securing data in the cloud: point of view - file. securing data in the cloud: point of view

Download Securing Data in the Cloud: Point of View - file. Securing Data in the Cloud: Point of View

Post on 01-Sep-2018




0 download

Embed Size (px)


  • Securing Data in the

    Cloud: Point of View

    Presentation by Infosys Limited

  • 2


    Data Security challenges & changing compliance


    Approach to address Cloud Data Security


    About Infosys Information and Cyber Risk

    management practice

  • 3

    Your Presenter today Saju brings in nearly 18 years of experience in IT

    consulting and advisory services. He currently heads

    Infrastructure and Cloud consulting for Infosys.

    He has been with Infosys for past 13 years and been

    instrumental in setting up the cloud business strategy

    for Infosys.

    Saju brings in experience in cloud and infrastructure

    strategy formulation, cloud technology advisory and

    cloud economics.

    Saju has executed several strategic engagements in

    technology, business transformation & optimization,

    Cloud and Infrastructure transformation, platform

    modernization, collaboration and end-user computing.

    He is an active member of partner advisory boards of

    product alliance partners and has been on steering

    committees with various clients.

    Saju Sankaran Kutty Associate Vice President - Cloud

    Infrastructure & Security Infosys Limited

  • 4

    The next-generation

    technology services company

    Founded in Pune, India in 1981

    $8.7 billion in revenues

    987+ clients

    Clients in 50+ countries

    85 offices and 100 development centers

    179,000+ employees of 115 nationalities

    94% are consultants and engineers

    97% of staff are university educated

    22% with masters degrees or doctorates

    35% of employees are women

    Worlds largest corporate university

    1.3% of revenues invested in R&D

    More than 300 researchers

    Employees trained in Design Thinking

    505 patents pending and 204 granted

    Transparency, ethics, and respect

    $500 million innovation fund

    96.6% business is repeat business

    2% of avg. net profits over 3 fiscals to Infosys Foundation

    Award winning sustainable delivery centers

    4 out of top 5 US banks

    7 out of top 10 global CPG

    8 out of top 10 global pharma

    4 out of top 5 global

    aerospace & defence

    6 out of top 10 communications cos.

    Corporate Learning Purpose People Clients

    Infosys helps enterprises transform and thrive in a changing world by co-creating

    breakthrough solutions that combine strategic insights and execution excellence.

    We help them renew themselves while also creating new avenues to generate


  • 5

    Infosys Huawei Partnership

    Infosys Huawei

  • 6

    The enterprise cloud ecosystem is evolving

    Siloed Consolidated

    VM VM

    Private Cloud


    VM VM

    VM VM

    Hybrid IaaS

    Private Cloud







    Public Cloud Enterprise IT

    A hybrid deployment, multi-cloud

    consumption model

  • 7

    Trends in Cloud adoption today

    81 % of companies are either using or planning to use mission-critical apps on the cloud in the

    next 2 years

    77 % of companies are using or planning to use IaaS, PaaS or SaaS for a wide range of

    business application in the next 2 years

    It takes 3 days for 55% of large enterprises to get new virtual infrastructure from their private or

    public Cloud

    69% of companies are looking for the ability to detect, alert, and self-resolve issues in their

    cloud environment

    77% of companies trust system integrators to be their cloud implementation providers

    Infosys Study: Simplify and innovate the way you consume Cloud -

  • 8

    Key Data Security challenges for organizations

    leveraging the Cloud

    Available solutions in the market are still silo-based

    Security challenges exist when enterprises integrate private cloud with public cloud for cloud

    burst and other on need computing requirements . The challenges cut across 4 key pillars of


  • 9

    Resulting in new and evolving requirements for data

    security in Cloud

    Cloud Security Alliance (CSA) Cloud control matrix is the comprehensive standard to ensure the data and privacy safety of the cloud environment

    NIST, the U.S. National Institute of Standards and Technology, last year published its Guidelines on Security and Privacy in Public Cloud Computing.

    ENISA has published Procure Secure: A Guide to Monitoring of security service levels in cloud contracts.

    HIPAA Omnibus expands the definition of business associate and define cloud service providers (CSPs) as business associates.

    Geo Specific regulations mandates organizations to ensure data eDiscovery capabilities and controls in place while getting into Contract with cloud provider

    Geo Specific and Regulatory requirements mandates organization to ensure that legal hold discussion and agreement is the key part of cloud contract negotiations.

  • 10

    which is driving key trends around Data Security

    oriented to Cloud Adoption


    ess &




    Cloud Adoption Unified approach for protecting Data

    in Cloud

    No Trust Model

    Persistent Data


    Customer Managed


    Data access governance

    Privileged Access



    Is Key

    Data Disposal



  • 11

    ..which results in below decisions to make before cloud


    Legal hold How to ensure Data availability if the CSP is going out of Business

    eDiscovery- How to ensure that Data in hosted environment is identifiable and discoverable.

    Data Protection/Confidentiality - How to ensure that data confidentiality is being maintained in

    Shared cloud environment

    Data Integrity & Usage Governance - How to ensure that data integrity is being maintained

    Compliance & Governance - How to ensure complianceCompliance with Legal and Regulatory

    Standards Including data retention, archive and purge.

  • 12

    Solutions can be realized leveraging "Integrated approach for

    Cloud data Security based on traditional building blocks








    Integration & Middleware




    Content Metadata

    Software as a Service (SaaS)

    Platform as a Service (PaaS)

    Infrastructure as a Service (IaaS)

    Core Connectivity &



    Cloud Security Alliance Reference


    Identity & Access Mgmt.

    Single sign-on / federation

    Adaptive authentication

    Authorization (RBAC, context-based, fine-grained)

    Provisioning access

    Segregation of Duties



    Information Systems

    Infra Security


    Risk & Compliance

    Data Security

    Secure SDLC

    White/Black box testing

    Penetration testing

    Cloud-based Integrated

    Security solution

    Endpoint Security


    Perimeter Security

    Platform Security

    Data loss Prevention

    Data Tokenization

    Data Masking

    Information Rights Management

    Data Encryption

    Risk and Enterprise Security framework

    Integrated enforcement & validation of security controls

    Compliance enforcement

    Internal & External Compliance Audits

    Enterprise IT security policies & Procedures



    Cloud Vendor

    Security is shared responsibility

  • 13

    ..complimented by data centric technology controls to

    safeguard the data

    Key Tenet Technology Solution Leading product vendors

    Data protection/confidentiality Data Loss Prevention (DLP)

    Data Encryption:

    File/ Folders




    DLP: Websense, McAfee,


    Encryption: SafeNet, RSA

    Data management Integrity and

    usage governance

    Database Activity Monitoring

    File Integrity Management

    Data Rights Management

    DAM: IBM, Imperva

    FIM: McAfee, TrendMicro

    DRM: Microsoft

    Compliance with legal and

    regulatory standards

    Data Tokenization

    Data Masking

    Key Management

    Security Audits

    Data Protection Agreement

    Tokenization: SafeNet, RSA

    Masking: Informatica

    Key Management: Thales,


  • 14

    Infosys approach & methodology for securing data and

    services in Cloud


    Risk Analysis

    Identify cloud model

    Prioritize use cases,

    classify information

    Understand Risk &

    associated impact,

    liability, SLAs, RACI,


    Enable Secure Access

    Single sign-on using

    Federation, OpenID, Oauth

    Strong authentication & fine-

    grained authorization

    Deploy adaptive / multi-factor


View more >