CIO Forum: Security, Compliance, & Cloud

February 19, 2015

JELECOS TODAY

Cloud ServicesApplication

Services

Strategic Advisory

Services

Managed Infrastructure

Managed Backup and

Recovery

Managed Security and

Compliance

Managed Storage

Discovery

Development

Optimization

Strategic Planning

Business/Tech Alignment

IT Governance

JELECOS – BUILT FOR COMPLIANCE

DILBERT ON SECURITY

IN THE SPOTLIGHT

Leon Thomas

President & CEO, Jelecos

OBJECTIVES

Overview of changing cloud landscape

Overview of changing compliance landscape (PCI-DSS 3.0)

Evolution of hybrid cloud and compliance relationship

New challenges have arrived

Planning and next steps

FOOD FOR THOUGHT

By 2020 cloud computing will cross the $270 billion mark.

94% of managers say their business security has improved after adopting cloud

applications.

91% of SMBs says their cloud providers made it easier to satisfy compliance

requirements.

By 2016 36% of all data is expected to be stored in the cloud, up from 7% in 2013.

90% of Microsoft's R&D budget is being used to improve cloud technology and

security services.

Source: http://blog.icorps.com/20-cloud-computing-facts-for-2015

CURRENT PLANS

What are your current plans?

You need more than one plan.

PCI-DSS 1…2…3

HIPAA-HITECH/Meaningful Use

Red Flag Rules

FISMA/NIST

Gramm-Leach-Bliley

Sarbanes-Oxley

FINRA

Cloud Adoption

IoT

BYOD

Storage Growth

Shadow ITITaaS

SSAE-16

Fabric

Infrastructure

Convergence

IMPACT AND COST OF BREACHES

o Malicious Breach

o 1/3 not caught by company defenses

o Average cost of $840,000 per breach

o Lost reputation and brand value

o Non-malicious Breach

o 1/3 identified accidentally

o Average cost of $470,000 per breach

o Lost reputation and brand value

WORLD’S BIGGEST DATA BREACHES

Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

SECURITY PREDICTIONS FOR 2015

0 2 4 6 8 10 12 14

Regulation, compliance & cyberinsurance

High-profile data breaches

Encryption & privacy

Mobile technology

IoT & critical infrastructure

Evolutions of existing cybersecurity solutions

New attack vectors & platforms

2015 Cybersecurity Predictions

Number of predictions

PCI DSS 3.0: COMMONLY ASKED QUESTIONS

Why is there a new standard?

Who does it affect?

When is the PCI DSS 3.0 deadline?

What does PCI DSS 3.0 mean for my business?

How can I ensure compliance with PCI DSS 3.0?

CONTROL OF CLOUD BASED DATA

The challenge of Cloud is data

management

Data to a network or compute is transient

Once data is placed in storage it has to be

managed for the long term

Data protection, governance, security,…

Maintain control of data

Controlled Data

Direct Connect Location

Cloud

ComputeCloud

Storage

Controlled DataOn Premises

Customer

Provisioned

MPLS/VPN Network

Direct Connect

/

ExpressRoute

Capability

Cloud

Service

Provider

NetApp Private Storage

COMPLIANCE IN THE AGE OF BIG DATA

Analytics derived from Big

Data becoming as valuable as

traditional enterprise data

Often cloud solutions are the

only way to meet scalability,

performance and security

challenges posed by Big Data

COMPLIANCE IN THE AGE IOT

IoT devices will grow from

~16B in 2014 to ~41B in 2020,

adding $10 – 15 trillion (yes,

with a “T”) to global GDP by

2035

Guarding the gateways will be

essential to compliance and

security due to elongated and

fuzzy chain of custody

PLANNING YOUR 2015 CLOUD STRATEGY

Source: Computerworld 2015 Forecast Study

Top Five Tech Spending Increases in 2015

EVOLUTION OF THE HYBRID CLOUD

Four Steps to Ensuring Data Protection in the Hybrid Cloud

1. Ask the right questions of your cloud provider

2. Understand where you are vulnerable

3. Centralize governance and control of cloud deployments

4. Use solutions optimized for data protection

CONCEPTS TO WATCH

PCI-DSS 3.0 Adoption – June 2015 Deadline

VMWare vRealize suite

Future of vCloud Director

EVORail/Rack

SELF-ASSESSMENT

How secure is your organization today?

Do you consider security a competitive advantage?

What is your organization saying (or not saying) to its current and prospective customers and vendors about its security?

Do you have an Incident Response Plan? If so, how current is it?

CHANGE OF MINDSET

Stop thinking

“If we get hacked”

and start thinking

“When we get hacked”.

THANKS FOR JOINING US THIS MORNING