Cloud computing security for telecommunication applications

Size: px
Start display at page:

Download "Cloud computing security for telecommunication applications"

Transcription

1 Cloud computing security for telecommunication applications

2 Executive summary Contents 02 Executive summary Introduction Security benefits Security risks and mitigation measures Cloud provider controls Cloud customer controls Cloud independence Layered defense-in-depth Authentication and encryption Central credential management Secure configuration and solid patch management Nokia Siemens Networks cloud security solution Cloud computing reference architectures CloudGate Cloud security baseline Cloud application security Summary List of acronyms References Cloud computing and virtualization are key IT technology priorities. Besides total cost reduction possibilities through use of cloud platforms there are many other benefits provided with these technologies. Time-to-market acceleration and flexibility is one of the major reasons Nokia Siemens Networks developed a migration path for telecommunication applications from legacy hardware onto virtualized and cloud platforms. In terms of security, cloud computing is ambivalent since it brings benefits as well as new risks. Customers of cloud services have to carefully select a cloud provider based on the offered security functions and on the detailed contractual terms. Eventually, the applications developed for cloud platforms have to support additional security controls compared to legacy developments. Nokia Siemens Networks adopted a strategy to migrate current telecommunication applications towards cloud infrastructures. The security of these applications is a cornerstone of the migration strategy. Processes have been adapted to support cloud solutions, and management tools have been developed for secure automated cloud deployments. 1 Introduction According to the United States National Institute of Standards and Technology (NIST), cloud computing can be described as follows: Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. [1] The cloud definition by NIST, along with details such as cloud characteristics, service models, and deployment models, are depicted in Figure 1. Cloud computing and virtualization are the key technology priorities at present [2]. The main driver for these technologies is reduction of costs. Virtualization enables reduction in CAPEX, especially in the public cloud area, due to the efficient use of hardware. Cloud computing also enables significant OPEX reduction through the automation of solution deployments and economy of scale. Besides cost reduction, another major benefit provided with these technologies is time to market acceleration and flexibility. Nokia Siemens Networks has developed a migration path for telecommunication applications from legacy hardware onto virtualized and cloud platforms using a step approach. To achieve this goal a stepwise approach may be necessary. Virtualization as a first step supports flexible and effective resource utilization and allows legacy applications to run on modern multi-core hardware by eliminating dependencies and version conflicts with legacy hardware and software. As a second step, private and / or public Infrastructure as a Service (IaaS) clouds offer homogeneous compute, storage and network resources as a service, reducing complexity on one hand while requiring software adaptations on the other. Cloud deployments can be automated through the use of APIs. Whether a telecommunication application will be virtualized in a first step, migrated, or in the case of a new application, developed directly on either private or public cloud platforms depends on various parameters such as inter-layer dependencies of legacy software, performance, availability and security requirements. 2

3 Deployment models Hybrid clouds Service models Private cloud Software as a Service (Saas) Community cloud Platform as a Service (Paas) Public cloud Infrastructure as a Service (IaaS) traces. Cloud computing makes evidence gathering fairly easy by taking a snapshot of a compromised virtual machine. Eventually forensics can be performed offline. Essential characteristics Private On-demand cloud self-service 3 Security risks and mitigation measures Common characteristics Figure 1: The NIST cloud definition framework Broad network access Resource pooling Private cloud Massive scale Homogeneity Virtualization Low cost software This whitepaper discusses the security issues relevant for the deployment of telecommunication applications on private and public IaaS cloud systems. 2 Security benefits Security for cloud computing, in most cases, is immediately associated with additional threats and risks. However, there are also significant security benefits with cloud computing. These need to be balanced with the risks to decide whether a cloud deployment is reasonable. For telecommunication systems the following benefits are the most important: Fast replication of securely configured servers, upgrades and bug fixes The manual installation and configuration of traditional telecommunication equipment as well as the life-cycle management with software upgrades and bug fixes is a time-consuming and error-prone process. Cloud computing based on virtualization relieves this to a great extent since virtual machines can be properly configured, hardened and upgraded Rapid elasticity Measured service Resilient computing Geographic distribution Service orientation Advanced security offline. Eventually the golden image virtual machine can be easily replicated. Resistance to Distributed Denial of Service (DDoS) attacks In case of DDoS attacks, extra servers could be added as an immediate reaction to mitigate the threat. This is normally done before more effective measures, such as application specific traffic filtering, are applied. However, in traditional telecommunication systems there is very often only one spare system for resilience purposes since the provisioning of spare systems for every type of telecommunication product is quite expensive. In contrast, with cloud computing, additional virtual machines of the type under attack can be easily launched as long as generic compute resources are available in the cloud. Evidence collection and offline forensics In traditional systems, the detection of a security breach requires manual intervention in premises to poweroff the system immediately, thereby preventing removal of any attack The major difference between legacy server farm architectures and cloud deployments is that cloud technology cannot provide security by utilizing physical network separation. Since there are always vulnerabilities in software, it was a common practice to build a Demilitarized Zone (DMZ) with front-end servers for supporting external communication and protecting the business logic tier and the data base tier in physically separated networks. Since access control was already very strong, security measures such as firewalls, authentication mechanisms and encryption techniques could be adapted to the real needs. As illustrated in Figure 2, this model has changed completely with cloud computing. In public IaaS clouds, a Virtual Machine (VM) which corresponds to a server in legacy architectures is exposed to the Internet, providing only one network interface. Since the underlying network is under the control of the cloud provider, it is not possible to configure VLANs for the VMs. There is already some material available on cloud computing threats and risks. European Network and Information Security Agency (ENISA) performed a security assessment [3] based on three use-case scenarios: Small Medium Enterprises (SME) migration to cloud computing services the impact of cloud computing on service resilience cloud computing in e-government (e.g., ehealth). Cloud Security Alliance (CSA) also provided a threat identification deliverable [4] seen as complementary 3

4 to the ENISA document mentioned above. A comprehensive overview about risks and mitigation measures is illustrated in Figure 3. In general, the security risks differ depending on the cloud service model. For example, the lock-in risk is higher with Software as a Service (Saas) / Customer Relationship Management (CRM) software service than with IaaS. In comparison to legacy architectures, cloud computing risks are in most cases higher due to lock-in, compliance challenges, etc. threats, or there is a greater impact from a malicious insider threat (considering the aggregate of customers). 3.1 Cloud provider controls Cloud provider offerings typically vary in terms of the security controls provided to their customers; therefore, a careful study of those offerings is required. To ease comparison of cloud provider offerings, the responsibilities of cloud providers is separated into the following four categories: Cloud infrastructure and infrastructure management This area includes the security basics for the datacenter. A generic classification of datacenters mainly regarding availability requirements is provided by the Uptime Institute (www.uptimeinstitute.org) in their Data Center Site Infrastructure Tier Standard. Further security requirements are documented in [5]. The implemented security controls may be documented in Service Level Agreements (SLAs) with the customers. Furthermore, the security controls may be audited by external firms (SAS 70, ISAE 3402/ SSAE 16 1 ) on customer request. Some cloud providers are also opting for ISO certifications for their cloud offerings. Cloud services and service management Roughly speaking, the IaaS cloud provides compute, storage and network resources as infrastructure services. However, the cloud provider offerings largely differ in Traditional model IaaS model DMZ Business Data Virtual machine instances OAM Application Platform Application Platform Database OSS/BSS... Cloud customer Application Platform OS Application Platform OS Database OS OSS/BSS... EMS OS OS OS EMS Customer Hardware Hardware Hardware Monitoring Virtualization layer Monitoring LB NMS DHCP / DNS Cloud provider LB NMS DHCP / DNS... / /... Physical infrastructure OAM Virtualized infrastructure OAM Physical and/or VLAN seperation of traffic types, e.g. user, media, management traffic Perimeter security, physical separation of server functions and multiple tier architecture Authentication and encryption demand Flexible adaption to security needs (web application firewalls, etc.) Virtualized hardware, logical traffic separation (based on addresses, no VLANs) Logical separation of VMs based on addresses Strong authentication and encryption of all interfaces Basic security responsibility with cloud provider, define requirements in SLA Figure 2: Traditional vs. IaaS model 1 SAS 70 has been replaced by the new SSAE 16 Guidance for Service Auditors Reporting on the Service Organization Controls (will become effective for reporting periods ending on or after 15 June 2011 and mirrors the new international ISAE 3402 Assurance Reports on Controls at a Service Organization ) and a new SAS Audit Considerations Relating to an Entity Using a Service Organization (will become effective for reporting periods ending on or after 15 September 2012). See [9] for more details. 4

5 Risks Mitigation measures Organizational Lock-in Loss of governance Compliance risks General Standardization Legal Malicious co-tenant (loss of business reputation) Cloud provider acquisition or termination Risk from changes of data location/jurisdiction Abuse and nefarious use of Cloud Computing Privacy/data protection risks Subpoena and e-discovery Cloud provider Incident notification/response Certification/audits (e.g. ISO 27001, ISAE 3402, SAS70) Security controls defined in Terms of Service, SLA, Privacy Policy, Customer Agreement Cloud customer Risk assessment, consulting Technical Resource exhaustion Isolation failure Cloud independent solution design and multi-cloud support Weakened perimeter security Cloud service failure Defense-in-depth Insecure interfaces and APIs Strong authentication and encryption Loss of enryption keys Account or service hijacking Data loss or leakage Mono-culture risk Secure credential management Secure configuration and solid patch management Figure 3: Risks and mitigation measures the way the services are offered or the way in which the services are supported with auxiliary infrastructure services. Many of these services were introduced by Amazon over the last couple of years thus making Amazon Web Services a benchmark platform for IaaS clouds. This field is under continuous change due to competitive pressure on the cloud providers. Typical auxiliary services, which may be a part of the cloud offering beyond the basic services, are listed in Figure 4. based on standards. And, IDM standards to enable integration into enterprise directories are also not supported. Nevertheless, the cloud providers typically offer reasonable security capabilities overall. However, the customer has to carefully investigate whether the security capabilities fit into the intended application. Cloud APIs Cloud APIs are used to access and manage cloud services. In most cases those APIs are implemented using either Residential State Transfer (REST) or Simple Object Access Protocol (SOAP) capabilities. From a functional point of view, it is essential that the API capabilities allow a fully automated deployment of cloud solutions without manual intervention e.g. via the management console. Security controls for the APIs include authentication measures, encryption techniques, etc. Contractual agreements The contract landscape for cloud computing is far more complex than in legacy runtime and development environments. Generally, there are delivery chains of independent cloud vendors causing difficulty in ensuring Security controls for cloud services which are very often configurable by the cloud customer are for example: IP packet filter rules in firewall Network zones support Secure VPN access Access control to resources However, there is no unified security architecture amongst the cloud providers. Furthermore, in most cases the logging and monitoring capabilities are very weak and not Compute services Network services Storage serivces Basic services VM runtime service IP addresses Object storage Block storage File storage Relational database Auxiliary services Firewall / NAT VM supervision Auto scaling Map reduce Figure 4: Basic and auxiliary cloud services Virtual private network Load balancing DNS service Notification service Queue service Content delivery network Server-side encrpytion 5

6 a proper service level agreement for the customer at the end of the chain, or in finding controllable and auditable licensing metrics for all the software components to be used instead of the traditional physical hardware based license metrics. An overview of the potential contract relationships for the use case wherein a customer of an IaaS cloud is offering SaaS is shown in Figure 5 [6]. For the SaaS customer, the contract no. 1 in conjunction with contract no. 2 needs to be considered for ensuring a proper service level. From a SaaS customer perspective, the contract no. 2 in most cases inherently includes agreements of contract no. 4 as well. Thus requirements need to be consistent throughout the contract chain. Contract no. 3 specifies the software usage rights, ideally for an unlimited number of customers with unlimited number of users. The contract between the cloud customer and the cloud provider (no. 4 and 5) is in most public offerings simply posted on the web site and is non-negotiable by the customer. From a security point of view, the selection of a public cloud provider depends on the reputation and the trust for a particular provider, on the provisioned security measures and on contractual agreements such as the Service Level Agreements (SLAs). These are important because of two major reasons: Contractual agreements are the legal basis for controversies between customers and public cloud providers if the provisioning of the agreed service fails; SLAs or other contractual agreements are a strong indication of the trust that the public cloud providers invest into their own marketing assertions. Terms and conditions that require careful consideration by customers include (the wording might be slightly different amongst the providers): The Customer Agreement, Acceptable Use Policy, and SLAs may be modified by the cloud providers at any time. The service offering may be changed or discontinued (including the offering as a whole) at any time. Network operator SaaS customer 1 The APIs may be discontinued or changed at any time. The jurisdiction for disputes between the cloud provider and the customer is determined by the cloud provider although in practice, the customer data may be subject to various jurisdictions depending on the storage location or the location from where the data is accessed. These authorities cannot necessarily be determined by the cloud provider. 3.2 Cloud customer controls A thorough analysis is required to make a decision about the appropriate cloud approach. The decision process should include the following steps: Define the environmental parameters such as business, operational, legal and regulatory parameters as well as security and resilience parameters. Perform a comparative risk assessment (SWOT analysis). Select a proper cloud architecture and provider. The basic security controls have to be provided by the cloud provider. However, as stated earlier, there are differences in the offerings and the cloud customer may have to overcome some of these shortcomings on their own. The following five recommendations are in particular useful for secure IaaS cloud deployments: Cloud independence Software vendor Figure 5: Contractual relationships 2 3 Cloud customer (SaaS vendor) Runtime Development 4 5 Cloud provider (IaaS vendor) The cloud landscape is very complex and is continuously changing. Established cloud providers may be acquired, and new cloud providers as well as new cloud software and management solutions appear. There are standardization efforts for cloud APIs, e.g. the Cloud Data Management Interface (CDMI) by the Storage Networking Industry 6

7 Malicious traffic Virus, worms... Intrusions Anomalies Legitimate traffic Firewall Anti-Virus Intrusion prevention Intrusion detection subpoena of a neighboring tenant, or where customer data are provided to a governmental organization on the basis of laws such as US Patriot Act. Most recently, a US vendor confirmed [7] that the latter may also happen for data stored in European data centers. The application of strong cryptographic techniques is therefore essential to protect data on publicly accessible servers and storages. Figure 6: Layered defense-in-depth Association, (SNIA), or the Open Cloud Computing Interface (OCCI) by the Open Grid Forum (OGF). The Distributed Management Task Force (DMTF) has specified an Open Virtualization Format (OVF) as a hypervisor-neutral, extensible, and open specification for the packaging and distribution of virtual appliances, comprising of one or more VMs. Unfortunately, at this point in time, those APIs are not supported in the major public cloud offerings. Amazon APIs can be viewed as the de-facto standard for management and are also used in some open source cloud solutions such as Eucalyptus. Furthermore, there is no homogeneous security management approach across different cloud provider offerings, e.g. The security controls configurable by customers are all different. There is no consistent security infrastructure regarding firewalls, VPN access, etc. There is no uniform authentication, encryption and access control. Logging and monitoring capabilities are in general very weak and not based on standards Due to the immature cloud provider landscape, it is imperative that the cloud solution is designed in a way that it is mostly independent from the cloud provider and avoids a lock-in risk. Possibly, services could be constructed as virtual appliances for use in multiple cloud environments (e.g. load balancer). An exit strategy is required to deal with cases wherein the cloud provider has failed to deliver the service or the service has been terminated. It is advisable to develop and test the cloud application on different platforms to allow an easy switch-over to an alternative provider Layered defense-in-depth With cloud computing, every server (a Virtual Machine in this case) is exposed to the Internet and therefore a so called defense-in-depth strategy is required (Figure 6), wherein each layer of security is followed by another: firewall, anti-virus, combined with Network Intrusion Detection Systems (NIDS), Host-based Intrusion Detection Systems (HIDS), and Intrusion Prevention Systems (IPS) Authentication and encryption Data protection is a key issue for adoption of cloud computing. This is valid for critical enterprise data as well as for data which are subject to industrial or governmental regulation. New threats arise from cloud computing being an inherently multitenant capable architecture; therefore, a cloud provider must ensure proper isolation to avoid attacks such as sidechannel attacks etc.. Besides criminal attacks, there are also legal processes wherein customer data may be transferred to a legal body due to a Strong authentication using keys are recommended to protect access to data. Data-at-rest shall be encrypted and signed to ensure confidentially and integrity. Data-in-transit shall travel via secure protocols such as SSL, SSH, etc Central credential management The application of cryptographic measures adds new security risks such as loss of encryption keys, adding additional complexity to the cloud solution. Unfortunately, at present there is no uniform authentication, encryption and access control among different cloud providers. A single cloud offering may also use different methods for its APIs, e.g. X.509 credentials or shared secrets. As a mitigation measure, a central management for the secure storage of cloud credentials is strongly recommended. This helps to hide the complexity of the inhomogeneous credential solutions for the end user and avoids credentials being stored in end user devices, or on mobile devices such as USB sticks. A central credential management helps to enforce strong policies and allows renewal of credentials on a regular basis Secure configuration and solid patch management One of the benefits of cloud computing is that properly secured software images can be easily cloned and therefore manual installation and configuration tasks have to be done 7

8 only once. The disadvantage is that with the cloning of cloud solutions, a mono-culture is created resulting in software bugs or weak configuration measures being replicated. Therefore a secure configuration of virtual machines, comprising the operating system, services, and applications is even more important here than in the traditional systems. Moreover, this requires a solid and rapid patch management. 4 Nokia Siemens Networks cloud security solution Nokia Siemens Networks plans the migration of suitable legacy telecommunication applications and the implementation of new applications on public and / or private cloud infrastructures. Applications qualified for cloud deployments will be offered based on a SaaS model to customers. Examples of applications include the following: The award winning solution for Field Service Management [8] provides a real-time, holistic view of all field service activities. It enables value, skill and distance based workflow optimization for several days or even weeks ahead. It supports real-time optimization in changing conditions, two-way field communications, providing a location accessibility database. It also offers an extensive set of automatically generated, work value-based reports. Customer Experience Management as a Service (CEMaaS) facilitates via a portal subscription to customer experience-related insights and actions in areas such as mobile broadband, user management and roaming management to transform business processes through valueadding consulting and services. Security of such applications is being focused upon from the beginning, encompassing four building blocks as shown in Figure Cloud computing reference architectures Nokia Siemens Networks carefully selected a number of public and private IaaS cloud platforms which are designed to meet the scalability requirements of telecommunication service providers, allowing efficient operations through automation as well as providing sufficient levels of security so that customers are comfortable with sensitive applications and data hosted in a cloud environment. Based on the selected cloud platforms, reference architectures have been defined in such a way that applications are mostly independent of the underlying infrastructure, allowing fairly easy porting between different platforms. 4.2 CloudGate The CloudGate is the internal platform for secure configuration and deployment, monitoring, lifecycle management and relay of invoicing data for Nokia Siemens Networks cloud applications, deployed on top of third party cloud infrastructures. The Cloud Framework (CFW) is a functional component of CloudGate targeted to deploy and manage Nokia Siemens Networks solutions on public and private cloud platforms. The basic idea is to automate cloud deployments thus reducing complexity for operations. Moreover, it facilitates cloning of Nokia Siemens Networks solutions for different customers on possibly different cloud infrastructures. The latter is especially important for minimizing the risk of a Cloud computing reference archictectures Selected public and private IaaS clouds build a common foundation for scalable and efficient operations and maximize synergies among Nokia Siemens Networks solutions. CloudGate The internal platform ensures secure configuration and deployment, monitoring and lifecycle management of Nokia Siemens Networks cloud applications. Secure SaaS applications on IaaS clouds Cloud security baseline The guidelines for secure cloud application development are integrated into the Nokia Siemens Networks Design For Security (DFSEC) process. Cloud application security The cloud applications provide state-of-the-art security for APIs and support SSO protocols for easy integration with customers enterprise directories. Figure 7: Building blocks for a secure SaaS delivery model 8

9 SaaS customer Compute cloud Internet Availability zone Public IP Automated deployment Cloud API Upload VM image(s) Upload application bootstrap/config Start VMs Object store Allocate/attach persistant storage Configure firewalls, IPs Bootstrap/configure system components Set up communication links between comp. Virtual machines Persistent storage Figure 8: Deployment of multi-tier application blueprints vendor lock-in. This allows the selection of a suitable cloud platform depending on the customer needs, e.g. cloud capabilities, security features, location and pricing. The CFW performs the basic security configuration of cloud solutions allowing secure configurations on multiple cloud infrastructures to be reproduced. The security features include: Security group configuration The security groups can be configured as per service. Similar to legacy server architectures, the VMs shall be separated into different security groups (e.g. DMZ, business logic and database tier) with the traffic among security groups being filtered accordingly. Secure configuration of the VMs The basic security management of the VMs including the configuration of the host-based firewall, configuration of services such as SSH allows only key based authentication to be performed by the CFW. Storage of cloud credentials A secure KeyStore is implemented in CFW. No cloud credentials are either available to end users or stored in end user devices. Object storage access from CFW Files stored in the object storage (e.g. installation packages) are AES-256 encrypted with openssl and signed. Object storage access from the VM The CFW issues one-time limited capability tickets on request of a VM allowing the VM performing operations (create volume, download file, etc.) on the cloud object storage. No credentials are ever stored permanently in the VM. Block storage access from the VM Block storage volumes are optionally encrypted depending on the sensitivity of the application data. Secure communications A lightweight Certificate Authority (CA) is supported for creation, signing and revocation of host keys. Every software component communicating via SSL gets a dedicated key and certificate. Logging of management operations All operations performed via CFW on the cloud platform are logged with user specific entries. The Identity and Access Management authenticates CFW users against the NSN Enterprise Directory with Single Sign-On (SSO) capability. Furthermore, Role Based Access Control (RBAC) provides fine-grained user-level control on various CFW operations. Eventually the SSH Gateway relays SSH connections from end user devices to VMs in the cloud. SSH clients or their users are authenticated with Nokia Siemens Networks credentials respectively via the Nokia Siemens Networks Enterprise Directory. This allows user specific logging for performing SSH commands. Moreover, the SSH Gateway ensures that no sensitive SSH private keys needs to be issued to end users. 4.3 Cloud security baseline Nokia Siemens Networks Design for Security (DFSEC) process is a pro-active part of the security processes. DFSEC refers to different phases of security development that a product must undergo before it can be delivered to a customer. Each phase has an important role in ensuring that the products are developed so as to implement all the necessary security controls for withstanding different intentional or unintentional security 9

10 threats. Design for security is a comprehensive proactive approach for security implementation at the start of product design. The Product Security Baseline associated with DFSEC defines the most important security requirements for all products and systems. This baseline has been extended to cover cloud specific application development. Overall, the baseline requirements for cloud deployments are more stringent compared to traditional application development, following the guidelines outlined in the previous chapters. 4.4 Cloud application security There are security requirements beyond the baseline requirements, which are application specific and need individual investigation. Amongst others, the secure authentication of SaaS customers is often one of the most important issues. From the customer point of view, with the adoption of SaaS offerings, the trust boundary will become dynamic and move beyond the control of IT. Therefore, Identity and Access Management solutions are key to improve operational efficiency with a Single Sign-On (SSO) solution e.g. by means of the SAML protocol. However, this option requires some integration effort with the customer s enterprise directory. 5 Summary Cloud computing denotes the use of shared servers, resources, software, and data, provided as a service by cloud providers in the Internet. Cloud providers are expected to offer their services faster, flexibly and at lower costs than traditional IT centers with the use of virtualization and the related decoupling of software from hardware. In addition, virtualization and cloud computing may offer security benefits such as fast replication of securely configured servers, upgrades and bug fixes. On the other hand, security issues are currently the biggest blocking points and concerns related to the use of cloud computing. In particular, traditional security mechanisms such as traffic separation, security architectures using walled gardens, demilitarized zones, etc. are no longer applicable; instead, users of cloud services depend on security functions offered by the cloud provider. Therefore, customers of cloud services have to carefully select a cloud provider based on the offered security functions and the detailed contractual terms. For such a selection, a dedicated security checklist should be used. Additionally, a user should make a detailed threat and risk analysis to decide whether an application is suitable for cloud implementation and its expected benefits outweigh possible security risks. Applications deployed on cloud systems are exposed to the Internet and are likely to be accessed by many users. Correspondingly, they have to provide a so-called defense-in-depth strategy with multiple layers of security. Strong authentication of users, encryption of data-at-rest and data-in-transit are crucial in providing security. Consequently, a secure credential management is a further challenge. Nokia Siemens Networks adopted a strategy to migrate legacy applications to cloud infrastructures. Security of these applications is a cornerstone of the development phase. Processes have been adapted accordingly to support cloud deployment and management tools for secure and automated cloud deployments. 10

11 6 List of acronyms AES Advanced Encryption Standard API Application Programming Interface BSS Business Support Systems CAPEX CAPital EXpenditure CFW Cloud Framework CRM Customer Relationship Management CSA Cloud Security Alliance CSP Cloud Service Provider DDoS Distributed Denial Of Service DFSEC Design For SECurity DMZ Demilitarized Zone DoS Denial of Service EC2 Elastic Compute Cloud (Amazon) ENISA European Network and Information Security Agency HIDS Host based Intrusion Detections System IaaS Infrastructure as a Service IDS Intrusion Detection System IDM Identity Management IPS Intrusion Prevention System ISAE 3402 International Standard on Assurance Engagements 3402 NAT Network Address Translation NIDS Network based Intrusion Detections System NIST National Institute of Standards and Technology OPEX OPerational EXpenditure OS Operating System PaaS Platform as a Service RBAC Role Based Access Control REST Representational State Transfer RDS Relational Database Service SaaS Software as a Service SAML Security Assertion Markup Language SAS 70 Statement on Auditing Standards No. 70 SLA Service Level Agreement SME Small Medium Enterprises SOAP Simple Object Access Protocol SSAE 16 Statement on Standards for Attestation Engagements 16 SSH Secure Shell SSL Secure Sockets Layer SSO Single Sign On SWOT Strengths / Weaknesses / Opportunities / Threats VLAN Virtual LAN (Local Area Network) VM Virtual Machine 7 References [1] NIST SP , The NIST Definition of Cloud Computing (Draft), [2] Gartner EXP, CIO Agenda 2011 (CIO Survey), January [Online]. Available: jsp?id= [Accessed 04 August 2011]. [3] Enisa, Cloud Computing - Benefits, risks and recommendations for information security, November [Online]. Available: deliverables/cloud-computing-risk-assessment/at_download/ fullreport. [Accessed 03 August 2011]. [4] Cloud Security Alliance, Top Threats to Cloud Computing V1.0, March [Online]. Available: cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf. [Accessed 03 August 2011]. [5] Federal Office for Information Security (BSI), Security Recommendations for Cloud Computing Providers, March [Online]. Available: https://www.bsi.bund.de/shareddocs/ Downloads/EN/BSI/Publications/Minimum_information/ SecurityRecommendationsCloudComputingProviders.pdf? blob=publicationfile. [Accessed 03 August 2011]. [6] Bitkom, Leitfaden Cloud Computing - Was Entscheider wissen müssen, [Online]. Available: org/60376.aspx?url=bitkom_leitfaden_cloud_computing- Was_Entscheider_wissen_muessen. pdf&mode=0&b=publikationen. [Accessed 03 August 2011]. [7] P. Taylor, Privacy concerns slow cloud adoption, Financial Times Ltd, 02 August [Online]. Available: com/cms/s/0/c970e6ee-bc7e-11e0-adac-00144feabdc0. html#axzz1u8xyo3te. [Accessed 05 August 2011]. [8] Nokia Siemens Networks, Nokia Siemens Networks wins two Global Telecoms Business Innovation Awards, 08 June [Online]. Available: news-events/press-room/press-releases/nokia-siemensnetworks-wins-two-global-telecoms-business-innovationawards. [Accessed 16 September 2011]. [9] S. McLean and C. Ford, Changes to SAS 70: Are you Ready?, Morrison & Foerster LLP, 04 January [Online]. Available: Changes-to-SAS.pdf. [Accessed 11 August 2011]. 11

12 Nokia Siemens Networks P.O. Box 1 FI NOKIA SIEMENS NETWORKS Finland Visiting address: Karaportti 3, ESPOO, Finland Switchboard (Finland) Switchboard (Germany) Copyright 2012 Nokia Siemens Networks. All rights reserved. Nokia is a registered trademark of Nokia Corporation, Siemens is a registered trademark of Siemens AG. The wave logo is a trademark of Nokia Siemens Networks Oy. Other company and product names mentioned in this document may be trademarks of their respective owners, and they are mentioned for identification purposes only. This publication is issued to provide information only and is not to form part of any order or contract. The products and services described herein are subject to availability and change without notice.

Lecture 02b Cloud Computing II

Lecture 02b Cloud Computing II Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

Security Considerations for Cloud Computing. Steve Ouzman Security Engineer

Security Considerations for Cloud Computing. Steve Ouzman Security Engineer Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Becoming a Cloud Services Broker. Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013

Becoming a Cloud Services Broker. Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013 Becoming a Cloud Services Broker Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013 Hybrid delivery for the future Traditional IT Evolving current state Future Information

More information

Security Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken )

Security Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken ) 23.11.2015 Jan Philipp Manager, Cyber Risk Services Enterprise Architect Security Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken ) Purpose today Introduction» Who I am

More information

Security & Trust in the Cloud

Security & Trust in the Cloud Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2 DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing Slide 1 Slide 3 A style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet.

More information

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc. Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility

More information

VMware vcloud Powered Services

VMware vcloud Powered Services SOLUTION OVERVIEW VMware vcloud Powered Services VMware-Compatible Clouds for a Broad Array of Business Needs Caught between shrinking resources and growing business needs, organizations are looking to

More information

Cloud computing: benefits, risks and recommendations for information security

Cloud computing: benefits, risks and recommendations for information security Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation

More information

SECURE CLOUD COMPUTING

SECURE CLOUD COMPUTING Outline SECURE CLOUD COMPUTING Introduction (of many buzz words) References What is Cloud Computing Cloud Computing Infrastructure Security Cloud Storage and Data Security Identity Management in the Cloud

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

Security & Cloud Services IAN KAYNE

Security & Cloud Services IAN KAYNE Security & Cloud Services IAN KAYNE CloudComponents CLOUD SERVICES Dynamically scalable infrastructure, services and software based on broad network accessibility NETWORK ACCESS INTERNAL ESTATE CloudComponents

More information

NSN Liquid Core Management for Telco Cloud: Paving the way for reinventing telcos for the cloud

NSN Liquid Core Management for Telco Cloud: Paving the way for reinventing telcos for the cloud NSN Liquid Core Management for Telco Cloud: Paving the way for reinventing telcos for the cloud Keynotes Liquid Core Management provides operational support for NSN Liquid Core Network, covering all mobile

More information

Architectural Implications of Cloud Computing

Architectural Implications of Cloud Computing Architectural Implications of Cloud Computing Grace Lewis Research, Technology and Systems Solutions (RTSS) Program Lewis is a senior member of the technical staff at the SEI in the Research, Technology,

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

Cloud Computing An Auditor s Perspective

Cloud Computing An Auditor s Perspective Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,

More information

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Cloud Computing Dr. A. Askarunisa Professor and Head Vickram College of Engineering, Madurai, Tamilnadu, India N.Ganesh Sr.Lecturer Vickram College of Engineering, Madurai, Tamilnadu,

More information

Effective End-to-End Cloud Security

Effective End-to-End Cloud Security Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of

More information

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security

More information

Cloud Security. Are you on the train or the tracks? ISSA CISO Executive Forum April 18, 2015. Brian Grayek CISSP, CCSK, ITILv3

Cloud Security. Are you on the train or the tracks? ISSA CISO Executive Forum April 18, 2015. Brian Grayek CISSP, CCSK, ITILv3 Cloud Security Are you on the train or the tracks? ISSA CISO Executive Forum April 18, 2015 Brian Grayek CISSP, CCSK, ITILv3 1 Agenda: Facts Opinions (based on experience) A little humor Some gold nuggets

More information

FACING SECURITY CHALLENGES

FACING SECURITY CHALLENGES 24 July 2013 TimeTec Cloud Security FACING SECURITY CHALLENGES HEAD-ON - by Mr. Daryl Choo, Chief Information Officer, FingerTec HQ Cloud usage and trend Cloud Computing is getting more common nowadays

More information

Remote Voting Conference

Remote Voting Conference Remote Voting Conference Logical Architecture Connectivity Central IT Infra NIST Best reachability in India for R-Voting Initiative 200+ Physical MPLS POPs across India 5 Regional Data Centre at Pune,

More information

SaaS A Product Perspective

SaaS A Product Perspective SaaS A Product Perspective Software-as-a-Service (SaaS) is quickly gaining credibility and market share against traditional packaged software. This presents new opportunities for product groups and also

More information

Assessing Risks in the Cloud

Assessing Risks in the Cloud Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research

More information

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment

More information

Cloud Security and Managing Use Risks

Cloud Security and Managing Use Risks Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access

More information

Threat Modeling Cloud Applications

Threat Modeling Cloud Applications Threat Modeling Cloud Applications What You Don t Know Will Hurt You Scott Matsumoto Principal Consultant smatsumoto@cigital.com Software Confidence. Achieved. www.cigital.com info@cigital.com +1.703.404.9293

More information

From Secure Virtualization to Secure Private Clouds

From Secure Virtualization to Secure Private Clouds From Secure Virtualization to Secure Private Clouds Gartner RAS Core Research Note G00208057, Neil MacDonald, Thomas J. Bittman, 13 October 2010, RV2A108222011 As enterprises move beyond virtualizing their

More information

Securing SaaS Applications: A Cloud Security Perspective for Application Providers

Securing SaaS Applications: A Cloud Security Perspective for Application Providers P a g e 2 Securing SaaS Applications: A Cloud Security Perspective for Application Providers Software as a Service [SaaS] is rapidly emerging as the dominant delivery model for meeting the needs of enterprise

More information

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1 sm Open Data Center Alliance Usage: Provider Assurance Rev. 1.1 Legal Notice This Open Data Center Alliance SM Usage:Provider Assurance is proprietary to the Open Data Center Alliance, Inc. NOTICE TO USERS

More information

Planning the Migration of Enterprise Applications to the Cloud

Planning the Migration of Enterprise Applications to the Cloud Planning the Migration of Enterprise Applications to the Cloud A Guide to Your Migration Options: Private and Public Clouds, Application Evaluation Criteria, and Application Migration Best Practices Introduction

More information

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING 1. K.SURIYA Assistant professor Department of Computer Applications Dhanalakshmi Srinivasan College of Arts and Science for Womren Perambalur Mail: Surik.mca@gmail.com

More information

Chapter 11 Cloud Application Development

Chapter 11 Cloud Application Development Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How

More information

IBM 000-281 EXAM QUESTIONS & ANSWERS

IBM 000-281 EXAM QUESTIONS & ANSWERS IBM 000-281 EXAM QUESTIONS & ANSWERS Number: 000-281 Passing Score: 800 Time Limit: 120 min File Version: 58.8 http://www.gratisexam.com/ IBM 000-281 EXAM QUESTIONS & ANSWERS Exam Name: Foundations of

More information

security in the cloud White Paper Series

security in the cloud White Paper Series security in the cloud White Paper Series 2 THE MOVE TO THE CLOUD Cloud computing is being rapidly embraced across all industries. Terms like software as a service (SaaS), infrastructure as a service (IaaS),

More information

Top 10 Risks in the Cloud

Top 10 Risks in the Cloud A COALFIRE PERSPECTIVE Top 10 Risks in the Cloud by Balaji Palanisamy, VCP, QSA, Coalfire March 2012 DALLAS DENVER LOS ANGELES NEW YORK SEATTLE Introduction Business leaders today face a complex risk question

More information

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous

More information

Securing Cloud Infrastructures with Elastic Security

Securing Cloud Infrastructures with Elastic Security Securing Cloud Infrastructures with Elastic Security White Paper September 2012 SecludIT 1047 route des dolines, 06560 Sophia Antipolis, France T +33 489 866 919 info@secludit.com http://secludit.com Core

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

Top 10 Cloud Risks That Will Keep You Awake at Night

Top 10 Cloud Risks That Will Keep You Awake at Night Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com

More information

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts.

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts. Tufts University Department of Computer Science COMP 116 Introduction to Computer Security Fall 2014 Final Project Investigating Security Issues in Cloud Computing Guocui Gao Guocui.gao@tufts.edu Mentor:

More information

Residual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.)

Residual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.) Organizational risks 1 Lock-in Risk of not being able to migrate easily from one provider to another 2 Loss of Governance Control and influence on the cloud providers, and conflicts between customer hardening

More information

THE INS AND OUTS OF CLOUD COMPUTING

THE INS AND OUTS OF CLOUD COMPUTING THE INS AND OUTS OF CLOUD COMPUTING and Its Impact on the Network April 2010 Rev. A 04/10 SPIRENT 1325 Borregas Avenue Sunnyvale, CA 94089 USA Email: Web: sales@spirent.com http://www.spirent.com AMERICAS

More information

March 2012 www.tufin.com

March 2012 www.tufin.com SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...

More information

Cloud Computing: Compliance and Client Expectations

Cloud Computing: Compliance and Client Expectations Cloud Computing: Compliance and Client Expectations February 15, 2012 MOSS ADAMS LLP 1 TODAY S PRESENTERS Moderator Kevin Villanueva, CPA, CISA, CISM, CITP, CRISC Sr. Manager, Infrastructure and Security

More information

Security in Hybrid Clouds

Security in Hybrid Clouds Security in Hybrid Clouds Executive Summary... 3 Commonly Accepted Security Practices and Philosophies... 4 Defense- in- Depth... 4 Principal of Least Privileges... 4 Hybrid Cloud Security Issues and Threats...

More information

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility. FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer

More information

Private Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Private Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc. Private Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Cloud computing has completely transformed the way business organizations

More information

Securing the private cloud

Securing the private cloud Securing the private cloud Gary Gardiner Security Engineer 2011 Check Point Software Technologies Ltd. [Unrestricted] For everyone Top Trends of 2011 1 2 3 4 5 6 7 8 9 Virtualization & Cloud Computing

More information

Intel IT Cloud 2013 and Beyond. Name Title Month, Day 2013

Intel IT Cloud 2013 and Beyond. Name Title Month, Day 2013 Intel IT Cloud 2013 and Beyond Name Title Month, Day 2013 Legal Notices This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Intel and the

More information

The Magazine for IT Security. May 2010. issue 3. sör alex / photocase.com

The Magazine for IT Security. May 2010. issue 3. sör alex / photocase.com The Magazine for IT Security May 2010 sör alex / photocase.com free digital version made in Germany issue 3 Luiz Fotolia.com Clouds or storm clouds? Cloud Computing Security by Javier Moreno Molinero Gradually,

More information

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?

More information

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Char Sample Security Engineer, Carnegie Mellon University CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk

More information

APPLICATION-CENTRIC SOLUTIONS FOR A CLOUD-EMPOWERED ENTERPRISE

APPLICATION-CENTRIC SOLUTIONS FOR A CLOUD-EMPOWERED ENTERPRISE APPLICATION-CENTRIC IaaS SOLUTIONS FOR A CLOUD-EMPOWERED ENTERPRISE Changing fast, acting smart and innovating quickly are what enable organizations to get ahead and stay ahead of the competition. Today,

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Cloud Computing An Internal Audit Perspective. Heather Paquette, Partner Tom Humbert, Manager

Cloud Computing An Internal Audit Perspective. Heather Paquette, Partner Tom Humbert, Manager Cloud Computing An Internal Audit Perspective Heather Paquette, Partner Tom Humbert, Manager March10 2011 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,

More information

Media Shuttle s Defense-in- Depth Security Strategy

Media Shuttle s Defense-in- Depth Security Strategy Media Shuttle s Defense-in- Depth Security Strategy Introduction When you are in the midst of the creative flow and tedious editorial process of a big project, the security of your files as they pass among

More information

Software-Defined Networks Powered by VellOS

Software-Defined Networks Powered by VellOS WHITE PAPER Software-Defined Networks Powered by VellOS Agile, Flexible Networking for Distributed Applications Vello s SDN enables a low-latency, programmable solution resulting in a faster and more flexible

More information

Cloud Essentials for Architects using OpenStack

Cloud Essentials for Architects using OpenStack Cloud Essentials for Architects using OpenStack Course Overview Start Date 18th December 2014 Duration 2 Days Location Dublin Course Code SS906 Programme Overview Cloud Computing is gaining increasing

More information

Lecture 02a Cloud Computing I

Lecture 02a Cloud Computing I Mobile Cloud Computing Lecture 02a Cloud Computing I 吳 秀 陽 Shiow-yang Wu What is Cloud Computing? Computing with cloud? Mobile Cloud Computing Cloud Computing I 2 Note 1 What is Cloud Computing? Walking

More information

Cloud models and compliance requirements which is right for you?

Cloud models and compliance requirements which is right for you? Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,

More information

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM STORAGE SECURITY TUTORIAL With a focus on Cloud Storage Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members

More information

Cloud IaaS: Security Considerations

Cloud IaaS: Security Considerations G00210095 Cloud IaaS: Security Considerations Published: 7 March 2011 Analyst(s): Lydia Leong, Neil MacDonald Ensuring adherence to your organization's security and compliance requirements is one of the

More information

Enterprise Architecture Review Checklist

Enterprise Architecture Review Checklist Enterprise Architecture Review Checklist Software as a Service (SaaS) Solutions Overview This document serves as Informatica s Enterprise Architecture (EA) Review checklist for Cloud vendors that wish

More information

Security Virtual Infrastructure - Cloud

Security Virtual Infrastructure - Cloud Security Virtual Infrastructure - Cloud Your Name Ramkumar Mohan Head IT & CISO Orbis Financial Corporation Ltd Agenda Cloud Brief Introduction State of Cloud Cloud Challenges Private Cloud Journey to

More information

Cloud Standardization, Compliance and Certification. Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak

Cloud Standardization, Compliance and Certification. Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak Cloud Standardization, Compliance and Certification Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak Todays Agenda IT Resourcing with Cloud Computing and related challenges Landscape

More information

Cloud-Security: Show-Stopper or Enabling Technology?

Cloud-Security: Show-Stopper or Enabling Technology? Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics

More information

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements: Compliance Brief The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements: Using Server Isolation and Encryption as a Regulatory Compliance Solution and IT Best Practice Introduction

More information

Interoute Virtual Data Centre. Hands on cloud control.

Interoute Virtual Data Centre. Hands on cloud control. Interoute Virtual Data Centre. Hands on cloud control. Scale your computing resource on demand Choose where in Europe you want your data Europe s most trusted and secure network www.interoute.com/vdc Interoute

More information

yvette@yvetteagostini.it yvette@yvetteagostini.it

yvette@yvetteagostini.it yvette@yvetteagostini.it 1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work

More information

Guideline on Implementing Cloud Identity and Access Management

Guideline on Implementing Cloud Identity and Access Management CMSGu2013-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Implementing Cloud Identity and Access Management National

More information

Virtual Private Cloud-as-a-Service: Extend Enterprise Security Policies to Public Clouds

Virtual Private Cloud-as-a-Service: Extend Enterprise Security Policies to Public Clouds What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their

More information

Securing the Service Desk in the Cloud

Securing the Service Desk in the Cloud TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,

More information

Addressing Cloud Computing Security Considerations

Addressing Cloud Computing Security Considerations Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft

More information

How to procure a secure cloud service

How to procure a secure cloud service How to procure a secure cloud service Dr Giles Hogben European Network and Information Security Agency Security in the cloud contracting lifecycle Can cloud meet your security requirements Choose the provider

More information

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud Simone Brunozzi, AWS Technology Evangelist, APAC Fortress in the Cloud AWS Cloud Security Model Overview Certifications & Accreditations Sarbanes-Oxley (SOX) compliance ISO 27001 Certification PCI DSS

More information

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private & Hybrid Cloud: Risk, Security and Audit Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private and Hybrid Cloud - Risk, Security and Audit Objectives: Explain the technology and benefits behind

More information

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

The NREN s core activities are in providing network and associated services to its user community that usually comprises: 3 NREN and its Users The NREN s core activities are in providing network and associated services to its user community that usually comprises: Higher education institutions and possibly other levels of

More information

Cloud Computing: Background, Risks and Audit Recommendations

Cloud Computing: Background, Risks and Audit Recommendations Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For

More information

PortWise Access Management Suite

PortWise Access Management Suite Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s

More information

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad

More information

Managed Security Services for Data

Managed Security Services for Data A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified

More information

Sygate Secure Enterprise and Alcatel

Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise eliminates the damage or loss of information, cost of recovery, and regulatory violation due to rogue corporate computers, applications, and

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

EMC Forum 2012 Bussum 11 th September 2012. Hans Reinhart Business Development Hans.reinhart@terremark.com

EMC Forum 2012 Bussum 11 th September 2012. Hans Reinhart Business Development Hans.reinhart@terremark.com EMC Forum 2012 Bussum 11 th September 2012 Hans Reinhart Business Development Hans.reinhart@terremark.com Terremark The Portfolio Terremark Our GLOBAL Footprint Cloud! The Opportunity The Market we are

More information

SERENA SOFTWARE Serena Service Manager Security

SERENA SOFTWARE Serena Service Manager Security SERENA SOFTWARE Serena Service Manager Security 2014-09-08 Table of Contents Who Should Read This Paper?... 3 Overview... 3 Security Aspects... 3 Reference... 6 2 Serena Software Operational Security (On-Demand

More information

An Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/

An Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/ An Integrated CyberSecurity Approach for HEP Grids Workshop Report http://hpcrd.lbl.gov/hepcybersecurity/ 1. Introduction The CMS and ATLAS experiments at the Large Hadron Collider (LHC) being built at

More information