We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJames Kervin
Modified about 1 year ago
© 2012 IBM Corporation IBM Security Systems 1 © 2012 IBM Corporation IBM Security Systems Securing Cloud Solutions Neil Warburton IBM Security Architect IBM UK
© 2012 IBM Corporation 2 The journey toward a Smarter Planet continues 2 Smart Supply Chains Smart Countries Smart Retail Smart Water Management Smart Weather Smart Energy Grids Smart Oil Field Technologies Smart Regions Smart Healthcare Smart Traffic Systems Smart Cities Smart Food Systems INSTRUMENTEDINTERCONNECTEDINTELLIGENT
© 2012 IBM Corporation 3 What is Cloud Computing? “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models…” - US National Institute of Standards and Technology (NIST), September 2011
© 2012 IBM Corporation 4 Cloud Deployment/Delivery and Security Depending on an organization's readiness to adopt cloud, and appropriateness for a particular application, there are a wide array of deployment and delivery options
© 2012 IBM Corporation 5 IBM is helping organizations usher in an era of Security Intelligence Security Intelligence Proficient Proactive Automated Manual Reactive Proficient Basic Optimized Optimized Organizations use predictive and automated security analytics to drive toward security intelligence Proficient Security is layered into the IT fabric and business operations Basic Organizations employ perimeter protection, which regulates access and feeds manual reporting
Solving a security issue is a complex, four-dimensional puzzle 6 People Data Applications Infrastructure EmployeesConsultantsHackersTerroristsOutsourcersCustomersSuppliers Systems applications Web applicationsWeb 2.0Mobile apps StructuredUnstructuredAt restIn motion It is no longer enough to protect the perimeter – siloed point products will not secure the enterprise © 2012 IBM Corporation
7 A Cloud Analogy.... IaaS PaaS BPaaS
© 2012 IBM Corporation 8 Sometimes your solution won't fit a cloud model...
© 2012 IBM Corporation 9 Server/Storage Utilisation 10-20% Self serviceNone Test ProvisioningWeeks Change Management Months Release Management Weeks Metering/Billing Fixed cost model Payback period for new services Years 70-90% Unlimited Minutes Days/Hours Minutes Granular Months Legacy environments Cloud enabled enterprise Cloud is a synergistic fusion which accelerates business value across a wide variety of domains. CapabilityFrom To Why cloud?
© 2012 IBM Corporation 10 Security and Cloud Computing09/19/12 Simple Example ? We Have Control It’s located at X. It’s stored in server’s Y, Z. We have backups in place. Our admins control access. Our uptime is sufficient. The auditors are happy. Our security team is engaged. Who Has Control? Where is it located? Where is it stored? Who backs it up? Who has access? How resilient is it? How do auditors observe? How does our security team engage? ? ? ? ? ? Today’s Data Center Tomorrow’s Public Cloud Think We
© 2012 IBM Corporation 11 Securing the Cloud is Today’s Challenge Continued movement of business to new platforms including cloud, virtualization, mobile, social business and more. Everything is everywhere. Securing the Cloud is Today’s Challenge Continued movement of business to new platforms including cloud, virtualization, mobile, social business and more. Everything is everywhere.
© 2012 IBM Corporation 12 Cloud Promises Many Benefits 12 Low Cost Elastic Infrastructure Good Measurable SLA Security
© 2012 IBM Corporation 13 Cloud Promises Many Benefits 13 Low Cost Elastic Infrastructure Good Measurable SLA Security
© 2012 IBM Corporation 14 Implications for cloud…. Distribution of Virtualization System Vulnerabilities Indeterminate: 6.25% Hypervisor: 1.25% Mgmt Server: 6.25% Guest VM: 15% Mgmt console: 16.25% Admin VM: 17.5% Hypervisor escape: 37.5%
© 2012 IBM Corporation 15 Approaches to delivering security need to align with each phase of a client’s cloud project or initiative Design Deploy Consume Establish a cloud strategy and implementation plan to get there. Build cloud services, in the enterprise and/or as a cloud services provider. Manage and optimize consumption of cloud services. Secure by Design Focus on building security into the fabric of the cloud. Workload Driven Secure cloud resources with innovative features and products. Service Enabled Enable security through services and interfaces. Cloud Security Approach
© 2012 IBM Corporation 16 Cloud computing impacts the implementation of security in fundamentally new ways People and Identity Application and Process Network, Server and Endpoint Data and Information Physical Infrastructure Governance, Risk and Compliance Security and Privacy Domains Multiple Logins, Numerous Roles Multi-tenancy, Shared Resources Audit Silos, Logging Difficulties Provider Controlled, Lack of Visibility Virtualization, Reduced Access External Facing, Quick Provisioning To cloud In a cloud environment, access expands, responsibilities change, control shifts, and the speed of provisioning resources and applications increases - greatly affecting all aspects of IT security.
© 2012 IBM Corporation 17 IaaS: Cut IT expense and complexity through a cloud enabled data center PaaS: Accelerate time to market with cloud platform services CSP: Innovate business models by becoming a cloud service provider SaaS: Gain immediate access with business solutions on cloud Adoption patterns are emerging for successfully beginning and progressing cloud initiatives
© 2012 IBM Corporation 18 Capabilities provided to consumers for using a provider’s applications Federate identity between the cloud and on-premise IT Proper user authentication Audit and compliance testing Encrypt data, both in motion and at rest Integrate existing security Integrated service management, automation, provisioning, self service Logical and physical isolation Secure virtual machines Patch of default images Encrypt stored data Assess self service portals Monitor logs on all resources Defend network perimeters Pre-built, pre-integrated IT infrastructures tuned to application-specific needs Harden exposed applications Use cloud APIs properly Protect private information Secure shared databases Manage platform identities Integrate existing security controls with the cloud Advanced platform for creating, managing, and monetizing cloud services Isolate multiple cloud tenants Secure portals and APIs Manage security operations Build compliant data centers Offer backup and resiliency Integrate systems management and security IaaS: Cut IT expense and complexity through a cloud enabled data center PaaS: Accelerate time to market with cloud platform services Innovate business models by becoming a cloud service provider SaaS: Gain immediate access with business solutions on cloud Each pattern has its own set of key security concerns Cloud Enabled Data CenterCloud Platform ServicesCloud Service ProviderBusiness Solutions on Cloud
© 2012 IBM Corporation 19 How to Compromise A Company Cloud Security Policy
© 2012 IBM Corporation 20 Understanding cloud security: using Cloud Reference Model with foundational security controls IBM Cloud Reference Model Cloud Governance Cloud specific security governance including directory synchronization and geo locational support Security Governance, Risk Management & Compliance Security governance including maintaining security policy and audit and compliance measures Problem & Information Security Incident Management Management and responding to expected and unexpected events Identity and Access Management Strong focus on authentication of users and management of identity Discover, Categorize, Protect Data & Information Assets Strong focus on protection of data at rest or in transit Information Systems Acquisition, Development, and Maintenance Management of application and virtual Machine deployment Secure Infrastructure Against Threats and Vulnerabilities Management of vulnerabilities and their associated mitigations with strong focus on network and endpoint protection Physical and Personnel Security Protection for physical assets and locations including networks and data centers, as well as employee security Deploy Design Consume
© 2012 IBM Corporation 21 Protecting and risk management in the cloud building on traditional approaches, applied to new models. Each model has different aspects to consider. Different security controls are appropriate for different cloud needs - the challenge becomes one of integration, coexistence, and recognizing what solution is best for a given workload. IBM Cloud Security One Size Does Not Fit All IBM Security Framework
© 2012 IBM Corporation 22 Security GRC Solving the Urgent Questions Am I compliant? What controls are needed? Can I prove it?
© 2012 IBM Corporation 23 Solving the Urgent Questions What's identity in the cloud? Can I restrict privileged users? Who has access? How does Federation fit in? Identity and Access in a Smarter Planet
© 2012 IBM Corporation 24 Protect sensitive data from malicious activity Solving the Urgent Questions Where's my sensitive data? How can I keep data secure? What are DBAs doing?
© 2012 IBM Corporation 25 Securing applications by design, not after disruption Solving the Urgent Questions How do I develop apps securely? How do I stop vulnerability exploitations?
© 2012 IBM Corporation 26 A platform for converged endpoint Solving the Urgent Questions How do I manage all these devices? How do I secure mobile devices?
© 2012 IBM Corporation 27 Keep the bad guys out of the network Solving the Urgent Questions Who's attacking my system? What's the latest threat intelligence? How do I manage all the data?
© 2012 IBM Corporation 28 Modernize traditional surveillance systems Solving the Urgent Questions Can I automate my video surveillance?
© 2012 IBM Corporation 29 IBM has extensive real-world experience delivering public and private cloud services “IBM has one of the most comprehensive cloud portfolios, with the cloud integrated throughout its many lines of business. Moreover, IBM’s consulting arm has put them in touch with numerous early adopters and special use cases— all of which helps the company stay ahead of competitors. ” – Jeff Vance, Datamation managed virtual machines. public cloud users. daily client transactions through public cloud. successful private cloud engagements.
© 2012 IBM Corporation 30 What are the issues we will face going forward… People and Identity Application and Process Network, Server and Endpoint Data and Information Physical Infrastructure Governance, Risk and Compliance Security and Privacy Domains Multiple Logins, Numerous Roles Multi-tenancy, Shared Resources Audit Silos, Logging Difficulties Provider Controlled, Lack of Visibility Virtualization, Reduced Access External Facing, Quick Provisioning To cloud Driven by multiple people accessing multiple devices via multiple clouds Standardisation Interoperability Big Data Governance
© 2012 IBM Corporation 31 Our focus is in two areas of cloud security Security from the CloudSecurity for the Cloud Public cloud Off premise Private cloud On premise Cloud-based Security Services Securing the Private Cloud stack – focusing on building security into the cloud infrastructure and its workloads Use cloud to deliver security as-a-Service - focusing on services such as vulnerability scanning, web and security, etc. Secure usage of Public Cloud applications – focusing on Audit, Access and Secure Connectivity 12
© 2012 IBM Corporation 32 In summary Over the past several years, security concerns surrounding cloud computing have become the most common inhibitor of widespread usage. This often translates to where is my data, who will be able to access, and how will I maintain oversight and governance? Each cloud model has different features which changes the way security gets delivered which also changes the way we look at security governance and assurance. Determining your desired security posture and enabling cloud in such a way that the new risks can be managed in a rapidly changing landscape.... Private cloud Public cloud Hybrid IT
© 2012 IBM Corporation 33
Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval from Gartner. Such approvals.
© 2011 VMware Inc. All rights reserved VMware Sales Byte Net New Customer Improve Business Continuity and Disaster Recovery (BCDR) with Managed Virtualization.
© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice The Business Case for Configuration.
Effectively and Securely Using the Cloud Computing Paradigm.
What happened to IPv5? and other oft asked IPv6 questions The Internet Society, IPv6 and You Susan Estrada.
Global Education Industry Building a Smarter Classroom Investing in Education to Stimulate and Sustain the Economy IBM Global Education Industry © Copyright.
Copyright © 2005 SOA Software, Inc. All Rights Reserved. Specifications Subject to Change Without Notice. Overcoming the SOA Network Fallacy Roberto Medrano.
1 Services. 2 Agenda Overview –Managing the Transitions of The Networked Learning Environment Blackboard Consulting –Who We Are and What We Do Blackboard.
Cloud Governance. 2 CoE IT Leadership – Cloud Governance Atos Sphere Advisory Services SAP Regressio n Testing (SaaS) Product Lifecycle Mgmt.(PL M) on.
IRS Enterprise Architecture 1 Service Oriented Architecture Discussion Modernization Through Business and Technology Transformation Avi Bender Director,
Clouds: What’s new is old is new… Joseph Alhadeff, VP Global Public Policy; CPO, Oracle.
Cloud Security Assessment. 2 CoE IT Leadership.- Progress report Introduction »Cloud computing is an approach in which infrastructure and software resources.
Is technology ubiquity a chance to re-connect security? Greg Day Director of Security Strategy.
What is the Value of Architecture Andrew L Macaulay Global Head of Architects Community March 2006 In collaboration with Microsoft Architect Insight Conference.
DevOps Best Practices for Mobile Apps Sanjeev Sharma, as played by John Lanuti IBM Software Group.
Managing IT Budgets in Uncertain Economic Times: IT Optimization.
UNIT I FUNDAMENTAL OF E-COMMERCE 1.1INTRODUCTION TO E-COMMERCE 1.2 DRIVING FORCES OF E-COMMERCE 1.3 BENEFITS AND LIMITATIONS OF E-COMMERCE 1.4 DATA MINING.
Information Technology Management (ITM101) Week 02: IT Standards & Governance Matthew W. Stephan: CISM, CISSP, CGEIT, CRISC, PMP.
© 2016 SlidePlayer.com Inc. All rights reserved.