Spotlight on Mainframe Security: Data Authenticity and Endpoint Security

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Spotlight on Mainframe Security: Data Authenticity and Endpoint Security"

Transcription

1 Spotlight on Mainframe Security: Data Authenticity and Endpoint Security P K W A R E W H I T E P A P E R WP 700.xxxx

2 Table of Contents Cloud Computing and the Mainframe 3 Different Kinds of Clouds and the Mainframe 4 The Cloud and Man-in-the-middle Attacks 4 Defeating Man-in-the-middle Attacks 5 Conclusion 7 2

3 Spotlight on Mainframe Security: Data Authenticity and Endpoint Security Mainframe modernization via Service-Oriented Architecture (SOA) and other means introduces certain risks to the quality and accuracy of data. Even though the mainframe has the most durable protections in the industry, necessary integration with small platform systems in order to provide user productivity interfaces opens the door to man-in-the-middle attacks and other threats far beyond those contemplated in the system s initial design. Market needs for improved operational efficiency and quicker time-to-market compels modernization in all of its forms, particularly through web application integration. IBM clearly recognizes this, as demonstrated in the recent release of the Solution Edition for the IBM System z Enterprise Linux Server. This offering provides a System z10 with no z/os running on it, simply z/vm with SUSE or Red Hat guests. The fact that IBM is packaging a mainframe without its flagship operating system sheds light on the fact that the mainframe is now just another server in your data center, with all the network connectivity, integration points, and risks of any other server. Twenty years ago, the mainframe was liquid-cooled and sat on a raised floor in the data center, physically protected by a series of badge readers with a limited network and well-defined 3270 end points. Now, the air-cooled mainframe can sit on a non-raised floor, serving web pages to anyone on the Internet, anywhere. In fact, more and more organizations are using the mainframe for just that purpose, since it remains superior in regard to Reliability, Availability, and Serviceability (RAS). It also offers efficiencies in power and workload management, when compared to smaller platforms. SOA provides a framework for distributed applications provisioned from the mainframe. No longer are missioncritical applications wholly resident within the protected application space of the traditional mainframe processing environment. Today, applications based on services rely on the Internet, or the internal network of an organization, for access to functions that once were contained within the boundaries of a single machineresident application. This change moves access to applications beyond the data center or organizational perimeter and extends processing capability globally through the spectrum of public, private, and hybrid clouds. Cloud Computing and the Mainframe Cloud computing is a huge buzz word in the industry today; those most experienced and familiar with the mainframe can be justifiably skeptical that a new concept has been introduced. It seems more like a variation of something else that has long existed within mainframe computing. For example, virtualization is not new; it has been around on the mainframe since the late 1960s. On closer inspection by the seasoned mainframe executive, the paradigm of cloud computing seems more of an evolutionary change than the over-hyped revolutionary change touted by some pundits. 3

4 Mainframe modernization, however, is likely to play a big role in cloud computing, as the mainframe already performs many of the services required by effective cloud computing: Software as a Service (SaaS) the application is hosted on the mainframe. Customer Information Control System (CICS) has been doing this for years. In today s paradigm, SaaS usually refers to applications delivered through a browser, which the mainframe ably serves via WebSphere on z/os or zlinux. Infrastructure as a Service (IaaS) a virtual server and storage are provided in a hosted environment, much like you find with guests on z/vm. This is a very common use case with z/os and zlinux. Platform as a Service (PaaS) desktop or server images are provided remotely. As with the previous examples, this concept traces back to the early 1970s mainframe shared computing. PaaS typically includes the development, testing, deployment, and hosting of the service; in contemporary terms it includes development, testing, and deployment over the web, again through z/os and zlinux. Different Kinds of Clouds and the Mainframe How services are provided, and by whom, defines the type of cloud that is being used: public, private, or hybrid cloud. Public Cloud A public cloud is where services are provided outside the organization, hosted by the data center of a third party, on infrastructure that is [almost always] shared by other customers. The provider of the services gains economies of scale that translate into reduced costs to customers, with the offset of reduced direct control. There are many additional advantages of using public cloud services. Organizations may require specific services to meet their business requirements that lie outside their core competencies, such as the customer relationship management automation needs of a hard goods manufacturer. A provider that focuses on delivering those services is going to be better equipped to do so than an organization whose core business is selling finished goods. Enterprises can take advantage of those services, the richness of their functionality, and the lower cost basis public cloud service provides, while still continuing to focus on their core business. Examples of public cloud services include Amazon S3, Google Docs, and Salesforce. Private Cloud A private cloud, then, is defined as cloud services delivered from within the organization s own data center for its own exclusive use. Private cloud provisioning may be somewhat more expensive, but holds the benefits of improved ability to provide higher service levels for availability, reliability, and response time. Hybrid Cloud Hybrid cloud, naturally, refers to implementations integrating both public and private cloud-based application to address a given business need (e.g., public cloud storage integrated with private cloud application support). The Cloud and Man-in-the-middle Attacks Just because an application is hosted in a cloud of any type, however, does not mean that it provides the 4

5 necessary or appropriate security for an organization s sensitive data. It is imperative that mainframe executives understand that this is not an issue restricted to public cloud delivery. Insider threats are so common today that private cloud implementations may represent greater risk. Many of the breaches that we read about are not about outside attackers that are penetrating the perimeter; the attackers are already on the inside of the perimeter where the attack surface is much richer than it is from outside the perimeter. By definition, cloud applications built using SOAs are modular and are composed of many smaller selfcontained components, all combining together to provide integrated application functions. They are distributed with components residing on any number of independent, interconnected machines particularly many PC-based browsers and open server-based applications connecting to the mainframe. This model of application development provides for unprecedented agility and scalability of business functions, extending many of the application development tenants the mainframe has helped to foster. While the benefits of service-oriented applications are leading more and more organizations to adopt servicebased application models, there are new risks associated with distributing application processing over the network. These risks raise new concerns on how to ensure these applications still meet requisite security requirements and are exponentially greater when the network extends to the Internet. Chief among the security concerns is how to retain both application and data integrity between all the distributed components. Distributed applications are particularly susceptible to a type of security vulnerability known as a man-inthe-middle attack. This type of attack can occur whenever there is an exchange of information between applications or application components over a communication link such as a network. Service-oriented applications are more susceptible to this type of attack because the components of an application may reside on separate machines and the data they process may move between machines during normal processing. The attack is implemented when an attacker, through misrepresentation, intercepts or alters the information exchanged between two legitimate process components and either receives information inappropriately or provides false information. The result of this type of attack is that the integrity and, therefore, the legitimacy of the data are compromised. For example, consider a bank clearing application that exchanges bulk files of checks needing to be settled. One component of the application accumulates all the check information, including the payer and the payee information, and then passes it to another component that posts all the necessary debits and credits to all impacted accounts. If a man-in-the-middle intercepts the file from the first component, substitutes his offshore account information in place of the legitimate payee s information, and then passes a still well-formed file to the second component, the attacker might successfully defraud an organization for millions of dollars. Defeating Man-in-the-middle Attacks To prevent against man-in-the-middle attacks, service-oriented applications must provide for authentication of data exchanged between components. This includes verification of the identity of each component on which the application depends, as well as authentication of the data received for processing. A number of validation methods can be utilized to verify the right component is being used. The best method for ensuring the data integrity of application data is through the use of digital signing. A digital signature provides an 5

6 identity between signed data and a Original Data verifiably trusted entity, whether an individual, organization, or application. Digital signing occurs when the full body of data is first passed through a cryptographic hash function to derive a Hashing Algorithm fixed length output. A hash function is a mathematical process for converting an One-way Hash input data set, often of large size, into a unique output value called a message Private Key Encryption Digital Signature digest. The message digest is then encrypted using the signer s private FIGURE 1 DIGITAL SIGNING key. This encrypted message digest then becomes the digital signature. The digital signature and a copy of the signer Original Data certificate are attached to the data. One-way Hash Authentication is performed by using the signer s public key to decrypt the signed Identical Hashes Validate Data Integrity hash. The signed hash is compared to an independently derived hash using Digital Signature Private Key Encryption One-way Hash the same input data and hash function. Contemporary hash functions include SHA-1 and SHA-2, in a variety of bit FIGURE 2 AUTHENTICATING A DIGITAL SIGNATURE strengths. Some service-oriented applications require assurance that the digital signature applied to the data is not only valid, but that it is from the expected digital signer. This provides extra assurance that the data presented is genuine and not only has not been tampered with since the data was signed, but also that the signature was applied by a specific named party. This process is often referred to as trusted authentication. Transaction authentication is well defined and can be achieved through two-factor authentication methods of identifying a user or application. This method is based on something a user has and something they know or something they are. A common example is the use of an X.509 held on a smart card, which many federal agencies require the user must have the smart card and know the passphrase to access the private key on the card before it can be used for decryption or signing. Transaction Verification (TV) is something slightly different; it authenticates the user as it does in Transaction Authentication (TA), but also ensures the integrity of the content of the transaction. What is not well defined is the authentication of data that is passed between applications that is not encapsulated in the transaction itself. When large amounts of data need to be exchanged between applications, the transaction itself usually 6

7 is authenticated; but what about the data? It is important to separate the protection of data privacy (i.e., through encryption) from the protection of the integrity of processing via authentication. Just because data is encrypted does not mean it came from an authenticated source - anyone can encrypt using a public key. For example, data that is collected as part of a mortgage application could be part of a private cloud registration application that assembles a series of forms and documents. This data will then be passed to another pre-approval application in the same private cloud where the data will be reviewed, bound, and sent to an approval application that exists in the public cloud. The bound data is digitally signed and encrypted before it is passed to the approval application in the public cloud. Consider, however, an insider man-in-the-middle attack in the private cloud that altered or tampered with the data between the registration application and the pre-approval application. A significant amount of time might elapse from the time the registration application stages the data for the pre-approval application before it actually processes the data exactly the kind of gap attackers seek. By digitally signing the data between applications, the pre-approval application would be able to determine if the registration data actually came from the registration application. Applications exchanging data in the cloud should digitally sign the data, as well as encrypt it. When the application signs the data with a private key, it ensures the data is protected while at rest; and the receiving application can validate that the data was not altered after the producer of the data digitally signed it. It can also validate that the data did, in fact, come from the trusted producing application. Conclusion The mainframe is a vital component for both backend processing and for web application hosting. Cloud computing meets the need of organizations requiring applications that attain specific cost, flexibility, or control levels. Yes, mainframe executives must take into account the risks of the cloud s distributed architecture and take appropriate actions to address them. While encryption mitigates risks to data privacy in cloud applications, the separate risk of data integrity in terms of both content and source is best addressed through digital signing and trusted authentication. Mainframe applications 20 years ago did not need to be concerned with encryption of data, let alone authentication issues, because there was enough physical and network security to sufficiently mitigate the risks. Mainframe applications today now need to apply the same risk mitigation security precautions as are applied on a Microsoft Windows server. About the Authors Joe Sturonas, Chief Technology Officer, PKWARE, Inc. Joe Sturonas was previously CTO of Premonition Software, as well as Spirian Technologies. He was also a founding member of OneNetPlus.com, an Internet-centric Management Service Provider. Mr. Sturonas holds a MS degree in Computer Science from DePaul University. Jeff Cherrington, Vice President of Product Management, PKWARE, Inc. Jeff Cherrington was previously Vice President at Bank One, Director of Product Management & Consulting Services for WorkPoint, Inc., and has also worked with other top US and international financial services companies. Mr. Cherrington has an Executive MBA degree from the University of Nebraska. 7

8 Distributore Italiano C.H.Ostfeld V.le Zara Milano Tel: PKWARE, Inc. All rights reserved. PKWARE, PKZIP, SecureZIP, and SecureZIP Mail Gateway are trademarks or registered trademarks in the U.S.A. and other countries. Any other trademarks are used for identification purposes only and remain the property of their respective owners. United States 648 N. Plankinton Ave., Suite 220 Milwaukee, WI PKWARE UK/EMEA Crown House 72 Hammersmith Road London W14 8TH United Kingdom ph: +44 (0)

Spotlight on Mainframe Security: Data Protection at the Heart of the Enterprise

Spotlight on Mainframe Security: Data Protection at the Heart of the Enterprise Spotlight on Mainframe Security: Data Protection at the Heart of the Enterprise P K W A R E W H I T E P A P E R WP 700.xxxx Table of Contents Introduction 3 Data Processing on the Mainframe 4 Figure 1:

More information

Spotlight on Mainframe Security: Privacy in the Data Center

Spotlight on Mainframe Security: Privacy in the Data Center Spotlight on Mainframe Security: Privacy in the Data Center P K W A R E W H I T E P A P E R WP 700.xxxx Table of Contents Introduction 3 From Terminal Server to Data Server 4 Data-centric Security 5 Considering

More information

Secure your data. Wherever it is, Wherever it goes, However it gets there...on all major platforms. For every user.

Secure your data. Wherever it is, Wherever it goes, However it gets there...on all major platforms. For every user. Secure your data. Wherever it is, Wherever it goes, However it gets there......on all major platforms. For every user. SecureZIP Product Family SecureZIP products are designed as enterprise-class, data-centric

More information

End-to-End Enterprise Encryption:

End-to-End Enterprise Encryption: End-to-End Enterprise Encryption: A Look at SecureZIP Technology T E C H N I C A L W H I T E P A P E R WP 700.xxxx Table of Contents SecureZIP Executive Summary SecureZIP: The Next Generation of ZIP PKZIP:

More information

Contingency Access to Enterprise Encrypted Data

Contingency Access to Enterprise Encrypted Data T E C H N I C A L W H I T E P A P E R WP 700.xxxx Table of Contents No option to escrow Passphrase protection zseries example Incorporating contingency key in zseries Windows command line example Incorporating

More information

Cloud Courses Description

Cloud Courses Description Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,

More information

Security Inspection Inc. Solutions to secure your network

Security Inspection Inc. Solutions to secure your network Security Inspection Inc. TM Solutions to secure your network Secure Cloud Utilization Strategies! responsibilities Out of 127 cloud providers surveyed, a recently released study showed that only 25% of

More information

Cloud Courses Description

Cloud Courses Description Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment

More information

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.

More information

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts.

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts. Tufts University Department of Computer Science COMP 116 Introduction to Computer Security Fall 2014 Final Project Investigating Security Issues in Cloud Computing Guocui Gao Guocui.gao@tufts.edu Mentor:

More information

The Private Cloud Your Controlled Access Infrastructure

The Private Cloud Your Controlled Access Infrastructure White Paper: Private Clouds The ongoing debate on the differences between a Public and Private Cloud are broad and often loud. The bottom line is that it s really about how the resource, or computing power,

More information

Guide for Securing E-mail With WISeKey CertifyID Personal Digital Certificate (Personal eid)

Guide for Securing E-mail With WISeKey CertifyID Personal Digital Certificate (Personal eid) The World Internet Security Company Solutions for Security Guide for Securing E-mail With WISeKey CertifyID Personal Digital Certificate (Personal eid) Wherever Security relies on Identity, WISeKey has

More information

White Paper. From Policy to Practice: A Practical Guide to Implementing HIPAA Security Safeguards

White Paper. From Policy to Practice: A Practical Guide to Implementing HIPAA Security Safeguards From Policy to Practice: A Practical Guide to Implementing HIPAA Security Safeguards Abstract HIPAA requires a number of administrative, technical, and physical safeguards to protect patient information

More information

Dynamic Security for the Hybrid Cloud

Dynamic Security for the Hybrid Cloud Dynamic Security for the Hybrid Cloud Marc van Zadelhoff, VP Strategy, Marketing and Product Management, IBM Security Nataraj Nagaratnam, Distinguished Engineer and CTO Security Solutions, IBM Security

More information

Fundamental Concepts and Models

Fundamental Concepts and Models Fundamental Concepts and Models 1 1. Roles and Boundaries Could provider The organization that provides the cloud based IT resources Cloud consumer An organization (or a human) that has a formal contract

More information

WhitePaper. Private Cloud Computing Essentials

WhitePaper. Private Cloud Computing Essentials Private Cloud Computing Essentials The 2X Private Cloud Computing Essentials This white paper contains a brief guide to Private Cloud Computing. Contents Introduction.... 3 About Private Cloud Computing....

More information

CLOUD COMPUTING IN HIGHER EDUCATION

CLOUD COMPUTING IN HIGHER EDUCATION Mr Dinesh G Umale Saraswati College,Shegaon (Department of MCA) CLOUD COMPUTING IN HIGHER EDUCATION Abstract Technology has grown rapidly with scientific advancement over the world in recent decades. Therefore,

More information

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY Varun Gandhi 1 Department of Computer Science and Engineering, Dronacharya College of Engineering, Khentawas,

More information

Addressing Security for Hybrid Cloud

Addressing Security for Hybrid Cloud Addressing Security for Hybrid Cloud Sreekanth Iyer Executive IT Architect IBM Cloud (CTO Office) Email : sreek.iyer@in.ibm.com Twitter: @sreek Blog: http://ibm.co/sreek July 18, 2015 Cloud is rapidly

More information

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms Radhika G #1, K.V.V. Satyanarayana *2, Tejaswi A #3 1,2,3 Dept of CSE, K L University, Vaddeswaram-522502,

More information

Security Considerations for Public Mobile Cloud Computing

Security Considerations for Public Mobile Cloud Computing Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea rdcaytiles@gmail.com 2 Research Institute of

More information

Cloud Computing for SCADA

Cloud Computing for SCADA Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry

More information

Introduction to Cloud Computing

Introduction to Cloud Computing 1 Introduction to Cloud Computing CERTIFICATION OBJECTIVES 1.01 Cloud Computing: Common Terms and Definitions 1.02 Cloud Computing and Virtualization 1.03 Early Examples of Cloud Computing 1.04 Cloud Computing

More information

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) In this video you will learn the quite a bit about Public Key Infrastructure and how it is used to authenticate clients and servers. The purpose of Public Key Infrastructure

More information

TOP SECRETS OF CLOUD SECURITY

TOP SECRETS OF CLOUD SECURITY TOP SECRETS OF CLOUD SECURITY Protect Your Organization s Valuable Content Table of Contents Does the Cloud Pose Special Security Challenges?...2 Client Authentication...3 User Security Management...3

More information

yvette@yvetteagostini.it yvette@yvetteagostini.it

yvette@yvetteagostini.it yvette@yvetteagostini.it 1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work

More information

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station What is Cloud Computing? http://www.agent-x.com.au/ Wikipedia - the use of computing resources (hardware and software)

More information

Authentication Strategy: Balancing Security and Convenience

Authentication Strategy: Balancing Security and Convenience Authentication Strategy: Balancing Security and Convenience Today s Identity and Access Security Strategies Are Being Driven by Two Critical Imperatives: Enable business growth by: Quickly deploying new

More information

CLOUD COMPUTING INTRODUCTION HISTORY

CLOUD COMPUTING INTRODUCTION HISTORY 1 CLOUD COMPUTING INTRODUCTION 1. Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet). The name comes from

More information

Data Storage Security in Cloud Computing

Data Storage Security in Cloud Computing Data Storage Security in Cloud Computing Prashant M. Patil Asst. Professor. ASM s, Institute of Management & Computer Studies (IMCOST), Thane (w), India E_mail: prashantpatil11@rediffmail.com ABSTRACT

More information

IBM Tivoli Federated Identity Manager

IBM Tivoli Federated Identity Manager IBM Tivoli Federated Identity Manager Employ user-centric federated access management to enable secure online business collaboration Highlights Enhance business-to-business and business-to-consumer collaborations

More information

INTRODUCTION TO CLOUD COMPUTING

INTRODUCTION TO CLOUD COMPUTING INTRODUCTION TO CLOUD COMPUTING EXISTING PROBLEMS Application Platform Hardware CONTENTS What is cloud computing Key technologies enabling cloud computing Hardware Internet technologies Distributed computing

More information

controlling the risks and costs surrounding dormant vms

controlling the risks and costs surrounding dormant vms Secure Dormant vms Meet Compliance Reduce Costs Simplify it infrastructure controlling the risks and costs surrounding dormant vms Whitepaper Table of Contents Executive Summary...pg 1 Introduction...pg

More information

The Evolving Threat Landscape and New Best Practices for SSL

The Evolving Threat Landscape and New Best Practices for SSL The Evolving Threat Landscape and New Best Practices for SSL sponsored by Dan Sullivan Chapter 2: Deploying SSL in the Enterprise... 16 Infrastructure in Need of SSL Protection... 16 Public Servers...

More information

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing

More information

Next Generation Cloud Computing Issues and Solutions

Next Generation Cloud Computing Issues and Solutions Next Generation Cloud Computing Issues and Solutions Jeon SeungHwan 1, Yvette E. Gelogo 1 and Byungjoo Park 1 * 1 Department of Multimedia Engineering, Hannam University 133 Ojeong-dong, Daeduk-gu, Daejeon,

More information

Using Entrust certificates with VPN

Using Entrust certificates with VPN Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark

More information

Cloud Computing Security Considerations

Cloud Computing Security Considerations Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction

More information

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be! I D C T E C H N O L O G Y S P O T L I G H T S e r ve r S e c u rity: N o t W h a t It U s e d t o Be! December 2014 Adapted from Worldwide Endpoint Security 2013 2017 Forecast and 2012 Vendor Shares by

More information

How to Turn the Promise of the Cloud into an Operational Reality

How to Turn the Promise of the Cloud into an Operational Reality TecTakes Value Insight How to Turn the Promise of the Cloud into an Operational Reality By David Talbott The Lure of the Cloud In recent years, there has been a great deal of discussion about cloud computing

More information

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure

More information

CLOUD COMPUTING. Keywords: Cloud Computing, Data Centers, Utility Computing, Virtualization, IAAS, PAAS, SAAS.

CLOUD COMPUTING. Keywords: Cloud Computing, Data Centers, Utility Computing, Virtualization, IAAS, PAAS, SAAS. CLOUD COMPUTING Mr. Dhananjay Kakade CSIT, CHINCHWAD, Mr Giridhar Gundre CSIT College Chinchwad Abstract: Cloud computing is a technology that uses the internet and central remote servers to maintain data

More information

Cutting Through the Hype: Straight Talk About the Mainframe and Cloud Computing. Straight talk on cloud computing

Cutting Through the Hype: Straight Talk About the Mainframe and Cloud Computing. Straight talk on cloud computing Glenn Anderson, IBM Lab Services and Training Cutting Through the Hype: Straight Talk About the Mainframe and Cloud Computing Summer SHARE August 2014 Session 15593 Straight talk on cloud computing What

More information

Addressing Data Security Challenges in the Cloud

Addressing Data Security Challenges in the Cloud Addressing Data Security Challenges in the Cloud Coordinate Security. The Need for Cloud Computing Security A Trend Micro White Paper July 2010 I. INTRODUCTION Enterprises increasingly recognize cloud

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

Understanding and Integrating KODAK Picture Authentication Cameras

Understanding and Integrating KODAK Picture Authentication Cameras Understanding and Integrating KODAK Picture Authentication Cameras Introduction Anyone familiar with imaging software such as ADOBE PHOTOSHOP can appreciate how easy it is manipulate digital still images.

More information

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK REVIEW ON MOBILE APPLICATION IN A CLOUD COMPUTING SECURE AND SCALABLE USING CLOUD

More information

Citrix GoToAssist Service Desk Security

Citrix GoToAssist Service Desk Security Citrix GoToAssist Service Desk Security Robust end-to-end security measures have been built into the GoToAssist Service Desk architecture to ensure the privacy and integrity of all data. 2 Many service

More information

Keyword: Cloud computing, service model, deployment model, network layer security.

Keyword: Cloud computing, service model, deployment model, network layer security. Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging

More information

Learning Objectives. attacks. 2. Describe the common security practices of businesses of

Learning Objectives. attacks. 2. Describe the common security practices of businesses of E-Commerce Security Learning Objectives 1. Document the trends in computer and network security attacks. 2. Describe the common security practices of businesses of all sizes. 3. Understand the basic elements

More information

Cloud Computing: What IT Professionals Need to Know

Cloud Computing: What IT Professionals Need to Know Learning Cloud Computing: What IT Professionals Need to Know Cloud computing promises new career opportunities for IT professionals. In many cases, existing core skill sets transfer directly to cloud technologies.

More information

Cloud Computing Backgrounder

Cloud Computing Backgrounder Cloud Computing Backgrounder No surprise: information technology (IT) is huge. Huge costs, huge number of buzz words, huge amount of jargon, and a huge competitive advantage for those who can effectively

More information

Tutorial on Client-Server Architecture

Tutorial on Client-Server Architecture Tutorial on Client-Server Architecture SEEM3430 Information Systems Analysis and Design Pengfei Liu Department of Systems Engineering and Engineering Management The Chinese University of Hong Kong March

More information

Data Centers and Cloud Computing. Data Centers

Data Centers and Cloud Computing. Data Centers Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing 1 Data Centers Large server and storage farms 1000s of servers Many TBs or PBs of data Used by Enterprises

More information

Security Controls for the Autodesk 360 Managed Services

Security Controls for the Autodesk 360 Managed Services Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices

More information

Skoot Secure File Transfer

Skoot Secure File Transfer Page 1 Skoot Secure File Transfer Sharing information has become fundamental to organizational success. And as the value of that information whether expressed as mission critical or in monetary terms increases,

More information

Security Model for VM in Cloud

Security Model for VM in Cloud Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,

More information

IJRSET 2015 SPL Volume 2, Issue 11 Pages: 29-33

IJRSET 2015 SPL Volume 2, Issue 11 Pages: 29-33 CLOUD COMPUTING NEW TECHNOLOGIES 1 Gokul krishnan. 2 M, Pravin raj.k, 3 Ms. K.M. Poornima 1, 2 III MSC (software system), 3 Assistant professor M.C.A.,M.Phil. 1, 2, 3 Department of BCA&SS, 1, 2, 3 Sri

More information

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

CERTIFICATE PROGRAMME ON CLOUD SPECIALISTS DEVELOPMENT

CERTIFICATE PROGRAMME ON CLOUD SPECIALISTS DEVELOPMENT CERTIFICATE PROGRAMME ON CLOUD SPECIALISTS DEVELOPMENT Present awareness and demands of cloud computing calls for increasing needs of cloud specialists development noticeably worldwide. VMware's Singapore

More information

Strong Authentication for Secure VPN Access

Strong Authentication for Secure VPN Access Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations

More information

East African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

East African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud? East African Information Conference 13-14 th August, 2013, Kampala, Uganda Security and Privacy: Can we trust the cloud? By Dr. David Turahi Director, Information Technology and Information Management

More information

PrivyLink Cryptographic Key Server *

PrivyLink Cryptographic Key Server * WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology

More information

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment

More information

Secure Data Exchange Solution

Secure Data Exchange Solution Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Data Protection: From PKI to Virtualization & Cloud

Data Protection: From PKI to Virtualization & Cloud Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security

More information

Cloud Computing For Distributed University Campus: A Prototype Suggestion

Cloud Computing For Distributed University Campus: A Prototype Suggestion Cloud Computing For Distributed University Campus: A Prototype Suggestion Mehmet Fatih Erkoç, Serhat Bahadir Kert mferkoc@yildiz.edu.tr, sbkert@yildiz.edu.tr Yildiz Technical University (Turkey) Abstract

More information

Security Issues In Cloud Computing and Countermeasures

Security Issues In Cloud Computing and Countermeasures Security Issues In Cloud Computing and Countermeasures Shipra Dubey 1, Suman Bhajia 2 and Deepika Trivedi 3 1 Department of Computer Science, Banasthali University, Jaipur, Rajasthan / India 2 Department

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

CLOUD COMPUTING An Overview

CLOUD COMPUTING An Overview CLOUD COMPUTING An Overview Abstract Resource sharing in a pure plug and play model that dramatically simplifies infrastructure planning is the promise of cloud computing. The two key advantages of this

More information

Monitoring Data Integrity while using TPA in Cloud Environment

Monitoring Data Integrity while using TPA in Cloud Environment Monitoring Data Integrity while using TPA in Cloud Environment Jaspreet Kaur, Jasmeet Singh Abstract Cloud Computing is the arising technology that delivers software, platform and infrastructure as a service

More information

IoT Security Platform

IoT Security Platform IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there

More information

A guide for creating a more secure, efficient managed file transfer methodology

A guide for creating a more secure, efficient managed file transfer methodology Sterling Connect:Direct & SecureZIP A guide for creating a more secure, efficient managed file transfer methodology JOE STURONAS CHIEF TECHNOLOGY OFFICER, PKWARE FORREST RATLIFF SOLUTIONS ENGINEER, PKWARE

More information

NCTA Cloud Architecture

NCTA Cloud Architecture NCTA Cloud Architecture Course Specifications Course Number: 093019 Course Length: 5 days Course Description Target Student: This course is designed for system administrators who wish to plan, design,

More information

CLOUD COMPUTING SECURITY ISSUES

CLOUD COMPUTING SECURITY ISSUES CLOUD COMPUTING SECURITY ISSUES Florin OGIGAU-NEAMTIU IT Specialist The Regional Department of Defense Resources Management Studies, Brasov, Romania The term cloud computing has been in the spotlights

More information

Cloud Computing. Chapter 1 Introducing Cloud Computing

Cloud Computing. Chapter 1 Introducing Cloud Computing Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization

More information

Lauraʹs Corner The CLEVER Solution: Working with Encrypted Data

Lauraʹs Corner The CLEVER Solution: Working with Encrypted Data Page 1 of 5 CLEVER Solutions Empowering Global Enterprise Case Study: Working with Encrypted Data Most IT organizations moving to cloud based, Big Data, and/or highly virtualized service management infrastructures

More information

Cloud Security Specialist Certification Self-Study Kit Bundle

Cloud Security Specialist Certification Self-Study Kit Bundle Cloud Security Specialist Certification Bundle CloudSchool.com CLOUD CERTIFIED Technology Professional This certification bundle provides you with the self-study materials you need to prepare for the exams

More information

qwertyuiopasdfghjklzxcvbnmqwertyui opasdfghjklzxcvbnmqwertyuiopasdfgh jklzxcvbnmqwertyuiopasdfghjklzxcvb nmqwertyuiopasdfghjklzxcvbnmqwer

qwertyuiopasdfghjklzxcvbnmqwertyui opasdfghjklzxcvbnmqwertyuiopasdfgh jklzxcvbnmqwertyuiopasdfghjklzxcvb nmqwertyuiopasdfghjklzxcvbnmqwer qwertyuiopasdfghjklzxcvbnmqwertyui opasdfghjklzxcvbnmqwertyuiopasdfgh jklzxcvbnmqwertyuiopasdfghjklzxcvb nmqwertyuiopasdfghjklzxcvbnmqwer Problems Faced by Cloud Computing tyuiopasdfghjklzxcvbnmqwertyuiopas

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud 1 Contents The Obligation to Protect Patient Data in the Cloud................................................... Complying with the HIPAA

More information

Data Centers and Cloud Computing. Data Centers. MGHPCC Data Center. Inside a Data Center

Data Centers and Cloud Computing. Data Centers. MGHPCC Data Center. Inside a Data Center Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing Data Centers Large server and storage farms 1000s of servers Many TBs or PBs of data Used by Enterprises

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

WHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

WHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords WHITE PAPER AUGUST 2014 Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords 2 WHITE PAPER: PREVENTING SECURITY BREACHES Table of Contents on t Become the Next Headline

More information

Cloud Infrastructure Security

Cloud Infrastructure Security Cloud Infrastructure Security Dimiter Velev 1 and Plamena Zlateva 2 1 University of National and World Economy, UNSS - Studentski grad, 1700 Sofia, Bulgaria dvelev@unwe.acad.bg 2 Institute of Control and

More information

AN INVESTIGATION OF SECURITY THEME FOR CLOUD COMPUTING

AN INVESTIGATION OF SECURITY THEME FOR CLOUD COMPUTING AN INVESTIGATION OF SECURITY THEME FOR CLOUD COMPUTING Mrs. J. Pavithra 1 Mr. A. Naveen 2 1 (MRIT, Hyderabad, India, jpav23@gmail.com) 2 (Asst. Professor, MRIT, Hyderabad, India, a.naveen21@gmail.com)

More information

Advanced Service Desk Security

Advanced Service Desk Security Advanced Service Desk Security Robust end-to-end security measures have been built into the GoToAssist Service Desk architecture to ensure the privacy and integrity of all data. gotoassist.com Many service

More information

THOUGHT LEADERSHIP. Journey to Cloud 9. Navigating a path to secure cloud computing. Alastair Broom Solutions Director, Integralis

THOUGHT LEADERSHIP. Journey to Cloud 9. Navigating a path to secure cloud computing. Alastair Broom Solutions Director, Integralis Journey to Cloud 9 Navigating a path to secure cloud computing Alastair Broom Solutions Director, Integralis March 2012 Navigating a path to secure cloud computing 2 Living on Cloud 9 Cloud computing represents

More information

A Mainframe Guy and Cloud Computing

A Mainframe Guy and Cloud Computing A Mainframe Guy and Cloud Computing Per Fremstad, IBM pensjonist 2 Computing models: A bit of history 1950 s / 60 s / 70 s - Centralized Sharing and reliability Dumb, text-based terminals ----> PC s 1980

More information

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999 Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer February 3, 1999 Frame Relay Frame Relay is an international standard for high-speed access to public wide area data networks

More information

EXTENSIVE FEATURE DESCRIPTION SECUNIA CORPORATE SOFTWARE INSPECTOR. Non-intrusive, authenticated scanning for OT & IT environments. secunia.

EXTENSIVE FEATURE DESCRIPTION SECUNIA CORPORATE SOFTWARE INSPECTOR. Non-intrusive, authenticated scanning for OT & IT environments. secunia. Non-intrusive, authenticated scanning for OT & IT environments The situation: convenience vs. security Interconnectivity between organizations and corporate networks, the internet and the cloud and thus

More information

Kroll Ontrack VMware Forum. Survey and Report

Kroll Ontrack VMware Forum. Survey and Report Kroll Ontrack VMware Forum Survey and Report Contents I. Defining Cloud and Adoption 4 II. Risks 6 III. Challenging Recoveries with Loss 7 IV. Questions to Ask Prior to Engaging in Cloud storage Solutions

More information

Security Architecture Whitepaper

Security Architecture Whitepaper Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Lecture 02a Cloud Computing I

Lecture 02a Cloud Computing I Mobile Cloud Computing Lecture 02a Cloud Computing I 吳 秀 陽 Shiow-yang Wu What is Cloud Computing? Computing with cloud? Mobile Cloud Computing Cloud Computing I 2 Note 1 What is Cloud Computing? Walking

More information