KEEPING YOUR CLOUD PRIVATEMichael Holder

Head of Global Identity and Access Management

AGENDA About Allianz Data Center

Migration Program (Private Cloud)

German Regulations With External Partners

Use Cases For User Activity Monitoring

Michael HolderMunich, Germany

Allianz AMOS

CUSTOMER SPEAKER

ABOUT ALLIANZ

International Insurance & Financial Services Company

80 Million Customers

150,000 Employees

70 Countries 140 Data Centers

DATA CENTER MIGRATION PROGRAM (PRIVATE CLOUD)

Build Private Cloud (Engagement officially started in April 2014)

Consolidate data centers from 140 to six

The data centers will be networked into a new platform called the Allianz provide cloud

Private cloud will deliver services to employees and customers worldwide

Standardize technology operations across all of global operating centers (Hand Off Tech Ops to IBM)

Expects the setup to be fully functional by the end of 2017

German Restrictions with external partners All Insurance data needs

to be protected Special protection for

customer Health Information (Criminal Code)

Tight controls on all external work Outsourcers (IBM &

CSC) Contractors (50+

companies in Germany alone)

Consultants (all major, e.g. KPMG, BCG)

GERMAN REGULATIONS WITH EXTERNAL PARTNERS

1. Balance your risk with level of access

2. Have ONE centralized access point for all external partners

3. Get the right tools in place:

CyberArk (PIM) HP ArcSight (SIEM) ObserveIT (UAM)

USER-CENTRIC SECURITY TO CONTROL & MITIGATE RISK

USE CASES FOR USER ACTIVITY MONITORING Perform User

Activity Audits Incident

Response (at a user-level)

Productivity Reports & Documentation

PERFORM USER ACTIVITY AUDITS

View any on-screen event Applications Run Windows Opened System Commands

Executed Check Boxes Clicked Text Entered/Edited URLs Visited

Verify samples of user activity pose no risk to the organization

INCIDENT RESPONSE (AT A USER-LEVEL)

Receive alerts from HP ArcSight and investigate with ObserveIT

User-level (screenshots) offers a clear view of any out-of-scope activities Usage of

unauthorized applications

RDP sessions to particular servers

PRODUCTIVITY REPORTS & DOCUMENTATION Review changes and

search all remote vendor activity

Make sure vendors meet obligations

Ensure that vendors are staying within their assigned tasks

LESSONS LEARNED

If possible, start with business critical applications (if not, monitor everything)

User monitoring adds Transparency with External Partners (good partners want to be monitored)

If you don’t observe user activity— you’ll never know what’s actually happening in your environment— you’ll only be able infer what’s happening

Michael HolderMunich, GermanyAllianz AMOS

THANK YOU!TRY IT

YOURSELF:

observeit.com/tryitnow

Q&A