partly cloudy - wgfoa...partly cloudy: how cloud technologies change your own it landscape....

Partly Cloudy: How cloud technologies change your own IT landscape.

Synercomm, Inc.Jeffrey T. Lemmermann, CPA, CITP, CISA, CEHJeffrey.Lemmermann@SynerComm.com

Wisconsin Government Finance Officers Association

September 12, 2019 – Chula Vista Resort

Who Am I

ID• Jeffrey T. Lemmermann

• Information Assurance Consultant – SynerComm• January 2018

EXP• 24 Years with CliftonLarsonAllen

• Risk Services Practice Manager• IT Audit / IT Security Specialist

• 5+ Years as CIO/CFO – Manufacturing Industry

CERT• CPA, CITP, CISA, CEH

• CITP – Wisconsin Champion (If you are a CPA )

“Security Assessment & Consulting, IT Audit, Compliance with IT Frameworks (NIST, COBIT) and continuing an ongoing crusade to

promote information security!”

Information Security

Internet Banking

File Sharing

Web Shopping

Data Backup

Mass E-mail Gmail Yahoo

What is “The Cloud”?

Media Streaming

Internet Gaming

Photo Sharing

Document Collaboration

Navigation Systems

Importance of Data Security

Where Is Your Data?

The ObviousNetwork File/Data Servers Laptop ComputersBackup Storage Media

The ObscureSmartphones / TabletsPortable Storage (USB Drives)E-Mail Attachments

The ForgottenDisposed Equipment – LEASED Equipment!

Security Points

Five Key Points of Data Security:Physical SecurityNetwork SecurityApplication SecurityExternal SecurityPlanning & Governance

Responsibility Changes – Points Do Not

Physical Security Fail

How to avoid this:

Shared Responsibility Model

Shared Responsibility Model

Shared Responsibility Model

Shared Responsibility Model

Who Is Who – MATCHGAME!

GCP Google Cloud Platform

Azure Microsoft

AWS Amazon Web Services

Rackspace Apollo Global Mgmt.

IBM Cloud IBM

Ever-Changing Landscape

Office 365 Example

On Premise to Cloud Migration:Hardware moves to Azure CloudAzure AD Connect On-Prem Active Directory

Software becomes a per user subscriptionData moves to the Azure CloudStill need backup services

Client Access – Anywhere there is Internet

Data Security

Updating our policies and procedures is a critical part of the circle.

Hardening Guides

https://www.cisecurity.org/cis-benchmarks/

Understand Your Enemies

You have to understand their tactics to better stop them.Hacking for Dummies by Kevin Beaver, Stuart McClure

Certified Ethical Hacking – Training & Certification Vulnerability Assessments Penetration Testing

On-line Resourceshttps://www.synercomm.com/blog/ Krebs on Security - krebsonsecurity.com SANS – www.sans.org NIST – www.nist.gov

Questions & Answers

SynerComm’s goal is to be a Trusted Advisor and Preferred IT Solutions Provider by assisting our clients to achieve a goal, solve a problem, or satisfy a need.

Jeffrey T. Lemmermann, CPA, CITP, CISA, CEHInformation Assurance Consultant - SynerComm, Inc.

Jeffrey.Lemmermann@synercomm.com