Cloud Security Consulting Services AT&T Security Consulting March 2012 © 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. Technology Trends Reshaping Business Powerful Mobile Computing Devices Fast, Widespread Wireless/Wireline IP Networks Cloud Computing Companies are reengineering the way they do business. 2 © 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. What is “Cloud Computing”? “…a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.” - National Institutes of Standards and Technology 3 © 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. Business Drivers for Cloud Improve My Productivity • Real time collaboration across employees, partners, customers • Requirements for applications to work across devices Demand to mobilize and virtualize assets, applications and activities Reduce My Cost • Low storage and server utilization in non-peak periods • Desire to pivot from Capex to Opex Remove the Complexity • Simplification due to limited IT staff down market • End-to-end ownership vs. multi-vendor service integrations 4 © 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. • Off-premise • Web-enabled • On-demand • Device Agnostic • Easy to Use • Tiered Support Cloud Deployment Models Transfer Responsibility Customer Management Responsibility Application Software as a Service Database Operating System Servers Storage Application Platform as a Service Database Operating System Servers Storage Application Infrastructure as a Service Database Operating System Servers Storage 5 © 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. Service Provider Management Responsibility Considerations for Cloud Security 6 © 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. Cloud Security Challenges • Applicable Compliance Requirements – Current Good Manufacturing Practices (cGMPs) for human pharmaceuticals – FDA Audit Processes, field trials, exception approvals – ARA, HIPPA, HITRUST, PCI, NIST, FTC, State Regulations • Risk Management • Monitoring • Governance • Visibility • Advanced technology adoption 7 © 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. Complicates security, compliance & validation efforts Success Through “Data Centricity” Define the Workload Classify the Relevant Data (isolate a function) Establish Contractual Obligations Sensitive Data Define Appropriate Controls 8 © 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. Assess the Associated Risks Determine Applicable Compliance Requirements Layered Approach to Cloud Security Security Layers Applications Security 8 Security Dimensions End User Security Adapted based on X.805 Model 9 © 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. Privacy Availability Destruction Integrity Data Integrity Communication Security Non-repudiation repudiation Data Confidentiality Infrastructure Security Authentication Services Security Management Control Access Access VULNERABILITIES THREATS Corruption Removal Disclosure Interruption ATTACKS Compliance & Security Lessons Learned • The responsibility for security and compliance cannot be outsourced • Proper Asset Classification is critical - understand what you are putting into the cloud • Understand that assets can exist in various physical locations • Determine who can affect the security of the data • Do Your Homework to find the right Security Solutions Provider! • Evaluate providers based on your security requirements • Document accountability demarcation points 10 © 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. Cloud Security and Compliance Assessment 11 © 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. Cloud Security and Compliance Assessment Service Overview What We Provide 12 What We Deliver AT&T’s Cloud Security and Compliance Assessment Cloud Security and Compliance Assessment Executive Summary helps you understand your security posture, polices and compliance exposure. Provides key findings of the assessment. The Cloud Security and Compliance Assessment Cloud Security and Compliance Assessment Report provides an onsite consulting engagement to examine and maintain your security posture by identifying potential data security risk(s) involved in moving targeted workloads to the Cloud. Comprehensive findings report with technical detail and recommendations resulting from the assessment service. © 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. AT&T is committed to providing pre and post assessment requirements, access to information and transparency. Why AT&T for Cloud Security and Advisory Services? Where experience counts AT&T Expertise • A rich history of building highly-secure domestic and global networks including expertise in large scale, complex and custom network infrastructures and solutions. Managed WAN for single communication fabric worldwide Security Managed Applications, Managed UC Services, Collaboration Services and Cloud Solutions 13 © 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. • Comprehensive Consulting portfolio across eight strategic services in addition to cloud advisory services. • Combined network implementation experience and consulting capabilities that is aligned with your business needs and vision. • AT&T Consulting provides “trusted advisor” expertise with “C” level executives based upon many years of experience of addressing strategic business initiatives with best of breed solutions. 14 © 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.