MBT Webinar: Does the security of your business data keep you up at night?
-
Upload
jorge-garcia -
Category
Technology
-
view
201 -
download
2
Transcript of MBT Webinar: Does the security of your business data keep you up at night?
Technology Evaluation Centers
Does the security of your business data keep you up at night? Rest easy in the
cloud
Jorge García, Principal Analyst
www.technologyevaluation.com
Manufacturing Business Technology, January 2016
About Security
Technology Evaluation Centers
“Distrust and caution are the parents of security.”
—Benjamin Franklin
Benjamin Franklin. (Courtesy of the U.S Library of Congress)
A Very Brief Intro
Manufacturers are under constant pressure to:
• Increase data/information accuracy
• Increase production/business process speed
• Capitalize this internal intelligence and knowledge to increase productivity of the complete manufacturing process
• Make every supplier, distributor, and service interaction optimal
Technology Evaluation Centers
Down in the Factory, Mike KnlecLicensed under Creative Commons
A Very Brief Intro
Implementing cloud-based strategies can give manufacturing companies a way to ease these pressures by enabling access to systems that are faster to deploy, easier to customize, and, for the short term, come at a lower cost.
Technology Evaluation Centers
The Value of the Cloud
Technology Evaluation Centers
“If you think you’ve seen this movie before, you are right. Cloud computing is based on the time-sharing model we leveraged years ago before we could afford our own computers…
…The idea is to share computing power among many companies and people, thereby reducing the cost of that computing power to those who leverage it. The value of time share and the core value of cloud computing are pretty much the same, only the resources these days are much better and more cost effective.”
– David Linthicum, Cloud Computing speaker and influencer
Cloud Is a Real Trend
Technology Evaluation Centers
• The majority of manufacturers worldwide are currently using public (66%) or private cloud (68%) for more than two applications.
• 61.6% indicated their company's posture for net new IT services is "cloud also", and the number is only slightly lower for replacing IT existing functionality (56.8%).
• IT operations are the primary benefactor today from manufacturers' cloud strategy, and only 30–35% of respondents indicate operations, supply chain and logistics, sales, or engineering expect to benefit.
• Cloud services and cloud architecture's share of the annual IT budget allocation is going to increase 27% in the next two years for manufacturing.
• Cloud computing will become the de facto standard for new operations (through organic or acquired growth) over the next 10 years for manufacturers that want to operate and serve customers globally.
IDC study: Worldwide Cloud Adoption in the Manufacturing Industry, 2015
Why the Cloud?
Manufacturers are using the cloud for:
• Deploying cloud-based and two-tier ERP strategies
• Accelerating new product development and production
• Optimizing marketing automation applications
• Integrating and designing connected and embedded services
• Developing and launching supplier, customer, and collaboration portals
• Automating customer service and support
• Deploying cloud-based human resource management (HRM) systems
• Deploying and applying company-wide business intelligence and analytics initiatives
Technology Evaluation Centers
Main Benefits and Concerns
Technology Evaluation Centers
Benefits Concerns
Cost Savings Cloud Security
Reduced Implementation Time Location of Data
Dynamic Scalability Shared Data Services
Security: On-premises vs Cloud
Technology Evaluation Centers
“ According to 53 percent of our survey respondents, data loss and privacy risks are the most significant challenges of doing business in the cloud, followed by intellectual property theft, which was cited as challenging or extremely challenging. ”
Elevating Business in the Cloud Report, KPMG, 2014
Security: On-premises vs Cloud
Technology Evaluation Centers
Alert Logic Cloud Security Report,. Spring-2012.
Security: On-premises vs Cloud
Technology Evaluation Centers
Alert Logic Cloud Security Report,. Spring-2012.
Many factors have to do with security:
• The typical size of a customer/user in each environment
• The types of workloads found in each environment
• The diversity of each environment
• The presence of user end-points in the on-premises environments
Security: On-premises vs Cloud
Technology Evaluation Centers
Alert Logic Cloud Security Report,. Spring-2012.
“Individual customer environments skew to a smaller and simpler footprint as measured by a number of nodes and applications, and breadth of operating systems.
In contrast, on-premises environments managed by the typical enterprise span a much broader array of endpoints, applications and operating systems.”
Removing the Cloud of Insecurity Alert Logic
Security: On-premises vs Cloud
Technology Evaluation Centers
Alert Logic Cloud Security Report,. Spring-2012.
Service provider environments tend to experience a narrower range of attack vectors.
“It’s not that the cloud is inherently secure or insecure. It’s really about the quality of management applied to any IT environment.”
Removing the Cloud of Insecurity, Alert Logic
• More standardized system configurations
• Narrower range of use cases among service provider customers
• Relative maturity of the IaaS industry.
Security: On-premises vs Cloud
Technology Evaluation Centers
Myth Reality
On-premises infrastructures are more secure because they reside on-site
Most breaches are inside jobs, and a cloud system can actually offer greater protection from inside and outsidethreats
Servers that are physically accessible are better protected from viruses
Cloud providers can deploy a fully tested virus response for all customers rapidly and efficiently, without your IT staff’s help
On-premises data centers are more reliable, as we can solve all issues internally
Cloud data centers are better equipped to guarantee continuous operation, and experience fewer service disruptions
On-premises data centers are more reliable when it comes to data storage and backup
Cloud data centers are better equipped toguarantee data storage and backup of critical information
Security: On-premises vs Cloud
Technology Evaluation Centers
Additional security advantages of the cloud:
• Embedded multifactor authentication
• Automated/scheduled security patching
• Stronger physical security
• Security certifications
• The cloud offers economies of scale
Looking for Balance
Technology Evaluation Centers
“ According to 53% of our survey respondents, data loss and privacy risks are the most significant challenges of doing business in the cloud, followed by intellectual property theft, which was cited as challenging or extremely challenging.”
“Executives feel implementing the cloud has helped them improve:• Business performance (73%)• Improve levels of service
automation (72%)• Reduce costs (70%)• Rapidly deploy new solutions
(67%)
Source: Elevating Business in the Cloud Report, KPMG
Cloud adoption is a balancing act:
Cloud Security: Options and Variety
Technology Evaluation Centers
Image Source: https://www.simple-talk.com/cloud/development/a-comprehensive-introduction-to-cloud-computing/
- Management- Cost- IT Involvement
Cloud Security: A Call to Action
Technology Evaluation Centers
Secure cloud adoption?
A high-level roadmap to implement security best practices consists of the following phases:
Conduct a full risk assessment
Secure your own
information and identities
Implement a strong
governance framework
Before contracting with a cloud provider
Technology Evaluation Centers
Full risk assessment
• Interoperability and portability
• Compliance
• Vendor risk
• Supply chain and ecosystem
• Infrastructure and operations quality
Securing your own information
• Authentication
• Encryption
• Endpoint security
Implement a strong governance framework
• Ensure your provider uses secure data and event management strategies
• Monitor your own log files for devices you control
• Stipulate in your contracts that SLAs are paired with your defined metrics and standards
• Centralize within your organization responsibility for selecting and working with cloud providers
• Plan contingencies for what happens when a breach occurs or a provider fails.
• Use the Security Content Automation Protocols to verify that your providers are using the secure configurations you defined in your risk assessment
Why the Cloud?
Technology Evaluation Centers
Credits and Links:
• The U.S Library of Congress, http://www.loc.gov/
• Image: Down in the Factory, Mike Knlec. https://goo.gl/6JXLZm licensed under Creative Commons,
https://creativecommons.org/licenses/by/2.0/
• Alert Logic Cloud Security Report, Spring 2012 https://www.rackspace.com/knowledge_center/whitepaper/alert-logic-state-of-
cloud-security-report-spring-2012
• A comprehensive Introduction to Cloud Computing, https://www.simple-talk.com/cloud/development/a-comprehensive-
introduction-to-cloud-computing/
• KPMG, Cloud Survey Report, Elevating Business in the Cloud Report, 2014.
http://www.kpmg.com/US/en/about/alliances/Documents/2014-kpmg-cloud-survey-report.pdf
• TEC 2015 Cloud BI and Analytics Buyer's Guide, http://www.technologyevaluation.com/research/TEC-buyers-guide/TEC-
2015-Cloud-BI-and-Analytics-Buyer-s-Guide.html
• IDC study, Worldwide Cloud Adoption in the Manufacturing Industry, 2015,
https://www.idc.com/getdoc.jsp?containerId=prUS25558515