cloud security · •more control over your data security and compliance with built-in privacy,...
TRANSCRIPT
AbstractAs a Service model is delivering:
• Better and constant innovation
• Ability to adopt new technologies faster
• Lowering cost (especially up front capital costs)
• Less vendor lock-in (in some cases)
• No waiting for an upgrade cycle
• Lowering your configuration and change management burden
Agenda• Rapidly changing face of cyber security
• As a Service Model
• Addressing Security in the Cloud• Case Studies:
• AWS
• O365
• New Zealand Government Telecommunications as a Service model (TaaS)
• Jellyfish
Cyber Security Shopping List• Next Generation Firewalls• Identity Management• Access Control• Authentication• Multi-Factor Authentication• Encryption• SIEM• Application Whitelisting• Traditional controls are less effective than they were but still matter (eg AV)
Costs• Sounds great, but sounds expensive:
• Huge capital outlay
• Large time to implement
• Have to evolve with the threats, so capital outlay is potentially every year and whenevera new threat is identified.
So I need a massive budget that I can’t determine in advance? Are you crazy?
All this can be accessed ‘as a Service’• As a Service Model brings substantial benefits an Organisation
• But keep in control of the keys:
• The trusted cloud service providers host the data, but
have no access to the information.
• On-premises administrators don’t need to see the data to perform their roles
• You decide who has access to the information
Case Study: AWS
• Cost• No capex
• Pay only for what you use
• No lock in. Reduce cost again by turning things off
• Ability to provision quickly
• Ability to quickly scale• Elastic growth
• Easy to set up load balancing
• Multiple geographic locations
Amazon Web Services Benefits
AWS Challenges• Data sovereignty
• Security
• Privacy
• Industry specific compliance requirements for above
• Legal (subpoenas), privacy laws, ability to take legal action against a real entity.
• Location of datacentres to meet data sovereignty retention laws or customer requirements.
• Insider threats still exist
Further Securing AWS• Automated provisioning and deprovisioning
• Single Sign On (SSO)
• Encrypted data stores
• Encrypted Virtual Machines
• Encrypted DB components
• Protect Apps
• Cost:• Reduced Capex
• Pay only for what you use
• Bundled licences for end user tools included as part of subscription
• Access to familiar tools in the cloud
• 99.9% uptime guarantee
Case Study: Office 365Office 365 Benefits
• More control over your data security and compliance with built-in privacy, transparency and refined user controls
• Conforms to ISO/IEC 27018 which prohibits use of personal data for marketing
• Keeps data secure and protected both in transit and at rest.
• Multiple levels of approval and just-in time access with limited and time-bound authorisation
Office 365 keep data safeTrusted cloud security
Office 365 Challenges• Data sovereignty
• Security
• Privacy
• Industry specific compliance requirements for above
• Legal (subpoenas), privacy laws, ability to take legal action against a real entity.
• Location of datacentres to meet data sovereignty retention laws or customer requirements.
• Insider threats still exist
• Email encryption
• Onedrive, Sharepoint encryption
• SSO to avoid password use by users
• MFA
Further Securing Office 365Trusted cloud security
• Radically changed the way services are delivered, managed and used
• Delivers a catalogue that is supplied and managed by a panel of service providers.
• Services will transcend agency boundaries and allow agencies to easily connect with each other and with customers.
TaaS is a service first approach to allow agencies to easily connect with each other and with their customers which in turn make it easier to securely deliver more citizen-centric and cross-agency services
Case Study : NZ TaaS New Zealand All of Government Telecommunications as a Service
• aggregation to allow one vendor to manage the operations of all telecommunications providers for an agency
• Agencies sharing services, buildings and data centres
• Government application and content providers to have a single connection point for all agencies (Government Net or Gnet)
• legacy connect services that allow current networks to be joined to GNet, enabling an easy transition to a full TaaS model.
• Vendors able to leverage government prices.
A new radical approachNew Service provision approaches:
Benefits• Volume discounts (one government customer) that can also be leveraged by
vendors that are supplying to Government, this drives costs down.
• Only best services available - most up-to-date technology.
• Services are fit-for-purpose and offered from a range of suppliers allowing agencies to choose which supplier and service best fits their business needs.
• The ‘utility’ consumption model frees agencies up to focus their investment and energy on solutions for New Zealand citizens, rather than investing in technology.
• No minimum term or volumes
• Open panel – it will evolve as new technology emerges
Benefits for YOUR organisation• Cost is less and has one way to go. Down!
• Keep up with latest security innovation
• Ease of transition
• Best protection available at a fraction of capital outlay
• Multiple security providers can be combined and replaced as need to maintain best of breed
• Business service management vs patch and upgrade management.
• Cogito Group are running the All of Government (AoG) Root CA and the GNet policy CA for the New Zealand Government.
• Cogito Group selected to run Identity Brokerage services for All of Government
Authentication: PKI and IdM as a Service for NZ Government
Problems• Systems not talking to one another:
• Legacy and new systems/applications• No linkages/workflow• Costly ad-hoc approach• Allows gaps in security• No one talks about the cloud providers
trusted insider
Jellyfish can solve these problemsR
• Integrated Cyber Security Command And Control System
• One interface to connect disparate components like: IdM, PKI, OTP, SSO, Password Management, LACS, PACS, LDAP, DB, MDM, Monitoring, Audit etc.
• True power is making systems more
Jellyfish R
• Works with existing/future systems
• Improve end user productivity
• Do more with less
• Reduce capex/opex costs
• Automate
• Modular
The Benefits
• Cross system workflow and communications
• Systems can:
• Share data seamlessly
• Make dynamic decisions
• Example is Logical talking to Physical:
• Provision/De-provision from either affects other
• Event on one affects another
Enhanced Security and Control
Thank You
www.cogitogroup.com.aucogitogroup
Cogito Group Pty Ltd@CogitoGroup1
Thanks for listening.
Please direct any further questions to:
Richard BrownCEO, Cogito Group