SlideShare a Scribd company logo

cloud-security

A
Asun Sada
1 of 6
Download to read offline
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 1 White Paper Cloud Security Cloud Security Trust Cisco to Protect Your Data CSPs can earn this trust by demonstrating that they comply with the most robust security and data protection policies and procedures. These policies need to support a coordinated, tightly integrated combination of internal policy compliance, regulatory compliance, external auditing, and governance. The Cisco® public Intercloud-based services platform, Cisco Intercloud Services, offered in conjunction with our partners, is an example of our commitment to cloud security and data protection. To keep data in the cloud secure, we and our partners adhere to a rigorous, industry-competitive set of security and data protection standards. Our dedication to security isn’t just limited to public Intercloud-based services; it’s fundamental to the entire Journey to the Intercloud. Security is integral to each step in this journey. Beginning with strategy development and extending to private cloud deployment, “as-a-service” offerings, and reaching to the hybrid cloud, you can trust Cisco with your most sensitive data. As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive data to cloud providers? And how can you be assured that they will deliver the security and data protection you need? At Cisco, our commitment to cloud security is based on these principles: SIMPLICITY AND TRANSPARENCY Cisco offers a common, unified set of controls based on multiple standards and frameworks that enhance your visibility into the cloud. They support continuous improvement by identifying, assessing, measuring, and mitigating risk. SECURITY AND COMPLIANCE Cisco provides independently audited and certified technical, operational, facility, and personnel controls, safeguards, and procedures. You can be confident that your applications and data are in a highly secure and compliant environment. SHARED RESPONSIBILITY Cisco offers a degree of control at the individual service level that meets or exceeds most customers’ requirements. By collaborating and sharing responsibility, we can help you reduce risk, cost, and quality issues. We also support customers who must meet specific internal or industrywide security and compliance standards.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 2 White Paper Cloud Security Cisco as a Trusted Security Partner Cisco offers a level of threat research and intelligence beyond that available to most CSPs. Our security ecosystem, the Cisco Collective Security Intelligence, collects threat intelligence from across the organization. Our Talos Security Intelligence and Research Group, and our Security and Trust, Managed Threat Defense, and Security Operations teams deliver security protection and managed security services that protect our customers from known and emerging threats. By aggregating and analyzing telemetry data across our ecosystem, we create a security intelligence cloud that we call “big intelligence.” Our reputation analysis service tracks threats across networks, endpoints, mobile devices, virtual systems, web, and email. With this data, we gain a holistic understanding of threats, their root causes, and the scope of outbreaks. All this information helps increase the effectiveness of our security solutions. For example, the Cisco Security Incident Response Service combines the latest intelligence with best security practices to engage all layers of defense. It helps organizations prepare, manage, respond, and recover from incidents quickly and effectively. Working directly with the Collective Security Intelligence group, the Incident Response team identifies known and unknown threats and quantifies and prioritizes risk to reduce risk in the future. The service uses leading monitoring systems and diagnostic procedures to quickly resolve events that affect business operations. In addition to our cloud security service teams, Cisco’s network security products, software, services, and solutions provide highly secure firewall, web, and email services while helping protect mobile and teleworking environments. Cisco designs, operates, and maintains our products and services to defend against security risks regardless of their origin. We don’t engineer undocumented features or functions, and we are committed to a policy of secure engineering throughout the development lifecycle. Our products undergo rigorous testing by employees, customers, third-party labs, and some of the best engineers in the world. Securing Your Data in the Cloud For strong security in our Intercloud-based services, we use leading capabilities, approaches, methods, and tools. Our organization wide information security management system (ISMS) operates in accordance with the ISO (International Organization for Standardization) 27001:2013 security standard and SOC (Service Organization Control) trust criteria principles and practices (Table 1). Our approach to security is wide and deep, spanning physical, logical, and virtual environments throughout our cloud facilities. It encompasses computing, storage, network, operations, personnel, and tools. We’re also working closely with our Intercloud partners to develop a consistent set of architectural and contractual controls for security and data protection. These controls will help further ensure transparency and trust throughout the Intercloud. THESE SECURITY OFFERINGS INCLUDE: • Access control and policy • Cisco Advanced Malware Protection • Email security • Firewalls • Network security • Next-generation intrusion prevention system • VPN and endpoint security clients • Web security
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 3 White Paper Cloud Security Table 1. Cisco Cloud Services Information Security Management System Component Information security policies Human resources security Asset management Access controls Cryptography Physical and environmental security Operations security Communications security System acquisition, development and maintenance Supplier relationships Information security incident management Information security aspects of business continuity management Compliance Management direction for, and organization of, information security, including roles and responsibilities, segregation of duties, and contacts with authorities and special interest groups Screening, background checks, disciplinary actions, and security awareness and training Asset inventory, acceptable use, and information classification Access policy, access authorization, network access, user responsibilities, and application and systems access Cryptographic-controls policy and key management Securing physical access to facilities, protection of equipment, and protection against external and environmental threats Operational policy, procedures, and responsibility, change management, capacity management, protection from malware, data recovery, logging and monitoring, control of operational software, technical vulnerability management, and audit controls. Network security management and information transfer Security requirements, development requirements, and test data Policies and monitoring Response process and reporting Planning and data recovery Legal and contractual requirements, intellectual property, protection of records, and information-security reviews Description
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 4 White Paper Cloud Security We also put measures in place to protect customer data against accidental or unlawful loss, destruction or alteration, and unauthorized disclosure or access. They include policies, procedures, and internal controls for Intercloud-based services personnel, equipment and processes, and for the Cisco facilities where we deliver our services. We also enforce similar measures with our vendors and subcontractors. For customers using our Cisco Intercloud-based services, we provide the location of the Cisco data centers that deliver services. Cisco and our customers may implement appropriate data transfer agreements where required. Protecting Personal Data and Privacy in the Cloud Privacy is a top priority for Cisco. We comply with the privacy and data protection laws that apply to our cloud services delivery wherever we do business. We know the legal obligations we must meet in the jurisdictions where we operate, and we address them through a common control framework that is the basis for our global privacy policies. One of the most important considerations in privacy and data protection is defining and understanding the different types of data that may be migrated, processed, or stored in the cloud. Cisco works with you to understand how your data flows and to clearly identify the different types of data in the cloud, including customer data, Cisco data, and third-party data. We also work with you to identify the laws that apply to you and your role (for example, if you are a data processor or a data controller). In addition, we comply with the Safe Harbor Privacy Principles for the transfer of personal data from the European Union (EU) and Switzerland, and we comply with EU Model Clauses1 that govern the processing of customer data and transfer of data outside the EU. Cisco is constantly evolving our strategy and efforts for secure data transfer. When data is transferred from countries located outside the EU and Switzerland, we meet data transfer requirements through various contractual means. Regardless of the country- or region-specific requirements, we meet our privacy compliance commitments and obligations through a rigorous set of controls. Supporting Data Residency and Data Sovereignty in the Intercloud Data residency and data sovereignty are just as important as privacy and security for many enterprises that are considering moving their workloads to the cloud. And many governments consider their citizens’ data privacy to be of paramount importance. Some have passed or are considering legislation that would require data, including backup data sets, to be physically located within their country. 1 Recommended contractual clauses established by the European Commission on the basis of Article 26(4) of the Directive 95/46/EC of the European Parliament the Council of 24 October 1995 (the ‘EU Data Protection Directive’). THIS DATA INCLUDES: • Personally identifiable information (or “personal data”) defined by applicable laws • Sensitive business information as defined by applicable laws or considered sensitive by our customers • Data that is subject to data-residency restrictions by law • Sensitive data that is subject to data-residency restrictions by customer requirements • Telemetry data • Geolocation data
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 5 White Paper Cloud Security Cisco supports data-residency or data-sovereignty needs through a variety of options to create an efficient and cost-effective hybrid cloud. This is a key differentiator of Cisco’s Intercloud strategy. THEY INCLUDE: In private or hybrid clouds, highly sensitive information should be managed by you and stored behind your firewall. Whether you use a data center owned by Cisco or a Cisco partner, we strongly encourage you to encrypt your data before sending it to any cloud. Sharing Responsibility and Governance Our cloud security efforts focus on the underlying platform infrastructure, from the physical to the virtual environment. Customers and tenants who use Cisco Intercloud services own the compliance, security, and privacy controls for their data on the Intercloud platform. Since we believe that compliance responsibilities should be shared, we’ll help you assess your compliance, security, and privacy needs within your industry or your market, as well as the in-country legal and regulatory requirements. Compliance with Standards and Certifications We believe that security is strengthened by following globally recognized industry compliance standards. This means becoming certified, producing detailed security reports, and adhering to Cisco’s information-security standards and applicable in-country laws. This framework is the foundation of our privacy, security, and data protection value proposition (Figure 1). Building the infrastructure to privately host your most critical data Offering our Intercloud infrastructure data centers located around the world Working with a local Cisco Intercloud Partner that has local infrastructure, local compliance, and local people A B C BUILDING OUT OUR UNIQUE CISCO CLOUD SERVICES PRIVACY/SECURITY VALUE PROPOSITION Figure 1. Cisco’s framework for privacy, security and data protection. Customer Assurance (e.g., FAQs, white papers, website, contractual exhibits) CUSTOMEREXPECTATIONS Industry/Sector-Specific (e.g., FISMA, HIPAA) Recognized Global Security Standards (e.g., ISO 27001) Compliance with Applicable Global & Local Privacy Laws (e.g., EU Data Protection Directive)
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 6 White Paper Cloud Security Cisco is working to achieve certification to the following standards: • ISO 27001:2013—Certification received, June 15, 2015. • SOC 1 (formerly Statement on Auditing Standards [SAS] 70) under the Statement on Standards for Attestation Engagement (SSAE) 16 and International Standard on Assurance Engagements (ISAE) 3402 standards • SOC 2 and SOC 3 for trust criteria principles for security and availability We plan to continue to achieve certification for globally recognized risk and security standards. Our plans include seeking certification for the Federal Information Security Management Act (FISMA) and the Federal Risk and Authorization Management Program (FedRAMP) federal standards for two of our U.S.-based Cisco Intercloud Services data centers by late 2016. This effort will support our U.S. federal, state, and local government customers. A Reputation Built on Trust by Design Our reputation as a trusted security provider rests on our ability to deliver a complete security and data protection experience in the cloud. Our criteria for trust— security, privacy, confidentiality, availability, and integrity— is the foundation. And this foundation is supported by our promise of trust by design and by our guiding principles of improving simplicity and transparency, accelerating time to market, and improving the ease of doing business with Cisco. With industry-leading security expertise, strict internal controls, and a growing number of certifications, we are confident of our ability to be a trusted business partner for highly secure cloud services. Conclusion Defending against threats and protecting data in the cloud are complex tasks. A strong defense requires the constant monitoring of threats wherever they occur and the skill to analyze their causes and the scope of outbreaks. Not every organization can support this level of threat intelligence, but the Cisco security ecosystem is unmatched. Along with our full support for international data protection regulations, we are firmly committed to maintaining leadership in cloud security and trust. For More Information Please visit http://www.cisco.com/c/en/us/products/security/index.html 1 Recommended contractual clauses established by the European Commission on the basis of Article 26(4) of the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (the ‘EU Data Protection Directive’).

Recommended

Dynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyenDynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyenThuan Ng
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityAccenture
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
 
Cloud Security (CASB) for Slack
Cloud Security (CASB) for SlackCloud Security (CASB) for Slack
Cloud Security (CASB) for SlackSachin Yadav
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data securityUlf Mattsson
 
Office 365 data loss prevention
Office 365 data loss preventionOffice 365 data loss prevention
Office 365 data loss preventionssuser1eca7d
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Ulf Mattsson
 

Recommended

Dynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyenDynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyenThuan Ng
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityAccenture
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
 
Cloud Security (CASB) for Slack
Cloud Security (CASB) for SlackCloud Security (CASB) for Slack
Cloud Security (CASB) for SlackSachin Yadav
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data securityUlf Mattsson
 
Office 365 data loss prevention
Office 365 data loss preventionOffice 365 data loss prevention
Office 365 data loss preventionssuser1eca7d
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Ulf Mattsson
 
Security and privacy approach of cloud computing
Security and privacy approach of cloud computingSecurity and privacy approach of cloud computing
Security and privacy approach of cloud computingJahangeer Qadiree
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
 
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonUlf Mattsson
 
User Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network SecurityUser Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network SecurityHappiest Minds Technologies
 
Kp3419221926
Kp3419221926Kp3419221926
Kp3419221926IJERA Editor
 
ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010Ulf Mattsson
 
Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...Iaetsd Iaetsd
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your CloudthinkASG
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
 
The past, present, and future of big data security
The past, present, and future of big data securityThe past, present, and future of big data security
The past, present, and future of big data securityUlf Mattsson
 
Securing data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCSecuring data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCUlf Mattsson
 
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...cscpconf
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentIOSR Journals
 
IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in CloudIRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in CloudIRJET Journal
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Mukesh Chinta
 
Cloud Auditing With Zero Knowledge Privacy
Cloud Auditing With Zero Knowledge PrivacyCloud Auditing With Zero Knowledge Privacy
Cloud Auditing With Zero Knowledge PrivacyIJERA Editor
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Cloud Security
Cloud Security Cloud Security
Cloud Security Hi-Tech College
 
Cloud computing architecture and vulnerabilies
Cloud computing architecture and vulnerabiliesCloud computing architecture and vulnerabilies
Cloud computing architecture and vulnerabiliesVinay Dwivedi
 
Ensuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha TukeEnsuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha TukeAnusha Chavan
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesDheeraj Negi
 

More Related Content

What's hot

Security and privacy approach of cloud computing
Security and privacy approach of cloud computingSecurity and privacy approach of cloud computing
Security and privacy approach of cloud computingJahangeer Qadiree
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
 
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonUlf Mattsson
 
User Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network SecurityUser Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network SecurityHappiest Minds Technologies
 
ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010Ulf Mattsson
 
Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...Iaetsd Iaetsd
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your CloudthinkASG
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
 
The past, present, and future of big data security
The past, present, and future of big data securityThe past, present, and future of big data security
The past, present, and future of big data securityUlf Mattsson
 
Securing data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCSecuring data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCUlf Mattsson
 
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...cscpconf
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentIOSR Journals
 
IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in CloudIRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in CloudIRJET Journal
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Mukesh Chinta
 
Cloud Auditing With Zero Knowledge Privacy
Cloud Auditing With Zero Knowledge PrivacyCloud Auditing With Zero Knowledge Privacy
Cloud Auditing With Zero Knowledge PrivacyIJERA Editor
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 

What's hot (18)

Security and privacy approach of cloud computing
Security and privacy approach of cloud computingSecurity and privacy approach of cloud computing
Security and privacy approach of cloud computing
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...
 
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
 
User Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network SecurityUser Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network Security
 
Kp3419221926
Kp3419221926Kp3419221926
Kp3419221926
 
ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010
 
Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your Cloud
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
 
The past, present, and future of big data security
The past, present, and future of big data securityThe past, present, and future of big data security
The past, present, and future of big data security
 
Securing data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCSecuring data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYC
 
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing Environment
 
IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in CloudIRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
 
Cloud Auditing With Zero Knowledge Privacy
Cloud Auditing With Zero Knowledge PrivacyCloud Auditing With Zero Knowledge Privacy
Cloud Auditing With Zero Knowledge Privacy
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
 

Viewers also liked

Cloud computing architecture and vulnerabilies
Cloud computing architecture and vulnerabiliesCloud computing architecture and vulnerabilies
Cloud computing architecture and vulnerabiliesVinay Dwivedi
 
Ensuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha TukeEnsuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha TukeAnusha Chavan
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesDheeraj Negi
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 

Viewers also liked (8)

Cloud Security
Cloud Security Cloud Security
Cloud Security
 
Cloud computing architecture and vulnerabilies
Cloud computing architecture and vulnerabiliesCloud computing architecture and vulnerabilies
Cloud computing architecture and vulnerabilies
 
Ensuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha TukeEnsuring data security in cloud computing. - Anusha Tuke
Ensuring data security in cloud computing. - Anusha Tuke
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
 

Similar to cloud-security

Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Ioannis Aligizakis, M.Sc.
 
Data Security and Compliance in Enterprise Cloud Migration.pdf
Data Security and Compliance in Enterprise Cloud Migration.pdfData Security and Compliance in Enterprise Cloud Migration.pdf
Data Security and Compliance in Enterprise Cloud Migration.pdfFlentas
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfTop Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfForgeahead Solutions
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesKresimir Popovic
 
Cloud Security POV_Final (by KM)
Cloud Security POV_Final (by KM)Cloud Security POV_Final (by KM)
Cloud Security POV_Final (by KM)Khiro Mishra
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceDavid J Rosenthal
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standardsautomatskicorporation
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxInfosectrain3
 
Unit 1 Information Security.docx
Unit 1 Information Security.docxUnit 1 Information Security.docx
Unit 1 Information Security.docxPrernaThakwani
 
What is the significance of cybersecurity in cloud.pptx
What is the significance of cybersecurity in cloud.pptxWhat is the significance of cybersecurity in cloud.pptx
What is the significance of cybersecurity in cloud.pptxinfosec train
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignAmazon Web Services
 
What is the significance of cybersecurity in cloud.pptx
What is the significance of cybersecurity in cloud.pptxWhat is the significance of cybersecurity in cloud.pptx
What is the significance of cybersecurity in cloud.pptxInfosectrain3
 
Security policy case study
Security policy case studySecurity policy case study
Security policy case studyashu6
 
Encryption During Communication
Encryption During CommunicationEncryption During Communication
Encryption During CommunicationPECB
 

Similar to cloud-security (20)

Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy
 
Data Security and Compliance in Enterprise Cloud Migration.pdf
Data Security and Compliance in Enterprise Cloud Migration.pdfData Security and Compliance in Enterprise Cloud Migration.pdf
Data Security and Compliance in Enterprise Cloud Migration.pdf
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfTop Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
 
___2360_SP_RBR_4pp_FINAL---Screen
___2360_SP_RBR_4pp_FINAL---Screen___2360_SP_RBR_4pp_FINAL---Screen
___2360_SP_RBR_4pp_FINAL---Screen
 
Cloud_Security.pptx
Cloud_Security.pptxCloud_Security.pptx
Cloud_Security.pptx
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Cloud Security POV_Final (by KM)
Cloud Security POV_Final (by KM)Cloud Security POV_Final (by KM)
Cloud Security POV_Final (by KM)
 
Circuit security
Circuit securityCircuit security
Circuit security
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standards
 
Cyber Security | Information Security
Cyber Security | Information SecurityCyber Security | Information Security
Cyber Security | Information Security
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptx
 
Unit 1 Information Security.docx
Unit 1 Information Security.docxUnit 1 Information Security.docx
Unit 1 Information Security.docx
 
What is the significance of cybersecurity in cloud.pptx
What is the significance of cybersecurity in cloud.pptxWhat is the significance of cybersecurity in cloud.pptx
What is the significance of cybersecurity in cloud.pptx
 
Cloud Architect Company in India
Cloud Architect Company in IndiaCloud Architect Company in India
Cloud Architect Company in India
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by Design
 
Encrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdfEncrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdf
 
What is the significance of cybersecurity in cloud.pptx
What is the significance of cybersecurity in cloud.pptxWhat is the significance of cybersecurity in cloud.pptx
What is the significance of cybersecurity in cloud.pptx
 
Security policy case study
Security policy case studySecurity policy case study
Security policy case study
 
Encryption During Communication
Encryption During CommunicationEncryption During Communication
Encryption During Communication
 

cloud-security

  • 1. © 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 1 White Paper Cloud Security Cloud Security Trust Cisco to Protect Your Data CSPs can earn this trust by demonstrating that they comply with the most robust security and data protection policies and procedures. These policies need to support a coordinated, tightly integrated combination of internal policy compliance, regulatory compliance, external auditing, and governance. The Cisco® public Intercloud-based services platform, Cisco Intercloud Services, offered in conjunction with our partners, is an example of our commitment to cloud security and data protection. To keep data in the cloud secure, we and our partners adhere to a rigorous, industry-competitive set of security and data protection standards. Our dedication to security isn’t just limited to public Intercloud-based services; it’s fundamental to the entire Journey to the Intercloud. Security is integral to each step in this journey. Beginning with strategy development and extending to private cloud deployment, “as-a-service” offerings, and reaching to the hybrid cloud, you can trust Cisco with your most sensitive data. As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive data to cloud providers? And how can you be assured that they will deliver the security and data protection you need? At Cisco, our commitment to cloud security is based on these principles: SIMPLICITY AND TRANSPARENCY Cisco offers a common, unified set of controls based on multiple standards and frameworks that enhance your visibility into the cloud. They support continuous improvement by identifying, assessing, measuring, and mitigating risk. SECURITY AND COMPLIANCE Cisco provides independently audited and certified technical, operational, facility, and personnel controls, safeguards, and procedures. You can be confident that your applications and data are in a highly secure and compliant environment. SHARED RESPONSIBILITY Cisco offers a degree of control at the individual service level that meets or exceeds most customers’ requirements. By collaborating and sharing responsibility, we can help you reduce risk, cost, and quality issues. We also support customers who must meet specific internal or industrywide security and compliance standards.
  • 2. © 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 2 White Paper Cloud Security Cisco as a Trusted Security Partner Cisco offers a level of threat research and intelligence beyond that available to most CSPs. Our security ecosystem, the Cisco Collective Security Intelligence, collects threat intelligence from across the organization. Our Talos Security Intelligence and Research Group, and our Security and Trust, Managed Threat Defense, and Security Operations teams deliver security protection and managed security services that protect our customers from known and emerging threats. By aggregating and analyzing telemetry data across our ecosystem, we create a security intelligence cloud that we call “big intelligence.” Our reputation analysis service tracks threats across networks, endpoints, mobile devices, virtual systems, web, and email. With this data, we gain a holistic understanding of threats, their root causes, and the scope of outbreaks. All this information helps increase the effectiveness of our security solutions. For example, the Cisco Security Incident Response Service combines the latest intelligence with best security practices to engage all layers of defense. It helps organizations prepare, manage, respond, and recover from incidents quickly and effectively. Working directly with the Collective Security Intelligence group, the Incident Response team identifies known and unknown threats and quantifies and prioritizes risk to reduce risk in the future. The service uses leading monitoring systems and diagnostic procedures to quickly resolve events that affect business operations. In addition to our cloud security service teams, Cisco’s network security products, software, services, and solutions provide highly secure firewall, web, and email services while helping protect mobile and teleworking environments. Cisco designs, operates, and maintains our products and services to defend against security risks regardless of their origin. We don’t engineer undocumented features or functions, and we are committed to a policy of secure engineering throughout the development lifecycle. Our products undergo rigorous testing by employees, customers, third-party labs, and some of the best engineers in the world. Securing Your Data in the Cloud For strong security in our Intercloud-based services, we use leading capabilities, approaches, methods, and tools. Our organization wide information security management system (ISMS) operates in accordance with the ISO (International Organization for Standardization) 27001:2013 security standard and SOC (Service Organization Control) trust criteria principles and practices (Table 1). Our approach to security is wide and deep, spanning physical, logical, and virtual environments throughout our cloud facilities. It encompasses computing, storage, network, operations, personnel, and tools. We’re also working closely with our Intercloud partners to develop a consistent set of architectural and contractual controls for security and data protection. These controls will help further ensure transparency and trust throughout the Intercloud. THESE SECURITY OFFERINGS INCLUDE: • Access control and policy • Cisco Advanced Malware Protection • Email security • Firewalls • Network security • Next-generation intrusion prevention system • VPN and endpoint security clients • Web security
  • 3. © 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 3 White Paper Cloud Security Table 1. Cisco Cloud Services Information Security Management System Component Information security policies Human resources security Asset management Access controls Cryptography Physical and environmental security Operations security Communications security System acquisition, development and maintenance Supplier relationships Information security incident management Information security aspects of business continuity management Compliance Management direction for, and organization of, information security, including roles and responsibilities, segregation of duties, and contacts with authorities and special interest groups Screening, background checks, disciplinary actions, and security awareness and training Asset inventory, acceptable use, and information classification Access policy, access authorization, network access, user responsibilities, and application and systems access Cryptographic-controls policy and key management Securing physical access to facilities, protection of equipment, and protection against external and environmental threats Operational policy, procedures, and responsibility, change management, capacity management, protection from malware, data recovery, logging and monitoring, control of operational software, technical vulnerability management, and audit controls. Network security management and information transfer Security requirements, development requirements, and test data Policies and monitoring Response process and reporting Planning and data recovery Legal and contractual requirements, intellectual property, protection of records, and information-security reviews Description
  • 4. © 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 4 White Paper Cloud Security We also put measures in place to protect customer data against accidental or unlawful loss, destruction or alteration, and unauthorized disclosure or access. They include policies, procedures, and internal controls for Intercloud-based services personnel, equipment and processes, and for the Cisco facilities where we deliver our services. We also enforce similar measures with our vendors and subcontractors. For customers using our Cisco Intercloud-based services, we provide the location of the Cisco data centers that deliver services. Cisco and our customers may implement appropriate data transfer agreements where required. Protecting Personal Data and Privacy in the Cloud Privacy is a top priority for Cisco. We comply with the privacy and data protection laws that apply to our cloud services delivery wherever we do business. We know the legal obligations we must meet in the jurisdictions where we operate, and we address them through a common control framework that is the basis for our global privacy policies. One of the most important considerations in privacy and data protection is defining and understanding the different types of data that may be migrated, processed, or stored in the cloud. Cisco works with you to understand how your data flows and to clearly identify the different types of data in the cloud, including customer data, Cisco data, and third-party data. We also work with you to identify the laws that apply to you and your role (for example, if you are a data processor or a data controller). In addition, we comply with the Safe Harbor Privacy Principles for the transfer of personal data from the European Union (EU) and Switzerland, and we comply with EU Model Clauses1 that govern the processing of customer data and transfer of data outside the EU. Cisco is constantly evolving our strategy and efforts for secure data transfer. When data is transferred from countries located outside the EU and Switzerland, we meet data transfer requirements through various contractual means. Regardless of the country- or region-specific requirements, we meet our privacy compliance commitments and obligations through a rigorous set of controls. Supporting Data Residency and Data Sovereignty in the Intercloud Data residency and data sovereignty are just as important as privacy and security for many enterprises that are considering moving their workloads to the cloud. And many governments consider their citizens’ data privacy to be of paramount importance. Some have passed or are considering legislation that would require data, including backup data sets, to be physically located within their country. 1 Recommended contractual clauses established by the European Commission on the basis of Article 26(4) of the Directive 95/46/EC of the European Parliament the Council of 24 October 1995 (the ‘EU Data Protection Directive’). THIS DATA INCLUDES: • Personally identifiable information (or “personal data”) defined by applicable laws • Sensitive business information as defined by applicable laws or considered sensitive by our customers • Data that is subject to data-residency restrictions by law • Sensitive data that is subject to data-residency restrictions by customer requirements • Telemetry data • Geolocation data
  • 5. © 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 5 White Paper Cloud Security Cisco supports data-residency or data-sovereignty needs through a variety of options to create an efficient and cost-effective hybrid cloud. This is a key differentiator of Cisco’s Intercloud strategy. THEY INCLUDE: In private or hybrid clouds, highly sensitive information should be managed by you and stored behind your firewall. Whether you use a data center owned by Cisco or a Cisco partner, we strongly encourage you to encrypt your data before sending it to any cloud. Sharing Responsibility and Governance Our cloud security efforts focus on the underlying platform infrastructure, from the physical to the virtual environment. Customers and tenants who use Cisco Intercloud services own the compliance, security, and privacy controls for their data on the Intercloud platform. Since we believe that compliance responsibilities should be shared, we’ll help you assess your compliance, security, and privacy needs within your industry or your market, as well as the in-country legal and regulatory requirements. Compliance with Standards and Certifications We believe that security is strengthened by following globally recognized industry compliance standards. This means becoming certified, producing detailed security reports, and adhering to Cisco’s information-security standards and applicable in-country laws. This framework is the foundation of our privacy, security, and data protection value proposition (Figure 1). Building the infrastructure to privately host your most critical data Offering our Intercloud infrastructure data centers located around the world Working with a local Cisco Intercloud Partner that has local infrastructure, local compliance, and local people A B C BUILDING OUT OUR UNIQUE CISCO CLOUD SERVICES PRIVACY/SECURITY VALUE PROPOSITION Figure 1. Cisco’s framework for privacy, security and data protection. Customer Assurance (e.g., FAQs, white papers, website, contractual exhibits) CUSTOMEREXPECTATIONS Industry/Sector-Specific (e.g., FISMA, HIPAA) Recognized Global Security Standards (e.g., ISO 27001) Compliance with Applicable Global & Local Privacy Laws (e.g., EU Data Protection Directive)
  • 6. © 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 6 White Paper Cloud Security Cisco is working to achieve certification to the following standards: • ISO 27001:2013—Certification received, June 15, 2015. • SOC 1 (formerly Statement on Auditing Standards [SAS] 70) under the Statement on Standards for Attestation Engagement (SSAE) 16 and International Standard on Assurance Engagements (ISAE) 3402 standards • SOC 2 and SOC 3 for trust criteria principles for security and availability We plan to continue to achieve certification for globally recognized risk and security standards. Our plans include seeking certification for the Federal Information Security Management Act (FISMA) and the Federal Risk and Authorization Management Program (FedRAMP) federal standards for two of our U.S.-based Cisco Intercloud Services data centers by late 2016. This effort will support our U.S. federal, state, and local government customers. A Reputation Built on Trust by Design Our reputation as a trusted security provider rests on our ability to deliver a complete security and data protection experience in the cloud. Our criteria for trust— security, privacy, confidentiality, availability, and integrity— is the foundation. And this foundation is supported by our promise of trust by design and by our guiding principles of improving simplicity and transparency, accelerating time to market, and improving the ease of doing business with Cisco. With industry-leading security expertise, strict internal controls, and a growing number of certifications, we are confident of our ability to be a trusted business partner for highly secure cloud services. Conclusion Defending against threats and protecting data in the cloud are complex tasks. A strong defense requires the constant monitoring of threats wherever they occur and the skill to analyze their causes and the scope of outbreaks. Not every organization can support this level of threat intelligence, but the Cisco security ecosystem is unmatched. Along with our full support for international data protection regulations, we are firmly committed to maintaining leadership in cloud security and trust. For More Information Please visit http://www.cisco.com/c/en/us/products/security/index.html 1 Recommended contractual clauses established by the European Commission on the basis of Article 26(4) of the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (the ‘EU Data Protection Directive’).