Security as Architecture A fine grained multi-tiered containment strategy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Security as Architecture A fine grained multi-tiered containment strategy"

Transcription

1 1 Security as Architecture A fine grained multi-tiered containment strategy Andras R. Szakal IBM Distinguished Engineer Chief Software Architect, U.S. Federal SWG

2 2 Objectives Cybersecurity - A fine grained multitiered containment strategy Defining the problem Multi-Tier Containment Model Security Patterns and Blueprints

3 3 With the smarter planet opportunities come new security and privacy risks Protection of sensitive and large volumes of data, shared globally Protection of sensors and actuators in the wild Protection of digital identities

4 4 In order to meet risk management objectives, Smarter Planet solutions need to be Engineered for Security and Dependability. Risks & Threats Attacking Safety Theft of money or services Reputational Loss Privacy Violations Gaming the system Denial of Service Subverting situational awareness Wasting resources on false alarms Hijacking control of equipment Damaging assets Physical and logical tampering

5 5 Information Technology components and systems can contribute to Infrastructure Failures & Engineering Disasters Federal investigators said yesterday that they found "anomalies" in a key component of the electronic control system along the Metro track north of Fort Totten, suggesting that computers might have sent one Red Line train crashing into another. A train control system that should have prevented Monday's deadly Metro crash failed in a test conducted by federal investigators, officials said yesterday, suggesting that a crucial breakdown of technology sent one train slamming into another. The test results are significant because they confirmed earlier findings of "anomalies" in an electrical track circuit in the crash area. The findings suggest that the oncoming train in Monday's crash might not have received information that a train was stopped ahead on the rails north of the Fort Totten Station. If a malfunctioning circuit failed to detect the stopped train, it would have assumed that the stretch of track was clear and set the speed of her train at 59 mph, sending it hurtling into the stopped one.

6 6 Industry Solution Requirements Protecting a Smarter Planet a.k.a. Critical Infrastructure Cybersecuirty From an IBM perspective, Cybersecurity is the practice of achieving the resilience of a Smarter Planet

7 7 Case Study: Sensors and Actuators in the Wild Sensors and Actuators Sensors and In The Wild Actuators In The Wild Driver: Smarter Driver: Planet Industries Smarter Planet make highvalue Industries decisions make based highvalue information decisions that based on originates on information from that sensors originates in the from wild. sensors in the wild. Challenge: Sensors Challenge: are not sufficiently Sensors are physically not secure sufficiently and sensor physically data secure is not and sufficiently sensor protected data is not from sufficiently attack relative protected to the from high attack value relative decisions to the high that are value made decisions based on that them. are made based on them. The link between the points The link of data between the acquisition points of data and the point acquisition of data and the processing point of data is often broken. processing is often broken. Attacks Electric Actuator on a valve in a power plant (Source: Wikipedia)

8 8 What Are We Concerned About? People Physical Objects Biometrics Physical Location Physical Identities Human Accountability Privacy Physical Data Compliance {Netcentric Technology} Autonomous Control Real-time Processes Society High-Impact Processes Nature Legacy of Vulnerable Process Control Technology Physical Sensors in the wild Physical Actuators

9 9 Multi-Tier Architecture & Deperimeterization Multi-Tier Architecture - Our architectures have become componentized, service-based and distributed across platforms and service providers. We no longer have control over all our high value assets we have become deperimeterized.

10 10 Fine-Grained Multi-Tier Containment Supplier Integiry Identity Collaboration - Gov to Gov; Gov to Industry; Gov the Critical infrastructure; Industry to Industry (ICT) Information Assurance Smart Information Environments Data Protection throughout the lifecycle Defending Networks and gateways Persistent threat issues Continuous Network Monitoring High Performance Computing Federated Security Compliance - Trusted Partners validation of (Secure the Supply Chain) policies (IT) Collaboration & Community (Secure the Groups and Processes) Collaboration & Community (Group) Business / Mission (Secure the Services) SOA, Information (Service) Applications / Middleware (Secure the Middleware and Applications) Middleware Data Center/Cloud (Middleware Server) (Secure the Tenant) Platform Data Center/Network/Cloud (Secure the Platform) (Tenant) Data (Secure the Information) Platform (Process) Network (Secure the Transport Layer) Situational Awareness of the Government ecosystems Central Operations Center - government sensitive, civilian agencies/dept, CIP and industry IoD / Analytics Analytics / Dashboarding

11 11 Fine-Grained Multi-Tier Containment Identity Collaboration - Gov to Gov; Gov to Industry; Gov the Critical infrastructure; Industry to Industry (ICT) Information Assurance Smart Information Environments Data Protection throughout the lifecycle Defending Networks and gateways Persistent threat issues Supply Chain High Performance Computing Federated Trusted Security Partners (Secure the Supply Chain) Collaboration & Community (Secure the Groups and Processes) Collaboration & Community (Group) Business / Mission (Secure the Services) SOA, Information (Service) Applications / Middleware (Secure the Middleware and Applications) Middleware Data Center/Cloud (Middleware Server) (Secure the Tenant) Platform Data Center/Network/Cloud (Secure the Platform) (Tenant) Data (Secure the Information) Platform (Process) Network (Secure the Transport Layer) Compliance - validation of policies (IT) Situational Awareness of the Government ecosystems Central Operations Center - government sensitive, civilian agencies/dept, CIP and industry IoD / Analytics Analytics / Dashboarding

12 12 Multi-Tier Containment Strategy Federated Trusted Security Partners (Secure the Supply Chain) Collaboration & Community (Secure the Groups and Processes) Collaboration & Community (Group) Business / Mission (Secure the Services) SOA, Information (Service) Applications / Middleware (Secure the Middleware and Applications) Secure Each Teir / Layer Independenly Middleware Data Center/Cloud (Middleware Server) (Secure the Tenant) Platform Data Center/Network/Cloud (Secure the Platform) (Tenant) Data (Secure the Information) Platform (Process) Network (Secure the Transport Layer) Secure the Boundary Between Each Tier / Layer Cross-Cutting Security Services

13 13 Cybersecurity Model Based on the IBM Security Framework Fine-Grained Multi-Tier Containment

14 14 Cybersecurity Model Foundational Security Components Software, System & Service Assurance Identity, Access & Entitlement Mgmt Foundational Security Data & Information Protection Mgmt Threat & Vulnerability IT Service Command and Control Mgmt Security Policy Risk & Compliance Assessment Physical Asset

15 15 Secure the Platform (Operating Environment) Focus: Command and Control provides the command center for security management as well as the operational security capabilities for non-it assets and services to ensure protection, response, continuity and recovery. Includes: Providing the approving authority for security; ensuring that physical and operational security is maintained for locations, assets, humans, environment and utilities; providing surveillance and monitoring of locations, perimeters and areas; enforce entry controls; providing for positioning, tracking and identification of humans and assets; continuity and recovery operations. Foundational Security Mgmt Service Command and Control Mgmt Supervisory Control & Delegation of Authority Command Center Intelligence Service Continuity & Recovery Physical Asset Mgmt Security Services and Infrastructure Physical Security Identity, Access & Entitlement Infrastructure Policies Knowledge Security Service Level Objectives Surveillance & Monitoring Services Positioning and Tracking Services Environment & Utility Assurance Security Policy Infrastructure Detection Services Location, perimeter & area protection Service Mgmt and Process Automation IT Security Services and Mechanisms Entry Control Response Services Human Identification

16 16 Secure the Platform Architectural Pattern Security System Identity, Access & Entitlement Mgmt Business Service platform Delegation of authority Policies Data & Information Protection Mgmt Locations actors assets Command and Control Mgmt Security Policy Software, System & Service Assurance Processes Service directives and objectives IT Service Applications Compliance metrics Threat & Vulnerability Hosts and End-points Storage Compliance Reports Risk Posture Risk & Compliance Assessment Physical Asset Events & artifacts Networks Data Security Events & Logs Knowledge Infrastructure Service platform

17 17 Security Blueprint Patterns IBM Security Framework: Business Security Reference Model Governance, Risk, Compliance (GRC) Application & Process People & Identity IT Infrastructure: Network, Server, End Point Data & Information Physical Infrastructure Architectural Principles Software, System & Service Assurance Command and Control Mgmt Security Info and Event Infrastructure Network Security Identity, Access & Entitlement Mgmt Foundational Security Security Policy Security Services and Infrastructure Identity, Access & Entitlement Infrastructure Storage Security Data & Information Protection Mgmt Risk & Compliance Assessment Security Policy Infrastructure Host and End-point Security Threat & Vulnerability Physical Asset Cryptography, Key & Certificate Infrastructure Application Security IT Service Service and Process Automation Physical Security IT Security Services and Mechanisms Security Service Level Objectives Code & Images Designs Policies Configuration Info and Registry Identities & Attributes Resources Contexts Data Security Events & Logs Knowledge

18 18 Thank you! For more information, please visit: ibm.com/cloud Ibm.com/security

19 Identity, Access & Entitlement Focus: This sublayer provides all services related to roles and identities, access rights and entitlements. The goal of these services is to assure that access to resources has been given to the right identities, at the right time, for the right purpose. It also supports that access to resources is monitored and audited for unauthorized or unacceptable use. Foundational Security Mgmt Service Trust Mgmt Identity Lifecycle Credential Mgmt Role & Entitlement Enrollment Services Identity Issuing Credential Mgmt Role / Entitlement Modeling Compliance Compliance Reporting 19 Identity, Access and Entitlement Mgmt Proofing Services Identity Resolution Identity Provisioning Identity Re/certification Identity and Attribute Services Credential and Token Exchange Services Role / Entitlement Discovery Org and App Role Reputation Services Identity Revocation Single Sign-on Services Entitlement Security Services and Infrastructure Identity, Access & Entitlement Infrastructure Host & Endpoint Network Storage Application Identities & Attributes Security Service Level Objectives Authentication Nonrepudiation Authorization Directory and Attribute Services Access Control Entitlement Policy Policies Contexts Security Policy Infrastructure Cryptography, Key & Certificate Infrastructure IT Security Services and Mechanisms

20 20 Trusted Advisor Solution Provider Security Company The Company Security for the Cloud Security from the Cloud Security & Privacy Leadership

21 21 Cloud Security = SOA Security + Secure Virtualized Runtime Two examples: IBM Tivoli Federated Identity Manager IBM Security Virtual Server Protection

22 Example 1: IBM Tivoli Federated Identity Manager 22 Centralized user access management to on- and off-premise apps and services Wide variety of Federated SSO protocols SAML 1.0 / 1.1 / 2.0 WS-Federation Liberty ID-FF 1.1/ 1.2 Information Card Profile 1.0 OpenID Integration with IBM LotusLive, Google Apps, salesforce.com, etc. SMB A TFIM BG Enterprise B TFIM Enterprise C TFIM & TSPM Google Apps Salesforce Microsoft Tools for user enrollment, WS-Trust based security token services, web access management Simplify integration across Java,.NET and mainframe environments TFIM = Tivoli Federated Identity Manager TFIM BG = TFIM Business Gateway for SMB deployment TSPM = Tivoli Security Policy Manager for data entitlement management IBM Lotus Live

23 23 Example 2: IBM Security Virtual Server Protection for VMware Integrated threat protection for VMware vsphere 4 Offers broadest, most integrated, defense-in-depth virtualization security with one product Provides dynamic protection for every layer of the virtual infrastructure Helps meet regulatory compliance by providing security and reporting functionality customized for the virtual infrastructure Increases ROI of the virtual infrastructure with easy to maintain, easy to deploy security Firewall Auto Discovery VMsafe Integration Virtual Infrastructure Auditing (Privileged User Access) Rootkit Detection Virtual Network Segment Protection Intrusion Detection & Prevention Virtual Network-Level Protection Inter-VM Traffic Analysis Virtual Network Access Control VM Sprawl Central Network Policy Enforcement Web Application Protection Automated Protection for Mobile VMs (VMotion) Virtual Patch

24 24 Deperimeterization & IBM Security Framework

25 25 Cybersecurity Model Based on the IBM Security Framework Cyber security Solution Requirements

26 26 Cybersecurity - Situational Awareness Full spectrum analysis of security relevant events: Network Application Platform Data Behavioral Integrated Command and Control

27 27 Cyber Security Architectural Overview

28 28 IBM Secure Engineering Framework Published the IBM Secure Engineering Framework Represents a compilation of internal security practices Provides consistent message on IBM s approach to addressing vulnerabilities Differentiates IBM capabilities and offerings among vendors and alliances Can provide a unified go-to-market strategy for security features in products & development tools Provide structure, execution and accountability for software and solution development projects Build and Maintain trusted relationships with suppliers, distribution channels, import/ export and customer support Best practices for secure software in design, development and deployment Continual improvement for the security characteristics of software offerings through Key Performance Indicators

29 29 IBM s Holistic Cyber Security Approach IBM security framework the IBM Institute for Advanced Security

Security and Privacy Aspects in Cloud Computing

Security and Privacy Aspects in Cloud Computing Frank Hebestreit, CISA, CIPP/IT IBM Security Services, IBM Global Technology Services frank.hebestreit@de.ibm.com Security and Privacy Aspects in Cloud Computing 17.11.2010 Outline Brief Introduction to

More information

Security and Cloud Computing

Security and Cloud Computing Martin Borrett, Lead Security Architect, Europe, IBM 9 th December 2010 Outline Brief Introduction to Cloud Computing Security: Grand Challenge for the Adoption of Cloud Computing IBM and Cloud Security

More information

Virtualization with VMware and IBM: Enjoy the Ride, but Don t Forget to Buckle Up!

Virtualization with VMware and IBM: Enjoy the Ride, but Don t Forget to Buckle Up! Virtualization with VMware and IBM: Enjoy the Ride, but Don t Forget to Buckle Up! Ravi Kumar, Group Product Marketing Manager - Security, VMware Bob Kalka, Director, IBM Security Solutions, IBM The Rise

More information

CLOUD SECURITY: THE GRAND CHALLENGE

CLOUD SECURITY: THE GRAND CHALLENGE Government Ware: GovWare Singapore September 29, 2010 CLOUD SECURITY: THE GRAND CHALLENGE Glen Gooding Asia Pacific Security Leader IBM Corporation ggooding@au1.ibm.com Rest safe: Google saves the day

More information

Provide access control with innovative solutions from IBM.

Provide access control with innovative solutions from IBM. Security solutions To support your IT objectives Provide access control with innovative solutions from IBM. Highlights Help protect assets and information from unauthorized access and improve business

More information

Strengthen security with intelligent identity and access management

Strengthen security with intelligent identity and access management Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Mobile, Cloud, Advanced Threats: A Unified Approach to Security Mobile, Cloud, Advanced Threats: A Unified Approach to Security David Druker, Ph.D. Senior Security Solution Architect IBM 1 Business Security for Business 2 Common Business Functions Manufacturing or

More information

Addressing Cyber Security in Oracle Utilities Applications

Addressing Cyber Security in Oracle Utilities Applications Addressing Cyber Security in Oracle Utilities Applications Anthony Shorten Principal Product Manager Oracle Utilities Global Business Unit Sept, 2014 Safe Harbor Statement The following is intended to

More information

Securing the Cloud through Comprehensive Identity Management Solution

Securing the Cloud through Comprehensive Identity Management Solution Securing the Cloud through Comprehensive Identity Management Solution Millie Mak Senior IT Specialist What is Cloud Computing? A user experience and a business model Cloud computing is an emerging style

More information

Intelligent Security Design, Development and Acquisition

Intelligent Security Design, Development and Acquisition PAGE 1 Intelligent Security Design, Development and Acquisition Presented by Kashif Dhatwani Security Practice Director BIAS Corporation Agenda PAGE 2 Introduction Security Challenges Securing the New

More information

Healthcare: La sicurezza nel Cloud October 18, 2011. 2011 IBM Corporation

Healthcare: La sicurezza nel Cloud October 18, 2011. 2011 IBM Corporation Healthcare: La sicurezza nel Cloud October 18, 2011 Cloud Computing Tests The Limits Of Security Operations And Infrastructure Security and Privacy Domains People and Identity Data and Information Application

More information

IBM QRadar Security Intelligence April 2013

IBM QRadar Security Intelligence April 2013 IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence

More information

API Management: Powered by SOA Software Dedicated Cloud

API Management: Powered by SOA Software Dedicated Cloud Software Dedicated Cloud The Challenge Smartphones, mobility and the IoT are changing the way users consume digital information. They re changing the expectations and experience of customers interacting

More information

The Benefits of an Integrated Approach to Security in the Cloud

The Benefits of an Integrated Approach to Security in the Cloud The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The

More information

Cloud Security: The Grand Challenge

Cloud Security: The Grand Challenge Dr. Paul Ashley IBM Software Group pashley@au1.ibm.com Cloud Security: The Grand Challenge Outline Cloud computing: the pros, the cons, the blind spots Security in the cloud - what are the risks now and

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

Netzwerkvirtualisierung? Aber mit Sicherheit!

Netzwerkvirtualisierung? Aber mit Sicherheit! Netzwerkvirtualisierung? Aber mit Sicherheit! Markus Schönberger Advisory Technology Consultant Trend Micro Stephan Bohnengel Sr. Network Virtualization SE VMware Agenda Background and Basic Introduction

More information

When millions need access: Identity management in an increasingly connected world

When millions need access: Identity management in an increasingly connected world IBM Software Thought Leadership White Paper January 2011 When millions need access: Identity management in an increasingly connected world Best practice solutions that scale to meet today s huge numbers

More information

Ragy Magdy Regional Channel Manager MEA IBM Security Systems

Ragy Magdy Regional Channel Manager MEA IBM Security Systems Ragy Magdy Regional Channel Manager MEA IBM Security Systems 1 Started my career in Security in 2003 by Joining ISS 2005 was named the ISS Regional Manager for the Middle East 2006 ISS was acquired by

More information

Post-Access Cyber Defense

Post-Access Cyber Defense Post-Access Cyber Defense Dr. Vipin Swarup Chief Scientist, Cyber Security The MITRE Corporation November 2015 Approved for Public Release; Distribution Unlimited. 15-3647. 2 Cyber Security Technical Center

More information

Security Reference Architecture

Security Reference Architecture Security Reference Architecture James (Jimmy) Darwin James.Darwin@au.ibm.com 2010 IBM Corporation 0 Reference Architectures As part of the Time-to-Value Initiative, Reference Architectures have been identified

More information

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure

More information

Cloud computing is a new consumption and delivery model. Yesterday Today

Cloud computing is a new consumption and delivery model. Yesterday Today IBM Cloud Security Strategy Securing the Cloud Johan Van Mengsel, CISSP Open Group Distinguished IT Specialist IBM Global Technology Services 2010 IBM Corporation Todays Challenges 85% idle 70 per $1 1.5x

More information

VMware Integrated Partner Solutions for Networking and Security

VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Security and Compliance VMware vcloud Networking and Security is the leading networking and security

More information

OPENIAM ACCESS MANAGER. Web Access Management made Easy

OPENIAM ACCESS MANAGER. Web Access Management made Easy OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access

More information

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government

More information

Security Solution Architecture for VDI

Security Solution Architecture for VDI Solution Architecture for VDI A reference implementation of VMware BENEFITS Validated solution architecture provides unprecedented end-to-end security dashboard for virtual desktop infrastructure (VDI)

More information

Lecture 02b Cloud Computing II

Lecture 02b Cloud Computing II Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,

More information

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure

More information

Safeguarding the cloud with IBM Security solutions

Safeguarding the cloud with IBM Security solutions Safeguarding the cloud with IBM Security solutions Maintain visibility and control with proven solutions for public, private and hybrid clouds Highlights Address cloud concerns with enterprise-class solutions

More information

IBM Tivoli Federated Identity Manager

IBM Tivoli Federated Identity Manager IBM Tivoli Federated Identity Manager Employ user-centric federated access management to enable secure online business collaboration Highlights Enhance business-to-business and business-to-consumer collaborations

More information

The Challenges of Web single sign-on

The Challenges of Web single sign-on Serge Vereecke Security Architect IBM Security Services serge_vereecke@be.ibm.com The Challenges of Web single sign-on GSE Event September 7, 2012 Agenda Single sign-on technology Why single sign-on Challenges

More information

Service management White paper. Manage access control effectively across the enterprise with IBM solutions.

Service management White paper. Manage access control effectively across the enterprise with IBM solutions. Service management White paper Manage access control effectively across the enterprise with IBM solutions. July 2008 2 Contents 2 Overview 2 Understand today s requirements for developing effective access

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

IBM Smarter Cities Cybersecurity Update

IBM Smarter Cities Cybersecurity Update IBM Smarter Cities Cybersecurity Update October 2012 Kent Blossom, Vice President, IBM Security Solutions kblossom@us.ibm.com 1 Discussion Topics IBM Security Systems Evolving Client Priorities & Approaches

More information

The Next Generation of Security Leaders

The Next Generation of Security Leaders The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish

More information

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC Securing the Journey to the Private Cloud Dominique Dessy RSA, the Security Division of EMC June 2010 Securing the Journey to The Private Cloud The Journey IT Production Business Production IT-As-A-Service

More information

Cloud Security - Risiken und Chancen

Cloud Security - Risiken und Chancen Dr. Matthias Schunter, MBA IBM Research Zürich, mts@zurich.ibm.com, http://www.schunter.org Simple Questions Today s Data Center Tomorrow s Public Cloud We Have Control It s located at X. It s stored in

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace Triangle InfoSeCon Alternative Approaches for Secure Operations in Cyberspace Lt General Bob Elder, USAF (Retired) Research Professor, George Mason University Strategic Advisor, Georgia Tech Research Institute

More information

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management

More information

Information Security: Why is it important for the Healthcare Industry?

Information Security: Why is it important for the Healthcare Industry? IBM and Security in the Healthcare Industry Information Security: Why is it important for the Healthcare Industry? Glen Gooding IBM Security Leader ggooding@au1.ibm.com May 25 2010 Baseline definitions

More information

Safeguarding the cloud with IBM Dynamic Cloud Security

Safeguarding the cloud with IBM Dynamic Cloud Security Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from

More information

APIs The Next Hacker Target Or a Business and Security Opportunity?

APIs The Next Hacker Target Or a Business and Security Opportunity? APIs The Next Hacker Target Or a Business and Security Opportunity? SESSION ID: SEC-T07 Tim Mather VP, CISO Cadence Design Systems @mather_tim Why Should You Care About APIs? Amazon Web Services EC2 alone

More information

IBM. How can we support the requirement of creating dynamic, flexible and cost effective solution in the IAM area?

IBM. How can we support the requirement of creating dynamic, flexible and cost effective solution in the IAM area? IBM How can we support the requirement of creating dynamic, flexible and cost effective solution in the IAM area? Sven-Erik Vestergaard Nordic Security Architect IBM Software group svest@dk.ibm.com Security

More information

Secure Cloud Computing

Secure Cloud Computing Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for

More information

Defending against modern threats Kruger National Park ICCWS 2015

Defending against modern threats Kruger National Park ICCWS 2015 Defending against modern threats Kruger National Park ICCWS 2015 Herman Opperman (CISSP, ncse, MCSE-Sec) - Architect, Cybersecurity Global Practice Microsoft Corporation Trends from the field Perimeter

More information

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing

More information

Cloud Essentials for Architects using OpenStack

Cloud Essentials for Architects using OpenStack Cloud Essentials for Architects using OpenStack Course Overview Start Date 18th December 2014 Duration 2 Days Location Dublin Course Code SS906 Programme Overview Cloud Computing is gaining increasing

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

IBM Security Intrusion Prevention Solutions

IBM Security Intrusion Prevention Solutions IBM Security Intrusion Prevention Solutions Sarah Cucuz sarah.cucuz@spyders.ca IBM Software Solution Brief IBM Security intrusion prevention solutions In-depth protection for networks, servers, endpoints

More information

ObserveIT User Activity Monitoring

ObserveIT User Activity Monitoring KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger April 2015 ObserveIT provides a comprehensive solution for monitoring user activity across the enterprise. The product operates primarily based on

More information

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

2011 Cyber Security and the Advanced Persistent Threat A Holistic View 2011 Cyber and the Advanced Persistent Threat A Holistic View Thomas Varney Cybersecurity & Privacy BM Global Business Services 1 31/10/11 Agenda The Threat We Face A View to Addressing the Four Big Problem

More information

Preemptive security solutions for healthcare

Preemptive security solutions for healthcare Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Identity Federation Broker for Service Cloud

Identity Federation Broker for Service Cloud 2010 International Conference on Sciences Identity Federation Broker for Cloud He Yuan Huang 1, Bin Wang 1, Xiao Xi Liu 1, Jing Min Xu 1 1 IBM Research China {huanghey, wangbcrl, liuxx, xujingm}@cn.ibm.com

More information

Cloud computing White paper November 2009. IBM Point of View: Security and Cloud Computing

Cloud computing White paper November 2009. IBM Point of View: Security and Cloud Computing White paper November 2009 IBM Point of View: Security and Cloud Computing Page 2 Table of Contents Introduction... 3 Address cloud security the grand challenge... 4 Evaluate different models of cloud computing...

More information

SOLUTIONS. Secure Infrastructure as a Service for Production Workloads

SOLUTIONS. Secure Infrastructure as a Service for Production Workloads IaaS SOLUTIONS Secure Infrastructure as a Service for Production Workloads THE CHALLENGE Now more than ever, business and government are facing the challenge of balancing conflicting demands. Market pressures

More information

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Beyond passwords: Protect the mobile enterprise with smarter security solutions IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive

More information

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing

More information

Digital Citizen Services & Security

Digital Citizen Services & Security Digital Citizen Services & Security Tony West Unisys May 2016 2016 Unisys Corporation. All Rights Reserved. Unisys provides a range of solutions to address the drive toward Digital Citizens and Government

More information

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security

More information

Enterprise Cybersecurity: Building an Effective Defense

Enterprise Cybersecurity: Building an Effective Defense Enterprise Cybersecurity: Building an Effective Defense Chris Williams Oct 29, 2015 14 Leidos 0224 1135 About the Presenter Chris Williams is an Enterprise Cybersecurity Architect at Leidos, Inc. He has

More information

A Look at the New Converged Data Center

A Look at the New Converged Data Center Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable

More information

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample

More information

Service Oriented Networks Security. David Brossard, M.Eng, SCEA Senior Security Researcher, BT Innovate Globecom 2008

Service Oriented Networks Security. David Brossard, M.Eng, SCEA Senior Security Researcher, BT Innovate Globecom 2008 Service Oriented Networks Security David Brossard, M.Eng, SCEA Senior Security Researcher, BT Innovate Globecom 2008 While empowering new business models, SON leads to a proliferation of application networks

More information

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber

More information

Security It s an ecosystem thing

Security It s an ecosystem thing Security It s an ecosystem thing Joseph Alhadeff Vice President Global Public Policy, Chief Privacy Strategist The Security challenge in the before time. Today s Threat Environment

More information

Consolidated security management for mainframe clouds

Consolidated security management for mainframe clouds Security Thought Leadership White Paper February 2012 Consolidated security management for mainframe clouds Leveraging the mainframe as a security hub for cloud-computing environments 2 Consolidated security

More information

Mitigating Information Security Risks of Virtualization Technologies

Mitigating Information Security Risks of Virtualization Technologies Mitigating Information Security Risks of Virtualization Technologies Toon-Chwee, Wee VMWare (Hong Kong) 2009 VMware Inc. All rights reserved Agenda Virtualization Overview Key Components of Secure Virtualization

More information

Applying IBM Security solutions to the NIST Cybersecurity Framework

Applying IBM Security solutions to the NIST Cybersecurity Framework IBM Software Thought Leadership White Paper August 2014 Applying IBM Security solutions to the NIST Cybersecurity Framework Help avoid gaps in security and compliance coverage as threats and business requirements

More information

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102 Cloud Standards Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102 2011 IBM Corporation Agenda Overview on Cloud Standards Identity and Access Management Discussion 2 Overview on Cloud

More information

Security and Cloud Compunting - Security impacts, best practices and solutions -

Security and Cloud Compunting - Security impacts, best practices and solutions - Security and Cloud Compunting - Security impacts, best practices and solutions - Andrea Carmignani Senior IT Architect What is Cloud Security It s about business and data behind it The ability to maintain

More information

Copyright 11/1/2010 BMC Software, Inc 1

Copyright 11/1/2010 BMC Software, Inc 1 Copyright 11/1/2010 BMC Software, Inc 1 Copyright 11/1/2010 BMC Software, Inc 2 Copyright 11/1/2010 BMC Software, Inc 3 The current state of IT Service How we work today! INCIDENT SERVICE LEVEL DATA SERVICE

More information

IBM Security Strategy

IBM Security Strategy IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration

More information

IBM Security Systems Solutions

IBM Security Systems Solutions 1 IBM Security Systems Solutions Agenda Market opportunity Where are companies investing in security today? What do we offer? Customer case studies and win reviews Security and the Cloud Call to action

More information

Security and Cloud Computing

Security and Cloud Computing Security and Cloud Computing Martin Borrett, Lead Security Architect NE Europe, WW Service Management Tiger Team IBM Software Optimising the World s Infrastructure 27th May - London Agenda Brief Introduction

More information

Enterprise Security Architecture Concepts and Practice

Enterprise Security Architecture Concepts and Practice Enterprise Architecture Concepts and Practice Jim Whitmore whitmore@us.ibm.com Presentation to Open Group Oct 22, 2003 Enterprise Architecture Abstract In the early 90 s IBM Global Services created a Consultancy

More information

New Broadband and Dynamic Infrastructures for the Internet of the Future

New Broadband and Dynamic Infrastructures for the Internet of the Future New Broadband and Dynamic Infrastructures for the Internet of the Future Margarete Donovang-Kuhlisch, Government Industry Technical Leader, Europe mdk@de.ibm.com Agenda Challenges for the Future Intelligent

More information

Best Practices for Secure, Privacy, Preserving Mobile Networks: A NIST Perspective

Best Practices for Secure, Privacy, Preserving Mobile Networks: A NIST Perspective Best Practices for Secure, Privacy, Preserving Mobile Networks: A NIST Perspective Donna F. Dodson Chief Cybersecurity Advisor National Institute of Standards and Technology donna.dodson@nist.gov A Little

More information

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro Staying Secure After Microsoft Windows Server 2003 Reaches End of Life Trevor Richmond, Sales Engineer Trend Micro Windows Server 2003 End of Life- Why Care? The next big vulnerability (Heartbleed/Shellshock)

More information

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera Approach to Information Security Architecture Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera About TeliaSonera TeliaSonera provides network access and telecommunication services that help

More information

F5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France

F5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France F5 Identity and Access Management (IAM) Overview Laurent PETROQUE Manager Field Systems Engineering, France F5 s Security Strategy Protect Apps/Data Wherever They Reside Control Access to Apps/Data from

More information

EXECUTIVE VIEW. CA Privileged Identity Manager. KuppingerCole Report

EXECUTIVE VIEW. CA Privileged Identity Manager. KuppingerCole Report KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski March 2015 is a comprehensive Privileged Identity Management solution for physical and virtual environments with a very broad range of supported

More information

Ahead of the threat with Security Intelligence

Ahead of the threat with Security Intelligence Ahead of the threat with Security Intelligence PITB Information Security Conference 2013 Zoaib Nafar Brand Technical Sales Lead 2012 IBM Corporation 1 The world is becoming more digitized and interconnected,

More information

The monsters under the bed are real... 2004 World Tour

The monsters under the bed are real... 2004 World Tour Web Hacking LIVE! The monsters under the bed are real... 2004 World Tour Agenda Wichita ISSA August 6 th, 2004 The Application Security Dilemma How Bad is it, Really? Overview of Application Architectures

More information

IBM Connections Cloud Security

IBM Connections Cloud Security IBM Connections White Paper September 2014 IBM Connections Cloud Security 2 IBM Connections Cloud Security Contents 3 Introduction 4 Security-rich Infrastructure 6 Policy Enforcement Points Provide Application

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

8 Steps to Holistic Database Security

8 Steps to Holistic Database Security Information Management White Paper 8 Steps to Holistic Database Security By Ron Ben Natan, Ph.D., IBM Distinguished Engineer, CTO for Integrated Data Management 2 8 Steps to Holistic Database Security

More information

2013 AWS Worldwide Public Sector Summit Washington, D.C.

2013 AWS Worldwide Public Sector Summit Washington, D.C. Washington, D.C. Next Generation Privileged Identity Management Control and Audit Privileged Access Across Hybrid Cloud Environments Ken Ammon, Chief Strategy Officer Who We Are Security software company

More information

VMware Integrated Partner Solutions for Networking and Security

VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Networking and Security Networking and Security are complex, dynamic areas, and VMware recognizes

More information

IBM Security Privileged Identity Manager helps prevent insider threats

IBM Security Privileged Identity Manager helps prevent insider threats IBM Security Privileged Identity Manager helps prevent insider threats Securely provision, manage, automate and track privileged access to critical enterprise resources Highlights Centrally manage privileged

More information

VICNET is G-Cloud7 GOV UK Supplier VISIT DIGITAL MARKET PLACE VICNETCLOUD VICNET CLOUD MIGRATION SERVICES

VICNET is G-Cloud7 GOV UK Supplier VISIT DIGITAL MARKET PLACE VICNETCLOUD VICNET CLOUD MIGRATION SERVICES VICNET is G-Cloud7 GOV UK Supplier VISIT DIGITAL MARKET PLACE VICNETCLOUD VICNET CLOUD MIGRATION SERVICES Consult and assess your business and technical requirements Advise you on the best cloud solutions

More information

IBM 000-281 EXAM QUESTIONS & ANSWERS

IBM 000-281 EXAM QUESTIONS & ANSWERS IBM 000-281 EXAM QUESTIONS & ANSWERS Number: 000-281 Passing Score: 800 Time Limit: 120 min File Version: 58.8 http://www.gratisexam.com/ IBM 000-281 EXAM QUESTIONS & ANSWERS Exam Name: Foundations of

More information

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction

More information

<Insert Picture Here> Oracle Identity And Access Management

<Insert Picture Here> Oracle Identity And Access Management Oracle Identity And Access Management Gautam Gopal, MSIST, CISSP Senior Security Sales Consultant Oracle Public Sector The following is intended to outline our general product direction.

More information

Journey to the Private Cloud. Key Enabling Technologies

Journey to the Private Cloud. Key Enabling Technologies Journey to the Private Cloud Key Enabling Technologies Jeffrey Nick Chief Technology Officer Senior Vice President EMC Corporation June 2010 1 The current I/T state: Infrastructure sprawl Information explosion

More information

IT Infrastruktur for framtiden

IT Infrastruktur for framtiden IT Infrastruktur for framtiden Samu Raunela, CTO Otrum, samu.raunela@otrum.com Bjørn Roksvold, IBM roksvold@no.ibm.com Which services can be delivered through cloud computing? Analytics Business processes

More information

Virtualization Essentials

Virtualization Essentials Virtualization Essentials Table of Contents Introduction What is Virtualization?.... 3 How Does Virtualization Work?... 4 Chapter 1 Delivering Real Business Benefits.... 5 Reduced Complexity....5 Dramatically

More information