2021 Cyber and Technology Risk Management Forum

Audit and Security for Cloud-Based Services

Security as a Service § An managed security service provider (MSSP) provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services. MSSPs use high-availability security operation centers (either from their own facilities or from other data center providers) to provide 24/7 services designed to reduce the number of operational security personnel an enterprise needs to hire, train and retain to maintain an acceptable security posture.

Source: Gartner

ACI Learning

Slide 39

ASN305011420

© INARMA, Jason Claycomb

• 39

CASBs

§ Cloud access security brokers (CASBs) are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.

ACI Learning

Slide 40

ASN305011420

© INARMA, Jason Claycomb

• 40

MIS Training Institute, Inc. © INARMA, Jason Claycomb

Introduction - Page 20

ASN305011420