partly cloudy - wgfoa...partly cloudy: how cloud technologies change your own it landscape....
TRANSCRIPT
Partly Cloudy: How cloud technologies change your own IT landscape.
Synercomm, Inc.Jeffrey T. Lemmermann, CPA, CITP, CISA, [email protected]
Wisconsin Government Finance Officers Association
September 12, 2019 – Chula Vista Resort
Who Am I
ID• Jeffrey T. Lemmermann
• Information Assurance Consultant – SynerComm• January 2018
EXP• 24 Years with CliftonLarsonAllen
• Risk Services Practice Manager• IT Audit / IT Security Specialist
• 5+ Years as CIO/CFO – Manufacturing Industry
CERT• CPA, CITP, CISA, CEH
• CITP – Wisconsin Champion (If you are a CPA )
“Security Assessment & Consulting, IT Audit, Compliance with IT Frameworks (NIST, COBIT) and continuing an ongoing crusade to
promote information security!”
Information Security
Internet Banking
File Sharing
Web Shopping
Data Backup
Mass E-mail Gmail Yahoo
What is “The Cloud”?
Media Streaming
Internet Gaming
Photo Sharing
Document Collaboration
Navigation Systems
Importance of Data Security
Where Is Your Data?
The ObviousNetwork File/Data Servers Laptop ComputersBackup Storage Media
The ObscureSmartphones / TabletsPortable Storage (USB Drives)E-Mail Attachments
The ForgottenDisposed Equipment – LEASED Equipment!
Security Points
Five Key Points of Data Security:Physical SecurityNetwork SecurityApplication SecurityExternal SecurityPlanning & Governance
Responsibility Changes – Points Do Not
Physical Security Fail
How to avoid this:
Shared Responsibility Model
Shared Responsibility Model
Shared Responsibility Model
Shared Responsibility Model
Who Is Who – MATCHGAME!
GCP Google Cloud Platform
Azure Microsoft
AWS Amazon Web Services
Rackspace Apollo Global Mgmt.
IBM Cloud IBM
Ever-Changing Landscape
Office 365 Example
On Premise to Cloud Migration:Hardware moves to Azure CloudAzure AD Connect On-Prem Active Directory
Software becomes a per user subscriptionData moves to the Azure CloudStill need backup services
Client Access – Anywhere there is Internet
Data Security
Updating our policies and procedures is a critical part of the circle.
Hardening Guides
https://www.cisecurity.org/cis-benchmarks/
Understand Your Enemies
You have to understand their tactics to better stop them.Hacking for Dummies by Kevin Beaver, Stuart McClure
Certified Ethical Hacking – Training & Certification Vulnerability Assessments Penetration Testing
On-line Resourceshttps://www.synercomm.com/blog/ Krebs on Security - krebsonsecurity.com SANS – www.sans.org NIST – www.nist.gov
Questions & Answers
SynerComm’s goal is to be a Trusted Advisor and Preferred IT Solutions Provider by assisting our clients to achieve a goal, solve a problem, or satisfy a need.
Jeffrey T. Lemmermann, CPA, CITP, CISA, CEHInformation Assurance Consultant - SynerComm, Inc.