Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.

Published byLouisa Karin Hines Modified over 9 years ago

Similar presentations

Presentation on theme: "Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp."— Presentation transcript:

1 Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.

2 Page 2 Security in the Cloud: Agenda Introductions What is Cloud Computing, and what are the risks? Cloud Security Architecture Multi-Tenancy Considerations Wrap-up

3 Page 3 Security in the Cloud: Introductions Who am I? –Rob Johnson, Distinguished Engineer, Unisys Corp. –30 years doing I/O, networking, and security Who is Unisys? –130+ year heritage –Provides technology, services, and solutions to the world’s largest enterprises Who are You?

4 Page 4 Security in the Cloud: What is Cloud Computing? National Institute of Standards and Technology (NIST): http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def- v15.doc http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def- v15.doc –Essential Characteristics: On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, Measured service –Service Models: Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS) –Deployment Models: Private cloud, Community cloud, Public cloud, Hybrid cloud –On/off Premise Security controls being defined by industry: FedRAMP, PCI DSS v2.0, etc.

5 Page 5 Security in the Cloud: What are the Risks? #1 Loss of control of assets (applications and data) –Where are they? –How many copies are there? –Who can access them? #2 Compliance –Regulatory Audits: PCI DSS v2, HIPAA, COBIT, FedRAMP, etc. –Jurisdictional Boundaries: Patriot Act, Data locality regulations #3 Provider Transparency –Process visibility –Audit, logging, and Incident Event Management (IEM)

6 Page 6 Cloud Computing: Service Models Software as a Service (SaaS): –Complete application environment supplied and managed by the Cloud Provider, not tenant Platform as a Service (PaaS) –Provider supplies an application development and execution environment. –Tenant can secure data and inter-process communication. Infrastructure as a Service (IaaS) –Provider supplies the infrastructure components (compute, network, storage), but little else. –Tenant runs a virtual data center.

7 Page 7 Security in the Cloud: Cloud Security Architecture Service Models wrapped in Access Planes

8 Page 8 Cloud Security Architecture: Access Planes Service Models wrapped in Access Planes –Provider Administration: Controls and manages the service components IaaS: Hypervisors, vSwitches, vFirewalls, storage vLUNs, etc. PaaS: VMs for hosting applications, web services, storage containers, load balancers, etc. SaaS: Application suites, databases, identity management, etc.

9 Page 9 Cloud Security Architecture: Access Planes Service Models wrapped in Access Planes –Provider Administration –Tenant Administration: Manages per-Tenant components IaaS: VMs, vFirewalls, vLUNs PaaS: Applications, object stores SaaS: Users, application data objects

10 Page 10 Cloud Security Architecture: Access Planes Service Models wrapped in Access Planes –Provider Administration –Tenant Administration –End User Access IaaS: VM console (RDP, rsh, etc.) PaaS: Distributed apps (SOA, webapps), test/dev, etc. SaaS: Application presentation

11 Page 11 Cloud Security Architecture: Access Planes Service Models wrapped in Access Planes –Provider Administration –Tenant Administration –End User Access –Intra-Cloud Access Service-to-service Intra-tenant Web services

12 Page 12 Security in the Cloud: Multi-Tenancy Considerations Isolation and Containment: Tenants Share Physical Resources Identity and Access Management: “Who are you, and why do they keep sending you here?” Transparency: “ Where are my assets, and who is doing what to them?”

13 Page 13 Security in the Cloud: Multi-Tenancy Considerations Isolation and Containment: Tenants Share Physical Resources –Data in Process Memory Processors and caches NICs HBAs etc.

14 Page 14 Security in the Cloud: Multi-Tenancy Considerations Isolation and Containment: Tenants Share Physical Resources –Data in Process –Data in Motion Cloud Intranet –VLANs and Firewalls –Cryptographic Communities of Interest ─ IPsec ─ SSL ─ Unisys Stealth

15 Page 15 Security in the Cloud: Multi-Tenancy Considerations Isolation and Containment: Tenants Share Physical Resources –Data in Process –Data in Motion Cloud Intranet Extranet / Internet –Tenant DMZs –Site-to-site VPNs –Remote users –Web access

16 Page 16 Security in the Cloud: Multi-Tenancy Considerations Isolation and Containment: Tenants Share Physical Resources –Data in Process –Data in Motion –Data at Rest Network Attached Storage (NAS) –Per-tenant file servers –Access Control Lists (ACLs) –Encrypted File Systems

17 Page 17 Security in the Cloud: Multi-Tenancy Considerations Isolation and Containment: Tenants Share Physical Resources –Data in Process –Data in Motion –Data at Rest Network Attached Storage (NAS) Storage Area Network (SAN) –Virtualized LUNs –Encryption / Authentication –Replication / Dispersal

18 Page 18 Security in the Cloud: Multi-Tenancy Considerations Isolation and Containment: Tenants Share Physical Resources –Data in Process –Data in Motion –Data at Rest Network Attached Storage (NAS) Storage Area Network (SAN) PaaS storage objects & containers

19 Page 19 Security in the Cloud: Multi-Tenancy Considerations Isolation and Containment: Tenants Share Physical Resources Identity & Access Management: “Who are you, and why do they keep sending you here?” –Identification: Who are you? –Authentication: Prove you are who you say you are. –Authorization: What are you allowed to do / what is your role? –Validation: Double-check before executing

20 Page 20 Security in the Cloud: Multi-Tenancy Considerations Isolation and Containment: Tenants Share Physical Resources Identity & Access Management: “Who are you, and why do they keep sending you here?” Transparency: “Where are my assets, and who is doing what to them?” –Accountability: All actions are securely audited –Chargeability: Pay-for-play –SLAs: Availability, scalability, performance, etc.

21 Page 21 Security in the Cloud: Wrap-up Cloud Computing = losing control of assets (data, applications) Secure Cloud Computing = regaining control through identity management, secure networking, secure storage, and provider transparency Questions?

Download ppt "Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp."

Similar presentations

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.

Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
Virtualization and the Cloud

Virtualization and the Cloud
INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 4.

INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 4.
Agenda Who needs an Architect? Cloud and Security Key Security Differences in Private Cloud Cloud Security Challenges Secondary to Essential Characteristics.

Agenda Who needs an Architect? Cloud and Security Key Security Differences in Private Cloud Cloud Security Challenges Secondary to Essential Characteristics.
Wally Kowal, President and Founder Canadian Cloud Computing Inc.

Wally Kowal, President and Founder Canadian Cloud Computing Inc.
Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.

Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.
M.A.Doman 2011. Model for enabling the delivery of computing as a SERVICE.

M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Cloud computing Tahani aljehani.

Cloud computing Tahani aljehani.
Security in Cloud Computing Presented by : Ahmed Alalawi.

Security in Cloud Computing Presented by : Ahmed Alalawi.
Discussion on LI for Mobile Clouds

Discussion on LI for Mobile Clouds
Plan Introduction What is Cloud Computing?

Plan Introduction What is Cloud Computing?
CLOUD COMPUTING. FIVE ESSENTIAL CHARACTERISTICS. WHAT IS CLOUD? 2.

CLOUD COMPUTING. FIVE ESSENTIAL CHARACTERISTICS. WHAT IS CLOUD? 2.
Effectively and Securely Using the Cloud Computing Paradigm.

Effectively and Securely Using the Cloud Computing Paradigm.
Www.oasis-open.org An Oracle SPARC/Solaris Private Cloud Reference Architecture/Implementation Harry J Foxwell, PhD Principal Consultant for Cloud Computing.

An Oracle SPARC/Solaris Private Cloud Reference Architecture/Implementation Harry J Foxwell, PhD Principal Consultant for Cloud Computing.
Cloud Computing Why is it called the cloud?.

Cloud Computing Why is it called the cloud?.

Similar presentations

Ads by Google