Introduction to Compliant Cloud Computing by Lumen21 Lumen 21 Inc. | 765 The City Drive South | Suite 105 | Orange, CA 92868 | Phone: (714) 862-2171 | [email protected] | www.lumen21.com by Lumen21 ERC and FISMA C om CI, N pli an re Connection t Secu frastructu ure In re Sec Monitoring ment and age M an et M g in er [Content from the Introduction to Compliant Cloud Computing by Lumen 21 Webinar, hosted by Eduardo Don, Jr. President Lumen21, Inc.] A, P PP HI Clo ud Introduction to Compliant Cloud Computing Secure Cloud Compliant Cloud Computing by Lumen21 is a platform designed to enable organizations in regulated Industries to avail themselves of cloud technology as a computing platform, while remaining compliant to a variety of regulatory requirements. When preparing to take advantage of new technologies, such as cloud, organizations will be required to maintain a solid operational approach on things such as security, authentication, servers, storage and networking. Moving to the cloud should translate into an increased focus on things like log management, threat management, IP/ DNS reputation management, redundancy and disaster recovery for all organizations. The cloud may inherently make some of these things easier, but to fully realize the benefits of cloud computing organizations need to concentrate on achieving operational efficiency while remaining secure and in control. be structured. This flexibility allows small and large companies to choose an affordable solution appropriate for their organizations’ size. Regulated industries, like healthcare, retail, financial services and others, face additional IT challenges – and ever changing regulations. These industries are required, often by law, to maintain a stronger blend of policies, procedures and governance to avoid noncompliance penalties and fines. Interestingly, the various regulations differ a little from industry to industry. While they are slowly starting to align, understanding the intricacies of the requirements really comes down to navigating the “mandates” and “recommendations”. Compliant Cloud Computing by Lumen21 is compliant out-of-the-box. We focus on the “it” — that little extra difference. The thing that makes compliance more manageable and easier to implement. One monthly payment gives you a compliant cloud environment managed by redundant Network Operations Centers and separate, redundant Security Operations Centers. You can consume as much or as little of the cloud platform as you need. The service includes everything you need to be compliant. For operational efficiency, we have built a compliance “cookbook” recipe for each of the regulations that is not only vetted but audited. For example, where HIPAA mandates that a Web Application Firewall (WAF) be in place for externallyfacing web applications; PCI DSS recommends that you have a WAF for external web-applications. These “recommended” requirements are actually recognized operational “best practices”. Even though they are mandated as part of HIPAA, organizations should look to operational best practices to fill-in where a given regulation is vague. One area where even HIPAA is intentionally vague is around disaster recovery and business continuity. While they mandate you have a plan, they don’t provide details on how it should Compliance knowledge and expertise is not common among cloud providers. While some cloud providers may offer increased security services to help you build your own compliant infrastructure, truly understanding compliance and the audit process for your industry requires a specialist. The certified experts at Lumen21 know what it takes to pass a compliance audit for PCI DSS, HIPAA/HITRUST and many others. To learn more about Compliant Cloud Computing by Lumen21 visit us at www.Lumen21.com/cloud. Or if you would like to discuss your specific individual requirements or talk to us about how we can help with your on-premise compliance infrastructure, please reach out to us at [email protected] or call us at 714-862-2171. Lumen 21 Inc. | 765 The City Drive South | Suite 105 | Orange, CA 92868 | Phone: (714) 862-2171 | [email protected] | www.lumen21.com Compliant Cloud Computing by Lumen21 It’s Compliant Out-of-the-Box Secure Cloud Security Management Compliance • Redundant Environments • Firewall • Separation of Environments • Security Framework • Protection • Encryption • Backups • Monitoring • Management • Managing the Infrastructure • Data Transparency • Metering • Monitoring of Resources • Server, Network and Application Management • Capacity Planning and Management • Overall System Service Map and Topology • Log Management • Threat Management • IP/DNS Reputation Management • Vulnerability Management • Access Management • Encryption Management Rules-Based Compliance • Standard Out-of-the-Box • Custom Configuration Regulatory Compliance • Healthcare (HIPAA) • Payment Card Industry (PCI DSS) • Utilities Compliance (NERC CIP) • Financial Services Regulations (GLBA/FFIEC) • Federal Information Security Management (FISMA) • Security Awareness Training Solutions Lumen 21 Inc. | 765 The City Drive South | Suite 105 | Orange, CA 92868 | Phone: (714) 862-2171 | [email protected] | www.lumen21.com