it compliance using troux technologies
DESCRIPTION
Most secure organizations that have achieved a reasonable level of maturity in a security program have likely done so by using best practices such as data classification, data encryption, auditing, log management and the like. As disruptive technologies like mobile and SaaS come along, the same disciplines should be adapted and applied in an agile and dynamic manner; in other words, the data classification approach must be more than a document or a policy sitting in a shared drive on the company intranet. The data classification and tagging process discipline should be a bridge between the applications portfolio and certification and compliance.TRANSCRIPT
© 2014 VMware Inc. All rights reserved.
EPM Program at VMWare (Troux)Joe Faghani, Lead Enterprise Application ArchitectSteve Tout, Head, IAM Program at VMware
Joe Faghani, Lead Enterprise Application Architect, VMware
As Lead EA for Corporate IT at VMware, Joe is responsible for the continuous refinement of
current state solution architectures, the development of future state solution architectures
and the delivery of the company’s application portfolio roadmap. He also directs VMware’s
Architecture Review Board and oversees a team of system domain architects in charge of
reviewing solution and technical architectures. Prior to VMware Joe worked at Rambus
(Software Architect Emerging Technologies), Juniper Networks (EA), the US Army (Soldier
of Future Project SBIR), Cadence and Learning Tree (Software Architect Distance Learning)
Joe earned a bachelors degree in Computer Science from University of London
Steve Tout, Technical Director of IAM at VMware
Steve leads an IAM program at VMware and has designed, implemented and
managed systems to support VMware’s explosive growth into a $5B company.
He has day-to-day responsibility for the IAM domain at the EA board level,
defining and executing against a 3-year roadmap and plays a key role in IAM
strategy and governance. Steve studied Information Technology at the University
of Phoenix and has held senior roles in engineering, security, operations and
consulting at AT&T Wireless, US Bank and Oracle Corporation. He lives with his
wife, daughter and two basset hounds in Morgan Hill, California.
Compliance (IAM)
3
IDG Enterprise, Cloud Research Report, 2013
According to a 2013 IDG Enterprise
cloud computing research study, it
was found that 66% of IT decision
makers cite security concerns as a
barrier to implementing a cloud
computing strategy, and 56% say
they won't fully embrace the cloud
until they are more confident in
cloud service providers ability to
meet their compliance
requirements.
Can you tell me…
• Are you using SaaS in your organization for major business processes?
• What are the public cloud risks I should be concerned about?
– What is our As-Is state of SaaS?
• Which SaaS applications your organizes uses that stores PCI, HIPPA or other sensitive data?
• How are you managing, monitoring, auditing and controlling the SaaS applications your business uses?
• Which of your SaaS applications is most at risk of being compromised?
– Where do you start to invest in security and remediate risks?
IAM Governance using Troux
• Know what your standards are, where you use SSO and how you audit and monitor your users in a SaaS world
• Using Troux, inventory, identify, correlate, tag and understand -create Troux Insights for the
business
• Develop the practices and tools so you can demonstrate appropriate levels of control are in place over regulated data and contribute towards security and compliance
The bottom line
• Lower the cost of compliance
• Achieve more efficient compliance in SaaS
• Use a simple data classification model to manage and understand where your risks are
– E.g. Low, Medium, High
– This is possible to do in Trouxwithout any customizations
