Securing Data in the

Cloud: Point of View

Presentation by Infosys Limited

www.Infosys.com

2

Agenda

• Data Security challenges & changing compliance

requirements

• Approach to address Cloud Data Security

requirements

• About Infosys Information and Cyber Risk

management practice

3

Your Presenter today • Saju brings in nearly 18 years of experience in IT

consulting and advisory services. He currently heads

Infrastructure and Cloud consulting for Infosys.

• He has been with Infosys for past 13 years and been

instrumental in setting up the cloud business strategy

for Infosys.

• Saju brings in experience in cloud and infrastructure

strategy formulation, cloud technology advisory and

cloud economics.

• Saju has executed several strategic engagements in

technology, business transformation & optimization,

Cloud and Infrastructure transformation, platform

modernization, collaboration and end-user computing.

• He is an active member of partner advisory boards of

product alliance partners and has been on steering

committees with various clients.

Saju Sankaran Kutty Associate Vice President - Cloud

Infrastructure & Security – Infosys Limited

4

The next-generation

technology services company

Founded in Pune, India in 1981

$8.7 billion in revenues

987+ clients

Clients in 50+ countries

85 offices and 100 development centers

179,000+ employees of 115 nationalities

94% are consultants and engineers

97% of staff are university educated

22% with masters degrees or doctorates

35% of employees are women

World’s largest corporate university

1.3% of revenues invested in R&D

More than 300 researchers

Employees trained in Design Thinking

505 patents pending and 204 granted

Transparency, ethics, and respect

$500 million innovation fund

96.6% business is repeat business

2% of avg. net profits over 3 fiscals to Infosys Foundation

Award winning sustainable delivery centers

4 out of top 5 US banks

7 out of top 10 global CPG

8 out of top 10 global pharma

4 out of top 5 global

aerospace & defence

6 out of top 10 communications cos.

Corporate Learning Purpose People Clients

Infosys helps enterprises transform and thrive in a changing world by co-creating

breakthrough solutions that combine strategic insights and execution excellence.

We help them renew themselves while also creating new avenues to generate

value.

5

Infosys – Huawei Partnership

Infosys Huawei

6

The enterprise cloud ecosystem is evolving

Siloed Consolidated

VM VM

Private Cloud

IaaS

VM VM

VM VM

Hybrid IaaS

Private Cloud

PaaS

Enterprise

Apps

IaaS

PaaS

SaaS

Public Cloud Enterprise IT

A hybrid deployment, multi-cloud

consumption model

7

Trends in Cloud adoption today

• 81 % of companies are either using or planning to use mission-critical apps on the cloud in the

next 2 years

• 77 % of companies are using or planning to use IaaS, PaaS or SaaS for a wide range of

business application in the next 2 years

• It takes 3 days for 55% of large enterprises to get new virtual infrastructure from their private or

public Cloud

• 69% of companies are looking for the ability to detect, alert, and self-resolve issues in their

cloud environment

• 77% of companies trust system integrators to be their cloud implementation providers

Infosys Study: Simplify and innovate the way you consume Cloud -

http://www.experienceinfosys.com/cloudstudy

8

Key Data Security challenges for organization’s

leveraging the Cloud

• Available solutions in the market are still silo-based

• Security challenges exist when enterprises integrate private cloud with public cloud for cloud

burst and other on need computing requirements . The challenges cut across 4 key pillars of

security

9

…Resulting in new and evolving requirements for data

security in Cloud

• Cloud Security Alliance (CSA) Cloud control matrix is the comprehensive standard to ensure the data and privacy safety of the cloud environment

• NIST, the U.S. National Institute of Standards and Technology, last year published its Guidelines on Security and Privacy in Public Cloud Computing.

• ENISA has published Procure Secure: A Guide to Monitoring of security service levels in cloud contracts.

• HIPAA Omnibus expands the definition of ‘business associate’ and define cloud service providers (CSPs) as business associates.

• Geo Specific regulations mandates organizations to ensure data eDiscovery capabilities and controls in place while getting into Contract with cloud provider

• Geo Specific and Regulatory requirements mandates organization to ensure that legal hold discussion and agreement is the key part of cloud contract negotiations.

10

…which is driving key trends around Data Security

oriented to Cloud Adoption

Busin

ess &

IT

Obje

ctives

Cloud Adoption Unified approach for protecting Data

in Cloud

No Trust Model

Persistent Data

Encryption

Customer Managed

keys

Data access governance

Privileged Access

Data

Classification

Is Key

Data Disposal

gains

importance

11

..which results in below decisions to make before cloud

adoption

• Legal hold – How to ensure Data availability if the CSP is going out of Business

• eDiscovery- How to ensure that Data in hosted environment is identifiable and discoverable.

• Data Protection/Confidentiality - How to ensure that data confidentiality is being maintained in

Shared cloud environment

• Data Integrity & Usage Governance - How to ensure that data integrity is being maintained

• Compliance & Governance - How to ensure complianceCompliance with Legal and Regulatory

Standards – Including data retention, archive and purge.

12

Solutions can be realized leveraging "Integrated approach” for

Cloud data Security based on traditional building blocks

Presentation

Modality

Presentation

Platform

APIs

Applications

Data

Integration & Middleware

APIs

Hardware

Facilities

Content Metadata

Software as a Service (SaaS)

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

Core Connectivity &

Delivery

Abstraction

Cloud Security Alliance Reference

Model

Identity & Access Mgmt.

• Single sign-on / federation

• Adaptive authentication

• Authorization (RBAC, context-based, fine-grained)

• Provisioning access

• Segregation of Duties

Application

Security

Information Systems

Infra Security

Governance,

Risk & Compliance

Data Security

• Secure SDLC

• White/Black box testing

• Penetration testing

Cloud-based Integrated

Security solution

• Endpoint Security

• SIEM

• Perimeter Security

• Platform Security

• Data loss Prevention

• Data Tokenization

• Data Masking

• Information Rights Management

• Data Encryption

• Risk and Enterprise Security framework

• Integrated enforcement & validation of security controls

• Compliance enforcement

• Internal & External Compliance Audits

• Enterprise IT security policies & Procedures

Organization/

Vendor

Cloud Vendor

Security is shared responsibility

13

…..complimented by data centric technology controls to

safeguard the data

Key Tenet Technology Solution Leading product vendors

Data protection/confidentiality • Data Loss Prevention (DLP)

• Data Encryption:

• File/ Folders

• OS

• Application

• Database

• DLP: Websense, McAfee,

Symantec

• Encryption: SafeNet, RSA

Data management Integrity and

usage governance

• Database Activity Monitoring

• File Integrity Management

• Data Rights Management

• DAM: IBM, Imperva

• FIM: McAfee, TrendMicro

• DRM: Microsoft

Compliance with legal and

regulatory standards

• Data Tokenization

• Data Masking

• Key Management

• Security Audits

• Data Protection Agreement

• Tokenization: SafeNet, RSA

• Masking: Informatica

• Key Management: Thales,

SafeNet

14

Infosys approach & methodology for securing data and

services in Cloud

Initiate

Risk Analysis

• Identify cloud model

• Prioritize use cases,

classify information

• Understand Risk &

associated impact,

liability, SLAs, RACI,

etc.

Enable Secure Access

• Single sign-on using

Federation, OpenID, Oauth

• Strong authentication & fine-

grained authorization

• Deploy adaptive / multi-factor

authentication

Secure Integration

• Deploy web security

solutions e.g. IBM

DataPower, Intel

SOAE Integrated Monitoring

• Implement periodic

attestation, continuous

monitoring, integration

with SIEM, etc.

• Adopt compliance &

security

• Automated GRC

Secure virtual

infrastructure

• Deploy network

segregation, virtual

firewalls, IDS, secure OS,

application firewalls, AV,

content security / malware

Secure data & application

• Implement native data

encryption, segregation, PKI

• Data Loss Prevention, in-line

Data Tokenization /

Encryption address in-transit /

at rest / isolation security

concerns

• Leverage claims-based

application security model

• Adopt secure SDLC / testing

Continuous

monitoring

and

validation

15

Infosys Information and Cyber Risk (ICRM) Practice offers a Comprehensive

set of Security Solutions and Services to ensure Secure Cloud Adoption

Enterprise

Security

Security

Operations

Identity & Access

Management

Infra Security

• Perimeter and Network Security

• Endpoint Security

• Platform Security

• Email Security

• Vulnerability Assessment and Penetration Testing

Data Security

• Data Loss Prevention

• Data Masking, Tokenization

• Encryption and PKI

• Information Rights Management

Security Operations

• Security tool administration

• Security monitoring and incident management

Identity & Access Mgmt.

• Directory Services

• Authorization, SSO, Federation, Social

• Coarse / Find grained authorization

• Identity lifecycle Management and Provisioning

Governance Risk and Compliance (GRC)

• Security Framework, Policies and Procedures

• Compliance Audits

• Risk and Security Controls enforcement

• IT GRC tool configuration

Application Security

• Secure SDLC

• White/black box testing

• Gray-box testing

• Penetration testing Cloud-based

Integrated Security

solution

On-premise Integrated

Security solution

CONSULTING INTEGRATION OPERATIONS

16

Contact us

www.Infosys.com

Email: askus@Infosys.com

Contact –

Saju Sankaran Kutty

Associate Vice President –

Cloud Infrastructure & Security – Infosys

Limited

Email – saju_kutty@Infosys.com

Copyright©2015 Huawei Technologies Co., Ltd. All Rights Reserved.

The information in this document may contain predictive statements including, without limitation, statements regarding the

future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could

cause actual results and developments to differ materially from those expressed or implied in the predictive statements.

Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei

may change the information at any time without notice.