• No results found

Cloud Security Strategies. Fabio Gianotti, Head of Cyber Security and Enterprise Security Systems

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Cloud Security Strategies. Fabio Gianotti, Head of Cyber Security and Enterprise Security Systems"

Copied!
9
0
0

Loading.... (view fulltext now)

Download now ( 9 Page )

Full text

(1)
(2)

UNICREDIT AT A GLANCE

Employees

:

more than

146.600

Branches

: 8.403

Banking

operations

in

17

countries

International network spanning:

~ 50

countries

Global player in asset management:

€ 221

bn in managed assets

Market leader in Central and

Eastern Europe leveraging on the

region's structural strengths

(3)

A COMPLEXITY TO BE MANAGED

The approach to ICT Security Governance follows different paths

UniCreditlandscape is complex

Different approaches to cloud adoption due to high-number and the geographical distribution of UniCredit Data Centers

Different country regulations

Strong ICT Security governance is both mandatory and strongly recommended Cloud adoption strategy for Data Centers consolidation framework, and Business Enabler

(4)

WHERE CLOUD DATA ARE LOCATED AND WHICH LAW IS APPLIED

Chile

Protection of Personal Data Act

Argentina

Personal Data Protection Act, Information Confidentiality Law

South Africa

Electronic Communications and Transactions Act

Australia

National Privacy Principals, State Privacy Bills, Email Spam and Privacy Bills New Zealand Privacy Amendment Act Philippines

Propose Data Privacy Law Canada PIPEDA, FOIPPA, PIPA US States Breach notification in 46 states Taiwan Computer-Processed Personal Data Protection Hong Kong

Personal Data Privacy Ordinance Japan Personal Information Protection Act South Korea

Network Utilization and Data Protection Act

European Union

EU Data Protection Directive,

State Data Protection Laws

India

Information Technology Act

United Kingdom

ICO Privacy and Electronic Communications

Regulations

USA Federal

CALEA, CCRA, CIPA, COPPA, EFTA, FACTA, ECPA, FCRA, FISMA, FERPA, GLBA, HIPAA, HITECH, PPA, RFPA, Safe Harbor, US PATRIOT Act

Brazil

Article 5 of Constitution

Colombia

Data Privacy Law 1266

Mexico

Personal Data Protection Law

Morocco

Data Protection Act Thailan

d

Official Information Act B.E. 2540

Europe

Privacy laws in 28 countries

Singapore

Personal & Financial Data Protection Acts

Israel

Protection of Privacy Law (PPL)

(5)

SEVERAL COMPONENTS TO BE ADDRESSED

(in order to set a comprehensive Cloud security strategy)

Cloud Security Strategy

A comprehensive program and strategy to embed security throughout the enterprise’s cloud lifecycle with Security

Dashboard monitoring

Data

• Data Classification • Data Backup, Retention • Data Ownership, Segregation • Risk Assessments

• Encryption / Tokenization • Data loss prevention

• Secure storage, secure disposal • Audit and forensics

Users & Identity

• Roles and authorization levels and authentication

• Evaluation / monitoring of usage patterns

Platform & Software Applications

• Threat and vulnerability identification / Access Control • Monitoring / Management Integration • Interoperability • Lock in / portability • Security Analytics • Administration console • Public / Private / Hybrid

models

• Secure connection to other systems and data

• Event Management

Governance

• Define processes and policies (ownership, connectivity, privacy, audit / wipe)

• Legal (NDA, SLA, licensing) • Audit and Compliance • Identify preferred suppliers /

service level for business • Business Continuity • Training & Awareness Governance Data Infrastructure Platform & Software Integration Cloud Security Strategy Users & Identity

(6)

UNICREDIT CLOUD SECURITY EVALUATION DASHBOARD

Rete di Lab

(7)

IS THERE ANY DIFFERENCE BETWEEN DATA AND THEIR

APPLICATIONS IN THE CLOUD?

Yes, the law is applied to the data, not to the application

If you can encrypt the data, then the cloud provider has no access to the data

This might change how responsibilities are allocated from a compliance point of

view according to the countries where your business is

(8)

CLOUD READY PROGRAM

Rete di Lab

• Cloud Ready overview declines the Group CIO Global and Group CIO ICT Security cloud strategy and feasibility, in order to design a sustainable and common UniCredit Service Platform/ Framework.

• Cloud computing is a new way of delivering computing & services resources, not a new technology. Computing services ranging from data storage and process to software on demand to launch new time-to-market business proposition in UniCredit multichannel perspective.

• The massive concentrations of resources and data could represent a more attractive target to attackers, but cloud-based defenses can be more robust, scalable and cost-effective in terms of IT security

perspective.

• It is important to note that cloud computing can refer to several different service types, including Application/Software as

a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).

(9)

FINAL TAKE-AWAYS

Cloud benefits in terms of elasticity, scalability, on-demand computing power – growing

list of providers

Companies must be structured (or re-structured) in order to deal with a new generation

of risk evaluation, and address the best cloud strategic and omni-comprehensive

approach (data protection, application security, network security, encryption , file

sharing, local and global regulation, compliance, log management, identity

management, KPI & SLA, etc), in order to deploy a strong and sustainable security

governance.

Companies must raise the bar on ongoing security activities, while addressing at least

three key-points to the respective cloud provider:

Setting the minimum security level expected

Managing the increasing complexity with different and new monitoring points

Putting on the table technical skills, more and more sophisticated with a holistic view

Bridging the gap between requirements, risks and skills

References

Download now ( PDF - 9 Page - 1.96 MB )

Related documents

Mobilisation of endogenous haematopoietic stem cells and their use as treatment for subacute stroke

BI: Barthel index; CD34+: CD34+ cell count; DWI: diffusion weighted imaging; EADL: extended activities of daily living; EMS; European Motor Scale; ESS: European Stroke Scale;

Historical Evolution of the Wave Resource and Energy Production off the Chilean Coast over the 20th Century

According to the spatial distribution of the mean WEF and the COV, Valparaiso shows interesting characteristics for the deployment of a WEC and, therefore, wave data from the

HUNGRY CITIES PARTNERSHIP. Inclusive Growth and Informal Food Vending in Nairobi, Kenya HUNGRY CITIES REPORT NO. 21

t 5IF WFOEPST SFQPSUFE B NJYUVSF PG CVTJOFTT FYQFOEJUVSF QBUUFSOT CFTJEFT buying stock for sale), net monthly income, estimated current value of enter- prise, and access

Promises in Group Decision Making

Brady and Wu (2010) extend this result to two-person groups by testing different patterns of communication and showing that small changes in decision-making procedures

Excuses Be Gone By Wayne Dyer

The Tao Te Ching reinforces this in perhaps the most famous line in that masterful work: “A journey of a thousand miles begins with a single step.” Elevate or move on in your life,

The use of eConsults to Improve Access to Dermatological Care for Underserved Populations in Connecticut

increases access to dermatologic care and reduces wait times for underserved populations receiving medical care at community health centers.. The system also

Hybrid Organic-inorganic Silica-based Coatings Deposited by Spray Technique

The material used as substrate for coatings deposition is AISI 316L stainless steel, with a chemical composition showed in Table 1 (Cordes SA, Argentina).. Before coating, the

Lesson study library: A catalyst for incremental instructional improvement

27 In her doctoral dissertation, Gail Siragusa Yamnitzky (2010) studied the connection between lesson study and effective professional development practices, specifically looking