Cloud Security Consulting Services
AT&T Security Consulting
March 2012
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T
marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated
companies. All other marks contained herein are the property of their respective owners.
Technology Trends Reshaping Business
Powerful Mobile
Computing Devices
Fast, Widespread
Wireless/Wireline IP
Networks
Cloud Computing
Companies are reengineering the way they do business.
2
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T
marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated
companies. All other marks contained herein are the property of their respective owners.
What is “Cloud Computing”?
“…a model for enabling ubiquitous, convenient,
on-demand network access to a shared pool of
configurable computing resources that can be
rapidly provisioned and released with minimal
management effort or service provider
interaction.”
- National Institutes of Standards
and Technology
3
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T
marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated
companies. All other marks contained herein are the property of their respective owners.
Business Drivers for Cloud
Improve My Productivity
• Real time collaboration across employees,
partners, customers
• Requirements for applications to work
across devices
Demand to mobilize and
virtualize assets,
applications and activities
Reduce My Cost
• Low storage and server utilization
in non-peak periods
• Desire to pivot from Capex to Opex
Remove the Complexity
• Simplification due to limited IT staff
down market
• End-to-end ownership vs. multi-vendor
service integrations
4
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T
marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated
companies. All other marks contained herein are the property of their respective owners.
• Off-premise
• Web-enabled
• On-demand
• Device Agnostic
• Easy to Use
• Tiered Support
Cloud Deployment Models Transfer Responsibility
Customer
Management Responsibility
Application
Software
as a Service
Database
Operating System
Servers
Storage
Application
Platform
as a Service
Database
Operating System
Servers
Storage
Application
Infrastructure
as a Service
Database
Operating System
Servers
Storage
5
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T
marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated
companies. All other marks contained herein are the property of their respective owners.
Service Provider
Management Responsibility
Considerations for Cloud Security
6
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T
marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated
companies. All other marks contained herein are the property of their respective owners.
Cloud Security Challenges
• Applicable Compliance Requirements
– Current Good Manufacturing Practices
(cGMPs) for human pharmaceuticals
– FDA Audit Processes, field trials,
exception approvals
– ARA, HIPPA, HITRUST, PCI, NIST, FTC,
State Regulations
• Risk Management
• Monitoring
• Governance
• Visibility
• Advanced technology adoption
7
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T
marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated
companies. All other marks contained herein are the property of their respective owners.
Complicates security,
compliance &
validation efforts
Success Through “Data Centricity”
Define the
Workload
Classify the
Relevant Data
(isolate a function)
Establish
Contractual
Obligations
Sensitive
Data
Define
Appropriate
Controls
8
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T
marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated
companies. All other marks contained herein are the property of their respective owners.
Assess the
Associated Risks
Determine
Applicable
Compliance
Requirements
Layered Approach to Cloud Security
Security Layers
Applications Security
8 Security Dimensions
End User Security
Adapted based on X.805 Model
9
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T
marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated
companies. All other marks contained herein are the property of their respective owners.
Privacy
Availability
Destruction
Integrity
Data
Integrity
Communication Security
Non-repudiation
repudiation
Data Confidentiality
Infrastructure Security
Authentication
Services Security
Management
Control
Access
Access
VULNERABILITIES
THREATS
Corruption
Removal
Disclosure
Interruption
ATTACKS
Compliance & Security Lessons Learned
• The responsibility for security and compliance cannot be outsourced
• Proper Asset Classification is critical - understand what you are
putting into the cloud
• Understand that assets can exist in various physical locations
• Determine who can affect the security of the data
• Do Your Homework to find the right Security Solutions Provider!
• Evaluate providers based on your security requirements
• Document accountability demarcation points
10
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T
marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated
companies. All other marks contained herein are the property of their respective owners.
Cloud Security and
Compliance Assessment
11
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T
marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated
companies. All other marks contained herein are the property of their respective owners.
Cloud Security and Compliance Assessment
Service Overview
What We Provide
12
What We Deliver
AT&T’s Cloud Security and
Compliance Assessment
Cloud Security and Compliance
Assessment Executive Summary
helps you understand your security
posture, polices and compliance
exposure.
Provides key findings of the assessment.
The Cloud Security and Compliance
Assessment
Cloud Security and Compliance
Assessment Report
provides an onsite consulting engagement
to examine and maintain your security
posture by identifying potential data
security risk(s) involved in moving targeted
workloads to the Cloud.
Comprehensive findings report with
technical detail and recommendations
resulting from the assessment service.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T
marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated
companies. All other marks contained herein are the property of their respective owners.
AT&T is committed to providing pre and
post assessment requirements, access
to information and transparency.
Why AT&T for Cloud Security and Advisory Services?
Where experience counts
AT&T Expertise
• A rich history of building highly-secure
domestic and global networks including
expertise in large scale, complex and custom
network infrastructures and solutions.
Managed WAN
for single
communication
fabric worldwide
Security
Managed Applications,
Managed UC Services,
Collaboration Services and
Cloud Solutions
13
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T
marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated
companies. All other marks contained herein are the property of their respective owners.
• Comprehensive Consulting portfolio across
eight strategic services in addition to cloud
advisory services.
• Combined network implementation
experience and consulting capabilities that is
aligned with your business needs and vision.
• AT&T Consulting provides “trusted advisor”
expertise with “C” level executives based
upon many years of experience of addressing
strategic business initiatives with best of
breed solutions.
14
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T
marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated
companies. All other marks contained herein are the property of their respective owners.