IT Compliance Using Troux Technologies

of 8 /8
© 2014 VMware Inc. All rights reserved. EPM Program at VMWare (Troux) Joe Faghani, Lead Enterprise Application Architect Steve Tout, Head, IAM Program at VMware

description

Most secure organizations that have achieved a reasonable level of maturity in a security program have likely done so by using best practices such as data classification, data encryption, auditing, log management and the like. As disruptive technologies like mobile and SaaS come along, the same disciplines should be adapted and applied in an agile and dynamic manner; in other words, the data classification approach must be more than a document or a policy sitting in a shared drive on the company intranet. The data classification and tagging process discipline should be a bridge between the applications portfolio and certification and compliance.

Transcript of IT Compliance Using Troux Technologies

Page 1: IT Compliance Using Troux Technologies

© 2014 VMware Inc. All rights reserved.

EPM Program at VMWare (Troux)Joe Faghani, Lead Enterprise Application ArchitectSteve Tout, Head, IAM Program at VMware

Page 2: IT Compliance Using Troux Technologies

Joe Faghani, Lead Enterprise Application Architect, VMware

As Lead EA for Corporate IT at VMware, Joe is responsible for the continuous refinement of

current state solution architectures, the development of future state solution architectures

and the delivery of the company’s application portfolio roadmap. He also directs VMware’s

Architecture Review Board and oversees a team of system domain architects in charge of

reviewing solution and technical architectures. Prior to VMware Joe worked at Rambus

(Software Architect Emerging Technologies), Juniper Networks (EA), the US Army (Soldier

of Future Project SBIR), Cadence and Learning Tree (Software Architect Distance Learning)

Joe earned a bachelors degree in Computer Science from University of London

Steve Tout, Technical Director of IAM at VMware

Steve leads an IAM program at VMware and has designed, implemented and

managed systems to support VMware’s explosive growth into a $5B company.

He has day-to-day responsibility for the IAM domain at the EA board level,

defining and executing against a 3-year roadmap and plays a key role in IAM

strategy and governance. Steve studied Information Technology at the University

of Phoenix and has held senior roles in engineering, security, operations and

consulting at AT&T Wireless, US Bank and Oracle Corporation. He lives with his

wife, daughter and two basset hounds in Morgan Hill, California.

Page 3: IT Compliance Using Troux Technologies

Compliance (IAM)

3

Page 4: IT Compliance Using Troux Technologies

IDG Enterprise, Cloud Research Report, 2013

According to a 2013 IDG Enterprise

cloud computing research study, it

was found that 66% of IT decision

makers cite security concerns as a

barrier to implementing a cloud

computing strategy, and 56% say

they won't fully embrace the cloud

until they are more confident in

cloud service providers ability to

meet their compliance

requirements.

Page 5: IT Compliance Using Troux Technologies

Can you tell me…

• Are you using SaaS in your organization for major business processes?

• What are the public cloud risks I should be concerned about?

– What is our As-Is state of SaaS?

• Which SaaS applications your organizes uses that stores PCI, HIPPA or other sensitive data?

• How are you managing, monitoring, auditing and controlling the SaaS applications your business uses?

• Which of your SaaS applications is most at risk of being compromised?

– Where do you start to invest in security and remediate risks?

Page 6: IT Compliance Using Troux Technologies

IAM Governance using Troux

• Know what your standards are, where you use SSO and how you audit and monitor your users in a SaaS world

• Using Troux, inventory, identify, correlate, tag and understand -create Troux Insights for the

business

• Develop the practices and tools so you can demonstrate appropriate levels of control are in place over regulated data and contribute towards security and compliance

Page 7: IT Compliance Using Troux Technologies

The bottom line

• Lower the cost of compliance

• Achieve more efficient compliance in SaaS

• Use a simple data classification model to manage and understand where your risks are

– E.g. Low, Medium, High

– This is possible to do in Trouxwithout any customizations

Page 8: IT Compliance Using Troux Technologies