compliance-as-a-crisis: managing cloud compliance
TRANSCRIPT
Compliance-as-a-Crisis:Managing Cloud ComplianceJeff Bennett, COO and President, Allgress
Brandon Bennett, VP of Customer Success, Allgress
Tricia Pattee, VP of Product, HOSTING
www.HOSTING.com 22www.allgress.com | www.hosting.com 2
Housekeeping
• This webinar is being recorded and an on-demand version will be available at the same URL at the conclusion of the webinar
• Please submit questions via the button on the bottom left of the viewer
• If we don’t get to your question during the webinar, we will follow up with you via email
• Download PowerPoint slides via the “Attachments” button below the viewing panel
• On Twitter [@HOSTINGdotcom] [@Allgress] or LinkedIn [HOSTING] [Allgress] . . . Be sure to follow for news, resources and announcements for future webinars!
www.HOSTING.com 33www.allgress.com | www.hosting.com 3
Agenda
• Who We Are
• Industry Insights
• Cloud Compliance Pains
• Compliance in the (Public) Cloud
• Know Your Gaps
• Security & Compliance Solutions
www.HOSTING.com 44www.allgress.com | www.hosting.com 4
About Allgress
Employees
2008
$
Livermore, CA
350
50%
50
Customers
Headquarters
Annual Growth Rate
FoundedEST
www.HOSTING.com 55www.allgress.com | www.hosting.com 5
About HOSTING
$
Denver, CO
2,000
100M
400+ Employees
Customers
Headquarters
Annual Revenue
6 U.S. Data Centers
www.HOSTING.com 66www.allgress.com | www.hosting.com 6
Compliance Trends
80% of organizations are still not compliant 1 70% of firms are expecting
regulators to publish even
more information within the
next year 2
Only 29% of companies are compliant a year
after validation 1
You could pay $100,000 a month for being non-
compliant 1
1 goanywhere.com blog
2 Information Technology Group
3 hipaajournal.com
www.HOSTING.com 77www.allgress.com | www.hosting.com 7
The Staffing Pains
• Lack of staff to manage compliance
• High turnover of staff
• Difficulty meeting and maintaining compliance requirements (and the numerous updates)
• Lack the tools to protect and maintain compliance
• Lack expertise around compliance best practices
• Difficulty interpreting requirements
• Average investment is $250,000 annually
www.HOSTING.com 88www.allgress.com | www.hosting.com 8
The Tool Pains
• No central data repository, overuse of spreadsheets
• Tools tend to be industry-specific and focused on discrete requirements
• High deployment costs (CAPEX v. OPEX)
• Length of time to deploy
• Steep learning curve – training and retraining
• Large investment for commercial tools
www.HOSTING.com 99www.allgress.com | www.hosting.com 9
Who is Feeling the Most Pain
• Requires industry-specific compliance: HIPAA, HITRUST, PCI, SOC, HITECH
• Currently compiles data manually
• Failed a previous audit
• Lack of staff/knowledge to prepare for an audit
• Limited budget for compliance management
• Needs help identifying and classifying data correctly and accurately
www.HOSTING.com 1010www.allgress.com | www.hosting.com 10
Public Cloud Concerns
• Lack of visibility of where apps are located
• Reduced control of the environment
• Inadequate understanding of the shared responsibility model
• Security products being used / what controls are mapped
• How to document controls
www.HOSTING.com 1111www.allgress.com | www.hosting.com 11
Shared Responsibility Model
This is a
transition slideDemo
www.HOSTING.com 1313www.allgress.com | www.hosting.com 13
Compliance Services
Support
Platform management
Customer Managed
HOSTING Provided
Day-to-day compliance
management
Requirement interpretation
Policy mapping
Audit preparation
Risk assessments
Support
Platform management
Basic compliance
management
Requirement interpretation
Policy mapping
Audit preparation
Customer Managed
HOSTING Provided
Risk assessments
Vendor risk management
Support
Platform management
Basic compliance
management
Requirement interpretation
Policy mapping
Audit preparation
Risk assessments
Vendor risk management
HOSTING Provided
www.HOSTING.com 1414www.allgress.com | www.hosting.com 14
The Unified Cloud Approach
www.HOSTING.com 1515www.allgress.com | www.hosting.com 15
Differentiators
www.HOSTING.com 1616www.allgress.com | www.hosting.com 16
Summary
Compliance regulations are
rapidly increasing
Companies are understaffed and lack compliance expertise
Staff turnover is high
Non-compliance fines are substantial
By combining services with a fully featured software platform, companies experience:1. Immediate deployment, expert compliance guidance, and a stable compliance
process2. Reduced costs in numerous areas: deployment, man hours, tool costs and audit
costs3. A lower cost for good services than they’d spend buying a compliance product
separately (in most environments)
www.HOSTING.com 1717www.allgress.com | www.hosting.com 17
Book your complimentary Compliance Posture Evaluation, today!
For more information on how HOSTING can help guide your business to the cloud, go to www.HOSTING.com
Q&A
For more information on how HOSTING can help guide your business to the cloud, go to www.HOSTING.com
Q&A
www.allgress.com | www.hosting.com 18
Appendix
www.HOSTING.com 20www.HOSTING.com 20www.allgress.com | www.hosting.com 20
HOSTING Security and Compliance Services
Explorer Voyager Pioneer
Access and Authentication
Network
Security
Server Security
Compliance
SERVICE LEVELS
on-prem
Hybrid SolutionsValidated Security
Firewall Multi-factor Authentication VPN
Intrusion Detection Vulnerability Scan
Data Encryption Log Management Malware Protection
Patching File Integrity Monitoring
Compliance Dashboard Compliance Management
Consultative Risk Assessment
Self-Service and Managed Solutions Resilient infrastructure in any cloud
Tailored to meet business needs
Web App Firewall DDoS Mitigation
www.HOSTING.com 21www.HOSTING.com 21www.allgress.com | www.hosting.com 21
Compliance Services- Explorer
• Phone and Ticket Support
• Training and Onboarding
• Platform Management
• Notifications
• Assessment Tracking
• Vulnerability Tracking
www.HOSTING.com 2222www.allgress.com | www.hosting.com 22
Compliance Services- Voyager
• Explorer features PLUS
• Requirement Interpretation
• Policy Mapping
• Policy Creation & Adaption
• Vulnerability Review
• Audit Advisement
www.HOSTING.com 2323www.allgress.com | www.hosting.com 23
Compliance Services- Pioneer
• Voyager features PLUS
• Policy Tracking
• Vendor Risk Tracking
• Incident Tracking
• Risk Register Tracking
• Annual Risk Assessment
www.HOSTING.com 2424www.allgress.com | www.hosting.com 24
Overview of the Compliance Service Tiers
Product Explorer Voyager Pioneer
Support
Phone & Ticket Support x x x
Training and Onboarding x x x
Platform Management
Compliance Dashboard Infrastructure and
Administrationx x x
Notifications x x x
Assessment Management x x x
Vulnerability Tracking x x x
Policy Tracking x
Vendor Risk Tracking x
Incident Tracking x
Risk Register Tracking x
Guidance & Expertise
Requirement Interpretation x x
Policy and Control Mapping x x
Policy Creation and Adaption x x
Vulnerability Review x x
Audit Advisement x x
Annual Risk Assessment x
www.HOSTING.com 2525www.allgress.com | www.hosting.com 25
Assessment Module: Compliance Overview
www.HOSTING.com 2626www.allgress.com | www.hosting.com 26
Assessment Module: Progress Summary
www.HOSTING.com 2727www.allgress.com | www.hosting.com 27
Assessment Module: Key Risks Overview
www.HOSTING.com 2828www.allgress.com | www.hosting.com 28
Risk Module: Heat Map
www.HOSTING.com 2929www.allgress.com | www.hosting.com 29
Risk Module: Vendor Risk Management Summary
www.HOSTING.com 3030www.allgress.com | www.hosting.com 30
Project Task Timeline
www.HOSTING.com 3131www.allgress.com | www.hosting.com 31
Executive Dashboard