protecting your sensitive data in the cloud

© 1985-2012 BeyondTrust Software, Inc. All rights reserved

Protecting Your Sensitive Data in the Cloud

Jim Zierick EVP Strategy and Corporate Development

BeyondTrust

June 26, 2012

Ed Bottini Global Cloud Computing Ecosystem Manager

IBM


• IBM Smart Cloud Offering

• The State of the Cloud

• Cloud Security Best Practices

• BeyondTrust Cloud Security

• Next Steps

• Q&A

Agenda

2

3 © 2012 IBM Corporation

How Important are the Following Objectives for Adopting Cloud? % of Respondents

Source: 2011 IBM/EIU Cloud Survey Results, Q5: How Important are the Following Objectives for Adopting Cloud?, n= 572

62%

57%

56%

54%

51%

46%

43%

Business Capabilities Internal Efficiencies

Increased collaboration with external partners

Important or Very Important

Enterprises intend for cloud to improve their business capabilities

Competitive/cost advantages thru vertical integration

New delivery channels/markets

New/enhanced revenue streams

Competitive differentiation thru specialization

Rebalanced mix of products/services

Flexible pricing models

Close to half (42%) of organizations surveyed plan to harness

cloud for radical business model innovation within three years

3


Adoption patterns are emerging for successfully beginning and

progressing cloud initiatives

Cut IT expense & complexity through a cloud enabled data center

Accelerate time to market with cloud platform services

Gain immediate access with business solutions on cloud

Innovate business models by becoming a cloud service provider


Private & Hybrid

Cloud Enablement

Technologies

Managed Services

Infrastructure & Platform

as a Service

Business Solutions

Software & Business

Process as a Service

FOUNDATION SERVICES SOLUTIONS

Commitment to open standards and a broad ecosystem

IBM offers clients choice of cloud delivery models…


Application

Lifecycle

Application

Resources

Application

Environments

Application

Management

Integration

Infrastructure

Platform

Availability and

Performance

Security Payment and

Billing

Application Services

Enterprise Enterprise+

Management

and Support

Client

defined

services

Industry

services

Data and

analytics

services

Workplace

services

Security

services

Resilience

services

Enterprise

applications

Partner

services

Enterprise

data center

Managed private cloud

Enterprise

Hosted private cloud

Enterprise

Shared cloud services

A B

SERVICES


Transforming Application Lifecycle Management leveraging Cloud & ecosystem partner services

Project

Initiation

Requirement

Analysis

Design Deployment Production Development Test

Defects loaded in Rational

Quality Manager and tracked

through application life cycle

Code Analysis & Reporting

Application Virtualization

Performance Testing Services

Mobile Device Testing

Defect Analysis

Maintain

Community of Partners

Workload Portability

Application Virtualization

Testing Solutions

Testing on Devices


Cloud Builders

Cloud Infrastructure

Providers

Cloud Technology

providers

Cloud Application Providers Cloud Services Solution Providers

IBM has built and ecosystem to enhance our capabilities and deliver

client value

Application

Lifecycle

Application

Resources

Application

Environments

Application

Management

Integration

Infrastructure

Platform

Availability and

Performance

Security Payment

and Billing

Application Services

Enterprise Enterprise+

Management

and Support

Client

defined

services

Industry

services

Data and

analytics

services

Workplace

services

Security

services

Resilience

services

Enterprise

applications

Partner

services

Enterprise

data center

Managed private cloud

Enterprise

Hosted private

cloud

Enterprise

Shared cloud services

A B

http://www.corenttechnology.com/index.php


#1 Concern When Moving to the Cloud

Security is the #1 concern when moving deployments to the Cloud

IDC Enterprise Panel Survey on Cloud challenges

Poneman’s Surveys concluded that:

• 79% of respondents believe that being able to efficiently manage security in the cloud is critical.

• 42% of respondents indicated they would not

know if their organizations' cloud applications or data was compromised by a security breach or data exploit

9


Per Cloud Security Alliance’s “Top Threats to Cloud Computing (March 2010) – Abuse & Nefarious Use of Cloud Computing

– Insecure Interfaces and APIs

– Malicious Insiders

– Shared Technology Vulnerabilities

– Data Loss/Leakage

– Account or Service Hijacking

Top threats to Cloud Computing

10


The Evolving Threat Landscape

Boldness and inventiveness of hackers is outrunning companies’ ability to deal with them. Theft of intellectual property from U.S. companies is occurring at a rate of $200B a year.

“Organizations continue to struggle with excessive user privilege as it remains the primary attack point for data breaches and unauthorized transactions.”

~ Mark Diodati, Burton/Gartner Group

• Cost of security operations outstripping IT budget growth

• Threat surface increases with every new user and every new technology

– Acceleration of APT activities

– BYOD/’Consumerization’ of IT a fact of life now

– Virtualization and the Private Cloud blur create gaps for attack

• Challenges in distinguishing between ‘potential’ and ‘real’ threats

11


The Problem is Broad and Deep

• The threat from attacks is a statistical certainty and businesses of every type and size are vulnerable.

• Organizations are experiencing multiple breaches: 59 percent had two or more breaches in the past 12 months.

• Only 11 percent of companies know the source of all network security breaches.

12


You can’t secure ‘The Cloud.’ There is no ‘The Cloud.’ If you don’t have a robust security program, cloud computing will make it worse.” Christopher Hoff – Founding member

and technical advisor to the Cloud Security Alliance

Demystifying Cloud Security

13


Cloud Computing Reality – Public, Hybrid or Private

• Increasing scale – from thousands to tens of thousands servers

• Increasing complexity makes configuration and change management challenging

– Complex directory structures are a major pain point

• Reliability is critical to realizing operational improvement

Impact of Cloud Computing

14


Rethink Existing Controls for Clouds

What’s the same – Many technical controls are the same

What’s different – Massively automated, virtualized, multi-tenant

environment

– Complex supply chain, multiple-domain security concerns

Necessitates some shifts in security strategy – New controls (hypervisor integrity monitoring)

– Process-related controls (application and data governance)

15


Requirements:

Account for All Privileged Users

Manage Provisioning/De-Provisioning Privileged Credentials

Implement a “Least Privilege” based Control System

Monitor and Reconcile Privileged Activity

Maintain a High Quality Audit Repository

Automate Compliance Reporting

Best Practice For Cloud Security

Full Life-Cycle Control of Privileged Users

16


Requirements For Enterprise Grade Cloud Security

• Scalable, enterprise grade fabric

• Seamless integrations with on-premise and cloud directories

• Allow admins to manage policies not infrastructure

• Dynamically react to changes in virtual environment

• Quantifiable performance metrics of how it’s performing

17


BeyondTrust allows companies to extend existing security infrastructure, policies and compliance reporting to their private, public and hybrid clouds such that it is

• Scalable

• Elastic

• Easily installed

• Easily managed

Cloud Security with BeyondTrust

18


Public, Private and Hybrid Cloud Computing Security

• Solutions for infrastructure, endpoints, data and applications

• Support for physical, virtual, public, private and hybrid cloud environments

• Allows IT governance to strengthen security, improve productivity, drive compliance and reduce expense

The BeyondTrust Vision

Security in Context Our threat management and policy enablement solutions provide zero-gap visibility and actionable intelligence to reduce risks and close security gaps by integrating providing Security in Context across vulnerabilities, privilege and data.

Server & Desktop, Physical & Virtualization Windows, Linux,

Unix

Network Device Security

Data Security & Leak Prevention

Governance, Risk & Compliance

19


Context-Aware Security Intelligence

Complete Risk Management for both Internal and External Threats

Discovery of all internal and external vulnerabilities and threats

Prioritization of risk according to threats, resources, privileges, etc.

Threat-aware mitigations and preventative measures including Patch Management, Least Privilege, DLP and Endpoint protection.

Continuous monitoring and measurement of threat posture

Automated compliance reporting

20


Context-Aware Security Intelligence

Benefits

Comprehensive preventative intelligence

BeyondTrust allows you to discover all your security weaknesses across vulnerabilities, privilege and data and provides you with the security intelligence you need to protect business assets from cyber attacks.

Fully automated and integrated; less resource intensive

BeyondTrust automates the full spectrum of ongoing assets discovery, assessments, policy and compliance enforcement for your entire IT infrastructure across Desktop, Servers, Mobile, Virtual, Database and Cloud.

Flexible and Scalable

Our solutions support distributed deployment across the largest organizations around the globe.

21


BeyondTrust Solutions For Cloud Computing

Unix, Linux and Windows Servers

Monitor critical databases

Policy Based Security

Flexible Network Configuration

Highly Scalable

Dynamic Deployment

Mixed Networks

Activity Directory Bridge

Virtualized and cloud environments

Purpose built threat assessment and management

RETINA CS

22


Comprehensive Hybrid Cloud Model

HR Systems Financial Systems PCI

Application

Operating System

Hypervisor

Database

PowerBroker Enterprise Fabric

Flexible Deployment Across Virtual and Physical Infrastructure

• Programmable

• Policy driven

• Dynamically Deployed

• Context aware and adaptive

Easily Configured into Separate Security Zones to allow Context Aware Cloud Security Policies

Systems

Management

Identity

Services

Servers Virtualization

24


Next: Learn More About Secure Cloud Deployments

BeyondTrust Resources

Free whitepaper: Elevating Cloud

Security with Privilege

Delegation

Find both here:

www.beyondtrust.com/SmartCloud

Free product evaluation

IBM Resources

Learn more about IBM SmartCloud

Enterprise and Sign Up for an Account

Visit:

www.ibm.com/buycloud

25


Thank You

800-234-9072

818-575-4000

www.beyondtrust.com

Join the Conversation!