compliance-as-a-crisis: managing cloud compliance

Compliance-as-a-Crisis:Managing Cloud ComplianceJeff Bennett, COO and President, Allgress

Brandon Bennett, VP of Customer Success, Allgress

Tricia Pattee, VP of Product, HOSTING

www.HOSTING.com 22www.allgress.com | www.hosting.com 2

Housekeeping

• This webinar is being recorded and an on-demand version will be available at the same URL at the conclusion of the webinar

• Please submit questions via the button on the bottom left of the viewer

• If we don’t get to your question during the webinar, we will follow up with you via email

• Download PowerPoint slides via the “Attachments” button below the viewing panel

• On Twitter [@HOSTINGdotcom] [@Allgress] or LinkedIn [HOSTING] [Allgress] . . . Be sure to follow for news, resources and announcements for future webinars!


Agenda

• Who We Are

• Industry Insights

• Cloud Compliance Pains

• Compliance in the (Public) Cloud

• Know Your Gaps

• Security & Compliance Solutions


About Allgress

Employees

2008

$

Livermore, CA

350

50%

50

Customers

Headquarters

Annual Growth Rate

FoundedEST


About HOSTING

$

Denver, CO

2,000

100M

400+ Employees

Customers

Headquarters

Annual Revenue

6 U.S. Data Centers


Compliance Trends

80% of organizations are still not compliant 1 70% of firms are expecting

regulators to publish even

more information within the

next year 2

Only 29% of companies are compliant a year

after validation 1

You could pay $100,000 a month for being non-

compliant 1

1 goanywhere.com blog

2 Information Technology Group

3 hipaajournal.com


The Staffing Pains

• Lack of staff to manage compliance

• High turnover of staff

• Difficulty meeting and maintaining compliance requirements (and the numerous updates)

• Lack the tools to protect and maintain compliance

• Lack expertise around compliance best practices

• Difficulty interpreting requirements

• Average investment is $250,000 annually


The Tool Pains

• No central data repository, overuse of spreadsheets

• Tools tend to be industry-specific and focused on discrete requirements

• High deployment costs (CAPEX v. OPEX)

• Length of time to deploy

• Steep learning curve – training and retraining

• Large investment for commercial tools


Who is Feeling the Most Pain

• Requires industry-specific compliance: HIPAA, HITRUST, PCI, SOC, HITECH

• Currently compiles data manually

• Failed a previous audit

• Lack of staff/knowledge to prepare for an audit

• Limited budget for compliance management

• Needs help identifying and classifying data correctly and accurately


Public Cloud Concerns

• Lack of visibility of where apps are located

• Reduced control of the environment

• Inadequate understanding of the shared responsibility model

• Security products being used / what controls are mapped

• How to document controls


Shared Responsibility Model

This is a

transition slideDemo


Compliance Services

Support

Platform management

Customer Managed

HOSTING Provided

Day-to-day compliance

management

Requirement interpretation

Policy mapping

Audit preparation

Risk assessments

Support

Platform management

Basic compliance

management


Policy mapping

Audit preparation

Customer Managed

HOSTING Provided

Risk assessments

Vendor risk management

Support

Platform management

Basic compliance

management


Policy mapping

Audit preparation

Risk assessments

Vendor risk management

HOSTING Provided


The Unified Cloud Approach


Differentiators


Summary

Compliance regulations are

rapidly increasing

Companies are understaffed and lack compliance expertise

Staff turnover is high

Non-compliance fines are substantial

By combining services with a fully featured software platform, companies experience:1. Immediate deployment, expert compliance guidance, and a stable compliance

process2. Reduced costs in numerous areas: deployment, man hours, tool costs and audit

costs3. A lower cost for good services than they’d spend buying a compliance product

separately (in most environments)


Book your complimentary Compliance Posture Evaluation, today!

For more information on how HOSTING can help guide your business to the cloud, go to www.HOSTING.com

Q&A

For more information on how HOSTING can help guide your business to the cloud, go to www.HOSTING.com

Q&A

www.allgress.com | www.hosting.com 18

Appendix

www.HOSTING.com 20www.HOSTING.com 20www.allgress.com | www.hosting.com 20

HOSTING Security and Compliance Services

Explorer Voyager Pioneer

Access and Authentication

Network

Security

Server Security

Compliance

SERVICE LEVELS

on-prem

Hybrid SolutionsValidated Security

Firewall Multi-factor Authentication VPN

Intrusion Detection Vulnerability Scan

Data Encryption Log Management Malware Protection

Patching File Integrity Monitoring

Compliance Dashboard Compliance Management

Consultative Risk Assessment

Self-Service and Managed Solutions Resilient infrastructure in any cloud

Tailored to meet business needs

Web App Firewall DDoS Mitigation

www.HOSTING.com 21www.HOSTING.com 21www.allgress.com | www.hosting.com 21

Compliance Services- Explorer

• Phone and Ticket Support

• Training and Onboarding

• Platform Management

• Notifications

• Assessment Tracking

• Vulnerability Tracking


Compliance Services- Voyager

• Explorer features PLUS

• Requirement Interpretation

• Policy Mapping

• Policy Creation & Adaption

• Vulnerability Review

• Audit Advisement


Compliance Services- Pioneer

• Voyager features PLUS

• Policy Tracking

• Vendor Risk Tracking

• Incident Tracking

• Risk Register Tracking

• Annual Risk Assessment


Overview of the Compliance Service Tiers

Product Explorer Voyager Pioneer

Support

Phone & Ticket Support x x x

Training and Onboarding x x x

Platform Management

Compliance Dashboard Infrastructure and

Administrationx x x

Notifications x x x

Assessment Management x x x

Vulnerability Tracking x x x

Policy Tracking x

Vendor Risk Tracking x

Incident Tracking x

Risk Register Tracking x

Guidance & Expertise

Requirement Interpretation x x

Policy and Control Mapping x x

Policy Creation and Adaption x x

Vulnerability Review x x

Audit Advisement x x

Annual Risk Assessment x


Assessment Module: Compliance Overview


Assessment Module: Progress Summary


Assessment Module: Key Risks Overview


Risk Module: Heat Map


Risk Module: Vendor Risk Management Summary


Project Task Timeline


Executive Dashboard