IT Governance e Cloud Computing Approccio IBM per la realizzazione di sistemi di Cloud Computing sicuri ed efficaci
|
|
- Damian Morris
- 8 years ago
- Views:
Transcription
1 IT Governance e Cloud Computing Approccio IBM per la realizzazione di sistemi di Cloud Computing sicuri ed efficaci Giovanni De Paola Raffaella D Alessandro IBM Senior Consultant Senior Information Security Consultant 17 Maggio 2010
2 2
3 !!"!!# $! # %&! ' Caratteristiche essenziali On-demand self-service: Un utente puo richiedere, allocare e configurare unilateralmente risorse e/o servizi ICT, senza richiedere, o con minima interazione umana con i vari service provider. Broad network access: Le risorse e/o i servizi ICT sono disponibili ed acceduti tramite rete e meccanismi standard che promuovano l uso di client leggeri (es. cellulari, laptop e PDA). Resource pooling: Le risorse ICT sono aggregate per pool e virtualizzate per essere rese disponibili ai richiedenti secondo la domanda. Rapid elasticity: Le risorse ICT a disposizione di un utente possono essere dinamicamente aumentate o diminuite, in modo da apparire illimitate e poter essere richieste in qualsiasi quantità ed in ogni momento. Measured Service: I sistemi Cloud controllano ed ottimizzano l uso delle risorse ICT utilizzando metodi di misurazione a vari livelli di astrazione(es. storage, processing, bandwidth, active user accounts). L utilizzo delle risorse ICT può essere monitorato, controllato e documentato con trasparenza sia per il provider sia per l utente dei servizi ICT. (*) Fonte: The NIST Definition of Cloud Computing v15 10/07/2009 3
4 )*+" (! Industryspecific Processes Employee Benefits Mgmt. Collaboration Business Travel Business Process-as-a-Service Procurement CRM/ERP/HR Non incluso nella definizione NIST ma di attualità Financials Industry Applications Application/Software -as-a-service Middleware Database Web 2.0 Application Runtime Development Tooling Platform-as-a-Service Java Runtime Data Center Servers Networking Storage Fabric Shared virtualized, dynamic provisioning Infrastructure-as-a-Service 4
5 +*+" ( Service Consumers Services Service Integration Services Service Integration Services Service Integration Traditional Enterprise IT Enterprise Private / Hybrid Community Cloud Cloud Public Clouds Esempi Applicazioni Mission-critical Applicazioni pacchettizzate Servizi soggetti ad Altacompliance Sistemi di Test Flexible storage Storage In-house Software as a Service Ambienti di Sviluppo Web hosting Ambienti di business analytics 5
6 ,, Benefici di costo Basso Medio Alto Traditional IT Hybrid Cloud Public Cloud Community Cloud Private Cloud Rischio legato alla sicurezza Alto Medio Basso Basso Medio Alto Benefici sulla qualità del servizio: Rapidità; Scalabilità; Flessibilità; Trasparenza dei costi 6
7 3 -!!( )*+" -./0. 1.0!2 "#$%& '( Minima interazione con l erogatore dei servizi Measured Services Rapid Elasticity Broad Network Acces Resource Pooling e Rapida Configurabilità Disponibilità e Affidabilità On-demand Self Service Attività gestionali minime Demand e Service Portfolio / Catalogue Mgmt Financial Mgmt / Service Level Mgmt Capacity Mgmt Security Configuration Mgmt Change Mgmt / Availability Mgmt Request Fulfillment Release / Deployment Mgmt e Event Mgmt IT Service Strategy IT Service Design IT Service Transition IT Service Operation. Continual Continual Service Service Improvement Improvement 7
8 3 -!!( +*+" Contenuti Livelli di Servizio 8
9 /89:89 34! / -!!( 9
10 Business Architecture Alignment Information Systems Architecture Metadata Data Model Information Transformation Information Placement & Structure Provide a baseline of agreement by educating all stakeholders on the fundamentals of Enterprise Architecture Assess the existing IS Architecture for a selected set of LOBs Develop metadata technical strategy Define the information integration architecture Extend the Information Integration Architecture for placement & structure optimization Document business directions and IT s alignment with them, across the enterprise Establish a cross-functional Information Architecture (Data Administration) team Develop an overall IS enterprise architecture framework to guide the enterprise Pilot Metadata integration with key tools and applications Extend the information integration architecture across the organization & technologies Optimize data & content placement and structure across all LOBs & technology silos Develop and implement enterprise-wide business architecture initiatives Establish data entity naming standards Develop and execute an IS Architecture roadmap across the enterprise Integrate information transformation with common metadata and data cleansing services Document business glossary into metadata repository for some LOBs Integrate data placement with the Information Lifecycle Management implementation Define and document common semantics (business glossary) across LOBs for some subject areas 7,( )! %*+, Determinare il valore atteso dal Cloud Identificare le tipologie di applicazioni adeguate Determinare il modello di erogazione High IT Provider Relationship Profile Provider researches, recommends and implements Enabler technology to enable quantum leap in business capability Provider works with others to develop a Partner service and provide resources/skills necessary to support the service B e n e fit Provider of a quality service at a cost equal to or Utility lower than the competition , Collaboration ICT per missioni all estero Stipendiiali Data Intensive Processing Enterprise Trad IT Private Public Commodity Provider of an adequate service at a cost lower than the competition Database... Hybrid 01. IT Host Resources Cost Analizzare i gap infrastrutturali e di governance High Considerare i vincoli di bilancio En terp ris e A rch ite c ture Costruire la Roadmap 03. IT Storage Resources 04. IT Network Resources M aster D ata M a na ge m e n t 02. IT Distributed Resources Assess current state Enterprise Exploratory Departmental Exclusive Open Integration Scope of services Identify required Develop roadmaps Determine future state capabilities and initiatives Info rm ation In teg ration Phase 1 Phase 1 Phase 2 Phase 2 Phase 3 Phase 3 Phase 4 Phase 4 10
11 3 Specific customer concerns related to security and cloud computing Protection of intellectual property and data Ability to enforce regulatory or contractual obligations Unauthorized use of data Confidentiality of data Availability of data Integrity of data Ability to test or audit a provider s environment Other 30% 21% 15% 12% 9% 8% 6% 3% Source: Deloitte Enterprise@Risk: Privacy and Data Protection Survey 11
12 3 Cloud Security: Simple Example Today s Data Center Tomorrow s Public Cloud??? We Have Control It s located at X. It s stored in server s Y, Z. We have backups in place. Our admins control access. Our uptime is sufficient. The auditors are happy. Our security team is engaged.??? Who Has Control? Where is it located? Where is it stored? Who backs it up? Who has access? How resilient is it? How do auditors observe? How does our security team engage? 12
13 3 Categories of Cloud Computing Risks Control Many companies and governments are uncomfortable with the idea of their information being located on systems they do not control. Data Migrating workloads to a shared network and compute infrastructure increases the potential for unauthorized exposure. Providers must offer a high degree of security transparency to help put customers at ease. Reliability High availability will be a key concern. IT departments will worry about a loss of service should outages occur. Authentication and access as well as protection along the data life-cycle become increasingly important. Compliance Complying with SOX, HIPAA and other regulations may prohibit the use of clouds for some applications. Comprehensive auditing capabilities are essential. Mission-critical applications may not run in the cloud without strong availability guarantees. Security Management Even the simplest of tasks may be behind layers of abstraction or performed by someone else. Providers must supply easy controls to manage security settings for application and runtime environments. 13
14 3 One-size does not fit-all: Different cloud workloads have unique risk profiles. Need for security assurance High Low Training and testing with non-sensitive data Analysis and simulation with public data Mission-critical workloads, personal information Tomorrow s highvalue and high-risk workloads need: Quality of protection adapted to risk Direct visibility and control Significant level of assurance Today s clouds are primarily here: Lower-risk workloads One-size-fits-all approach to data protection No significant assurance Price is key Low-risk Mid-risk High-risk Business risk 14
15 3 Cloud attributes that greatly affect information security: INTERNAL DELIVERY EXTERNAL DELIVERY SINGLE-TENANCY MULTI-TENANCY IT-SERVICE SELF-SERVICE SLOW PROVISIONING RAPID PROVISIONING 15 15
16 3 Coordinating information security is the responsibility of BOTH the provider and the consumer Who is responsible for security at the level? Datacenter Infrastructure Middleware Application Process Collaboration CRM/ERP/HR Financials Industry Applications Software as a Service Provider Consumer Middleware Web 2.0 Application Runtime Java Runtime Database Development Tooling Platform as a Service Provider Consumer Data Center Servers Networking Storage Fabric Shared virtualized, dynamic provisioning Infrastructure as a Service Provider Potential Security Gaps Consumer Challenge: Ensuring the tight integration of provider and subscriber security controls and governance 16
17 3 Gartner s security risks of cloud computing map directly to the IBM Security Framework Privileged User Access Data Segregation Data Recovery Investigative Support Regulatory Compliance Data Location Disaster Recovery Gartner: Assessing the Security Risks of Cloud Computing, June
18 3 Typical client security requirements Governance, Risk Management, Compliance Third-party audit (SAS 70(2), ISO27001, PCI) Client access to tenant-specific log and audit data Effective incident reporting for tenants Insight into change, incident, image management, etc. Flexible service level agreements Support for forensics Application and Process Application security requirements for cloud are phrased in terms of image security Compliance with secure development best practices Physical Monitoring and control of physical access Based on interviews with IT users and various analyst reports People and Identity Privileged user monitoring, including logging activities, physical monitoring and background checking Federated identity / onboarding: Coordinating authentication and authorization with enterprise or third-party systems Standards-based SSO Data and Information Data segregation Client control over geographic location of data Government: Cloud-wide data classification Network, Server, Endpoint Isolation between tenant domains Trusted virtual domains: policy-based security zones Built-in intrusion detection and prevention Vulnerability management Protect machine images from corruption and abuse 18
19 3 Guide to implementing a secure cloud Implement and maintain a security program. Build and maintain a secure cloud infrastructure. Ensure confidential data protection. Implement strong access and identity management. Establish application and environment provisioning. Implement a governance and audit management program. Implement a vulnerability and intrusion management program. Maintain environment testing and validation. 19
20 Grazie Giovanni De Paola Senior Managing Consultant IT Strategy & Architecture IBM Global Technology Services IBM Italia S.p.A. Via Sciangai Roma Tel Mobile Raffaella D Alessandro Senior Information Security Consultant Security & Privacy Services IBM Global Technology Services IBM Italia S.p.A. Via Sciangai Roma Tel Mobile Raffaella.dalessandro@it.ibm.com 20
Cloud Security: The Grand Challenge
Dr. Paul Ashley IBM Software Group pashley@au1.ibm.com Cloud Security: The Grand Challenge Outline Cloud computing: the pros, the cons, the blind spots Security in the cloud - what are the risks now and
More informationSecurity and Cloud Computing
Security and Cloud Computing Martin Borrett, Lead Security Architect NE Europe, WW Service Management Tiger Team IBM Software Optimising the World s Infrastructure 27th May - London Agenda Brief Introduction
More informationCloud Security - Risiken und Chancen Dr. Matthias Schunter, MBA IBM Research Zürich, schunter@acm.org http://www.schunter.org/
Dr. Matthias Schunter, MBA IBM Research Zürich, schunter@acm.org http://www.schunter.org/ Simple Questions Today s Data Center Tomorrow s Public Cloud??? We Have Control It s located at X. It s stored
More informationHealthcare: La sicurezza nel Cloud October 18, 2011. 2011 IBM Corporation
Healthcare: La sicurezza nel Cloud October 18, 2011 Cloud Computing Tests The Limits Of Security Operations And Infrastructure Security and Privacy Domains People and Identity Data and Information Application
More informationCLOUD SECURITY: THE GRAND CHALLENGE
Government Ware: GovWare Singapore September 29, 2010 CLOUD SECURITY: THE GRAND CHALLENGE Glen Gooding Asia Pacific Security Leader IBM Corporation ggooding@au1.ibm.com Rest safe: Google saves the day
More informationNew Risks in the New World of Emerging Technologies
New Risks in the New World of Emerging Technologies Victor Chu Client Technical Professional Identity, Security, and Compliance Management Software Group IBM Malaysia Risk it s NOT a four simple letter
More informationCloud Security - Risiken und Chancen
Dr. Matthias Schunter, MBA IBM Research Zürich, mts@zurich.ibm.com, http://www.schunter.org Simple Questions Today s Data Center Tomorrow s Public Cloud We Have Control It s located at X. It s stored in
More informationCloud computing is a new consumption and delivery model. Yesterday Today
IBM Cloud Security Strategy Securing the Cloud Johan Van Mengsel, CISSP Open Group Distinguished IT Specialist IBM Global Technology Services 2010 IBM Corporation Todays Challenges 85% idle 70 per $1 1.5x
More informationSecurity Officer s Checklist in a Sourcing Deal
Security Officer s Checklist in a Sourcing Deal Guide Share Europe Ostend, May 9th 2014 Johan Van Mengsel IBM Distinguished IT Specialist IBM Client Abstract Sourcing deals creates opportunities and challenges.
More informationSecurity and Cloud Computing
Martin Borrett, Lead Security Architect, Europe, IBM 9 th December 2010 Outline Brief Introduction to Cloud Computing Security: Grand Challenge for the Adoption of Cloud Computing IBM and Cloud Security
More informationSecurity and Privacy Aspects in Cloud Computing
Frank Hebestreit, CISA, CIPP/IT IBM Security Services, IBM Global Technology Services frank.hebestreit@de.ibm.com Security and Privacy Aspects in Cloud Computing 17.11.2010 Outline Brief Introduction to
More informationSecurity and Privacy Aspects in Cloud Computing
Frank Hebestreit, CISA, CIPP/IT IBM Security Services, IBM Global Technology Services frank.hebestreit@de.ibm.com Security and Privacy Aspects in Cloud Computing 17.11.2010 Outline Cloud Computing and
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationIBM Security in the Cloud
Cesare Radaelli Security Tiger Team Leader, Italy IBM Security Solutions IBM Security in the Cloud What is cloud computing? Cloud is an emerging consumption and delivery model for many IT-based services,
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationHow To Manage Cloud Computing
IBM Nederland B.V. Cloud Computing Why, what, how? Ronald Zoutendijk, zoutendi@nl.ibm.com Johan Arts, johan.arts@nl.ibm.com 1 Why Cloud Computing? Complexiteit Agenda 1 Why Cloud Computing? 2 What is Cloud
More informationCloud Computing. Jean-Claude DISPENSA IBM Distinguished Engineer
Cloud Computing Jean-Claude DISPENSA IBM Distinguished Engineer Best Student Recognition Event July 6-8, 2011 EMEA IBM Innovation Center La Gaude, France Business needs are growing - IT costs are increasing
More informationCloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC
Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications
More informationCloud computing White paper November 2009. IBM Point of View: Security and Cloud Computing
White paper November 2009 IBM Point of View: Security and Cloud Computing Page 2 Table of Contents Introduction... 3 Address cloud security the grand challenge... 4 Evaluate different models of cloud computing...
More informationInnovation Conference Cloud based intelligent future services an IBM perspective
Innovation Conference Cloud based intelligent future services an IBM perspective Veszprém, 2011. March 30th Pongrácz, Ferenc COO, IBM Magyarország IT Industry growth is recovering with high growth areas
More informationInformation Security: Why is it important for the Healthcare Industry?
IBM and Security in the Healthcare Industry Information Security: Why is it important for the Healthcare Industry? Glen Gooding IBM Security Leader ggooding@au1.ibm.com May 25 2010 Baseline definitions
More informationCloud Services: cosa sono e quali vantaggi portano alle aziende manifatturiere
Cloud Services: cosa sono e quali vantaggi portano alle aziende manifatturiere Sergio Gimelli Sales Consulting Director Oracle Italy Fabbrica Futuro Verona, 27 Giugno 2013 1 2 Cosa è il Cloud? il Cloud
More informationDefining a framework for cloud adoption
IBM Global Technology Thought Leadership White Paper Computing Defining a framework for cloud adoption How common ground can help enterprises drive success with cloud computing 2 Defining a framework for
More informationSecuring the Cloud through Comprehensive Identity Management Solution
Securing the Cloud through Comprehensive Identity Management Solution Millie Mak Senior IT Specialist What is Cloud Computing? A user experience and a business model Cloud computing is an emerging style
More informationCloud Security Who do you trust?
Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud
More informationStrategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security
Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities
More informationCloud Computing: Risks and Auditing
IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationAmazon Web Services: Risk and Compliance May 2011
Amazon Web Services: Risk and Compliance May 2011 (Please consult http://aws.amazon.com/security for the latest version of this paper) 1 This document intends to provide information to assist AWS customers
More informationStrategies for assessing cloud security
IBM Global Technology Services Thought Leadership White Paper November 2010 Strategies for assessing cloud security 2 Securing the cloud: from strategy development to ongoing assessment Executive summary
More informationCloud Computing. Mike Bourgeois Platform as a Service Point of View September 17, 2015
Cloud Computing Mike Bourgeois Platform as a Service Point of View September 17, 2015 Agenda Cloud Computing Definition Platform as a Service Business Drivers and Benefits Technology Drivers and Benefits
More informationWhat keep the CIO up at Night Managing Security Nightmares
What keep the CIO up at Night Managing Security Nightmares Tajul Muhammad Taha and Law SC Copyright 2011 Trend Micro Inc. What is CIOs real NIGHTMARES? Security Threats Advance Persistence Threats (APT)
More informationFeliciano Intini Responsabile dei programmi di Sicurezza e Privacy Microsoft Italia
Feliciano Intini Responsabile dei programmi di Sicurezza e Privacy Microsoft Italia NonSoloSecurity Blog: http://blogs.technet.com/feliciano_intini Twitter: @felicianointini Trustworthy Computing Cloud:
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationSecuring and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable
More informationCloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
More informationSecurity & Trust in the Cloud
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
More informationCloud Computing Expanding IT flexibility and agility
Cloud Computing Expanding IT flexibility and agility What is Cloud Computing? A user experience and a business model Standardized offerings Rapidly provisioned Flexibly priced Ease of access An infrastructure
More information6 Cloud computing overview
6 Cloud computing overview 6.1 General ISO/IEC 17788:2014 (E) Cloud Computing Overview Page 1 of 6 Cloud computing is a paradigm for enabling network access to a scalable and elastic pool of shareable
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationPublic Cloud Service Definition
Public Version 1.5 TECHNICAL WHITE PAPER Table Of Contents Introduction... 3 Enterprise Hybrid Cloud... 3 Public Cloud.... 4 VMware vcloud Datacenter Services.... 4 Target Markets and Use Cases.... 4 Challenges
More informationPrivate Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.
Private Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Cloud computing has completely transformed the way business organizations
More informationCloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter
Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationCyber Security Symposium 2015 September 29,2015
Cyber Security Symposium 2015 September 29,2015 Introducing David Langston Branch Manager Security Management Department of Technology 2 About CalCloud Mission Offer cost-effective cloud solutions that
More informationSecure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com
Secure Multi Tenancy In the Cloud Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com At-a-Glance Trends Do MORE with LESS Increased Insider Threat Increasing IT spend on cloud
More informationPrivate & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012
Private & Hybrid Cloud: Risk, Security and Audit Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private and Hybrid Cloud - Risk, Security and Audit Objectives: Explain the technology and benefits behind
More informationCloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
More informationTake Control of Identities & Data Loss. Vipul Kumra
Take Control of Identities & Data Loss Vipul Kumra Security Risks - Results Whom you should fear the most when it comes to securing your environment? 4. 3. 2. 1. Hackers / script kiddies Insiders Ex-employees
More informationIT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011
IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 Cloud Basics Cloud Basics The interesting thing about cloud computing is that we've redefined cloud computing to include everything
More informationPaxata Security Overview
Paxata Security Overview Ensuring your most trusted data remains secure Nenshad Bardoliwalla Co-Founder and Vice President of Products nenshad@paxata.com Table of Contents: Introduction...3 Secure Data
More informationRagy Magdy Regional Channel Manager MEA IBM Security Systems
Ragy Magdy Regional Channel Manager MEA IBM Security Systems 1 Started my career in Security in 2003 by Joining ISS 2005 was named the ISS Regional Manager for the Middle East 2006 ISS was acquired by
More informationOWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect
OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationSecuring the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation
Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns
More informationHow To Secure Cloud Infrastructure
Trustworthy Clouds Underpinning the Future Internet Cloudscape III, Brussels, March 2011 Elmar Husmann, Corinna Schulze IBM 1 of 12 80% Of enterprises consider security the #1 inhibitor to cloud adoptions
More informationTop 10 Cloud Risks That Will Keep You Awake at Night
Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com
More informationVMware Solutions for Small and Midsize Business
SOLUTION BRIEF VMware Solutions for Small and Midsize Business Protect Your Business, Simplify and Save on IT, and Empower Your Employees AT A GLANCE VMware is a leader in virtualization and cloud infrastructure
More informationHow To Understand Cloud Computing
Capacity Management for Cloud Computing Chris Molloy Distinguished Engineer Member, IBM Academy of Technology October 2009 1 Is a cloud like touching an elephant? 2 Gartner defines cloud computing as a
More informationVMware vcloud Service Definition for a Public Cloud. Version 1.6
Service Definition for a Public Cloud Version 1.6 Technical WHITE PAPER 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
More informationThe Need for Service Catalog Design in Cloud Services Development
The Need for Service Catalog Design in Cloud Services Development The purpose of this document: Provide an overview of the cloud service catalog and show how the service catalog design is an fundamental
More informationMicrosoft Private Cloud
Microsoft Private Cloud Lorenz Wolf, Solution Specialist Datacenter, Microsoft SoftwareOne @ Au Premier Zürich - 22.03.2011 What is PRIVATE CLOUD Private Public Public Cloud Private Cloud shared resources.
More informationYour First Step to Cloud Computing
Systems Technology Group Your First Step to Cloud Computing Building a sustainable future USA Irel South Africa China Japan Korea Vietnam India Brazil Hong Kong Cloud Computing Laboratories around the
More informationThe Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
More informationSafeguarding the cloud with IBM Security solutions
Safeguarding the cloud with IBM Security solutions Maintain visibility and control with proven solutions for public, private and hybrid clouds Highlights Address cloud concerns with enterprise-class solutions
More informationCitrix On-Boarding A target Cloud
Uni On-Board An Introduction to Uni Systems Cloud On-boarding services portfolio White Paper Solution Brief Contents Introduction... 3 The On-Boarding problem Defined... 3 Defining an application workload...
More informationIntermedia s Dedicated Exchange
Intermedia s Dedicated Exchange This is a practical guide to implementing Intermedia s Dedicated Hosted Exchange on AWS. Intermedia, the world s independent provider of Hosted Exchange, and AWS, the leading
More informationThe Production Cloud
The Production Cloud The cloud is not just for backup storage, development projects and other low-risk applications. In this document, we look at the characteristics of a public cloud environment that
More informationManaged Cloud Services
Managed Services From Data Centre to Managed Public Traditional data centre Virtual Data Centre In-house Dedicated External Multi-tenant External Managed Public Consulting approach: Breakdown of Business
More informationCutting Through the Hype: Straight Talk About the Mainframe and Cloud Computing. Straight talk on cloud computing
Glenn Anderson, IBM Lab Services and Training Cutting Through the Hype: Straight Talk About the Mainframe and Cloud Computing Summer SHARE August 2014 Session 15593 Straight talk on cloud computing What
More informationInjazat s Managed Services Portfolio
Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.
More informationCloud Security 2011. Prof. Dr. Michael Waidner Fraunhofer SIT CASED. Fraunhofer SIT. Fraunhofer-Gesellschaft 2011
Fraunhofer-Gesellschaft 2011 Cloud Security 2011 Prof. Dr. Michael Waidner Fraunhofer SIT CASED 1 Fraunhofer SIT Security and Privacy»made in Darmstadt«Center for Advanced Security Research Darmstadt 170
More informationRisks and Countermeasures in the Public Cloud
Risks and Countermeasures in the Public Cloud Alessandro Vallega fond member of AIEA Security Business Development, Oracle Italy Oracle Community for Security Director Clusit Board of Directors Paragliding
More informationHow does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1
How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management
More informationSecure Cloud Computing Concepts Supporting Big Data in Healthcare. Ryan D. Pehrson Director, Solutions & Architecture Integrated Data Storage, LLC
Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D. Pehrson Director, Solutions & Architecture Integrated Data Storage, LLC Learning Objectives After this session, the learner should
More informationAddressing Cloud Computing Security Considerations
Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft
More informationWhat Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.
What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model
More informationDeveloping the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009
Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in
More informationArchitecting the Cloud
Architecting the Cloud Sumanth Tarigopula Director, India Center, Best Shore Applications Services 2011Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without
More informationValidating Enterprise Systems: A Practical Guide
Table of Contents Validating Enterprise Systems: A Practical Guide Foreword 1 Introduction The Need for Guidance on Compliant Enterprise Systems What is an Enterprise System The Need to Validate Enterprise
More informationCloud Security Who do you trust?
Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud
More informationCloud Computing and Standards
Cloud Computing and Standards Heather Kreger CTO International Standards, IBM kreger@us.ibm.com 2012 IBM Corporation Technology will play the key role in success Speed Value 90% 1 view cloud as critical
More informationEast African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?
East African Information Conference 13-14 th August, 2013, Kampala, Uganda Security and Privacy: Can we trust the cloud? By Dr. David Turahi Director, Information Technology and Information Management
More informationSafeguarding the cloud with IBM Dynamic Cloud Security
Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from
More informationWhy Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it
The Cloud Threat Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it This white paper outlines the concerns that often prevent midsized enterprises from taking advantage of the Cloud.
More informationAuditing Cloud Computing and Outsourced Operations
14 CHAPTER Auditing Cloud Computing and Outsourced Operations In this chapter, we will discuss key controls to look for when you are auditing IT operations that have been outsourced to external companies,
More informationThe New Economics of Cloud Computing
The New Economics of Cloud Computing Doug Jones Agenda Overview of Cloud Computing Adoption Considerations Cloud Solution Examples 2 Cloud is disruptive... Learning from previous Disruptive Technology
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed
More informationWhitepaper. The ABC of Private Clouds. A viable option or another cloud gimmick?
Whitepaper The ABC of Private Clouds A viable option or another cloud gimmick? Although many organizations have adopted the cloud and are reaping the benefits of a cloud computing platform, there are still
More informationThe Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing
Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?
More informationVMware vcloud Architecture Toolkit Public VMware vcloud Service Definition
VMware vcloud Architecture Toolkit Version 2.0.1 October 2011 This product is protected by U.S. and international copyright and intellectual property laws. This product is covered by one or more patents
More informationA Guide to. Cloud Services for production workloads
A Guide to Cloud Services for production workloads Intro Workload Requirements Matter Intro With the benefits of the cloud supported by both research and case studies, a growing number of cloud service
More informationIBM Cloud Computing mraky nad Českou republikou. Petr Plodík high-end/blade product manager IBM Central and Eastern Europe
IBM Cloud Computing mraky nad Českou republikou Petr Plodík high-end/blade product manager IBM Central and Eastern Europe 1 Exabytes A crisis of complexity. The need for progress is clear. 300 250 200
More informationInformation Technology: This Year s Hot Issue - Cloud Computing
Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationCompliance and the Cloud: What You Can and What You Can t Outsource
Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick
More informationClinical Trials in the Cloud: A New Paradigm?
Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand
More informationThe Push and Pull of the Cloud. TPI Cloud Computing Overview. April 5 th 2011
0 The Push and Pull of the Cloud. TPI Cloud Computing Overview April 5 th 2011. No part of this document may be reproduced in any form or by any electronic or mechanical Copyright means, 2011 Technology
More informationHybrid Cloud Delivery Managing Cloud Services from Request to Retirement SOLUTION WHITE PAPER
Hybrid Cloud Delivery Managing Cloud Services from Request to Retirement SOLUTION WHITE PAPER Contents Executive Summary................................................ 1 Hybrid Cloud Delivery..............................................
More information