cloud security consulting services at&t security consulting
DESCRIPTION
Cloud Security Consulting Services AT&T Security Consulting. March 2012. Technology Trends Reshaping Business. Powerful Mobile Computing Devices. Fast, Widespread Wireless/Wireline IP Networks. Cloud Computing. Companies are reengineering the way they do business. - PowerPoint PPT PresentationTRANSCRIPT
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
Cloud Security Consulting ServicesAT&T Security ConsultingMarch 2012
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
Technology Trends Reshaping Business
2
Companies are reengineering the way they do business.
Powerful Mobile Computing Devices
Fast, Widespread Wireless/Wireline IP
Networks
Cloud Computing
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
“…a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
- National Institutes of Standards and Technology
What is “Cloud Computing”?
3
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
Improve My Productivity• Real time collaboration across employees,
partners, customers• Requirements for applications to work
across devices
Reduce My Cost• Low storage and server utilization
in non-peak periods• Desire to pivot from Capex to Opex
Remove the Complexity• Simplification due to limited IT staff
down market• End-to-end ownership vs. multi-vendor
service integrations
Demand to mobilize and virtualize assets,
applications and activities
• Off-premise
• On-demand
• Easy to Use
• Web-enabled
• Device Agnostic
• Tiered Support
Business Drivers for Cloud
4
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
5
Cloud Deployment Models Transfer Responsibility
Softwareas a Service
ApplicationDatabase
Operating SystemServers
Storage
Platform as a Service
ApplicationDatabase
Operating SystemServersStorage
Infrastructure as a Service
ApplicationDatabase
Operating SystemServersStorage
CustomerManagement Responsibility
Service Provider Management Responsibility
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
Considerations for Cloud Security
6
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
Cloud Security Challenges
• Applicable Compliance Requirements– Current Good Manufacturing Practices
(cGMPs) for human pharmaceuticals– FDA Audit Processes, field trials,
exception approvals– ARA, HIPPA, HITRUST, PCI, NIST, FTC,
State Regulations
• Risk Management• Monitoring• Governance • Visibility• Advanced technology adoption
Complicates security, compliance &
validation efforts
7
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
8
Success Through “Data Centricity”
DefineAppropriate
Controls
Determine Applicable
Compliance Requirements
Assess the Associated Risks
Define the Workload
(isolate a function)
Classify the Relevant Data
Establish Contractual Obligations
Sensitive Data
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
Layered Approach to Cloud Security
Acce
ss M
anag
emen
t
Infrastructure Security
Services Security
8 Security Dimensions
Dat
a Co
nfide
ntial
ity
Com
mun
icati
on S
ecur
ity
Inte
grity
Avai
labi
lity
Priv
acy
Auth
entic
ation
repu
diati
on
Security LayersApplications Security
Acce
ss C
ontr
olEnd User Security
VULNERABILITIES
Dat
a Co
nfide
ntial
ity
Com
mun
icati
on S
ecur
ity
Dat
a In
tegr
ity
Avai
labi
lity
Priv
acy
Auth
entic
ation
Non
-rep
udia
tion
THREATS
ATTACKS
Destruction
Disclosure
Corruption
Removal
Interruption
Adapted based on X.805 Model
9
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
10
Compliance & Security Lessons Learned
• The responsibility for security and compliance cannot be outsourced
• Proper Asset Classification is critical - understand what you are putting into the cloud
• Understand that assets can exist in various physical locations
• Determine who can affect the security of the data
• Do Your Homework to find the right Security Solutions Provider!
• Evaluate providers based on your security requirements
• Document accountability demarcation points
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
11 © 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
Cloud Security and Compliance Assessment
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
12
Cloud Security and Compliance AssessmentService Overview
What We DeliverWhat We Provide
Cloud Security and Compliance Assessment Executive SummaryProvides key findings of the assessment.
AT&T’s Cloud Security and Compliance Assessment helps you understand your security posture, polices and compliance exposure.
The Cloud Security and Compliance Assessment provides an onsite consulting engagement to examine and maintain your security posture by identifying potential data security risk(s) involved in moving targeted workloads to the Cloud.
Cloud Security and Compliance Assessment ReportComprehensive findings report with technical detail and recommendations resulting from the assessment service.
AT&T is committed to providing pre and post assessment requirements, access to information and transparency.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
13
Why AT&T for Cloud Security and Advisory Services?Where experience counts
Managed WAN for single communication fabric worldwide
Security
Managed Applications, Managed UC Services, Collaboration Services and Cloud Solutions
• A rich history of building highly-secure domestic and global networks including expertise in large scale, complex and custom network infrastructures and solutions.
• Comprehensive Consulting portfolio across eight strategic services in addition to cloud advisory services.
• Combined network implementation experience and consulting capabilities that is aligned with your business needs and vision.
• AT&T Consulting provides “trusted advisor” expertise with “C” level executives based upon many years of experience of addressing strategic business initiatives with best of breed solutions.
AT&T Expertise
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
14