Cloud-Powered With Greater Security

Cloud-Powered withGreater SecurityA Cyber Security Game Plan for Your CloudIn collaboration with

Mobilize your path to cloudwith Optiv, Palo Alto Networksand VMware.Amazon WebServicesMicrosoftAzurePalo Alto NetworksVMwareOptivClient Stakeholders

The rapid pace of application developmentand mastering data are major reasonscompanies are innovating and scaling theirorganization to reap the benefits of businessagility and operational efficiencies.PRIVATE Single tenant implementation Owned and operated by ITorganization Define your own data managementand security policies Self-service and automationcapabilities provide new agilityThe core drive for these technology trends is thecloud. Companies must embrace the cloud to achieve asustainable competitive advantage. This could mean anyone of three deployment models, but hybrid cloud appearsto be the way forward. It provides companies with thebenefits of the public cloud while allowing them to protectkey assets on their private cloud.HYBRID Combination of private and one ormore public clouds to maintain keyinfrastructure and data in privatecloud while achieving the flexibilityand scalability of the public cloud Allows IT organizations to becomebrokers of servicesPUBLIC Multi-tenant implementation Owned and operated by serviceproviders such as Amazon WebServices (AWS) or Microsoft Azure Bound by multi-tenant datamanagement policies Similar self-service and automationcapabilities as private cloudCloud-Powered with Greater Security 2

No matter the deployment methodselected, every company faces the samedilemma: securing its cloud. Here arethree of the most common pitfalls:Pitfall #1An unfortunatemisconceptionthat cloud serviceproviders deliverembedded securitymeasures that willprotect the client’sbusiness.Pitfall #2Lack of visibilityfrom executivelevel stakeholdersof sanctionedand unsanctionedcloud SaaS-basedapplication servicesused by employees.Pitfall #3A belief bybusinessstakeholders thatthey only havetwo options whenprotecting theirbusiness.

Uncertainty Over SharedResponsibility in the CloudPitfall #1An unfortunatemisconception thatcloud service providersdeliver embeddedsecurity measures thatwill protect the client’sbusiness.This cannot be further from the truth. Atrue enterprise cloud security solutionwill always require the knowledgeand experience necessary in securingworkloads wherever they reside.Are you securing your assetsproperly in the cloud?Cloud-Powered with Greater Security 4

Lack of Visibility ofCloud ApplicationsPitfall #2Lack of visibility fromexecutive-levelstakeholders of sanctionedand unsanctioned cloudSaaS-based applicationservices used byemployees.This gives rise to a weak cloud securityprogram that is exposed to cyber attacksand data breaches. When it comes to whereyour data is located, being aware of what youdon’t know is half the battle. Cloud AccessSecurity Brokers (CASB) can help identify thesecurity risks in over 900 applications foundin the enterprise that are both sanctionedand unsanctioned.Do you know where ALL yourapplications are in the cloud?

Ambiguity in Securingthe Cloud?Pitfall #3A belief by businessstakeholders that they onlyhave two options whenprotecting their business.The first option is to ignore securityaltogether at first, not because it’sunnecessary, but because security policydeployment cannot keep pace with the rate ofchange within the cloud. The second option isto lift traditional security technologies that areport-bound into the cloud. Neither of theseoptions addresses all the critical requirementsneeded to protect cloud environments. Witha comprehensive assessment, you can identifyall the risks and implement a cost effectivesecurity solution that meets the needs ofevery business unit without impacting agilityor security.Do you know all of the options forprotecting your cloud?Cloud-Powered with Greater Security 6

With a well thought out plan, yourorganization can achieve a fully-realizedcloud security program. Key requirementsfor securing the cloud include:1REQUIREMENT#2REQUIREMENT#Understand your cloud securityprogram maturity and desired state.The evolution to the cloud has accelerated the need tothink holistically about security up and down the supplychain. Core elements to implementing a fully-realizedcloud security program include assessing the currentprogram state, defining the desired outcome andbuilding a roadmap for maturing capabilities.Use consistent security in both physicaland virtualized form factors.Use the same levels of application control and threatprevention to protect both your cloud computingenvironment and your physical network.Optiv’s Cloud Security Architecture Program usesa programmatic approach with key stakeholders toassess the current state of the cloud security programand problems to resolve, define business drivers andachievable objectives, build a roadmap for maturingcapabilities within an operational and actionableframework and provide metrics that monitor results.Palo Alto Networks enables greater security for yourdata center – be it physical or cloud-based – using aconsistent set of next-generation firewall and advancedthreat prevention features deployed in either aphysical appliance or virtualized form factor. Nativemanagement tools help streamline policy deploymentand eliminate the time gap between virtual workloaddeployment and security policy update, allowing you tooperate at the speed of the cloud.

3REQUIREMENT#4REQUIREMENT#Extend visibility and granular controlinto SaaS applications wherever theyare located.To maintain the same level of security within thenetwork as data flows to SaaS applications, you mustattain visibility and granular control into these SaaSapplications.Palo Alto Networks Aperture extends the visibilityand granular control of your security platform intoSaaS applications themselves – an area traditionallyinvisible to IT. Aperture solves this problem by lookinginto SaaS applications directly, providing full visibilityinto the day-to-day activities of users and data.Granular controls help ensure policy is maintained toeliminate data exposure and threat risks.Migrate network and security services intothe virtualization layer.Businesses that possess network architectures rooted inhardware can’t match the speed or security of those runningvirtualized networking. By moving network and security servicesinto the data center virtualization layer, network virtualizationenables IT to create, snapshot, store, move, delete and restoreentire application environments with the same simplicity andspeed available when spinning up virtual machines. This, in turn,enables levels of security and efficiency that were previously notpossible.VMware NSX is the network virtualization platform of thesoftware defined data center. It takes the functionality formerlyembedded in network hardware – such as switching, routing andfirewalling – and abstracts it to the hypervisor. The integration ofvirtualized security and distributed firewalling directly into theinfrastructure enables micro-segmentation and granular securitydelivered to the individual workload.Cloud-Powered with Greater Security 8

5REQUIREMENT#Centrally manage and automatesecurity deployments.Physical network security is still deployed in almostevery organization, so it’s critical that you have theability to manage both hardware and virtual formfactor deployments from a centralized locationusing the same management infrastructure andinterface.Palo Alto Networks PanoramaTM network securitymanagement allows you to centrally manage all ofyour Palo Alto Networks next-generation firewalls,both physical and virtual form factor, ensuring policyconsistency and cohesiveness. Using the same lookand feel that the individual device managementinterface carries, Panorama eliminates any learningcurve associated with switching from one userinterface to another.VMware NSX integrates directly with Panorama toextend the virtualized next-generation firewall fromPalo Alto Networks automatically and transparentlyto every ESXi server. Context is shared betweenVMware NSX and Palo Alto Networks centralizedmanagement platform, enabling security teams todynamically apply security policies to virtualizedapplication creation and changes.

Optiv, along with our partners Palo AltoNetworks and VMware, can help youmigrate to the cloud so you can reap thefull benefits of a cloud-powered businesswhile minimizing security compromises.Palo Alto Networks Experience Diamond Level Partner – Highest level and most certifications 107 ACE (Accredited Configuration Engineers) and 31 CNSE(Certified Network Security Engineers) on staff Over 150 Palo Alto Networks projects in 2015 2011-2016 Americas Partner of the Year 2016 Americas Excellence Award for Support 2016 Americas Professional Service Partner of the YearVMware Experience NSX Elite Partner – Highest Level VMware NSX Partner 15 VCP-NV’s on Staff Partner Professional Services CertifiedCloud-Powered with Greater Security 10

Optiv delivers a comprehensive suiteof solutions and services to helpenterprise-class organizations plan,build and run effective cloud securityprograms.We combine extensive research, specialized expertise and fieldexperience with powerful partnerships with industry leaders likePalo Alto Networks and VMware to help you achieve your securityobjectives.Ready to get started?Visit optiv.com/solutions/cloud-security1125 17th Street, Suite 1700Denver, CO 80202800.574.0896 www.optiv.com300 DEDICATED CLIENT MANAGERS 2BILLION(2015 SALES)920 SECURITYCONSULTANTS7,500 CLIENTS INTHE LAST THREE YEARSOptivSuccessFactors1,700 EMPLOYEES1,200CYBER SECURITYEXPERTSOptiv is the largest holistic pure-play cyber security solutions provider in North America. The company’s diverse and talented employees are committed to helping businesses,governments and educational institutions plan, build and run successful security programs through the right combination of products, services and solutions related to securityprogram strategy, enterprise risk and consulting, threat and vulnerability management, enterprise incident management, security architecture and implementation, training, identityand access management, and managed security. Created in 2015 as a result of the Accuvant and FishNet Security merger, Optiv is a Blackstone (NYSE: BX) portfolio company that hasserved more than 12,000 clients of various sizes across multiple industries, offers an extensive geographic footprint, and has premium partnerships with more than 300 of the leadingsecurity product manufacturers. For more information, please visit www.optiv.com. 2017 Optiv Security Inc. All Rights Reserved.1.17 V1

Core elements to implementing a fully-realized cloud security program include assessing the current program state, defining the desired outcome and building a roadmap for maturing capabilities. Optiv's Cloud Security Architecture Program uses a programmatic approach with key stakeholders to assess the current state of the cloud security program