Group, organizations lacking a dedicated Security Operations
Center, adding a dedicated 24x7 monitoring capability could equate to 5
FTEs. With a modest investment in cloud-based security, the cost of 24/7
analysts are already incorporated into the subscription. Essentially, you
add the key experience and tribal knowledge of a security data analyst at
no additional cost. Place on top of that the benefits of reprioritizing
existing staff to work on revenue generating projects, and a company will
immediately realize they are doing much more, for much less.
PART 2- SITUATIONAL AWARENESS
The modern 21st century business has so many silos of data sitting on so
many different and diverse servers with billions of bits of data moving
throughout the network (both encrypted and not). By looking at logs on
just one server (or one at a time), you may find traffic patterns, tracks of
brute force attacks and other loud, obnoxious vulnerabilities. Consider the
issues:
1. Looking at a single server or looking at servers individually gives
you a partitioned or two-dimensional view.
FAST DEPLOYMENT MEANS FAST
ROI
Unlike traditional security solutions SIEM and Log Management can be deployed in hours or days depending on the number of information silos. We work with you towards a zero-day deployment.
There is no hardware or software installation required. Not only is the deployment handled by security experts, but so your day-to-day administration is managed by experienced security analysts..
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
2. The most insidious and dangerous attacks are subtle. For
every Trojan email scam there is a “Zeus” or “Flame” (when
it is detected, it is already too late)
3. Most companies don’t have the necessary bandwidth to view
all the necessary silos
Cloud-based security (specifically SIEM and Log Management) provides the
necessary scope expansion and analysis through best-of-breed technology
applied across an entire enterprise. It offers situational awareness and
context to the various layers of data inundating an overwhelming a
standard network every day. With the collection of logs from many
different sources, it provides information, not just data.
There are so many intrusions from so many different corners of the
network in so many different guises that it is highly unlikely one person or
even one department could spot them unless these being specifically
looked for. And if found, would it be recognized as friend or foe? An
example:
The network records an access attempt from Bangladesh. Is this normal?
Do you have customers, suppliers and employees who originate there? If
so, is it happening during regular business hours? Is it following “normal”
traffic patterns? If so, are they using dormant passwords or bypassing any
protocols? If so, is the accessible data through this breach? Or the log
notices the CFO attempted to change a network password. Is this
permissible? Does it raise a red flag if there were 30 attempts in a span of 2
minutes? At 2:30am?
Situational Awareness posits the idea that a singular event might be seen
as generally low-level and harmless, but when it is put into context and
correlated against various rules and network silos, a very different picture
emerges. If there is a blip on one log against one server, likelihood is that it
is harmless. However, match that against anomalies from other parts of
the enterprise and when put together, the graver problem is unveiled and
can therefore be quickly remediated. Conversely, by putting all the pieces
together and analyzing them in context, it also removes all the false
positives.
REDUCED COMPLEXITY AND
COST
With CloudAccess SIEM there’s no maintenance or management overhead, and minimal administration. As a true security-as-a-service solution, the impact on IT resources is truly limited. This allows you to redeploy your focus on other priorities. When managed from the cloud, many of these time-consuming, resource-draining activities are taken care of automatically. There is a definitive cost savings realized without sacrificing any of capabilities, compliance requirements, scope or strength of your IT security strategies.
As realized with cloud-based applications, migrating centralized control of the security features to the cloud realizes an equivalent savings. The cost reductions can be staggering. Just the implementation costs alone (a 2:1 or 3:1--sometimes higher-- of professional services costs to software licenses in traditional physical deployments) are cost prohibitive for many organizations. Cloud-based security can be the great equalizer. With no hardware burdens or software licensing issues, any-sized company can enjoy the same degree of protection as the largest enterprise.
.
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
Granted, an on-premises SIEM/Log Management application can do this if
hooked throughout the enterprise, applies the correct filtering and a
dedicated person reviews all the logs. But reality says it is unlikely.
A SANS Institute study (Struggling to Make Sense of Log Data) said, “With
or without tools, many organizations don’t spend much time analyzing
logs. 35% of respondents said their organizations allot no time to less
than one day a week on log analysis. The smaller the organization, the less
likely they would spend on log data analysis. Many companies recognize
that SIEM is part of the answer; however 58% of the companies in the
survey noted they are “not anywhere close to that level of automation.”
COMPLIANCE THROUGH
STRONG POLICY ENFORCEMENT
Organizations facing regular and/or diverse regulatory requirements can reduce the associated reporting burden substantially: • Required reports can be generated automatically and consistently across multiple systems, without burdening the system admins. • Where needed, internal SIEM activity can be reported on to demonstrate compliance with log review requirements
CloudAccess SIEM takes policy enforcement to new levels. Automated incident response management enables you to document and formalize the process of tracking, escalating and responding to incidents and policy violations. CloudAccess provides the ability to create a trouble ticket directly into our helpdesk system. CloudAccess SIEM helps demonstrate your compliance with internal policies and industry and government regulations such as SOX, HIPAA, CIP, GLBA, PCI-DSS, FISMA and others.
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
PART 3- SIEM’S IMPACT ON SECURITY
The immediate impact of SIEM/Log Management deployed and managed
from the cloud can
Reduce Critical Incident Rates
Extend the Lifetime Value of Legacy Applications
Reduce compliance reporting burden
Improve the transparency of compliance reporting/auditing
Prevent internal resource abuse/carelessness
Prevent currency transfer fraud
When cloud-based SIEM is initially deployed, it is much like turning on a
light on what you thought was a clean house, but finding a nest of
cockroaches. However, as seen in the figure above, in a short period of
times SIEM drives down the risk and its associated cost.
Case in point: A nationally recognized design and retail enterprise had long
believed they were on top of every potential security issue that affected
their network. They had decided to migrate SIEM and log management to
the cloud as a cost moderation initiative. Within hours of deploying, a
CloudAccess analyst contacted the company’s principal security officer
with news that there were several threatening anomalies. As this was still a
period of redundant crossover, the officer checked his system and
disagreed. Within a few moments the CloudAccess analyst was able to
pinpoint the specific workstation where the threat originated. When that
workstation was investigated, the threat was indeed prevalent. Moral of
the story is that a SIEM deployed holistically will bring to light more issues
INCIDENT RESPONSE IS NOT
GRANULAR
We know… • Current incident response workflow models are born from reactionary necessity • We are drowning in data, yet refuse to adapt models for maximizing efficiency of handling this data that have provably worked in other service models. • Linear workflows do not scale well for incident response. • Incident Response is an excellent source of metrics, but requires context through business process and change-over-time to make meaningful metrics from the numbers. • There will always be more work than there are resources to handle; new prioritization systems that adapt to emerging events instead of arbitrary assessments are vital to maximizing the effectiveness of resourcing and workload.
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
than an organization might currently realize. However, in short time SIEM
can allow the enterprise to drive risk and spend to lower levels than were
previously experienced.
As the most serious threats are addressed, risk tapers off fairly quickly.
Concurrently, perceived risk and actual risk are being reduced. As a direct
result security costs begins to fall when the costs associated with breaches
and other threats are eliminated.
PART 4- ENSURING COMPLIANCE
“I get audited. I get audited a lot.” VP IT Operations for a mid-sized Texas
credit union
For many organizations, the decision to deploy SIEM and Log Management
is predicated on the need to comply with a variety of federal, state and
industry requirements. If your organization transacts money online or
personal data, some, or all, of these compliance mandates fall on your
shoulders.
As demonstrated, the concept of situational awareness is an effective
means of capturing, encrypting and storing (and destroying) certain pieces
of information and then providing the auditing regulatory agency with
proof that your best practices are in line with internal and external policies.
The multi-silo log collection and the SIEM correlation engine automate the
entire compliance process from securing your environment, establishing
baselines, tracking user activity, alerting to potential violations to
creating audit-ready reports.
In terms of time management, SIEM managed from the cloud can save
upwards of 75 hours per month of review, audit and reporting. Consider the
additional savings when having to comply with multiple agencies. The VP of
Ops quoted at the top of the section deals with six agencies on a regular
basis. Without a holistic and centralized security approach, he would waste
endless hours through redundant reporting. With the application of security
centralization, 75 hours per month becomes 10. And more importantly, the
degree of accuracy of the reporting is significantly better.
SIFTING THROUGH WHITE NOISE
An enterprise can have anywhere
from 1 to 100,000 (or greater
endpoints) delivering log data. That
can mean thousands of alerts and
hundreds upon hundreds of false
positives. A situational context
correlation engine translates data to
actionable information. This in turn,
significantly increases the likelihood
of an analyst finding a dangerous
anomaly amongst a sea of harmless
traffic.
SIEM from the cloud creates more
effective coverage, improved
productivity and increased abilities to
discover the root cause of any issue
in a shorter period of time.
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
When analyzing whether your holistic security initiative can successfully
manage compliance issues an enterprise must consider:
• Data aggregation —A central repository that automatically collects data
from a variety of sources and platforms significantly bolsters speed,
accuracy and efficiencies, and promotes a focus on analysis.
• Pre-built compliance reports & polices — CloudAccess ‘ experience with
auditing agencies led to the creation of many “out-of-the box” automated
reports and rules designed to satisfy a variety of standard compliance
requirements. No customization needed.
• Secure archival of events — Proof of integrity that certain controls and data streams are secure and/or destroyed in accordance with the law. • Workflow and collaboration— Compliance reporting is a process which
requires the input from various departments and therefore requires
management and collaboration.
PART 5- RETURN ON INVESTMENT
Making a business justification for investing in SIEM and Log Management
technology is often the hardest part of the security project. The value of
security investments can be realized in the form of “soft benefits,” such as
reduced organizational risk, broader security visibility and better brand
awareness – benefits that are hard to compute. However, hard figures can
often be calculated up front and verified over time. The business
justification of a SIEM investment can be quantified by looking at cost
points, and the costs avoided with the SIEM technology. What is the
following worth?
Removing inefficiencies through automation
Avoiding infrastructure expansion costs
Preventing expenditures for compliance penalties
Reducing loss through fraud
Averting losses due to system outages
Adding expertise to the staff without adding to the payroll
Reducing barriers to success for core competency priorities
PUBLIC VS PRIVATE CLOUD
It is a misconception that a private
cloud is more secure than a multi-
tenanted public one. A private cloud
is infrastructure operated solely for a
single organization. The only
difference is that your data is
segregated from any other
organization. In a multi-tenanted
environment you share only a server,
the databases remain sacrosanct and
there is NO comingling or leakage of
data or security gaps.
Public or private, it is still a server. It’s
still prone to intrusions, attacks, user
carelessness and resource deficiencies.
The only difference is the means of
security you apply towards protecting
it. You can build the most sophisticated
on premise security solution, but if you
leave a window open, data will still
leak, unwanted intrusions will still get
in and George from sales will still log
into the network from his unsecured
iPhone.
When deciding public vs private, do
so based on cost and business need,
and not the fallacy that one is more
secure than another. But when it
comes to security, make sure you
have the flexibility and scalability to
securely manage your quickly
disappearing perimeter.
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
Eliminating CapEx investments in favor of OpEx
Deploying greater functionality and visibility without adding CapEx
investments
By taking this approach, the security team is able to demonstrate the
monetary value of SIEM investment, and align with business units to build
a business case.
This issue is not to debate whether an organization benefits from a well-
positioned security-as-a-service initiative, but rather what is the best way to
deploy and manage. In that respect there are three points of comparison of
whether the cloud or a more traditional deployment is best suited for an
enterprise: functionality, control, and cost.
A holistic approach adopting Security FROM the cloud answers the questions:
Who has access and who controls it?
Can we report activity to maintain compliance?
What is harmless traffic and what needs to be remediated in real
time?
Do I have the resources to monitor and react to issues 24/7/365?
How do I centralize security analysis so I don’t have to repeat
processes system after system?
How do I control all those applications the sales team accesses
from beyond the so-called network perimeter?
What happens when an employee leaves the company or a
vendor’s contract expires? Who controls all the passwords?
How is data aggregated, stored/destroyed, transited?
Is my data safe?
So many issues, so little bandwidth…until you apply an answer FROM the
cloud.
Security-as-a-service is much more than cost savings and democratizing
access to protection. It is the most effective avenue towards the holistic
application of best practices, real time visibility and best of breed
solutions. “From” the cloud is providing a scalable layer of security that
was typically reserved for trillion dollar companies easily deployed for any
STUDY FINDS C-SUITE
SLIPPING ON INFO SEC
From PricewaterhouseCoopers
(8/2012) survey of C-Level execs-as
reported by CFO Magazine
Only 39% of 10,000 executives
surveyed last year (down from 52% in
2009) said they reviewed their
security policies annually.
44% viewed their IT infrastructure as
“relatively insecure.”
“Security is not just an IT risk, it’s a
business risk,” says the studies author.
“As CFO, your responsibility is to
understand the business risks and how
the organization is set up to mitigate
those risks.”
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
company of any size. It incorporates the ability to link all the independent
silos of information including transactions, proprietary data, applications
(legacy and in the cloud) and manage them centrally with a greater degree
of focus and accuracy.
Now of course, cloud-based security is not a panacea. It still depends on
workflow process and the expertise to define and apply that process. But the
issues surrounding scope, scale, control, capability, centralization,
correlation, fast-to-market and cost are answered. The important thing to
remember is that FROM the cloud is a holistic (and sometimes automated)
set of enterprise controls designed to protect assets. The fact that it is
managed and controlled from the cloud is simply a value added advantage. It
provides a cost-effective means and accelerated degree of flexibility that can
be translated into a redirection of core competency priorities. Simply
put…you can worry about one less things and get to work on IT issues that
drive your company forward.
THE PARADIGM CHANGE IS
HAPPENING NOW
According to Forrester Research, it is
estimated that the managed cloud
services security (MSS) market stands
at $4.5 billion.
Gartner, the nationally respected IT
research firm predicted that the total
worth of the cloud computing market
will rise to more than $150 billion by
2013.
In 2015, public cloud services will
account for 46% of net new growth
in overall IT spending.
Morgan Stanley estimates that by
2015, the mobile web will be bigger
than desktop internet. With user
expectations about where and how
they access information changing
dramatically, there'll be growing
pressure on IT to make enterprise
applications available in similar ways.
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
SIEM & LOG MANAGEMENT SOLUTIONS OVERVIEW FROM CLOUD ACCESS
VIEW A SCREEN SHOT OF CLOUDACCESS SIEM
www.CloudAccess.com
CLOUDACCESS 877-550-2568 www.cloudaccess.com
SECURITY FROM THE CLOUD:
MENTION THIS WHITE PAPER AND WE WILL EXTEND A FREE MONTH OF SERVICE WHEN YOU SIGN UP FOR A YEAR OR MORE PAY-AS-YOU-GO SUBSCRIPTION
CONTACT CLOUDACCESS FOR A
LIVE ONLINE DEMONSTRATION OF OUR SIEM AND LOG MANAGEMENT SOLUTIONS DELIVERED AND MANAGED FROM THE CLOUD.
MORE INFORMATION:
CONTACT: 877-550-2568
Read Our Blog: http://cloudaccesssecurity.wordpress.com/
LIKE Us on Facebook Follow Us On Twitter Join us on LinkedIn
The sky is no longer the limit
with secure, affordable cloud
security solutions from
CloudAccess.
WANT TO LEARN
MORE ABOUT SIEM &
CLOUDACCESS?
www.CloudAccess.com