MBT Webinar: Does the security of your business data keep you up at night?

Technology Evaluation Centers

Does the security of your business data keep you up at night? Rest easy in the

cloud

Jorge García, Principal Analyst

www.technologyevaluation.com

Manufacturing Business Technology, January 2016

About Security


“Distrust and caution are the parents of security.”

—Benjamin Franklin

Benjamin Franklin. (Courtesy of the U.S Library of Congress)

A Very Brief Intro

Manufacturers are under constant pressure to:

• Increase data/information accuracy

• Increase production/business process speed

• Capitalize this internal intelligence and knowledge to increase productivity of the complete manufacturing process

• Make every supplier, distributor, and service interaction optimal


Down in the Factory, Mike KnlecLicensed under Creative Commons

A Very Brief Intro

Implementing cloud-based strategies can give manufacturing companies a way to ease these pressures by enabling access to systems that are faster to deploy, easier to customize, and, for the short term, come at a lower cost.


The Value of the Cloud


“If you think you’ve seen this movie before, you are right. Cloud computing is based on the time-sharing model we leveraged years ago before we could afford our own computers…

…The idea is to share computing power among many companies and people, thereby reducing the cost of that computing power to those who leverage it. The value of time share and the core value of cloud computing are pretty much the same, only the resources these days are much better and more cost effective.”

– David Linthicum, Cloud Computing speaker and influencer

Cloud Is a Real Trend


• The majority of manufacturers worldwide are currently using public (66%) or private cloud (68%) for more than two applications.

• 61.6% indicated their company's posture for net new IT services is "cloud also", and the number is only slightly lower for replacing IT existing functionality (56.8%).

• IT operations are the primary benefactor today from manufacturers' cloud strategy, and only 30–35% of respondents indicate operations, supply chain and logistics, sales, or engineering expect to benefit.

• Cloud services and cloud architecture's share of the annual IT budget allocation is going to increase 27% in the next two years for manufacturing.

• Cloud computing will become the de facto standard for new operations (through organic or acquired growth) over the next 10 years for manufacturers that want to operate and serve customers globally.

IDC study: Worldwide Cloud Adoption in the Manufacturing Industry, 2015

Why the Cloud?

Manufacturers are using the cloud for:

• Deploying cloud-based and two-tier ERP strategies

• Accelerating new product development and production

• Optimizing marketing automation applications

• Integrating and designing connected and embedded services

• Developing and launching supplier, customer, and collaboration portals

• Automating customer service and support

• Deploying cloud-based human resource management (HRM) systems

• Deploying and applying company-wide business intelligence and analytics initiatives


Main Benefits and Concerns


Benefits Concerns

Cost Savings Cloud Security

Reduced Implementation Time Location of Data

Dynamic Scalability Shared Data Services

Security: On-premises vs Cloud


“ According to 53 percent of our survey respondents, data loss and privacy risks are the most significant challenges of doing business in the cloud, followed by intellectual property theft, which was cited as challenging or extremely challenging. ”

Elevating Business in the Cloud Report, KPMG, 2014



Alert Logic Cloud Security Report,. Spring-2012.




Many factors have to do with security:

• The typical size of a customer/user in each environment

• The types of workloads found in each environment

• The diversity of each environment

• The presence of user end-points in the on-premises environments




“Individual customer environments skew to a smaller and simpler footprint as measured by a number of nodes and applications, and breadth of operating systems.

In contrast, on-premises environments managed by the typical enterprise span a much broader array of endpoints, applications and operating systems.”

Removing the Cloud of Insecurity Alert Logic




Service provider environments tend to experience a narrower range of attack vectors.

“It’s not that the cloud is inherently secure or insecure. It’s really about the quality of management applied to any IT environment.”

Removing the Cloud of Insecurity, Alert Logic

• More standardized system configurations

• Narrower range of use cases among service provider customers

• Relative maturity of the IaaS industry.



Myth Reality

On-premises infrastructures are more secure because they reside on-site

Most breaches are inside jobs, and a cloud system can actually offer greater protection from inside and outsidethreats

Servers that are physically accessible are better protected from viruses

Cloud providers can deploy a fully tested virus response for all customers rapidly and efficiently, without your IT staff’s help

On-premises data centers are more reliable, as we can solve all issues internally

Cloud data centers are better equipped to guarantee continuous operation, and experience fewer service disruptions

On-premises data centers are more reliable when it comes to data storage and backup

Cloud data centers are better equipped toguarantee data storage and backup of critical information



Additional security advantages of the cloud:

• Embedded multifactor authentication

• Automated/scheduled security patching

• Stronger physical security

• Security certifications

• The cloud offers economies of scale

Looking for Balance


“ According to 53% of our survey respondents, data loss and privacy risks are the most significant challenges of doing business in the cloud, followed by intellectual property theft, which was cited as challenging or extremely challenging.”

“Executives feel implementing the cloud has helped them improve:• Business performance (73%)• Improve levels of service

automation (72%)• Reduce costs (70%)• Rapidly deploy new solutions

(67%)

Source: Elevating Business in the Cloud Report, KPMG

Cloud adoption is a balancing act:

Cloud Security: Options and Variety


Cloud Security: Options and Variety


Image Source: https://www.simple-talk.com/cloud/development/a-comprehensive-introduction-to-cloud-computing/

- Management- Cost- IT Involvement

Cloud Security: A Call to Action


Secure cloud adoption?

A high-level roadmap to implement security best practices consists of the following phases:

Conduct a full risk assessment

Secure your own

information and identities

Implement a strong

governance framework

Before contracting with a cloud provider


Full risk assessment

• Interoperability and portability

• Compliance

• Vendor risk

• Supply chain and ecosystem

• Infrastructure and operations quality

Securing your own information

• Authentication

• Encryption

• Endpoint security

Implement a strong governance framework

• Ensure your provider uses secure data and event management strategies

• Monitor your own log files for devices you control

• Stipulate in your contracts that SLAs are paired with your defined metrics and standards

• Centralize within your organization responsibility for selecting and working with cloud providers

• Plan contingencies for what happens when a breach occurs or a provider fails.

• Use the Security Content Automation Protocols to verify that your providers are using the secure configurations you defined in your risk assessment

Cloud Security: A Call to Action



Thank [email protected]

@jgptec

mailto:[email protected]

Why the Cloud?


Credits and Links:

• The U.S Library of Congress, http://www.loc.gov/

• Image: Down in the Factory, Mike Knlec. https://goo.gl/6JXLZm licensed under Creative Commons,

https://creativecommons.org/licenses/by/2.0/

• Alert Logic Cloud Security Report, Spring 2012 https://www.rackspace.com/knowledge_center/whitepaper/alert-logic-state-of-

cloud-security-report-spring-2012

• A comprehensive Introduction to Cloud Computing, https://www.simple-talk.com/cloud/development/a-comprehensive-

introduction-to-cloud-computing/

• KPMG, Cloud Survey Report, Elevating Business in the Cloud Report, 2014.

http://www.kpmg.com/US/en/about/alliances/Documents/2014-kpmg-cloud-survey-report.pdf

• TEC 2015 Cloud BI and Analytics Buyer's Guide, http://www.technologyevaluation.com/research/TEC-buyers-guide/TEC-

2015-Cloud-BI-and-Analytics-Buyer-s-Guide.html

• IDC study, Worldwide Cloud Adoption in the Manufacturing Industry, 2015,

https://www.idc.com/getdoc.jsp?containerId=prUS25558515

http://www.loc.gov/

https://goo.gl/6JXLZm

https://creativecommons.org/licenses/by/2.0/

https://www.rackspace.com/knowledge_center/whitepaper/alert-logic-state-of-cloud-security-report-spring-2012

https://www.simple-talk.com/cloud/development/a-comprehensive-introduction-to-cloud-computing/

http://www.kpmg.com/US/en/about/alliances/Documents/2014-kpmg-cloud-survey-report.pdf

http://www.technologyevaluation.com/research/TEC-buyers-guide/TEC-2015-Cloud-BI-and-Analytics-Buyer-s-Guide.html

https://www.idc.com/getdoc.jsp?containerId=prUS25558515

MBT Webinar: Does the security of your business data keep you up at night?

Technology

Transcript of MBT Webinar: Does the security of your business data keep you up at night?