Presentation is loading. Please wait.

Presentation is loading. Please wait.

RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010."— Presentation transcript:

1 RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010

2 Security is at the center of EMC’s private cloud strategy 2 Trusted Control Reliable Secure Flexible Dynamic On-demand Efficient Private Cloud Cloud Computing Virtualized Data Center Security VirtualizationInformationFederation Internal cloudExternal cloud

3 The Journey to the Cloud and its Security Implications Introduce new platform and management components in IT ecosystem Virtualize non critical systems Dissociate application from IT physical infrastructure Virtualize mission critical applications Make IT available as a service Convergence of IT admin roles (storage, network, system, V.I.) Create internal clouds Externalize IT physical infrastructure Expand to external clouds New attack surfaces needs to be locked down Security policies need to centered on identity and information, not infrastructure Compliance and security need visibility into the virtual infrastructure Need new perimeters enforced within the virtual infrastructure aligned with policies Security management is converging with Virtual infrastructure amanagement Need evidence of compliance from cloud providers Need to federate identity and policies across clouds Need multi-tenancy and isolation built in the cloud infrastructure Information in physical infrastructure needs to be isolated from service providers admins 3 Journey to the Cloud  Security Journey

4 4 Cloud’s Emerging Security Challenges Defining Trusted Zones Surpassing Physical Infrastructure Security

5 Source: Live EMC Forum pole conducted in 5 cities across N. America, 10/09 “Yes, in all cases” 24% “In some cases, but there are gaps” 43% “No, security is brought in after the fact” 22% “The business moves ahead without security” 11% Question Does your IT security address the risks associated with virtualization and private cloud before they are implemented? Why is this bad? Restricted potential value Increased potential for data breaches Question Does your IT security address the risks associated with virtualization and private cloud before they are implemented? 5

6 Internal Employees Adoption of Cloud Computing is Expanding the Enterprise Attack Surface Business Analytics Enterprise Applications Replica Backup Disk Backup Tape SharePoint eRoom, etc. File Server Disk Arrays Production Database Privileged Users Contractors Privileged Users Partner Entry Points Channels Customers Partner Entry Points Partners Channels Remote Employees Channels VPN Apps/DBStorageFS/CMSNetworkEndpoint IP Sent to non trusted user Stolen IP App, DB or Encryption Key Hack Fraud Stolen Credentials Endpoint theft/loss Network Leak Email-IM-HTTP- FTP-etc. Privileged User Breach Inappropriate Access Privileged Users Tapes lost or stolen Data Leak Via USB/Print Public Infrastructure Access Hack Unintentional Distribution (Semi) Trusted User Misuse Discarded disk exploited

7 Attacks are Now Targeting the Extended Enterprise 7 60% of Fortune 500 contaminated by a Trojan over a one month period (August 2009) Public clouds increase corporations’ attack surface by exposing critical corporate applications to attackers Trojan attacks targeted at stealing login names and passwords are on the rise Corporate espionage is expanding driving attackers interest beyond financial institutions Source: RSA Anti-Fraud Command Center

8 Physical Infrastructure APP OS APP OS Traditional Computing: The Network Security Perimeter is Aligned with Policy Boundaries 8 APP OS APP OS APP OS APP OS APP OS APP OS Enterprise #1 Enterprise #2 Attackers Identity Infor- mation Identity

9 Physical Infrastructure APP OS APP OS Physical Infrastructure Private Clouds demand a Policy-aware “Trusted Zone” for Data, VM and Identities 9 Tenant #1 Physical Infrastructure Tenant #2 Cloud Provider Attackers APP OS APP OS APP OS APP OS Virtual Infrastructure APP OS APP OS Virtual Infrastructure Identity Information Identity

10 10 Cloud’s Emerging Security Challenges Defining Trusted Zones Surpassing Physical Infrastructure Security

11 Physical Infrastructure Trusted Zones Key Capabilities Tenant #2 APP OS APP OS Virtual Infrastructure Physical Infrastructure Cloud Provider APP OS APP OS Virtual Infrastructure Tenant #1 Isolate information from cloud providers’ employees Isolate information between tenants Isolate infrastructure from Trojans and cybercriminals Segregate and control user access Control and isolate VM in the virtual infrastructure Federate identities with public clouds Identity federation Virtual network security Access Mgmt Cybercrime intelligence Strong authentication Data loss prevention Encryption & key mgmt Tokenization Enable end to end view of security events and compliance across infrastructures Security Info. & Event Mgmt GRC

12 Physical Infrastructure Creating “Trusted Zones” for cloud applications 12 Protect against cybercriminals – Use cybercrime intelligence – Implement strong authentication Enforce trust policies – VM-level: Group VMs into trusted zones Control VM provisioning policies – Data level Avoid data leakage between tenants Control data in the cloud provider infrastructure – Identity level: Manage user access within a trusted zone and across trusted zones Managing policy compliance across physical, virtual and cloud infrastructures Tenant #2 APP OS APP OS Virtual Infrastructure Physical Infrastructure Cloud Provider APP OS APP OS Virtual Infrastructure Tenant #1

13 Dark Cloud Stolen Files Repository Hacker Forum Discussion Botnet Herders Malware Infection Point Trojan Mothership Stolen Credentials Database eFraudNetwork Corp 1 Corp 2 Corp 3 Corp 4 Corp 5 Corp 6 Corp 7 Corporate Provide Cybercrime Intelligence and Strong Authentication Based on Feeds from the Dark Cloud First level of defense: Cybercrime intelligence Second level of defense: Strong authentication

14 Physical Infrastructure Creating “Trusted Zones” 14 Protect against cybercriminals – Use cybercrime intelligence – Implement strong authentication Enforce trust policies – VM-level: Group VMs into trusted zones Control VM provisioning policies – Data level Avoid data leakage between tenants Control data in the cloud provider infrastructure – Identity level: Manage user access within a trusted zone and across trusted zones Managing policy compliance across physical, virtual and cloud infrastructures Tenant #2 APP OS APP OS Virtual Infrastructure Physical Infrastructure Cloud Provider APP OS APP OS Virtual Infrastructure Tenant #1

15 Virtualization Enables More Effective Security by Pushing Enforcement Down the Stack Pushing information security enforcement in the virtualization and cloud infrastructure ensures consistency, simplifies security management and enables customers to surpass the levels of security possible in today’s physical infrastructures Physical infrastructure APP OS APP OS APP OS APP OS vApp and VM layer Virtual and cloud infrastructure Today most security is enforced by the OS and application stack making it ineffective, inconsistent and complex

16 VMware vShield Zones and RSA DLP: Building a Content-Aware Trusted Zone 16 Overview VMware vShield Zones provides isolation between groups of VMs in the virtual infrastructure Leverages the capabilities of vShield Zones to deploy DLP as a virtual application monitoring data traversing virtual networks Uses a centrally managed policies and enforcement controls to prevent data loss in the virtual datacenter Customer Benefits Pervasive protection Persistent protection Improved scalability Physical Infrastructure VMware VSphere VMware vShield zones DLP APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS Virtual Infrastructure

17 Internal storage Cloud Scan data Proof of Concept: RSA Data Loss Prevention with EMC Atmos Concept demonstrated at EMC World 2009 Atmos metadata update based on DLP policy Sensitive data never leaves customer sites or is only sent to trusted external cloud sites Build content-aware private storage clouds External Storage Cloud Client App EMC Atmos Online EMC Atmos DLP Update metadata Federate data securely Store data

18 Physical Infrastructure Creating “Trusted Zones” 18 Protect against cybercriminals – Use cybercrime intelligence – Implement strong authentication Enforce trust policies – VM-level: Group VMs into trusted zones Control VM provisioning policies – Data level Avoid data leakage between tenants Control data in the cloud provider infrastructure – Identity level: Manage user access within a trusted zone and across trusted zones Managing policy compliance across physical, virtual and cloud infrastructures Tenant #2 APP OS APP OS Virtual Infrastructure Physical Infrastructure Cloud Provider APP OS APP OS Virtual Infrastructure Tenant #1

19 Monitoring and Managing Corporate Policy Compliance 19 Across virtual, physical, internal and external infrastructures Tenant #2 APP OS APP OS Virtual Infrastructure Physical Infrastructure Cloud Provider APP OS APP OS Virtual Infrastructure Tenant #1 EMC IONIX VMware vCenter Virtual infrastructure management GRC End-to-end compliance reporting Security configuration and vulnerability management for physical and virtual infrastructures RSA enVision End-to-end security event management

20 20 Cloud’s Emerging Security Challenges Defining Trusted Zones Surpassing Physical Infrastructure Security

21 Surpassing Physical Security in Action: Virtual Desktop 21 RSA SecurID strong authentication for user access to virtual desktops RSA Data Loss Prevention Endpoint prevents data loss at the virtual desktop RSA enVision event monitoring and a centralized dashboard RSA SecurID strong authentication for administrative access to ESX EMC IONIX ensures a secure configuration and patch level for all virtual desktops Hosted virtual desktops are isolated from the dark cloud contamination by the enterprise perimeter VMware View Manager

22 RSA is Uniquely Positioned to be the Leader in Securing the Cloud Hosted by RSA, e.g., Adaptive Authentication, eFraudNetwork Delivered by MSSP or other cloud providers Delivering RSA products as cloud services Securing the virtual datacenter Federation between internal and external clouds Security-aware cloud infrastructures Securing the private cloud Strong authentication Access management Identity protection Cybercrime monitoring Securing the public cloud

23 Thank you!

Download ppt "RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010."

Similar presentations

Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP, CCSK Principal Systems Engineer – Security.

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP, CCSK Principal Systems Engineer – Security.
System Center 2012 R2 Overview

System Center 2012 R2 Overview
© 2009 VMware Inc. All rights reserved VMware Horizon Mobile Intro - NetHope Deepak Puri Director Mobile Business Development +1 (415) 606-4416

© 2009 VMware Inc. All rights reserved VMware Horizon Mobile Intro - NetHope Deepak Puri Director Mobile Business Development +1 (415)
MARCO TECHNOLOGY SEMINAR Sponsored By:. 2:15-2:30 p.m. Registration and Welcome 2:30-4:30 p.m.Cisco Networking, Video and Data Center 4:30-5:15 p.m. EMC.

MARCO TECHNOLOGY SEMINAR Sponsored By:. 2:15-2:30 p.m. Registration and Welcome 2:30-4:30 p.m.Cisco Networking, Video and Data Center 4:30-5:15 p.m. EMC.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
1 © 2009 Cisco | EMC | VMware. All rights reserved. Virtual Computing Environment Accelerating Deployment of the Private Cloud Cisco and EMC, together.

1 © 2009 Cisco | EMC | VMware. All rights reserved. Virtual Computing Environment Accelerating Deployment of the Private Cloud Cisco and EMC, together.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
© 2011 VMware Inc. All rights reserved Confidential VMware Direction Jonathan Gohstand, Director, Security & Networking Product Marketing.

© 2011 VMware Inc. All rights reserved Confidential VMware Direction Jonathan Gohstand, Director, Security & Networking Product Marketing.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
-How To leverage Virtual Desktop for Manageability & Security -Desktop Computing “as a service” Andreas Tsangaris CTO, PERFORMANCE

-How To leverage Virtual Desktop for Manageability & Security -Desktop Computing “as a service” Andreas Tsangaris CTO, PERFORMANCE
Virtual techdays INDIA │ 9-11 February 2011 Cross Hypervisor Management Using SCVMM 2008 R2 Vikas Madan │ Partner Consultant II, Microsoft Corporation.

Virtual techdays INDIA │ 9-11 February 2011 Cross Hypervisor Management Using SCVMM 2008 R2 Vikas Madan │ Partner Consultant II, Microsoft Corporation.
RSA RSA Security Solutions for Virtualization Martin de Jongh Martin de Jongh, Presales team lead EMEA North.

RSA RSA Security Solutions for Virtualization Martin de Jongh Martin de Jongh, Presales team lead EMEA North.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
The Evolution of the Kaspersky Lab Approach to Corporate Security Petr Merkulov, Chief Product Officer, Kaspersky Lab Kaspersky Lab Cyber Conference, Cancun,

The Evolution of the Kaspersky Lab Approach to Corporate Security Petr Merkulov, Chief Product Officer, Kaspersky Lab Kaspersky Lab Cyber Conference, Cancun,
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Similar presentations

Ads by Google