How Safe is my Business Information in the...

1Copyright © 2013. Infor. All Rights Reserved. www.infor.comCopyright © 2013. Infor. All Rights Reserved. www.infor.com 1

How Safe is my Business Information in the Cloud?

Leo Valaris Vijay RangarajanDirector CloudSuite Solutions Ecosystem Solution ArchitectInfor Amazon Web Services

2Copyright © 2013. Infor. All Rights Reserved. www.infor.com

Leo ValarisDirector CloudSuite Solutions AP/J/MEInfor

Leo has over 20 years of experience covering enterprise

software development, sales and consulting to major

manufacturing and distribution companies in ANZ.

Providing thought leadership in solution development

and proposing value-based enterprise solutions to

businesses has earned Leo respect as a Trusted Adviser

with a track record of delivering operational efficiency

improvements through the application of technology and

process re-engineering. He has achieved success in

competitive situations positioning outcomes-focused and

compelling business case proposals for change more

recently focusing on cloud and SaaS

Today’s SpeakersVijay RangarajanEcosystem Solution ArchitectAmazon Web Services

Vijay has over 16 years' of experience in Enterprise IT

solutions. Vijay oversees customers, partners, ISV's

and GSI's across APAC to architect, implement and

manage the AWS cloud computing platform, allowing

them to save money, accelerate their time to market,

and focus on their core business.

2


Today’s Presentation

Why Cloud and Software as a Service Matters?

Introducing Infor’s Approach to Cloud Security

Amazon Web Services Security & Compliance

Infor Security & Compliance

Questions & Answers


Why Cloud and Software as a Service Matters?

The disruptive technology advantage


The Analysts Say ...

"The cloud will completely disrupt the

ERP market. The world is moving to

the cloud, and it will be the most

important factor in the development of

ERP over the next 10 years or more.”

- Nigel Rayner, Gartner, (in ZDNet, “How the Cloud is Going to Reinvent ERP – and

How Long It Will Take,” Aug 2013)

23 50%

23% to 50% increasing willingness to consider

SaaS ERP **

1/5

The cloud software model will account for $1 of

every $5 spent on software *

109%

Spend on Cloud ERP will more than double

(increase by 109%) *** * by 2016

** 2009-2012

*** 2012-2017


• Traditional On-Premise installations delivering software to consumers

The Cloud Computing RevolutionChallenges

• Open new offices and acquire new companies without having to worry about buying servers or managing every increasing complex technology platforms

• Expand and contract seamlessly to accommodate what can often be huge seasonal or cyclical variations in demand

• Little time available for IT to be more strategic in business

• Systems fall behind and out of step of rate of technology changes


• The new Cloud Computing paradigm – Software as aService (SaaS)

The Cloud Computing RevolutionAdvantages

• Lower Total Cost of Ownership

• Operating vs. Capital expense

• Reduced investment Time to Value

• Achieve greater business agility

• Increase business continuity through

• Higher system availability

• Superior disaster protection

• Solutions remain current (with technological advances)

• Higher levels of security


On-Premise vs. SaaS

On-Premise Hosted SaaS

Networking

Storage

Servers

O/S

Middleware

Data

Applications

Networking

Storage

Servers

O/S

Middleware

Data

Applications

Networking

Storage

Servers

O/S

Middleware

Data

Applications

Own/Manage Subscribe

Infor

Subscription

Fee(per Named User)

• Licensing

• Maintenance

• Hosting

• Application

Managed

Services (AMS)

Software

Maintenance

Software

Licenses

IT Resources

Infrastructure

Hardware


1. Stronger Protection

2. Advanced Security Framework

3. Immediate Response to Emerging Threats

4. Continuous, Predictive Monitoring

5. Network Reliability


Introducing Infor’s Approach to Cloud Security


Infor CloudSuite■

Solutions

Business Vault

Cloud Motion

ApplicationApplication


Infor CloudSuite Powered by AWSIaaS market leader

• 5 times more compute capacity than

14 other competitors combined

• 70-75% IaaS market share

Industry compliancePublic Sector

• FERPA, FedRAMP, ITAR, FIPS 140,

FISMA

Healthcare • HIPAA

Cross Industry• PCI, ISO27001, SSAE 16

Open Architecture Support

Certified enterprise SI ecosystem • Expedite moving customers to the cloud

Speed of innovation and global expansion• Value Added Services:

CloudFormation (Provisioning), RedShift (Analytics),

CloudTrail (Audit/Logging) – 516 features added last year

• China added to Global Footprint

Cost Scalability• Low TCO

Proven over last 4 years of partnership


s

s

sEAM XM HCM LMS HRSD PA LTM MRM IQM Collect SCM Financials Supplier Exchange Automotive ExchangeAMSI iProcure

Support CertificationTrainingProfessional Services

Technology

PartnersChannel Partners

Regions Content delivery POPsAvailability zones

Infor Industry CloudSuites

Auto Corporate Hospitality HCM Healthcare A&D Business Rhythm Fashion F&B Equipment Distribution Public Sector

EC2 Auto Scaling Route 53 EBS RDS SQS CloudFormation Cloud Watch Workspaces

ELB VPC S3 Glacier DynamoDB CloudTrail Cloud HSM IAM

Database Shared Storage Document Storage Batch Admin Access Logging File Transfer Monitoring

ION IFS Printing Portal d/EPM/BI/BV Local.ly Motion

AWS Services

Infor Base Services

Infor Application Services

Constructing an Infor CloudSuite™


Infor and AWS Shared Responsibility

AWS Responsibility

Infor Responsibility


Amazon Web Services Security & Compliance

Presented by

Vijay RangarajanEcosystem Solution ArchitectAmazon Web Services

Security is Our No.1 PriorityComprehensive Security Capabilities to Support Virtually Any Workload

PEOPLE &

PROCEDURES

NETWORK

SECURITY

PHYSICAL

SECURITY

PLATFORM

SECURITY

Architected for Enterprise Security Requirements

Certifications and accreditations for workloads that matter

MTCS (SS584) Level 3

Every customer gets the same AWS security foundationsIndependent validation by experts

• Every AWS Region is in scope

• SOC 1 (SSAE 16 & ISAE 3402) Type II

• SOC 2 Type II and public SOC 3 report

• ISO 27001 Certification

• Certified PCI DSS Level 1 Service Provider

• FedRAMP Certification, HIPAA capable

AWS Foundation Services

Compute Storage Database Networking

AWS Global

Infrastructure Regions

Availability

Zones Edge

Locations

MTCS (SS584) Level 3

AWS Foundation Services

Compute Storage Database Networking

AWS Global

Infrastructure Regions

Availability

Zones Edge

Locations

Infor Compliant

solutions

• Culture of security and

continual improvement

• Ongoing audits and

assurance

• Protection of large-scale

service endpoints

Customers can still audit your AWS environment

Infor ISO

certifications

External audits

and assurance• Achieve PCI, HIPAA and

MPAA compliance

• Certify against ISO 27001

with a reduced scope

• Have key controls audited

or publish your own

independent attestationsCusto

mers

Infor and AWS take care of the heavy lifting for you

Facilities

Physical security

Compute infrastructure

Storage infrastructure

Network infrastructure

Virtualization layer (EC2)

Hardened service endpoints

Rich IAM capabilities

Network configuration

Security groups

OS firewalls

Operating systems

Applications

Proper service configuration

AuthN & acct management

Authorization policies

+ =

Customers get to choose the right level of security for their business. As a

cloud customer you can focus on your business.

You choose where to store it and who can use it

• Customers manage their privacy objectives how they

choose to

• Select the AWS geographical Region and no automatic

replication elsewhere

• Customers can encrypt their content and implement

additional controls to protect their content within AWS

Customers retain full ownership and control of their content

Customers choose where their compute and storage is located

11 Regions

28 Availability Zones

53 Edge Locations

Powering Resilient, Fault Tolerant Solutions

AWS operates scalable, fault tolerant services

Build resilient solutions operating in multiple datacenters

AWS helps simplify active-active operations

All AWS facilities are always onNo need for a “Disaster Recovery Datacenter” when you can

have resilience

Every one managed to the same global standards

AWS has robust connectivity and bandwidthEach AZ has multiple, redundant Tier 1 ISP Service Providers

Resilient network infrastructure


Infor Security & Compliance


SecurityInfrastructure and Application Controls

Secure Remote Access

Secure administrative access to all hosted

environments is a key component to protecting the

AWS VPC’s

Secure Access to AWS VPC

• Multi-tenant uses AWS WorkSpaces with VPC

peering

• Single tenant migrating to SecureLink to provide

access to customer-dedicated VPC’s

Duo (two-factor authentication)

• Common tool across Infor and Infor’s hosting

environments

Infrastructure Protection and Operations

Management

AWS Virtual Private Cloud (VPC)

• Amazon’s best practices

Hardened Systems

• Reliance on Center for Internet Security (CISecurity)

benchmarks

IT Service Management System

• Required change and patch management (product

and system level)

• Incident, problem and task management

Products and hosts protected with …

• Firewalls & Host-based Intrusion Protection Systems

• Anti-malware

• Web Application Firewall (future)

• Database Access Monitor (future)

Application Controls

Logging and Monitoring

• Application/DB ->Sumo Logic -> S3 -> Glacier

• Moves logs from real-time to long term (> 6 years)

storage

Encryption when appropriate

• Data at rest

• Data in transit

Standardized communications & data exchange

• Infor standards for data exchange mechanisms

Secure Development Framework


SecurityDevelopment Tools and Testing

Certified Ethical Hackers

Internal Infor Team

• Reporting to Information Security Officer

Broad Skillset

• Trained in latest hacking tools

• Extensive development background

• Networking experts

Advisers to Development Teams

• Demonstrate pitfalls of some programming

practices

• Show how exploits can compromise entire systems

Continuous Testing

• With flexibility to change priorities

Secure Development Framework

Building Security Into Maturity Model (BSIMM)

• Security designed into the system

Code reviews

• Applications must have code reviews (either manual,

automated or both) performed.

Vulnerability testing

Applications must perform vulnerability assessments

during development and address potential vulnerabilities.

• Tenable Nessus

• (OWASP) Zap

• BURP - optional

Independent 3rd Party Audits

Contractual and Statutory Requirements

• Required independent third party audits of our

software.

• Best practice

• ISO 27001, Cloud Security Alliance, NIST

800-53

Multiple Vendors

• WhiteHat

• Veracode (required by some contracts)

• Leviathan


Privacy

SecurityCompliance and Certification

Compliance

HIPAA (HealthCare)

• Established and audited an AWS single tenant

environment designed for CloudSuite HealthCare

• Auditors favorable attestation

ITAR

• Dedicated personnel to manage ITAR compliance

• All access must be performed by US-based

personnel

Best Practices

• ISO 27001

• NIST 800-53

• Cloud Security Alliance

Alignment to Privacy Requirements

• 47 Different US privacy laws

• Multiple International Laws

• U.K. and German Privacy Laws

• Safe Harbor

Security team works with various groups

• Integrated with Infor Legal to meet contractual and

regulatory requirements for a privacy matters

• Meet with AWS representatives to insure that AWS

hosting locations and capabilities meet regional

requirements

• Customer inquiries


In Summary



• Potentially costly & risky misconception of on-premise installations

• Cloud host data centre security breaches are incredibly rare

• Significant costs to achieve and maintain high security standards

accreditation & compliance

• Top-tier cloud infrastructure suppliers comply with many security

standards

• ISO 27001, U.S. Fed. & DoD, PCISSC

• CIA issued a $600m contract to Amazon




• Cloud infrastructure security frameworks scale up to cover

everyone

• Investment in staffing required to establish and maintain security

frameworks is applied broadly with consistent enforcement at a

lower cost to consumers





• Cloud vendors can rapidly deploy a fully tested response to all

customers virtually simultaneously

• Superior coverage costs less than developing, testing and

deploying your own countermeasures






• Tools & staff to monitor integrations, systems availability and data

confidentiality protection is expensive

• All part of the cloud service and at a significantly lower cost






5. Network Reliability

• Top-tier cloud vendors with a global footprint can build far more

extensive redundancy, scalability, and unauthorised intrusion

protection


Infor Value Engineering

Value Discovery:

• Where can the business add or create value? Who are the

executive sponsors?

• What business processes need to be impacted (functional

scope)?

• What is the current state vis-à-vis industry peers?

• Where are the opportunities for improvement?

• What are the quantified business benefits?

• What will the go-forward roadmap look like?

Value Realization:

• How can the business case be made actionable at the operating

level?

• How should the business govern the program to achieve value?

• How will the business measure value attainment (key

performance indicators)?

• How does the implementation compare to best practices?

• How can the business derive more value from existing

investments?

Value Discovery and Value Realization

complement each other in the value lifecycle

Infor Value

Engineering

Value Discovery

Value Realization

Finalize

commercial

agreementExecutive

alignment

Go-Live

Go-Live

Go-Live

Go-Live

Infor Value Engineering works with you to identify the capabilities that can bring the greatest value, and define your blueprint for change


Additional ResourcesWebsite Resources

• AWS White Papersaws.amazon.com

• Infor CloudSuite micro-sitewww.infor.com/cloud

• Whitepapers, Brochures, Testimonials, Videos, etc.

Cloud Readiness Assessment

UpgradeX Program

[email protected]

[email protected]

mailto:[email protected]


Questions & Answers

Please direct your Questions to our hosts


Thank You

Thank you for joining our webinar today and we look forward to seeing and hearing from you all again very soon.

Leo Valaris Vijay RangarajanDirector CloudSuite Solutions Ecosystem Solution ArchitectInfor Amazon Web Services

[email protected] [email protected]




Date post:	26-Jun-2018
Category:	Documents
Upload:	vannhan
View:	214 times
Download:	0 times

How Safe is my Business Information in the...

Documents