meeting the grand challenges of hybrid cloud · title: title 44 point verdana all caps author:...

1 © Copyright 2014 EMC Corporation. All rights reserved.

Meeting the Grand Challenges of Hybrid Cloud Dr. Robert W. Griffin Chief Security Architect

RSA, the Security Division of EMC

[email protected]

blogs.rsa.com/author/griffin

blog.emc2.de/executive-world/

project-sparks.eu/blog/

@RobtWesGriffin

linkedin.com/pub/robert-griffin/0/4a1/608


Disruption and Transformation

Infrastructure Transformation

Mobile Cloud

Less control over access device and back-end

infrastructure

Threat Landscape Transformation

APTs

Sophisticated Fraud

Fundamentally different tactics, more formidable than ever

Business and Legal Transformation

More hyper-extended, more digital

Extended Workforce Networked

Value Chains

Big Data

http://www.emc.com/collateral/industry-overview/h11391-rpt-information-security-shake-up.pdf?pid=sbiclandingpage-sbicspecialreport-122112


Responding to the IoT Opportunity SPARKS Project (Smart Grid Protection Against Cyber Attacks)

A greater degree of monitoring and

automatic control at electricity network

edge

Increased use of

ICT systems, e.g.,

to support

prosumer

communities and

advanced energy

services

Greater use of

COTS systems to

implement parts of a more

open grid

Privacy concerns

emerging from

smart meters & increased

risks associated with

tampering

Incidents the US

ICS-CERT

responded to from

Oct 2012-May

2013, Source: ICS-

CERT

SCADA-related Incidents


Intelligence is the Game Changer


Example#1: T-Systems (UK) Achieving Risk Discipline

http://www.emc.com/collateral/customer-profiles/h11661-rsa-archer-cp.pdf

• Requirements: • Create a consolidated enterprise-wide view of

operational and functional risks for senior management

• Address all classes of risk • Engage business users in risk governance

• Solution: • Used ISO 31000 as framework • Defined risk ownership • Established enterprise-wide risk community • Deployed single software solution across

enterprise


Operational & Enterprise Risk

IT Security Risk

IT Business

Risk Discipline Across the Organization

Board Business

Operations Managers

CIO & CISO

Common Foundation

Maturity

Silos Managed Advantaged

LOB Executives

Business Resiliency

Regulatory & Corporate Compliance

Third Party & Vendor Risk

Audit


SPECS Project : Secure Provisioning of Cloud

Services based on SLA Management

Request SecSLA Capabilities

Final Agreed SecSLA capabilities

Search,Evaluate,Rank

Negotiate & Sign SecSLA Offering

Federation CSC


Example#2: Deutsche Bank (Germany) Identity Governance

• Deutsche Bank Global SoD Program – European Identity Award (May 2013)

• Requirements: – Continuously monitor Segregation of Duties across

the enterprise – Integrate with existing access management – Increase regulatory awareness

• Solution: – Implemented SoD rules to detect conflicts – Supported complex elements in rules – Designated SoD managers – Supported cloud environments

https://www.aveksa.com/news_item/aveksa-customer-wins-prestigious-iam-award-from-leading-it-research-analyst-firm/


Trusted interactions between identities and information

Identity Governance

Applications/Data/Resources

Identity Lifecycle

Compliance

Access Platform Governance Platform

Federation/SSO

Authentication

Employees/Partners/Customers

Provisioning

Identity Intelligence


IT Security

Identify Governance

Line of Business

Ensure Compliance and Manage Risk

Audit, Risk & Compliance

Enterprise, Mobile & Cloud Applications and Data

Enable the Business: Ownership & Accountability

Managing Identity Across the Cloud

Visibility and Control across Hyper-Extended Enterprise

Business Processes


Example #3: Communication Valley Reply (Italy) Leveraging Security Analytics

• Requirements: • Efficient, cost-effective management and

reporting of security • Reduce cost of services delivery • Improved MSSP service as competitive

advantage • Solution:

• Automatically tracked and reported on client risk and compliance

• Enhanced incident triage • Improved event analysis

http://www.emc.com/collateral/customer-profiles/h11982-reply-cp.pdf


Capture, analyze and act on data from across the enterprise.

Threat Intelligence | Rules | Parsers | Feeds | Reports | Research INTELLIGENCE

Investigation

Advanced Analytics

Compliance

Endpoint Analysis

Session Reconstruction

Incident Management

ACTION ANALYSIS

LIVE

VISIBILITY

Capture Time Meta-Data Enrichment

LIVE

Security Analytics

LOGS

PACKETS

ENDPOINT

NETFLOW

ENRICH


Incident Management & Reporting

Visibility

Security Architecture

Team

Device Administration

Data Warehouse &

Ticketing System

IT Team

Intelligence-Driven Security

Automation,

Rules, Alerts & Reports

Threat Triage

Analytic Intelligence Content Intelligence

Expertise

Level 1 Triage

Level 2 Triage

Level 3 Triage

Threat Intelligence

Controls

A/V IDS/IPS

Firewall/VPN Proxy

Packets Host File

DLP

SIEM Log Alerts

DLP Alerts

Signature less Alerts

Governance

Business Context

Risk Context

Threat Context

Line of Business Owner Policy

Assessments Criticality

Vulnerability

Subscriptions Community

Open Source


Planning Your Journey

Compliance Opportunity Risk

Siloed compliance focus,

disconnected risk, basic reporting

Managed automated compliance, expanded risk focus,

improved analysis/metrics

Advantaged fully risk aware, exploit

opportunity

Reduce compliance cost

Gain resource & risk visibility

Manage known & unknown risks

Identify new business opportunities

Thank you.

meeting the grand challenges of hybrid cloud · title: title 44 point verdana all caps author:...

Documents