security, compliance and cloud - jelecos
TRANSCRIPT
JELECOS TODAY
Cloud ServicesApplication
Services
Strategic Advisory
Services
Managed Infrastructure
Managed Backup and
Recovery
Managed Security and
Compliance
Managed Storage
Discovery
Development
Optimization
Strategic Planning
Business/Tech Alignment
IT Governance
OBJECTIVES
Overview of changing cloud landscape
Overview of changing compliance landscape (PCI-DSS 3.0)
Evolution of hybrid cloud and compliance relationship
New challenges have arrived
Planning and next steps
FOOD FOR THOUGHT
By 2020 cloud computing will cross the $270 billion mark.
94% of managers say their business security has improved after adopting cloud
applications.
91% of SMBs says their cloud providers made it easier to satisfy compliance
requirements.
By 2016 36% of all data is expected to be stored in the cloud, up from 7% in 2013.
90% of Microsoft's R&D budget is being used to improve cloud technology and
security services.
Source: http://blog.icorps.com/20-cloud-computing-facts-for-2015
CURRENT PLANS
What are your current plans?
You need more than one plan.
PCI-DSS 1…2…3
HIPAA-HITECH/Meaningful Use
Red Flag Rules
FISMA/NIST
Gramm-Leach-Bliley
Sarbanes-Oxley
FINRA
Cloud Adoption
IoT
BYOD
Storage Growth
Shadow ITITaaS
SSAE-16
Fabric
Infrastructure
Convergence
IMPACT AND COST OF BREACHES
o Malicious Breach
o 1/3 not caught by company defenses
o Average cost of $840,000 per breach
o Lost reputation and brand value
o Non-malicious Breach
o 1/3 identified accidentally
o Average cost of $470,000 per breach
o Lost reputation and brand value
WORLD’S BIGGEST DATA BREACHES
Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
SECURITY PREDICTIONS FOR 2015
0 2 4 6 8 10 12 14
Regulation, compliance & cyberinsurance
High-profile data breaches
Encryption & privacy
Mobile technology
IoT & critical infrastructure
Evolutions of existing cybersecurity solutions
New attack vectors & platforms
2015 Cybersecurity Predictions
Number of predictions
PCI DSS 3.0: COMMONLY ASKED QUESTIONS
Why is there a new standard?
Who does it affect?
When is the PCI DSS 3.0 deadline?
What does PCI DSS 3.0 mean for my business?
How can I ensure compliance with PCI DSS 3.0?
CONTROL OF CLOUD BASED DATA
The challenge of Cloud is data
management
Data to a network or compute is transient
Once data is placed in storage it has to be
managed for the long term
Data protection, governance, security,…
Maintain control of data
Controlled Data
Direct Connect Location
Cloud
ComputeCloud
Storage
Controlled DataOn Premises
Customer
Provisioned
MPLS/VPN Network
Direct Connect
/
ExpressRoute
Capability
Cloud
Service
Provider
NetApp Private Storage
COMPLIANCE IN THE AGE OF BIG DATA
Analytics derived from Big
Data becoming as valuable as
traditional enterprise data
Often cloud solutions are the
only way to meet scalability,
performance and security
challenges posed by Big Data
COMPLIANCE IN THE AGE IOT
IoT devices will grow from
~16B in 2014 to ~41B in 2020,
adding $10 – 15 trillion (yes,
with a “T”) to global GDP by
2035
Guarding the gateways will be
essential to compliance and
security due to elongated and
fuzzy chain of custody
PLANNING YOUR 2015 CLOUD STRATEGY
Source: Computerworld 2015 Forecast Study
Top Five Tech Spending Increases in 2015
EVOLUTION OF THE HYBRID CLOUD
Four Steps to Ensuring Data Protection in the Hybrid Cloud
1. Ask the right questions of your cloud provider
2. Understand where you are vulnerable
3. Centralize governance and control of cloud deployments
4. Use solutions optimized for data protection
CONCEPTS TO WATCH
PCI-DSS 3.0 Adoption – June 2015 Deadline
VMWare vRealize suite
Future of vCloud Director
EVORail/Rack
SELF-ASSESSMENT
How secure is your organization today?
Do you consider security a competitive advantage?
What is your organization saying (or not saying) to its current and prospective customers and vendors about its security?
Do you have an Incident Response Plan? If so, how current is it?