Cloud Security Consulting Services

earsplittinggoodbeeInternet and Web Development

Nov 3, 2013 (3 years and 9 months ago)

51 views

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

Cloud Security Consulting Services

AT&T Security Consulting

March 2012

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

Technology Trends Reshaping Business

2

Companies are
reengineering

the way they do business.

Powerful Mobile
Computing Devices

Fast, Widespread
Wireless/Wireline IP
Networks

Cloud Computing

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

“…a model for enabling ubiquitous, convenient,
on
-
demand

network access to a
shared

pool of
configurable computing resources

that can be
rapidly provisioned
and released with
minimal
management

effort or service provider
interaction.”

-

National Institutes of Standards

and Technology

What is “Cloud Computing”?

3

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

Improve My Productivity


Real time collaboration across employees,

partners
, customers


Requirements for applications to work

across
devices



Reduce My Cost


Low storage and server
utilization

in
non
-
peak periods


Desire to pivot from
Capex

to
Opex



Remove the Complexity


Simplification due to limited IT staff

down
market


End
-
to
-
end ownership vs. multi
-
vendor
service integrations

Demand to mobilize and
virtualize assets,
applications and activities


Off
-
premise


On
-
demand


Easy to Use


Web
-
enabled


Device Agnostic


Tiered Support

Business Drivers for Cloud

4

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

Cloud Deployment Models Transfer Responsibility

5

Software

as a Service

Application

Database

Operating System

Servers

Storage

Platform

as a Service

Application

Database

Operating System

Servers

Storage

Infrastructure

as a Service

Application

Database

Operating System

Servers

Storage

Customer

Management Responsibility

Service Provider

Management Responsibility

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

Considerations for Cloud Security

6

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

Cloud Security Challenges


Applicable Compliance Requirements


Current Good Manufacturing Practices
(
cGMPs
) for human pharmaceuticals


FDA Audit Processes, field trials,

exception approvals


ARA, HIPPA, HITRUST, PCI, NIST, FTC,

State Regulations


Risk Management


Monitoring


Governance


Visibility


Advanced technology adoption

Complicates security,
compliance &

validation efforts

7

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

Success Through “Data Centricity”


8

Define

Appropriate
Controls

Determine
Applicable
Compliance
Requirements

Assess the
Associated Risks

Define the
Workload

(isolate a function)

Classify the

Relevant Data

Establish
Contractual
Obligations

Sensitive
Data

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

Layered Approach to Cloud Security

Access Management

Infrastructure Security

Services Security

8 Security Dimensions

Data Confidentiality

Communication Security

Integrity

Availability

Privacy

Authentication

repudiation

Security Layers

Applications Security


Access Control

End User
Security

VULNERABILITIES

Data Confidentiality

Communication Security

Data Integrity

Availability

Privacy

Authentication

Non
-
repudiation

THREATS

ATTACKS


Destruction


Disclosure


Corruption


Removal


Interruption

Adapted based on X.805 Model

9

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

Compliance & Security Lessons Learned



The responsibility for security and compliance cannot be outsourced


Proper Asset Classification is critical
-

understand what you are
putting into the cloud


Understand that assets can exist in various physical locations


Determine who can affect the security of the data


Do Your Homework to find the right Security Solutions Provider!


Evaluate providers based on your security requirements


Document accountability demarcation points

10

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

11

Cloud Security and

Compliance Assessment

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

12

Cloud Security and Compliance Assessment

Service Overview

What We Deliver

What We Provide

Cloud Security and Compliance
Assessment Executive Summary

Provides key findings of the assessment.



AT&T’s Cloud Security and
Compliance Assessment

helps you understand your security
posture, polices and compliance
exposure.

The Cloud Security and Compliance
Assessment

provides an onsite consulting engagement
to examine and maintain your security
posture by identifying potential data
security risk(s) involved in moving targeted
workloads to the Cloud.

Cloud Security and Compliance
Assessment Report

Comprehensive findings report with
technical detail and recommendations
resulting from the assessment service.


AT&T is committed to providing pre and
post assessment requirements, access

to information and transparency.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

13

Why AT&T for Cloud Security and Advisory Services?

Where experience counts



Managed WAN
for single
communication
fabric worldwide


Security

Managed Applications,
Managed UC Services,
Collaboration Services and
Cloud Solutions


A rich history of building highly
-
secure
domestic and global networks including
expertise in large scale, complex and custom
network infrastructures and solutions.


Comprehensive Consulting portfolio across
eight strategic services in addition to cloud
advisory services.


Combined network implementation
experience and consulting capabilities that is
aligned with your business needs and vision.


AT&T Consulting provides “trusted advisor”
expertise with “C” level executives based
upon many years of experience of addressing
strategic business initiatives with best of
breed solutions.


AT&T Expertise

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

14