intel saas security playbook
DESCRIPTION
Learn about Intel's approach to securing data and applications in the public cloud.TRANSCRIPT
SaaS Security PlaybookSecuring data and applications in the public cloud
Legal Notices
This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Intel, and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. * Other names and brands may be claimed as the property of others.Copyright © 2014, Intel Corporation. All rights reserved.
1
3
Social Mobile
Analytics Cloud
The SMAC Stack
SMAC is Changing the Way We Do Business
4
The SMAC Stack Requires Agile Security Capabilities
• Enable movement of diverse information to more places• Variety and growth in devices, internet touch points, and access
methods• More custom mobile applications and services within the enterprise• The need to adopt standard applications for SaaS in the public
cloud
MobileSocial CloudAnalytics
The conversation is no longer about which applications and data will
move to the cloud, but rather which applications and data will stay on premise.
5
Public Cloud Requires a Playbook
Legal
Security SMEs
Architects
Privacy
Investigations
E-Discovery
External Pen Tester
Risk ManagerPlayboo
k
Architects
Security Engineers
Product Owners
Legal \ Privacy
Enterprise Provider
Tenant
Business Requirement
sUse Cases Information
Classification
Risk Review
6
Steps to Develop a SaaS Security Playbook
Educate your team on SaaS
Know your data and inventory
Understand how to
calculate & mitigate
risk
Define security controls
responsibility
Perform security reviews during SaaS
lifecycle
1 2 3 54
7
Lessons Learned• Just as enterprise applications and data are moving to SaaS, security controls are also moving to SaaS.
• Decide which security controls will remain internally hosted and managed vs. externally hosted and externally managed.
• Carefully evaluate SaaS providers as some controls are immature and the ecosystem is evolving.
• Consider short-term contracts to allow flexibility to move to a new supplier if capabilities or roadmaps no longer align to risk tolerance.
8