applying security holistically from the cloud€¦ · saas single sign on (using saml federated...

APPLYING SECURITY HOLISTICALLY FROM THE CLOUD A Paradigm Shift of Applying Situational Awareness in SIEM deployments

EXECUTIVE SUMMARY

Ten years ago we would have never thought about security in the Cloud. If

you think about where you were a decade ago with Information Technology,

you’ll remember it was a time before server farms, before the rise of SaaS

(software-as-a-service); before many of the protocols we use as standards

today. It has always been an ever-evolving system of innovations,

improvements and, yes, challenges. The business computing landscape has

always changed rapidly. And in most cases, it falls to the IT department to

figure out not only how to integrate the latest and greatest advance, but,

periodically, change the entire paradigm of how business is done. As we

are fully entrenched in the second decade of the new millennium, many

organizations are facing such a change. The landscape of a typical business

no longer reflects ones that were operating 10 years ago. The

advancements in communication, collaboration, information and/or

currency exchange/processing and the speed in which they are done have

truly created new opportunities to the modern enterprise. But these

benefits have also opened up a Pandora’s Box of challenges-especially to

the overall security of an enterprise whose reach is no longer just the

extent of their firewall.

The network perimeter is gone. By means of suppliers, customers, vendors,

employees and other users gaining access to intellectual property,

transiting personal and financial data on a network from a variety of secure

and non-secure end points, the old notion of network security is

antiquated and dangerously narrow. In some respect it’s like herding cats.

But putting the issue into clearer context it is like herding cats knowing

there is a hungry coyote lurking just beyond your view.

But this presentation is not about ringing alarm bells and screaming the

house is on fire. You are well aware of the issues that are unique to your

Presented by:

CloudAccess:

CloudAccess provides comprehensive

security-as-a-service from the

cloud. Our suite of robust and scalable

solutions eliminates the challenges of

deploying enterprise-class security

solutions including costs, risks,

resources, time-to-market, and

administration. By providing such

integral services as SIEM, Identity

Management, Log Management, Single

Sign On, Web SSO, Access

Management, Cloud Access offers cost-

effective, high-performance

solutions controlled and managed from

the cloud that meet compliance

requirements, diverse business needs

and ensure the necessary protection of

IT assets.

www.CloudAccess.com

877-550-2568

CloudAccess, Inc 12121 Wilshire Blvd

Suite 1111 Los Angeles, CA 90025

http://www.cloudaccess.com/

www.CloudAccess.com

CLOUDACCESS 877-550-2568 www.cloudaccess.com

SECURITY FROM THE CLOUD:

own organizations. This paper looks to present a new way of looking at

security strategies; one that can cost-effectively implement a holistic

means to upgrade the protection of IT and IP assets; one that conforms to

the idea of the perimeter-less network, and one that provides the

functionality, necessary controls and flexibility of an enterprise in motion.

This paradigm shift is security developed, deployed and managed from

the cloud. In terms of a holistic approach, we are speaking specifically to

integrating such purposes managed across an entire enterprise including

SIEM and Log Management. The shift can also be seen as movement out of

the operational and into the strategic thinking of organizations. In short, a

truly holistic security strategy will connect the multiple, and often

independent, silos of data across the enterprise and create a centralized

means of monitoring and control. For this, the following elements must

be considered.

Intrusion detection and 7/24/365 monitoring

Situational Context

Escalation alerts

Audit analysis for compliance

Log Management

SaaS Single Sign On (using SAML Federated connectors)

Multi-factor Credentialing

Auto Provisioning

Web Authorization

Workflow processing

Password Management

Control of User ID lifecycle

For many security specialists and IT professionals alike, these general

solutions and features are well-known in terms of their ability to protect

networks from bad guys, careless users and (at times) from themselves.

However, for companies not in the Fortune 500, these options read more

like a wish list—or a selection of a few solutions applied, but not fully

realized because of staffing restraints or other priority business need

SECURITY IN THE CLOUD

VERSUS SECURITY FROM THE

CLOUD…

Security IN the cloud frames the

overarching issue. It is the problems

often discussed by IT professionals

today. They range from questions

about the safety of data held within a

virtualized environment to that of

cyber hactivism or why do my users

keep insisting on using their

smartphones to access the network?

Security FROM the cloud is the

means to protect IT assets without

having the heavy investments in

servers, software and a variety of

other related costs. For some it is the

holistic application of best practices,

real time visibility and best of breed

solutions. “From” the cloud is

providing a scalable layer of security

that was typically reserved for trillion

dollar companies easily deployed for

any company of any size .Security

FROM the cloud answers the

questions posed by security IN the

cloud.

www.CloudAccess.com



factors. Thing of it is, before cloud-based security, these solutions caused

CFO to dig deep into a capital expenditures budget and still required a

great deal of manpower to develop, deploy and manage from the IT staff.

The chief benefits of cloud-based security (and to some degree cloud-

computing) are the abilities to optimize resources, minimize costs, and

expand functionality.

Too many companies fall short in their approach to security. Not by lack of

competence, but IT departments are typically hamstrung by a variety of

issues that prevent full realization of an integrated holistic approach. These

issues are not limited to budgetary hurdles, but span a variety of cost-

related, conceptual, process, personnel, and technical concerns including:

Tightening budgets against raised expectations of

performance

The proliferation of multiple endpoints

Exponential development and launching of malware, botnets,

viruses and other intrusive and debilitating programming

Increasing compliance requirements surrounding issues of

privacy, data storage, and transactional security

Disappearing (or ever expanding) network perimeter

Job description blending: no single person dedicated to security

issues

Upper management ostriches: putting their head in the sand

because you have never encountered a direct attack (or so you

believe)

Over-extended investments in on-premise, legacy initiatives

Lack of available personnel and visibility to manage 24/7/365

real time monitoring for an overwhelming amount of digital

data. To react faster to recognize and remediate threats.

If CIO/CSO/CTO or relevant Directors and VPs are true to themselves, they

will recognize one or more of the above list is currently reducing the

potential effectiveness of their security strategy. This is by no means to say

the efforts are sub-standard, but it seems every week a large corporation

has been breached or fails to meet the requirements for federal, state or

industrial compliance. Security for a 21st century business is no longer

THE DNA OF CLOUD BASED

SECURITY…

Just because you access an

application from the Internet, does

NOT make it a cloud solution. It

might look like a duck and quack like

a duck, but when you look at its DNA,

it’s more like an old goose. So what?

If it doesn’t have the proper “cloud

DNA,” it means the end user

organization is not realizing the oft-

hyped benefits and true ROI the

cloud promises. AND, if an

organizations goal is meant to

embrace the cloud as a go-forward

enterprise IT strategy, it will discover

that applications and solutions

without the right DNA will need to be

replaced.

So, what kind of DNA does cloud-

based security require to have the

right pedigree?

1. Multi-tenancy

2. OpX over CapX investment

3. Programmed in DevOps

4. Scalable and flexible right

sizing

5. Security-as-a-service

www.CloudAccess.com



setting up up a virus scan and firewall. Without a strategic initiative to

protect the whole of the enterprise (including those tangentially touching

the network), companies remain susceptible to attack, compromise, cyber

crime and fraud.

What is needed is a means to improve and expand current security

protocols and processes without:

1. Compromising security controls

2. Diverting or spending additional capital expenditures

3. Siphoning internal personnel resources

4. Adding productivity-killing layers for users

5. Creating major disruption to existing processes

This can all be accomplished through security deployed and managed from

the cloud.

As a practice, IT professionals have embraced the cloud for so many

various conveniences, cost reductions and expansion of services. The SaaS

market continues to grow year after year. Technology has now reached a

level of maturity and sophistication whereby the once-thought of sacred

cow strategies like security are being considered as cloud based initiatives.

FACT: 35% of US companies found security measures to be highly

improved after migrating to the cloud. An additional 32% noted that move

to the cloud has decreased security issues to the point where an SMB can

focus on more important things. –Microsoft study “Cloud Security Benefits

for SMBs” 2012

The rest of this paper delves into the powerful business case and potential

returns on investment for an integrated, holistic approach using cloud-

based security (aka security-as-a-service). For the purposes of this

demonstration, we will examine two cloud-based solutions (which include

security-as-a-service): Security Information Event Management (SIEM) and

Log Management. To a lesser degree we will allude to complimentary

cloud-based solutions such as Identity Management, Single Sign-On and

Access Management.

CloudAccess provides all the above-mentioned solutions as individual

components to leverage any existing security initiative or as a

comprehensive suite to fully integrate a holistic approach to security.

CLOUD SECURITY AS A

CHANGE CATALYST…

We (in IT) are at a crossroads for change. The landscape of the role, the challenges of the responsibilities, the tools of the trade are all evolving.

Much of the change revolves around the migration to cloud-based solutions. This has transformed and upgraded the value of the IT professional. Whereas there is a sincere appreciation for the professional who writes code, manages a help desk and maintains computed assets, I am speaking more of the sea change from a person plugging in cables to an analyst; from a compiler of stacks to a broker of business needs.

Cloud security provides this opportunity to enable best practices workflows, monitors your progress, and manages various business needs. Instead of writing that code for an application, you simply subscribe and acquire the functionality. Instead of moving from endpoint to endpoint, the provisioning and ongoing maintenance is instantaneous. Instead of infrastructure-based, you get to be information-centric. As such you get to make better decisions, faster.

www.CloudAccess.com



PART 1- DOING MORE WITH LESS

Budgets have been slashed, and/or heavily scrutinized, staffing has either

been “right-sized” or frozen, but the pressure to “do more with less” has

come down from the highest levels of the company. For many it means

holding the status quo. And unless there is a catastrophic issue such as a

breach, security tends to occupy a lower priority.

It is this same thinking that prevents a driver from replacing a car’s breaks

when they hear squeaks. The car still stops, right? But it is common

knowledge that someday soon, the rotors will grind and eventually the

brakes will fail.

Then why the reticence to address the issue? Returning to the business

world, it is often because security initiatives do not generate revenue. They

are often seen as an expense. Even those who have the further burdens of

compliance, the lingering effects of the latest recession put these

expenditures in direct competition with those that are seen to drive

revenue.

Problem is, the vulnerabilities will continue to exist; the audits will

continue to be required, and attackers (both external and internal) will

continue to loom. Any security issue, whether an organization has been

attacked yet, or not, is a matter of when, not if.

With that, there is only a finite amount of resources IT manager has to

properly secure network assets. If the money isn’t there to build a rampart

and moat around the castle firewall and there isn’t a dedicated person to

monitor every burp, hiccup and intrusion 7/24, the IT manager needs to

find creative ways to do more with less. He or she must develop a strategy

that better protects IP and other data AND doesn’t reprioritize existing

staff resources.

This is how cloud-based SIEM and Log management fit that bill.

Initially there are several immediate benefits of managing security from

the clouds. In terms of cost, there is no software to install or hardware to

buy. Anybody selling you anything different is not providing a true cloud

solution.

CYBER CRIME FACTS…

From the Ponemon Institute.

Cyber crimes are costly. The median

annualized cost of the 45

organizations in the study is $3.8

million per year, but can range from

$1 million to $52 million per year per

company.

The most costly cyber crimes are

those caused by web attacks,

malicious code and malicious

insiders. These account for more

than 90 percent of all cyber crime

costs per organization on an annual

basis. Mitigation of such attacks

requires enabling technologies such

as SIEM and enterprise threat and

risk management solutions.

SIEM is a strong deterrent

Companies that had deployed a SIEM

system achieved a 24 percent cost

savings when dealing with cyber

attacks versus those that had not.

Cyber Crimes are Intrusive and

Frequent

www.CloudAccess.com



The bigger picture here is ensuring that cloud deployment supports a positive

cash flow-or at the very least a ROI break even! If we are talking enterprise

applications, traditionally you are buying hardware and software. That cash is

spent right up front and deployment takes considerable time. A SIEM

appliance might cost $75,000 in security budget dollars, but how much more

needs to be spent in the next 3 years deploying, integrating, using, tuning,

etc... It is here that capital expense languishes and provides no business need

value. Moreover it spreads any potential ROI years down the road. And there

are NO guarantees that the set up will work.

Conversely, a cloud–based security solution improves cash flow because

all you are paying for is an operational service. No servers, no endless days

of configuration and set up, no 3:1 implementation costs (ratio of

professional services costs to software licenses). You receive the ROI

immediately. Because this is an OpX initiative, it significantly lowers the

total cost of ownership and provides instantaneous benefits.

No hardware or software to purchase

No Administration

Pay-as-you-go subscription (No CapX)

Scalable-you pay for only what you need

Zero-day start-instant deployment

Ability to leverage existing initiatives

Minimal disruption to workflow

But what about the “doing more” part? All too often the expectations of

management increase without giving due consideration to the budgetary

restrictions placed on IT. Luckily, by exploring the capabilities and security

of the cloud, IT managers can begin to increase scope and functionality

while potentially lowering existing costs.

When using best of breed technology in conjunction with security-as-a-

service, you gain immeasurable benefit of expanded scope monitoring

your entire network 24/7/365. With the knowledge and comfort that your

enterprise is being monitored continuously, creating alerts based on

specific rules, compliance models, you gain the flexibility to reprioritize

internal resources to other core competency projects.

THE POWER OF LAYERED

PROTECTION

To look at the future of security configuration we have to look back 500 years into the mists of history to see a model that worked well then…and works just as well today. I’m talking specifically of the castle. In terms of a current strategic deployment let’s call it the layered prevention model. In its day the castle was a state of the art defense strategy. In the center you have the king (and the crown jewels). Surrounding the king are his elite and trusted armed guards. Beyond, there are a variety of buildings where other important assets are stored. Go a bit further and you have the castle walls. Now along the imposing walls, archers line the battlements scanning the horizon for any intruders. More guards protect the gate monitoring everyone coming in. Beyond the castle wall, there is typically a moat containing nasty beasts.

If you equate anti-virus software to your archers and your firewall to one castle wall, there are still too many endpoints exposed to consider your situation secure. There are many organizations that only build a single perimeter and hope it is sufficient. In today’s corporate world, that is simply not enough. Security-as-a-service allows companies with more modest budgets and/or limited in-house resources to add layers of protection without adding equivalent in-house costs.

www.CloudAccess.com



In many cases, companies do not have a dedicated forensic security analyst

whose sole responsibility it is to run the compliance program, vigilantly

patrol for anomalies, maintain network access consistency, respond to user

issues like password resets. Too often these responsibilities are a single line

item on various IT professionals’ to-do list. Therefore, the expected results

from the proper and thorough completion of these tasks have a higher

likelihood of falling short.

Security-as-a-service, not only provides the necessary and cost-effective

expansion of security functionality and automation, but adds the level of

human expertise companies depend on to forensically analyze and enforce

processes and policies.

If you consider the costs of this additional benefit, companies can

experience an immediate savings and ROI is upwards of $500,000 per year

(average salary derived from salary.com). According to the Info-Sec

Research Group, organizations lacking a dedicated Security Operations

Center, adding a dedicated 24x7 monitoring capability could equate to 5

FTEs. With a modest investment in cloud-based security, the cost of 24/7

analysts are already incorporated into the subscription. Essentially, you

add the key experience and tribal knowledge of a security data analyst at

no additional cost. Place on top of that the benefits of reprioritizing

existing staff to work on revenue generating projects, and a company will

immediately realize they are doing much more, for much less.

PART 2- SITUATIONAL AWARENESS

The modern 21st century business has so many silos of data sitting on so

many different and diverse servers with billions of bits of data moving

throughout the network (both encrypted and not). By looking at logs on

just one server (or one at a time), you may find traffic patterns, tracks of

brute force attacks and other loud, obnoxious vulnerabilities. Consider the

issues:

1. Looking at a single server or looking at servers individually gives

you a partitioned or two-dimensional view.

FAST DEPLOYMENT MEANS FAST

ROI

Unlike traditional security solutions SIEM and Log Management can be deployed in hours or days depending on the number of information silos. We work with you towards a zero-day deployment.

There is no hardware or software installation required. Not only is the deployment handled by security experts, but so your day-to-day administration is managed by experienced security analysts..

www.CloudAccess.com



2. The most insidious and dangerous attacks are subtle. For

every Trojan email scam there is a “Zeus” or “Flame” (when

it is detected, it is already too late)

3. Most companies don’t have the necessary bandwidth to view

all the necessary silos

Cloud-based security (specifically SIEM and Log Management) provides the

necessary scope expansion and analysis through best-of-breed technology

applied across an entire enterprise. It offers situational awareness and

context to the various layers of data inundating an overwhelming a

standard network every day. With the collection of logs from many

different sources, it provides information, not just data.

There are so many intrusions from so many different corners of the

network in so many different guises that it is highly unlikely one person or

even one department could spot them unless these being specifically

looked for. And if found, would it be recognized as friend or foe? An

example:

The network records an access attempt from Bangladesh. Is this normal?

Do you have customers, suppliers and employees who originate there? If

so, is it happening during regular business hours? Is it following “normal”

traffic patterns? If so, are they using dormant passwords or bypassing any

protocols? If so, is the accessible data through this breach? Or the log

notices the CFO attempted to change a network password. Is this

permissible? Does it raise a red flag if there were 30 attempts in a span of 2

minutes? At 2:30am?

Situational Awareness posits the idea that a singular event might be seen

as generally low-level and harmless, but when it is put into context and

correlated against various rules and network silos, a very different picture

emerges. If there is a blip on one log against one server, likelihood is that it

is harmless. However, match that against anomalies from other parts of

the enterprise and when put together, the graver problem is unveiled and

can therefore be quickly remediated. Conversely, by putting all the pieces

together and analyzing them in context, it also removes all the false

positives.

REDUCED COMPLEXITY AND

COST

With CloudAccess SIEM there’s no maintenance or management overhead, and minimal administration. As a true security-as-a-service solution, the impact on IT resources is truly limited. This allows you to redeploy your focus on other priorities. When managed from the cloud, many of these time-consuming, resource-draining activities are taken care of automatically. There is a definitive cost savings realized without sacrificing any of capabilities, compliance requirements, scope or strength of your IT security strategies.

As realized with cloud-based applications, migrating centralized control of the security features to the cloud realizes an equivalent savings. The cost reductions can be staggering. Just the implementation costs alone (a 2:1 or 3:1--sometimes higher-- of professional services costs to software licenses in traditional physical deployments) are cost prohibitive for many organizations. Cloud-based security can be the great equalizer. With no hardware burdens or software licensing issues, any-sized company can enjoy the same degree of protection as the largest enterprise.

.

www.CloudAccess.com



Granted, an on-premises SIEM/Log Management application can do this if

hooked throughout the enterprise, applies the correct filtering and a

dedicated person reviews all the logs. But reality says it is unlikely.

A SANS Institute study (Struggling to Make Sense of Log Data) said, “With

or without tools, many organizations don’t spend much time analyzing

logs. 35% of respondents said their organizations allot no time to less

than one day a week on log analysis. The smaller the organization, the less

likely they would spend on log data analysis. Many companies recognize

that SIEM is part of the answer; however 58% of the companies in the

survey noted they are “not anywhere close to that level of automation.”

COMPLIANCE THROUGH

STRONG POLICY ENFORCEMENT

Organizations facing regular and/or diverse regulatory requirements can reduce the associated reporting burden substantially: • Required reports can be generated automatically and consistently across multiple systems, without burdening the system admins. • Where needed, internal SIEM activity can be reported on to demonstrate compliance with log review requirements

CloudAccess SIEM takes policy enforcement to new levels. Automated incident response management enables you to document and formalize the process of tracking, escalating and responding to incidents and policy violations. CloudAccess provides the ability to create a trouble ticket directly into our helpdesk system. CloudAccess SIEM helps demonstrate your compliance with internal policies and industry and government regulations such as SOX, HIPAA, CIP, GLBA, PCI-DSS, FISMA and others.

http://www.cloudaccess.com/siem

www.CloudAccess.com



PART 3- SIEM’S IMPACT ON SECURITY

The immediate impact of SIEM/Log Management deployed and managed

from the cloud can

Reduce Critical Incident Rates

Extend the Lifetime Value of Legacy Applications

Reduce compliance reporting burden

Improve the transparency of compliance reporting/auditing

Prevent internal resource abuse/carelessness

Prevent currency transfer fraud

When cloud-based SIEM is initially deployed, it is much like turning on a

light on what you thought was a clean house, but finding a nest of

cockroaches. However, as seen in the figure above, in a short period of

times SIEM drives down the risk and its associated cost.

Case in point: A nationally recognized design and retail enterprise had long

believed they were on top of every potential security issue that affected

their network. They had decided to migrate SIEM and log management to

the cloud as a cost moderation initiative. Within hours of deploying, a

CloudAccess analyst contacted the company’s principal security officer

with news that there were several threatening anomalies. As this was still a

period of redundant crossover, the officer checked his system and

disagreed. Within a few moments the CloudAccess analyst was able to

pinpoint the specific workstation where the threat originated. When that

workstation was investigated, the threat was indeed prevalent. Moral of

the story is that a SIEM deployed holistically will bring to light more issues

INCIDENT RESPONSE IS NOT

GRANULAR

We know… • Current incident response workflow models are born from reactionary necessity • We are drowning in data, yet refuse to adapt models for maximizing efficiency of handling this data that have provably worked in other service models. • Linear workflows do not scale well for incident response. • Incident Response is an excellent source of metrics, but requires context through business process and change-over-time to make meaningful metrics from the numbers. • There will always be more work than there are resources to handle; new prioritization systems that adapt to emerging events instead of arbitrary assessments are vital to maximizing the effectiveness of resourcing and workload.

www.CloudAccess.com



than an organization might currently realize. However, in short time SIEM

can allow the enterprise to drive risk and spend to lower levels than were

previously experienced.

As the most serious threats are addressed, risk tapers off fairly quickly.

Concurrently, perceived risk and actual risk are being reduced. As a direct

result security costs begins to fall when the costs associated with breaches

and other threats are eliminated.

PART 4- ENSURING COMPLIANCE

“I get audited. I get audited a lot.” VP IT Operations for a mid-sized Texas

credit union

For many organizations, the decision to deploy SIEM and Log Management

is predicated on the need to comply with a variety of federal, state and

industry requirements. If your organization transacts money online or

personal data, some, or all, of these compliance mandates fall on your

shoulders.

As demonstrated, the concept of situational awareness is an effective

means of capturing, encrypting and storing (and destroying) certain pieces

of information and then providing the auditing regulatory agency with

proof that your best practices are in line with internal and external policies.

The multi-silo log collection and the SIEM correlation engine automate the

entire compliance process from securing your environment, establishing

baselines, tracking user activity, alerting to potential violations to

creating audit-ready reports.

In terms of time management, SIEM managed from the cloud can save

upwards of 75 hours per month of review, audit and reporting. Consider the

additional savings when having to comply with multiple agencies. The VP of

Ops quoted at the top of the section deals with six agencies on a regular

basis. Without a holistic and centralized security approach, he would waste

endless hours through redundant reporting. With the application of security

centralization, 75 hours per month becomes 10. And more importantly, the

degree of accuracy of the reporting is significantly better.

SIFTING THROUGH WHITE NOISE

An enterprise can have anywhere

from 1 to 100,000 (or greater

endpoints) delivering log data. That

can mean thousands of alerts and

hundreds upon hundreds of false

positives. A situational context

correlation engine translates data to

actionable information. This in turn,

significantly increases the likelihood

of an analyst finding a dangerous

anomaly amongst a sea of harmless

traffic.

SIEM from the cloud creates more

effective coverage, improved

productivity and increased abilities to

discover the root cause of any issue

in a shorter period of time.

www.CloudAccess.com



When analyzing whether your holistic security initiative can successfully

manage compliance issues an enterprise must consider:

• Data aggregation —A central repository that automatically collects data

from a variety of sources and platforms significantly bolsters speed,

accuracy and efficiencies, and promotes a focus on analysis.

• Pre-built compliance reports & polices — CloudAccess ‘ experience with

auditing agencies led to the creation of many “out-of-the box” automated

reports and rules designed to satisfy a variety of standard compliance

requirements. No customization needed.

• Secure archival of events — Proof of integrity that certain controls and data streams are secure and/or destroyed in accordance with the law. • Workflow and collaboration— Compliance reporting is a process which

requires the input from various departments and therefore requires

management and collaboration.

PART 5- RETURN ON INVESTMENT

Making a business justification for investing in SIEM and Log Management

technology is often the hardest part of the security project. The value of

security investments can be realized in the form of “soft benefits,” such as

reduced organizational risk, broader security visibility and better brand

awareness – benefits that are hard to compute. However, hard figures can

often be calculated up front and verified over time. The business

justification of a SIEM investment can be quantified by looking at cost

points, and the costs avoided with the SIEM technology. What is the

following worth?

Removing inefficiencies through automation

Avoiding infrastructure expansion costs

Preventing expenditures for compliance penalties

Reducing loss through fraud

Averting losses due to system outages

Adding expertise to the staff without adding to the payroll

Reducing barriers to success for core competency priorities

PUBLIC VS PRIVATE CLOUD

It is a misconception that a private

cloud is more secure than a multi-

tenanted public one. A private cloud

is infrastructure operated solely for a

single organization. The only

difference is that your data is

segregated from any other

organization. In a multi-tenanted

environment you share only a server,

the databases remain sacrosanct and

there is NO comingling or leakage of

data or security gaps.

Public or private, it is still a server. It’s

still prone to intrusions, attacks, user

carelessness and resource deficiencies.

The only difference is the means of

security you apply towards protecting

it. You can build the most sophisticated

on premise security solution, but if you

leave a window open, data will still

leak, unwanted intrusions will still get

in and George from sales will still log

into the network from his unsecured

iPhone.

When deciding public vs private, do

so based on cost and business need,

and not the fallacy that one is more

secure than another. But when it

comes to security, make sure you

have the flexibility and scalability to

securely manage your quickly

disappearing perimeter.

www.CloudAccess.com



Eliminating CapEx investments in favor of OpEx

Deploying greater functionality and visibility without adding CapEx

investments

By taking this approach, the security team is able to demonstrate the

monetary value of SIEM investment, and align with business units to build

a business case.

This issue is not to debate whether an organization benefits from a well-

positioned security-as-a-service initiative, but rather what is the best way to

deploy and manage. In that respect there are three points of comparison of

whether the cloud or a more traditional deployment is best suited for an

enterprise: functionality, control, and cost.

A holistic approach adopting Security FROM the cloud answers the questions:

Who has access and who controls it?

Can we report activity to maintain compliance?

What is harmless traffic and what needs to be remediated in real

time?

Do I have the resources to monitor and react to issues 24/7/365?

How do I centralize security analysis so I don’t have to repeat

processes system after system?

How do I control all those applications the sales team accesses

from beyond the so-called network perimeter?

What happens when an employee leaves the company or a

vendor’s contract expires? Who controls all the passwords?

How is data aggregated, stored/destroyed, transited?

Is my data safe?

So many issues, so little bandwidth…until you apply an answer FROM the

cloud.

Security-as-a-service is much more than cost savings and democratizing

access to protection. It is the most effective avenue towards the holistic

application of best practices, real time visibility and best of breed

solutions. “From” the cloud is providing a scalable layer of security that

was typically reserved for trillion dollar companies easily deployed for any

STUDY FINDS C-SUITE

SLIPPING ON INFO SEC

From PricewaterhouseCoopers

(8/2012) survey of C-Level execs-as

reported by CFO Magazine

Only 39% of 10,000 executives

surveyed last year (down from 52% in

2009) said they reviewed their

security policies annually.

44% viewed their IT infrastructure as

“relatively insecure.”

“Security is not just an IT risk, it’s a

business risk,” says the studies author.

“As CFO, your responsibility is to

understand the business risks and how

the organization is set up to mitigate

those risks.”

http://www.cloudaccess.com/siem

http://www.cloudaccess.com/saas-sso

http://www.cloudaccess.com/identity-management

http://www.cloudaccess.com/identity-management

http://www.cloudaccess.com/log-management

www.CloudAccess.com



company of any size. It incorporates the ability to link all the independent

silos of information including transactions, proprietary data, applications

(legacy and in the cloud) and manage them centrally with a greater degree

of focus and accuracy.

Now of course, cloud-based security is not a panacea. It still depends on

workflow process and the expertise to define and apply that process. But the

issues surrounding scope, scale, control, capability, centralization,

correlation, fast-to-market and cost are answered. The important thing to

remember is that FROM the cloud is a holistic (and sometimes automated)

set of enterprise controls designed to protect assets. The fact that it is

managed and controlled from the cloud is simply a value added advantage. It

provides a cost-effective means and accelerated degree of flexibility that can

be translated into a redirection of core competency priorities. Simply

put…you can worry about one less things and get to work on IT issues that

drive your company forward.

THE PARADIGM CHANGE IS

HAPPENING NOW

According to Forrester Research, it is

estimated that the managed cloud

services security (MSS) market stands

at $4.5 billion.

Gartner, the nationally respected IT

research firm predicted that the total

worth of the cloud computing market

will rise to more than $150 billion by

2013.

In 2015, public cloud services will

account for 46% of net new growth

in overall IT spending.

Morgan Stanley estimates that by

2015, the mobile web will be bigger

than desktop internet. With user

expectations about where and how

they access information changing

dramatically, there'll be growing

pressure on IT to make enterprise

applications available in similar ways.

www.CloudAccess.com



SIEM & LOG MANAGEMENT SOLUTIONS OVERVIEW FROM CLOUD ACCESS

VIEW A SCREEN SHOT OF CLOUDACCESS SIEM

http://www.cloudaccess.com/screenshots/siem

www.CloudAccess.com



MENTION THIS WHITE PAPER AND WE WILL EXTEND A FREE MONTH OF SERVICE WHEN YOU SIGN UP FOR A YEAR OR MORE PAY-AS-YOU-GO SUBSCRIPTION

CONTACT CLOUDACCESS FOR A

LIVE ONLINE DEMONSTRATION OF OUR SIEM AND LOG MANAGEMENT SOLUTIONS DELIVERED AND MANAGED FROM THE CLOUD.

MORE INFORMATION:

CONTACT: 877-550-2568

Read Our Blog: http://cloudaccesssecurity.wordpress.com/

LIKE Us on Facebook Follow Us On Twitter Join us on LinkedIn

The sky is no longer the limit

with secure, affordable cloud

security solutions from

CloudAccess.

WANT TO LEARN

MORE ABOUT SIEM &

CLOUDACCESS?

www.CloudAccess.com

http://cloudaccesssecurity.wordpress.com/

https://www.facebook.com/pages/CloudAccess/158615290877002

https://twitter.com/CloudAccess_

http://www.linkedin.com/company/2415852?trk=tyah

applying security holistically from the cloud€¦ · saas single sign on (using saml federated...

Documents