Security in Hybrid Clouds
|
|
- Derek Harrison
- 8 years ago
- Views:
Transcription
1 Security in Hybrid Clouds
2 Executive Summary... 3 Commonly Accepted Security Practices and Philosophies... 4 Defense- in- Depth... 4 Principal of Least Privileges... 4 Hybrid Cloud Security Issues and Threats... 6 Multi- cloud and Hybrid Considerations... 8 Conclusion
3 Executive Summary As Cloud Computing has evolved and matured, it has sparked growing interest from the enterprise market where economic pressures are challenging traditional IT operations. Many companies and government agencies are being faced with growing IT costs that originate from multiple sources such as legacy systems, software licensing, power consumption, and operating overhead. These growing costs are exacerbated by the inefficiencies in traditional IT organizations such as projectbased funding, underutilization of resources, lengthy manual provisioning times, and organizational silos. Cloud Computing, either through Private or Public cloud initiatives, is focused on addressing these issues by reducing costs through better standardization, higher utilization, greater agility, and faster responsiveness of IT services. However, a high-priority concern for many enterprises in embarking on a private, public, or hybrid cloud journey, is security of the infrastructure and the information stored and processed by that infrastructure. This is particularly important for firms in domains with a high level of regulation and/or sensitive customer data. Balancing rich mechanisms for identity and access management with integral features such as single sign-on is a must for cloud environments. Securing information and software assets in the cloud can be problematic, especially in public cloud environments where the systems are not directly controlled by the data owners. However, utilizing same principals and lessons learned in developing the on-premise Private Cloud solutions, can also be applied to Public Clouds ideology. This paper will be focused primarily on the security risks, mitigations, considerations and commonly accepted practices that apply to Public, Private and Multi-Cloud deployments. 3
4 Commonly Accepted Security Practices and Philosophies Defense-in-Depth Defense-in-depth is the practice of using controls at all layers of the information architecture. In cloud architectures, the need to follow this philosophy is even more important. For Private Cloud and IaaS cloud deployments, the areas of focus include operating system, hypervisor, virtual machines, storage, database, application servers, applications, networks, and consumer portals. For Public Cloud PaaS, areas may include securing stack components using role based data access for application and database server components. One of the primary security design goals for Defense in Depth is to map application requirements to business, functional, and technical Cloud platforms. In a traditional (non-cloud) architecture, this is done using distinct servers, storage systems, and network subnets. In cloud architectures, using cloud pools is becoming an accepted method for achieving this goal. Cloud pools, which to refer to a common set of resources shared by tenants, can be separated by data sensitivity, line of business, and/or classification of users accessing it. For example, customers may place greenfield applications with non-sensitive data in AWS and place sensitive data in on-premise or Oracle/Azure Clouds. A key part of the defense in depth approach involves the three As: authentication, authorization, and auditing. Cloud Providers and stack vendors offer a variety of products and features that address these three As at various points of user data access and stack components. Customers should determine which features or products should be implemented based on business needs or existing architecture and standards; e.g., single sign-on, Active Directory integration, IP rules, etc. Principal of Least Privileges The Defense in Depth starts with the principle of least privileges. The principle of least privilege is the practice of limiting access to the minimal level, yet still allowing the application to function normally. For example, application owners and administrators should have access only to the data, applications, and systems and privileges necessary to perform their duties. This approach provides better stability and more predictable behavior; e.g., unauthorized users cannot purposely or accidently remove privileged files or stop critical processes. Additionally, least privileges also improves mean time to deploy applications, since fewer privileges or roles need to be implemented. However, least privilege principle is one of the most difficult philosophies to implement. Organizations must have knowledge of the following to successfully implement least privilege principle: 1. Classification of data 2. Knowledge of where their sensitive data resides 3. Mapping of data ownership to user credentials 4. Solid automation for user lifecycle management Although these philosophies apply to general application deployment, least privilege principle becomes even more important and relevant in Cloud deployments, as tenants will demand certain level of security isolation. 4
5 As part of this Hybrid Cloud deployment models, three new key personnel roles have emerged to play a large part in data asset management. Cloud Brokers With the various Cloud Platforms available; e.g., AWS, Azure, Oracle, as well as possible off-premise hosted systems (Rackspace, Savvis, etc.), customers will most likely have data spread across these platforms. A Cloud Broker monitors and surveys the data assets across these various Cloud platforms. The main objective is to govern, based on regulatory or compliance requirements, what can be placed outside vs. inside the DMZ. The Cloud Broker effectively is a small organization that requires a solid foundation of data classification and data accountability. Thus, subroles will include data stewards, security infrastructure management and Cloud-vendor alliances. Cloud Administrators The Cloud Administrator is the gatekeeper for accessing Cloud resources; e.g., who can access, what can they access and how much compute resources (compute shapes) can be deployed. A key aspect of this role is resource monitoring and tenant lifecycle management. Cloud Security Administrators - This traditional role has evolved into a larger security framework administrator to facilitate and enforce the Defense in Depth approach for Private and Public Cloud deployments. For example, the Cloud Security Administrator may determine whether the Access Management (single sign-on) will be offsite-hosted or on-premise, if identity management will be replicated between Cloud configurations, or if centralized Wallet management is required. In the next section we will discuss Hybrid Cloud threats and how they can be addressed 5
6 Hybrid Cloud Security Issues and Threats With the convergence of technology that represents current cloud initiatives come different threats. Complicating this is the fact that traditional perimeters of the infrastructure change in a cloud environment. Organizations must develop a clear understanding of security requirements, trust boundaries, and threat profiles. It is stated that the velocity of change in a cloud is proportional to the velocity of attack, i.e., as the rate of change increases the potential for threats manifesting themselves also increases. Such threats are typically linked to the management of the cloud infrastructure. However, these are all manageable with current security best practices, governance processes and controls are in place. The following is a sampling of potential threats that one may encounter in a cloud environment and possible remedies against the threats. Side Channel infiltration An improperly secured cloud environment can be a point from which various inter/intra system attacks can be launched to either co-tenants or external systems, thereby causing a potential cascading failure of multiple systems. Threat amplification means that a problem propagates faster and farther through a Cloud environment than it would under alternate circumstances (i.e., in a noncloud environment). This also has the effect of potentially reducing a timely response and recovery from the threat. The multi-tenancy or proximity of systems in conjunction with an improperly secured cloud environment may increase the risk to data or system corruption from adjacent systems and applications. Such threats can be addressed by utilizing a strong security architecture that enables features such Secure Enhanced Linux (SELinux). SELinux is Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). For Private Clouds that leverage virtualization for isolation, should implement the vendor s Virtual Machine (VM) hardening guide for strong compartmentalization. Data leakage With multifarious options to access corporate data, such as mobile devices, at-home or on-premise networks; there is always the possibility of data leakage. Data leakage is a very broad subject area, the key is to focus on the source of the content; i.e., where is the data and how is it exposed, and disposed off. The key aspect is to ensure that appropriate controls are put in place, such as data encryption, data redaction or role based access control (RBAC) mechanisms. It is very typical for test and development environments to be built in Public clouds; however, these datasets are generally borne from production environments. This exposes data vulnerability. To address this, all data with classification of critical should always be redacted and or masked. In a cloud environment, we could further state that data leakage may be possible by leaving data remnants in memory or on disk after a database service or (VM) is de-provisioned. One approach to addressing this threat is to ensure that the software stack is completely de-installed and or a consistent data scrubbing process is implemented. OS Layer Security Providing Operating System access to tenants is sometimes a necessary evil for certain Cloud deployments, whether Private or Public. However, OS level access comes with another angle of security vulnerability. As stated above, the Linux security policy should use Secure Enhanced Linux (SELinux) with setting of enabled. 6
7 In addition to SELinux, file system audit and object action logging should also be enabled. Most native operating systems include a built-in capability for files system auditing. With file system auditing, the service collects data about the use of filesystem resources; e.g., files and data objects, and provides a record of security-related events. For system auditing, administrators can pre-select which classes of audit records to monitor or the degree of auditing that is performed for individual users. Auditing generates records when specified events occur; e.g. system startup/shutdown, login and logout, use of privilege capabilities or rolebased access control (RBAC) or administrative actions (such as installing a package) Once the relevant event information has been captured, it can be formatted into an audit record. However, audit capture is only one part of the puzzle. Audit records need to be analyzed (sometimes in real-time), to detect and alert on unauthorized activity, patterns of access or evaluating attempts to bypass the protection mechanisms. Distributed Denial of Service (DDoS) attacks A denial of service (DoS) attack is an incident in which a user or application becomes unavailable or non-serviceable because it is deprived of the resources necessary to operate. A distributed denial-ofservice (DDoS) is a large DOS attack based, comprised of large number of compromised systems attack a single target. A DOS/DDoS involves a loss of service or business function, such as customer facing websites, , or networks. DDoS attacks may be launched against a cloud environment that can result in the loss of access to or exhaustion of some resources or services so that the systems underperform or become unusable. A common DOS attack is the Buffer Overflow Attack. Customers should leverage the capabilities of load balancers and Web Servers such as monitoring frequently accessed URI and denying requests, if the request frequency exceeds a pre-defined threshold or maximum number of requests allowed from a client per second is hit. Complexity Complexity is an inherent and potential threat in any computing environment. As complexity grows, so does the security risks: more components means more attack surfaces and more interactions among components. When a system environment includes a variety of configuration and components (e.g., multiple O/S versions to maintain, multiple vendors to track, etc.), the management of the components is more difficult. Private and Public Cloud methodology reduces complexity by emphasizing a rationalized, standardized environment. With less variety to manage, each component can be given more detailed attention. Furthermore, when data stores are consolidated, the data visibility is centralized, whereas in a silo d environment there are more opportunities for data stores to fall outside of standard processes. Complexity can be further addressed through enforcement of strong security policies and procedures, along with standardized processes for provisioning users into the cloud and decommissioning environments. 7
8 Multi-cloud and Hybrid Considerations The movement and progression towards Cloud has created a myriad of options and configurations. Many customers that adopted Private Cloud early on have now implemented greenfield systems using AWS for IaaS configurations, or even Microsoft Azure. A multi-cloud strategy allows customers the flexibility to run on appropriate Cloud platforms based on application suitability. It has become a best of breed approach, not unlike the platform and database wars of earlier years. Regardless of the name, either Hybrid Cloud or Multi-Cloud, there are essentially three camps in this field: Clouds configurations that are distinct and purposely disjointed; e.g., on-premise Private Cloud for mission critical and Public Cloud for non-critical systems. In these cases, there may be no interaction or integration between these systems. Configurations where the Public Cloud is direct extension of on-premise system configurations. This implies application and system integration between the Cloud platforms. Configurations where the Public Cloud systems are on standby (or with minimal activity) but configured for Cloud bursting. For organizations that want interoperability across Cloud boundaries, it is essentially non-existent, unless customers are deploying a homogenous stack between cloud platforms; e.g., Oracle databases in Private Cloud and Oracle Public Cloud. In these cases, tools such as Oracle Enterprise Management is leveraged for management, administration, monitoring, and provisioning. However, for heterogeneous applications across heterogeneous Cloud platforms, this requires manual setup of management stack components and custom integration. Technologies such as OpenStack, Eucalyptus, Chef and Puppet have played a large part in this integration. What does this mean from a security perspective? In many cases organizations existing on-premise security architecture needs to be extended into the multi-cloud system. For example, access management, endpoint and wallet management, encrypting data in transit and at rest, and operational ownership for change management needs to be applied in hybrid cloud. This can be complicated if companies are trying to tie-back security from AWS, Azure, and Oracle Public Cloud into their on-premise Active Directory system. Nevertheless, there are Cloud based technologies emerging that provide [off-premise] User Lifecycle Management (cradle to grave) and centralized single sign-on (SSO) capabilities, enabling users access, from any device, to apps, whether they reside on cloud, mobile, or on-premises, all this can be based on IT based policies. 8
9 Conclusion Hybrid Cloud architectures enable organizations better utilization, improved agility and efficiency. However, Hybrid Cloud architectures can only provide benefits to an organization as long they are implemented and managed securely. Customers must ensure that their standards based Hybrid Cloud deployments cover all aspects of security, such as infrastructure, OS and database security. Without proper isolation, tenants may intentionally or unintentionally abuse shared resources or compromise security of their neighbors. Proper isolation enables the fair and secure use of the environment's shared resources. 9
10 Authors: Nitin Vengurlekar, CTO Viscosity North America Charles Kim, CEO Viscosity North America Publish Date: 8/8/
An Oracle White Paper July 2012. Security in Private Database Clouds
An Oracle White Paper July 2012 Security in Private Database Clouds Executive Summary... 3 Commonly Accepted Security Practices and Philosophies... 4 Principal of Least Privilege... 4 Defense-in-Depth...
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationCloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationSecurity & Cloud Services IAN KAYNE
Security & Cloud Services IAN KAYNE CloudComponents CLOUD SERVICES Dynamically scalable infrastructure, services and software based on broad network accessibility NETWORK ACCESS INTERNAL ESTATE CloudComponents
More informationStrategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security
Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities
More informationHayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks
EXTENDING ACCESS WHILE ENHANCING CONTROL FOR YOUR ORGANIZATION S DATA LEVERAGE THE POWER OF F5 AND ORACLE TO DELIVER SECURE ACCESS TO APPLICATIONS AND DATABASES Hayri Tarhan, Sr. Manager, Public Sector
More informationHow To Achieve Pca Compliance With Redhat Enterprise Linux
Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving
More informationSecure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com
Secure Multi Tenancy In the Cloud Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com At-a-Glance Trends Do MORE with LESS Increased Insider Threat Increasing IT spend on cloud
More informationEffective End-to-End Cloud Security
Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of
More informationMaking Data Security The Foundation Of Your Virtualization Infrastructure
Making Data Security The Foundation Of Your Virtualization Infrastructure by Dave Shackleford hytrust.com Cloud Under Control P: P: 650.681.8100 Securing data has never been an easy task. Its challenges
More informationHIPAA Compliant Infrastructure Services. Real Security Outcomes. Delivered.
Real Security Outcomes. Delivered. Deploying healthcare and healthcare related services to the cloud can be frightening. The requirements of HIPAA can be difficult to navigate, and while many vendors claim
More informationSecure & Unified Identity
Secure & Unified Identity for End Users & Privileged Users Copyright 2015 Centrify Corporation. All Rights Reserved. 1 Identity at Center of Cyber Attacks PRIVILEGED USERS END USERS Copyright 2015 Centrify
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationKent State University s Cloud Strategy
Kent State University s Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology
More informationCopyright 2013 enstratius, Inc.
The Enterprise Cloud Management Solution Copyright 2013 enstratius, Inc. Enstratius is a cloud infrastructure management solution for deploying and managing enterprise-class applications in public, private
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationPCI DSS Virtualization Guidelines. Information Supplement: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: June 2011
Standard: Version: 2.0 Date: June 2011 Author: PCI Data Security Standard (PCI DSS) Virtualization Special Interest Group PCI Security Standards Council Information Supplement: PCI DSS Virtualization Guidelines
More informationAddressing Cloud Computing Security Considerations
Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft
More informationHow to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications
SOLUTION BRIEF: PROTECTING ACCESS TO THE CLOUD........................................ How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications Who should read this
More informationHow To Manage A Cloud System
Understanding Enterprise Cloud Management What You Need to Know About Managing Your Cloud Applications Enterprise Cloud Management New applications, driven largely by the economics of cloud computing,
More informationPrivate Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.
Private Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Cloud computing has completely transformed the way business organizations
More informationCLOUDFORMS Open Hybrid Cloud
Open Hybrid Cloud Cloud Evolution statt Cloud Revolution Lutz Lange, RHCA, Solution Architect, Red Hat Frank Rosendahl, RHCA, Solution Architect, DASEQ GmbH Cloud Operations Management Delivers an Open
More informationKonsolidacija podatkov v oblaku znotraj organizacije
Konsolidacija podatkov v oblaku znotraj organizacije Robert Korošec Oracle 1 Copyright 2013, Oracle and/or its affiliates. All rights reserved. Deployment Models: Private, Public, Hybrid Exclusive Shared
More informationEnterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.
ENTERPRISE MONITORING & LIFECYCLE MANAGEMENT Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationTop virtualization security risks and how to prevent them
E-Guide Top virtualization security risks and how to prevent them There are multiple attack avenues in virtual environments, but this tip highlights the most common threats that are likely to be experienced
More informationVirtualization and IaaS management
CLOUDFORMS Virtualization and IaaS management Calvin Smith, Senior Solutions Architect calvin@redhat.com VIRTUALIZATION TO CLOUD CONTINUUM Virtual Infrastructure Management Drivers Server Virtualization
More informationArchitecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud
Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics
More informationHybrid (Cloud) Computing
Pramak 1 Overview Hybrid (Cloud) Computing Hybrid computing is the use different models of computing to achieve one s end goals. These models of computing might work together in a single workflow or individually
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationPublic Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.
Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value
More informationProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary
VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION
More informationTHOUGHT LEADERSHIP. Journey to Cloud 9. Navigating a path to secure cloud computing. Alastair Broom Solutions Director, Integralis
Journey to Cloud 9 Navigating a path to secure cloud computing Alastair Broom Solutions Director, Integralis March 2012 Navigating a path to secure cloud computing 2 Living on Cloud 9 Cloud computing represents
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationLecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
More informationIBM Security in the Cloud
Cesare Radaelli Security Tiger Team Leader, Italy IBM Security Solutions IBM Security in the Cloud What is cloud computing? Cloud is an emerging consumption and delivery model for many IT-based services,
More informationH Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments
H Y T RUST: S OLUTION B RIEF Solve the Nosy Neighbor Problem in Multi-Tenant Environments Summary A private cloud with multiple tenants such as business units of an enterprise or customers of a cloud service
More informationSecurity Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)
Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security
More informationHow does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1
How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management
More informationFACING SECURITY CHALLENGES
24 July 2013 TimeTec Cloud Security FACING SECURITY CHALLENGES HEAD-ON - by Mr. Daryl Choo, Chief Information Officer, FingerTec HQ Cloud usage and trend Cloud Computing is getting more common nowadays
More informationSecuring the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC
Securing the Journey to the Private Cloud Dominique Dessy RSA, the Security Division of EMC June 2010 Securing the Journey to The Private Cloud The Journey IT Production Business Production IT-As-A-Service
More informationVistara Lifecycle Management
Vistara Lifecycle Management Solution Brief Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationUnified Identity Management
Unified Identity Management Across Data Center, Cloud and Mobile Enterprise of Things = More Complexity DESKTOPS + MOBILE DATA CENTER APPS CLOUD (SaaS) by Red Hat + DATA CENTER SERVERS + CLOUD (IaaS &
More informationAccenture Cloud Platform Unlocks Agility and Control
Accenture Cloud Platform Unlocks Agility and Control 2 Accenture Cloud Platform Unlocks Agility and Control The Accenture Cloud Platform is at the heart of today s leading-edge, enterprise cloud solutions.
More informationThe Cloud, Virtualization, and Security
A Cloud: Large groups of remote servers that are networked to allow centralized, shared data storage and online access to computer services or resources A Cloud: Large groups of remote servers that are
More informationHow To Monitor Hybrid It From A Hybrid Environment
IT Monitoring for the Hybrid Enterprise With a Look at ScienceLogic Perspective 2012 Neovise, LLC. All Rights Reserved. Report Published April, 2015 Hybrid IT Goes Mainstream Enterprises everywhere are
More informationPrivate/hybrid cloud management platform: HP Cloud Service Automation
Private/hybrid cloud management platform: HP Cloud Service Automation Neelam Chakrabarty Sr. Product Mktg. Manager Jan. 23, 2013 Customer challenges Speed innovation Enhance agility Improve financial management
More informationHow to Grow and Transform your Security Program into the Cloud
How to Grow and Transform your Security Program into the Cloud Wolfgang Kandek Qualys, Inc. Session ID: SPO-207 Session Classification: Intermediate Agenda Introduction Fundamentals of Vulnerability Management
More informationPublic Cloud Security: Surviving in a Hostile Multitenant Environment
Public Cloud Security: Surviving in a Hostile Multitenant Environment SESSION ID: EXP-R01 Mark Russinovich Technical Fellow Windows Azure, Microsoft @markrussinovich The Third Computing Era Security Could
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationCloud computing: benefits, risks and recommendations for information security
Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationBuilding Docker Cloud Services with Virtuozzo
Building Docker Cloud Services with Virtuozzo Improving security and performance of application containers services in the cloud EXECUTIVE SUMMARY Application containers, and Docker in particular, are
More informationIntel IT Cloud 2013 and Beyond. Name Title Month, Day 2013
Intel IT Cloud 2013 and Beyond Name Title Month, Day 2013 Legal Notices This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Intel and the
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationCloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
More information8070.S000 Application Security
8070.S000 Application Security Last Revised: 02/26/15 Final 02/26/15 REVISION CONTROL Document Title: Author: File Reference: Application Security Information Security 8070.S000_Application_Security.docx
More informationBuilding Energy Security Framework
Building Energy Security Framework Philosophy, Design, and Implementation Building Energy manages multiple subsets of customer data. Customers have strict requirements for regulatory compliance, privacy
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationCloud Courses Description
Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationSECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP
SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson
More informationMedia Shuttle s Defense-in- Depth Security Strategy
Media Shuttle s Defense-in- Depth Security Strategy Introduction When you are in the midst of the creative flow and tedious editorial process of a big project, the security of your files as they pass among
More informationThird Party Cloud Services Its Adoption in the New Age
Solutions for higher performance! Third Party Cloud Services Its Adoption in the New Age 1 Introduction Cloud computing is the delivery of computing services over the Internet. Cloud services allow individuals
More informationIaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures
IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF Introduction
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationMicrosoft SharePoint Architectural Models
Microsoft SharePoint This topic is 1 of 5 in a series Introduction to Fundamental SharePoint This series is intended to raise awareness of the different fundamental architectural models through which SharePoint
More informationSecurity Issues in Cloud Computing
Security Issues in Cloud Computing Dr. A. Askarunisa Professor and Head Vickram College of Engineering, Madurai, Tamilnadu, India N.Ganesh Sr.Lecturer Vickram College of Engineering, Madurai, Tamilnadu,
More informationCompTIA Cloud+ 9318; 5 Days, Instructor-led
CompTIA Cloud+ 9318; 5 Days, Instructor-led Course Description The CompTIA Cloud+ certification validates the knowledge and best practices required of IT practitioners working in cloud computing environments,
More informationService Orchestration
June 2015 Service Orchestration Infos and Use Cases Falko Dautel Robert Thullner Agenda + Overview + Use Cases & Demos VM Provisioning with ServiceNow Employee Onboarding + Summary + Questions & Answers
More informationHow to survive in a world of Virtualization and Cloud Computing, where you even can t trust your own environment anymore. Raimund Genes, CTO
How to survive in a world of Virtualization and Cloud Computing, where you even can t trust your own environment anymore. Raimund Genes, CTO Data everywhere but protection? Unprotected Data Needing Protection
More informationNCTA Cloud Architecture
NCTA Cloud Architecture Course Specifications Course Number: 093019 Course Length: 5 days Course Description Target Student: This course is designed for system administrators who wish to plan, design,
More informationProtecting Sensitive Data Reducing Risk with Oracle Database Security
Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database
More informationSolution Guide Parallels Virtualization for Linux
Solution Guide Parallels Virtualization for Linux Overview Created in 1991, Linux was designed to be UNIX-compatible software that was composed entirely of open source or free software components. Linux
More informationCompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:
CompTIA Cloud+ Length: 5 Days Who Should Attend: Project manager, cloud computing services Cloud engineer Manager, data center SAN Business analyst, cloud computing Summary: The CompTIA Cloud+ certification
More informationA Look at the New Converged Data Center
Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable
More informationOracle Cloud Computing Strategy
Oracle Cloud Computing Strategy Han Wammes Public Sector Market Development Manager 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Safe Harbor Statement The following is intended
More informationWhy a Server Infrastructure Refresh Now and Why Dell?
Why a Server Infrastructure Refresh Now and Why Dell? In This Paper Outdated server infrastructure contributes to operating inefficiencies, lost productivity, and vulnerabilities Worse, existing infrastructure
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationCLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM
CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material
More informationmanaging SSO with shared credentials
managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout
More informationNext Generation Now: Red Hat Enterprise Linux 6 Virtualization A Unique Cloud Approach. Jeff Ruby Channel Manager jruby@redhat.com
Next Generation Now: Virtualization A Unique Cloud Approach Jeff Ruby Channel Manager jruby@redhat.com Introducing Extensive improvements in every dimension Efficiency, scalability and reliability Unprecedented
More informationStephen Coty Director, Threat Research
Emerging threats facing Cloud Computing Stephen Coty Director, Threat Research Cloud Environments 101 Cloud Adoption is Gaining Momentum Cloud market revenue will increase at a 36% annual rate Analyst
More informationIdentity & Access Management in the Cloud: Fewer passwords, more productivity
WHITE PAPER Strategic Marketing Services Identity & Access Management in the Cloud: Fewer passwords, more productivity Cloud services are a natural for small and midsize businesses, with their ability
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Security Inside-Out with Oracle Database 12c Denise Mallin, CISSP Oracle Enterprise Architect - Security The following is intended to outline our general product direction. It is intended for information
More informationSecure Cloud Computing
Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for
More informationnext generation privilege identity management
next generation privilege identity management Nowadays enterprise IT teams are focused on adopting and supporting newer devices, applications and platforms to address business needs and keep up pace with
More informationWhere are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players
The Current and Future State of IT When, Where, and How To Leverage the The and the Players Software as a Service Citrix VMWare Google SalesForce.com Created and Presented by: Rand Morimoto, Ph.D., MCITP,
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationVirtualization and Cloud: Orchestration, Automation, and Security Gaps
Virtualization and Cloud: Orchestration, Automation, and Security Gaps SESSION ID: CSV-R02 Dave Shackleford Founder & Principal Consultant Voodoo Security @daveshackleford Introduction Private cloud implementations
More informationCloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security
Russ Dietz Vice President & Chief Technology Officer Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security By Russ Dietz Vice President & Chief
More informationCloud security architecture
ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide
More informationCentrify Cloud Connector Deployment Guide
C E N T R I F Y D E P L O Y M E N T G U I D E Centrify Cloud Connector Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as
More informationRadware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical
Radware ADC-VX Solution The Agility of Virtual; The Predictability of Physical Table of Contents General... 3 Virtualization and consolidation trends in the data centers... 3 How virtualization and consolidation
More informationDevOps Course Content
DevOps Course Content INTRODUCTION TO DEVOPS What is DevOps? History of DevOps Dev and Ops DevOps definitions DevOps and Software Development Life Cycle DevOps main objectives Infrastructure As A Code
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More information