Vertrauen in Cloud Dienste schaffen

Transcription

1 Vertrauen in Cloud Dienste schaffen Symantec Übersicht Thomas Hemker, CISSP Security Strategist

2 Thomas Hemker 18 Jahre IT Security Security CTO Team CISO Kontakt Beratung CISSP Security Sprecher, Experte ISF, (ISC)2, ISACA, TeleTrust, Bitkom, OASIS 2

3 Hintergrund Cloud Nutzung, Betrieb, Bereitstellung Schwachstellenverlagerung, Datenschutz Fehlendes Vertrauen der Kunden Technologie für die Absicherung von Cloudbetrieb und Nutzung Security als Service aus der Cloud Baustein für die IT/Security Strategie/Programm 3

4 Themen Cloud Security Sicherer Betrieb einer Cloud Sichere Cloud Nutzung Security aus der Cloud 4

5 Cloud Security 5

6 Cloud und Security Datenschutz Compliance- Anforderungen AudiTerungen Verträge/SLAs Unsachgemässe Public- Cloud Nutzung Mobile Anwendungen /Backends Gezielte Angriffe Etc. 6

7 Auch Angreifer nutzen Cloud- Dienste Attackers leverage Cloud Resources DDoS SPAM Command & Control Server Distribution of Malware Password Cracking 7

8 Sicherheitsbedenken Malicious Insider beim Hoster Fehlende Verschlüsselung Fehlende Backup Lösungen Lock- In Unsichere Schni^stellen und APIs Probleme durch shared Architecture Data Loss oder Leakage Account oder Service Hijacking Unbekanntes Risiko- Profil 8

9 Cloud Security Alliance SECTION I Domain 1 CLOUD ARCHITECTURE Cloud CompuTng Architectural Framework SECTION II Domain 2 Domain 3 Domain 4 Domain 5 Domain 6 GOVERNING IN THE CLOUD Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit InformaTon Lifecycle Management Portability and Interoperability 9

10 Cloud Security Alliance SECTION III Domain 7 Domain 8 Domain 9 Domain 10 Domain 11 Domain 12 Domain 13 OPERATING IN THE CLOUD TradiTonal Security, Business ConTnuity, and Disaster Recovery Data Center OperaTons Incident Response, NoTficaTon, and RemediaTon ApplicaTon Security EncrypTon and Key Management IdenTty and Access Management VirtualizaTon 10

11 Security Strategie / Programm 11

12 Well- meaning & Malicious Users Vulnerable PracTces/ Systems Information Cyber Threats Targeted A^acks 12

13 Sicherer Betrieb einer Cloud 13

14 Symantec Data Center Security Server protection Asset discovery and management Configuration assessment Intrusion detection and prevention Virus and malware protection Threat protection Vulnerability management Policy based security Correlation and analytics Security intelligence CCS Standards Manager and transactonal security for specific applicatons NIPS on SEP, DLP, Cisco OEM + Sym NIPS VMWare OEM + Sym NIPS SEP on server, CSP, CCS Standards Manager, DLP, EncrypTon Data Center Management & AnalyXcs Compliance Risk management Security incident management Security alerts Gap analysis and remediation Groupware, ProtecTon Engine, DLP, Data Insight, enttlements 14

15 Data Center: ProakXver Schutz (Physical/Virtual) Harden & Protect VMware Infrastructure Protect Domain Controllers Address PCI Compliance Requirements Stop Zero Day A^acks Shield Embedded Systems 15

16 Beispiel: VMWare vsphere VMware Management Virtual Infrastructure VMware ESX Linux O.S. CCS VSM VMware ESXi CSP Agent CSP Secures virtual environment operating system Additionally provides monitoring for virtual ESXi environment CCS Virtual Guest Compliance Virtual Infrastructure Compliance VM ESX(i), vsphere, Guest VM Monitor configuration compliance VSM Minimize cost of Audit - PCI, Privacy Physical location segregation Trust level segregation Granular Access Control Advanced Audit Logging Detailed logging of denied actions Additional fields for context CCS VSM/CSP and CCS ProtecTng Your Virtual World 16

17 Beispiel: Compliance Report 17

18 Sichere Cloud- Nutzung 18

19 Symantec Security Gateway DLP Web Gateway EncrypXon Gateway Web Security.cloud O3 Gateway VIP Security. cloud MPKI 19

20 Beispiel: Sichere Nutzung von Cloud Services Cloud IdenTty & Access Control Control Cloud InformaTon Security Security Private Cloud Cloud InformaTon Management Compliance 20

21 Symantec Endpoint Security On Premises Cloud- based DLP Security Mgmt. Device Mgmt. EncrypXon ApplicaXon Mgmt. 21

22 Beispiel: Sichere Dropboxnutzung aus ios 22

23 Security aus der Cloud 23

24 Security as a Service Intelligence 24

25 Symantec IS Security Intelligence 7 Billion File, URL & IP ClassificaXons 1 Billion+ Devices Protected 2.5 Trillion Rows of Security Telemetry 550 Threat Researchers 240 Million+ ContribuXng Users & Sensors 14 OperaXons & Response Centers 25

26 Beispiel: Sichere AuthenXfizierung Benutzer Unternehmen VIP Service Consumer Portal, Business Partner Extranet Corporate Network OTP PKI Token-less RBA 26

27 Protect Control Secure Recover Web Skeptic TM AnT- Virus AnT- Spam AnT- Virus AnT- Spyware Content Control Image Control URL Filtering Boundary EncrypTon Policy Based EncrypTon Archiving ConTnuity IM AnT- Virus AnT- Spam Content Control Endpoint Hosted Endpoint ProtecTon

28 Symantec und Service Provider SaaS & IT Outsourcing Enablement New Outsourcing Services Neuer IT Managed Service / Outsourcing Umsatz Consumer Markets SMB & Enterprise Services Powered By Symantec Clean Pipe Service Managed End Point Backup- as- a- Service Archiving- as a- Service Security- as- a- Service Data Loss PrevenTon Disaster Recovery Services Storage- as- a- Service Compliance AutomaTon 28

29 Symantec Lösungen - Übersicht New Higher-Value Offerings User ProducXvity & ProtecXon Mobile Workforce Productivity Norton Protection Norton Cloud InformaXon Security Information Security Service Identity/Content-aware Security Gateway Data Center Security InformaXon Management: Availability & Scalability Business Continuity Integrated Backup Object Storage Platform 29 29

30 Zusammenfassung Steigende Anforderungen (Richtlinien, Regulierung) AudiTerbarkeit Fehlendes Vertrauen Transparenz Hybride Lösungen Neue Security Technologie Compliance Ansatz kann gut funktonieren 30