Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.

Slides:

Advertisements

Similar presentations

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Advertisements

Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

Virtualization and the Cloud

INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 4.

Agenda Who needs an Architect? Cloud and Security Key Security Differences in Private Cloud Cloud Security Challenges Secondary to Essential Characteristics.

Wally Kowal, President and Founder Canadian Cloud Computing Inc.

Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.

M.A.Doman Model for enabling the delivery of computing as a SERVICE.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Cloud computing Tahani aljehani.

Security in Cloud Computing Presented by : Ahmed Alalawi.

Discussion on LI for Mobile Clouds

Plan Introduction What is Cloud Computing?

CLOUD COMPUTING. FIVE ESSENTIAL CHARACTERISTICS. WHAT IS CLOUD? 2.

Effectively and Securely Using the Cloud Computing Paradigm.

An Oracle SPARC/Solaris Private Cloud Reference Architecture/Implementation Harry J Foxwell, PhD Principal Consultant for Cloud Computing.

Cloud Computing Why is it called the cloud?.

CLOUD COMPUTING & COST MANAGEMENT S. Gurubalasubramaniyan, MSc IT, MTech Presented by.

Introduction to Cloud Computing

+ System Center 2012 SP1 – What’s The Cloud Got To Do With it?

Opensource for Cloud Deployments – Risk – Reward – Reality

Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.

Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security.

Cloud Computing. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable.

In the name of God :).

M.A.Doman Short video intro Model for enabling the delivery of computing as a SERVICE.

Microsoft Virtual Academy.

Windows Azure Conference 2014 Deploy your Java workloads on Windows Azure.

Overview Abstract Vulnerability: An Overview Cloud Computing Cloud-Specific Vulnerabilities Architectural Components and Vulnerabilities Conclusion.

Plan  Introduction  What is Cloud Computing?  Why is it called ‘’Cloud Computing’’?  Characteristics of Cloud Computing  Advantages of Cloud Computing.

What is the cloud ? IT as a service Cloud allows access to services without user technical knowledge or control of supporting infrastructure Best described.

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

By Nicole Rowland. What is Cloud Computing?  Cloud computing means that infrastructure, applications, and business processes can be delivered to you.

Define Cloud Computing

PaaSport Introduction on Cloud Computing PaaSport training material.

Chapter 8 – Cloud Computing

Cloud computing Cloud Computing1. NIST: Five essential characteristics On-demand self-service Computing capabilities, disks are demanded over the network.

Architecture & Cybersecurity – Module 3 ELO-100Identify the features of virtualization. (Figure 3) ELO-060Identify the different components of a cloud.

CLOUD COMPUTING RICH SANGPROM. What is cloud computing? “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a.

Software Acquisition Management. Cloud Computing 2.

Web Technologies Lecture 13 Introduction to cloud computing.

Lecture XIV: Cloud Software Security CS 4593 Cloud-Oriented Big Data and Software Engineering.

1 TCS Confidential. 2 Objective : In this session we will be able to learn:  What is Cloud Computing?  Characteristics  Cloud Flavors  Cloud Deployment.

CLOUD COMPUTING WHAT IS CLOUD COMPUTING?  Cloud Computing, also known as ‘on-demand computing’, is a kind of Internet-based computing,

ISA 201 Intermediate Information Systems Acquisition.

Innovative Partnership Solution-Driven Commitment Agile Value Sustainable.

Øg fleksibiliteten i din infrastruktur 32 virtual processors per VM 1 TB virtual machine memory New 64TB VHDX format Native 4k disk support Hyper-V.

CLOUD COMPUTING When it's smarter to rent than to buy.. Presented by D.Datta Sai Babu 4 th Information Technology Tenali Engineering College.

© 2012 Eucalyptus Systems, Inc. Cloud Computing Introduction Eucalyptus Education Services 2.

Cloud Computing Security With More Than 50 Years Of Security And Enterprise Experience Cloud Raxak Automating Cloud Security. Cloud Raxak automates and.

Private KEEP OFF! Private KEEP OFF! Open! What is a cloud? Cloud computing is a model for enabling convenient, on-demand network access to a shared.

CS 6027 Advanced Networking FINAL PROJECT . Cloud Computing KRANTHI CHENNUPATI PRANEETHA VARIGONDA SANGEETHA LAXMAN VARUN DENDUKURI.

Prof. Jong-Moon Chung’s Lecture Notes at Yonsei University

Unit 3 Virtualization.

Security on OpenStack 11/7/2013

Chapter 6: Securing the Cloud

Understanding The Cloud

VIRTUALIZATION & CLOUD COMPUTING

Chapter 21: Cloud Computing and Related Security Issues

Chapter 22: Cloud Computing Technology and Security

Network Services, Cloud Computing, and Virtualization

Cloud Computing ISY143.

CNIT131 Internet Basics & Beginning HTML

Managing Clouds with VMM

Computers Are Your Future Twelfth Edition

Cloud Computing: Concepts

IT Management Services Infrastructure Services

Presentation transcript:

Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.

Page 2 Security in the Cloud: Agenda Introductions What is Cloud Computing, and what are the risks? Cloud Security Architecture Multi-Tenancy Considerations Wrap-up

Page 3 Security in the Cloud: Introductions Who am I? –Rob Johnson, Distinguished Engineer, Unisys Corp. –30 years doing I/O, networking, and security Who is Unisys? –130+ year heritage –Provides technology, services, and solutions to the world’s largest enterprises Who are You?

Page 4 Security in the Cloud: What is Cloud Computing? National Institute of Standards and Technology (NIST): v15.doc v15.doc –Essential Characteristics: On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, Measured service –Service Models: Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS) –Deployment Models: Private cloud, Community cloud, Public cloud, Hybrid cloud –On/off Premise Security controls being defined by industry: FedRAMP, PCI DSS v2.0, etc.

Page 5 Security in the Cloud: What are the Risks? #1 Loss of control of assets (applications and data) –Where are they? –How many copies are there? –Who can access them? #2 Compliance –Regulatory Audits: PCI DSS v2, HIPAA, COBIT, FedRAMP, etc. –Jurisdictional Boundaries: Patriot Act, Data locality regulations #3 Provider Transparency –Process visibility –Audit, logging, and Incident Event Management (IEM)

Page 6 Cloud Computing: Service Models Software as a Service (SaaS): –Complete application environment supplied and managed by the Cloud Provider, not tenant Platform as a Service (PaaS) –Provider supplies an application development and execution environment. –Tenant can secure data and inter-process communication. Infrastructure as a Service (IaaS) –Provider supplies the infrastructure components (compute, network, storage), but little else. –Tenant runs a virtual data center.

Page 7 Security in the Cloud: Cloud Security Architecture Service Models wrapped in Access Planes

Page 8 Cloud Security Architecture: Access Planes Service Models wrapped in Access Planes –Provider Administration: Controls and manages the service components IaaS: Hypervisors, vSwitches, vFirewalls, storage vLUNs, etc. PaaS: VMs for hosting applications, web services, storage containers, load balancers, etc. SaaS: Application suites, databases, identity management, etc.

Page 9 Cloud Security Architecture: Access Planes Service Models wrapped in Access Planes –Provider Administration –Tenant Administration: Manages per-Tenant components IaaS: VMs, vFirewalls, vLUNs PaaS: Applications, object stores SaaS: Users, application data objects

Page 10 Cloud Security Architecture: Access Planes Service Models wrapped in Access Planes –Provider Administration –Tenant Administration –End User Access IaaS: VM console (RDP, rsh, etc.) PaaS: Distributed apps (SOA, webapps), test/dev, etc. SaaS: Application presentation

Page 11 Cloud Security Architecture: Access Planes Service Models wrapped in Access Planes –Provider Administration –Tenant Administration –End User Access –Intra-Cloud Access Service-to-service Intra-tenant Web services

Page 12 Security in the Cloud: Multi-Tenancy Considerations Isolation and Containment: Tenants Share Physical Resources Identity and Access Management: “Who are you, and why do they keep sending you here?” Transparency: “ Where are my assets, and who is doing what to them?”

Page 13 Security in the Cloud: Multi-Tenancy Considerations Isolation and Containment: Tenants Share Physical Resources –Data in Process Memory Processors and caches NICs HBAs etc.

Page 14 Security in the Cloud: Multi-Tenancy Considerations Isolation and Containment: Tenants Share Physical Resources –Data in Process –Data in Motion Cloud Intranet –VLANs and Firewalls –Cryptographic Communities of Interest ─ IPsec ─ SSL ─ Unisys Stealth

Page 15 Security in the Cloud: Multi-Tenancy Considerations Isolation and Containment: Tenants Share Physical Resources –Data in Process –Data in Motion Cloud Intranet Extranet / Internet –Tenant DMZs –Site-to-site VPNs –Remote users –Web access

Page 16 Security in the Cloud: Multi-Tenancy Considerations Isolation and Containment: Tenants Share Physical Resources –Data in Process –Data in Motion –Data at Rest Network Attached Storage (NAS) –Per-tenant file servers –Access Control Lists (ACLs) –Encrypted File Systems

Page 17 Security in the Cloud: Multi-Tenancy Considerations Isolation and Containment: Tenants Share Physical Resources –Data in Process –Data in Motion –Data at Rest Network Attached Storage (NAS) Storage Area Network (SAN) –Virtualized LUNs –Encryption / Authentication –Replication / Dispersal

Page 18 Security in the Cloud: Multi-Tenancy Considerations Isolation and Containment: Tenants Share Physical Resources –Data in Process –Data in Motion –Data at Rest Network Attached Storage (NAS) Storage Area Network (SAN) PaaS storage objects & containers

Page 19 Security in the Cloud: Multi-Tenancy Considerations Isolation and Containment: Tenants Share Physical Resources Identity & Access Management: “Who are you, and why do they keep sending you here?” –Identification: Who are you? –Authentication: Prove you are who you say you are. –Authorization: What are you allowed to do / what is your role? –Validation: Double-check before executing

Page 20 Security in the Cloud: Multi-Tenancy Considerations Isolation and Containment: Tenants Share Physical Resources Identity & Access Management: “Who are you, and why do they keep sending you here?” Transparency: “Where are my assets, and who is doing what to them?” –Accountability: All actions are securely audited –Chargeability: Pay-for-play –SLAs: Availability, scalability, performance, etc.

Page 21 Security in the Cloud: Wrap-up Cloud Computing = losing control of assets (data, applications) Secure Cloud Computing = regaining control through identity management, secure networking, secure storage, and provider transparency Questions?