Cloud enables a financial organization to achieve better business agility, speed to the market, long?term cost saving, and great security and compliance at a scale and speed that cannot be matched by a traditional on?premise data center. To achieve the most benefits, the organization may want to use services from multiple clouds with different service models (e.g., SaaS - O365, PaaS - Azure, and IaaS - AWS), and deployment models (e.g., public, private, community). The security risks must be addressed systemically and comprehensively to maintain confidence in the cloud system and trust in the financial institution. The defense needs to be built?in from the beginning rather than bolted?on later. Once builtin, the security controls can be inherited or leveraged by business applications and data deployed in the cloud?hybrid data center, increasing speed to the market and better system security and compliance. This session introduces a Cloud Security Architecture (CSA) Capability framework that enables an organization to build the state?of?art defenses into a cloud?hybrid data center, and allows the organization to safely deploy high?risk workloads and process regulated and sensitive data in multiple clouds with a built?in compliance to multiple regulatory mandates and industry standards, such as FFIEC, GLBA, SOX, FISMA, PCI, and NIST 800?53. The framework also allows the organization to rationalize its security tools and cloud security services to clarify & simplify tools portfolio, identify saving potential, improve cost efficiency, and reduce security risks.
Lian Jin, Chief Security Architect, MUFG Union Bank, N.A.