building a cloud-ready security program

Building a Cloud-Ready Security Program

Be ready. Get ahead…stay ahead.

@NetIQ - #NetIQCloud

© 2012 NetIQ Corporation. All rights reserved.2

Overview

• Cloud makes the world complex.

• There are some things you control.

• Get those right.

• Stay relevant.

• Extend and reinforce success.

• How (specifically) NetIQ helps.


At the Crossroads


What Keeps You up at Night?

NewThreats

Expanding Computing

Environment

BusinessKeepsMoving

StaffStretched

Thin

Change + Complexity = Loss of Control and Visibility



Fueling the Rush to the Cloud

• Greater customer and partner integration and intimacy

• Faster response to competitive threats

• Faster time to market



Cloud Brings Many Challenges

• Security

• Visibility

• Cost Management

• Alignment

• Compliance


Things Are Getting Complicated



Things Are Getting ComplicatedMORE



Interdependencies Grow

• Systems and services extend into third-party cloud offerings.

• Creates interdependencies that never existing before.

• These are highly complex, and potentially very difficult to manage.



BYO…(Anything)

• …Device

• …Cloud

• …Applications

• …Identity



Integration and Proliferation

• Cloud usage proliferates.

• Integration with existing services is complex.

• Integration between ‘clouds’ can be even harder.



All The Risk… None of the Reward

• IT continues to hold liability:• Controls access to critical services and data

• Manages organizational risk

• Deals with compliance

• Yet business users continue to directly engage with the cloud and unmanaged personal devices.



It’s Getting Crazy Out There



It’s Getting Crazy Out There

11,500+ files, every second, every day



Cloud Brings Challenges

• Security

• Visibility

• Cost Management

• Alignment

• Compliance

You are here.


• There is little-to-no knowledge of internal activities – or potential threats.

• Most breaches are discovered by a third party – not the breached party.

Maintain the Status Quo



Gain Visibility and Control

• Focus on organizational risk management

• Greater context for security and risk data

• Know what your internal users are doing

• Monitor and audit all activity around sensitive assets


Ready, set..transform!


Risk: Define It, Manage It



What Does That Mean?

Focus resources on the most critical assets, then make sure the “basics” are in place:

• System configuration

• Reduce privileged users

• Reduce privileges

• Monitor activity

• Integrate identity

• Improve access controls

• Keep it visible, keep it real



Focus on the Data, Then Layer Defenses



It’s All About The Data

Data-centric, risk-focused security



Surround with Layers of Data-Centric Solutions….• Manage who has access

• Monitor what they do

• Secure where the data is

• Build intelligence and use it

• Integrate other data-centric technologies



Keep It Rolling

• Continuous compliance

• Automate where you can, when you can

• Smarter security is better than more security

• Don’t just believe the vendors

• Make sure it’s easy to show value


Extending…

It’s easier to extend what’s right into the cloud.


Fight Fire With Fire

• OK, cloud with cloud

• Increasing interest in SecaaS

• NetIQ closely involved in this

• Partnering with cloud providers



NetIQ Will Help

• Faster identification of threats

• Clearer understanding of “who”

• Simpler management of access to services

• Reduced risk from poor configuration

• Tighter controls on privileged users



cloud ninenoun Informal.a state of elation or happiness (usually in the phrase on cloud nine)

building a cloud-ready security program

Technology

netiq corporation

secaas netiq

risk data

cloud nine28

cloud providers26

overview cloud

data datacentric

cloud greater customer