Cloud Computing , Compliance , Cybersecurity

Public, Private & Hybrid Cloud: Why Compliance (Done Right) is the Easy Part
Public, Private & Hybrid Cloud: Why Compliance (Done Right) is the Easy Part

There is a common perception among organizations that compliance with industry regulations, especially when using a public cloud model - is a shared responsibility model.

See Also: 2016 Social Engineering Report

Regardless of the provider, all providers operate under the following model - the provider is responsible for the physical infrastructure, the shared networking, the computing, storage and the hypervisor. Everything that sits on top of a basically virtual machine and the guest instance is the responsibility of the customer. This includes securing data, the application code, the application framework and the Operating Systems that is sitting on top of the infrastructure itself.

Depends on how an organization views this - it provides the flexibility to enforce consistency and a similar level of controls as the organization does in its other environments, including in its data centers. However, it's extremely challenging to achieve this using the traditional network and system security controls. And compliance with industry regulations - such as SOX404, PCI DSS, GLBA - is still an organization's responsibility.

All of this requires a new way of thinking.

In this informative webinar we will deliver practical advice on achieving and continually maintaining compliance with industry regulations when operating under any type of distributed computing environment, including private, public and hybrid-cloud environment.

Viewers will learn:

  • The compliance challenges organizations face integrating cloud services with their data centers
  • How to assess the compliance posture of your infrastructure, even if it's distributed across the data center, public cloud services, offsite facilities, IaaS and PaaS installs and hosted applications
  • How compliance automation works to integrate legacy infrastructures with cloud-based ones - and ensure compliance requirements aren't overlooked
  • Why focusing on security across your hybrid IT infrastructure is the best way to alleviate many compliance headaches

Background

According to one of the largest cloud services provider, Amazon Web Services "...the customer should assume responsibility and management of, but not limited to, the guest operating system...and associated application software..." It further adds "..it is possible for customers to enhance security and/or meet more stringent compliance requirements with the addition of..host based firewalls, host based intrusion detection/prevention, encryption and key management."

Regardless of the provider, all providers operate under this model.

The security and compliance requirements in any form of cloud environment haven't changed. We still need - strong access controls, privileged accounts monitoring, multi-factor authentication, user auditing, device verification, file integrity monitoring etc. We need to reduce the attack surface on a continual basis and find ways to implement corporate policies and ensure compliance in a consistent manner. All of this - basically anything that sits on top of a virtual machine and the guest instance is the responsibility of the customer.

Listen to Sami Lane address these issues in this educational webinar:

  • Security & compliance intelligence - reporting and analytics, auditing and standardized policy implementation;
  • Software Defined Security capabilities including exposure management;
  • Compliance management across hybrid environment - application whitelisting, data leak prevention.

Slide Previews



Around the Network