Swisscom Cloud. Building a secure cloud. SIGS, 09.09.2014 Christof Jungo



Similar documents
Cloud Security Axians Carrier & Broadband Days. Christof Jungo C1, Public (Axians Carrier Days) September 15 Darmstadt

Security & Cloud Services IAN KAYNE

Software Define Storage (SDs) and its application to an Openstack Software Defined Infrastructure (SDi) implementation

Index. BIOS rootkit, 119 Broad network access, 107

Security Considerations in Cloud Deployments Matthew Garrett

Clodoaldo Barrera Chief Technical Strategist IBM System Storage. Making a successful transition to Software Defined Storage

Converged Infrastructure to Private Cloud

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

How to survive in a world of Virtualization and Cloud Computing, where you even can t trust your own environment anymore. Raimund Genes, CTO

Securing the Physical, Virtual, Cloud Continuum

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

Cloud Courses Description

Microsoft Private Cloud

How the Software-Defined Data Center Is Transforming End User Computing

Cloud Computing, Virtualization & Green IT

Cloud Courses Description

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

Cloud Security:Threats & Mitgations

From Virtualized to ITaaS. Copyright 2011 EMC Corporation. All rights reserved.

Cloud Security Introduction and Overview

Netzwerkvirtualisierung? Aber mit Sicherheit!

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Running Mission-Critical Enterprise Applications in Private and Hybrid Cloud Environments

A Look at the New Converged Data Center

Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc.

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Security Issues in Cloud Computing

SDN/Virtualization and Cloud Computing

Realizing the Benefits of Hybrid Cloud. Anand MS Cloud Solutions Architect Microsoft Asia Pacific

Agile Cloud Architecture for TDM and Architects

Covering my IaaS: Security and Extending the Datacenter. Brian Bourne Tadd Axon

Oracle Virtualization Strategy and Roadmap

Mit Soft- & Hardware zum Erfolg. Giuseppe Paletta

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Security Models for Cloud. Kurtis E. Minder, CISSP

Cloud Data Security and the Insider Threat

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

Restricted Document. Pulsant Technical Specification

International Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: , Volume-1, Issue-5, February 2014

Private Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Cloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security

VMware Software-Defined Storage Vision

Dalla Virtualizzazione al Private Cloud: efficienza aziendale attraverso un IT agile

IBM EXAM QUESTIONS & ANSWERS

PISTON CLOUDOS WITH OPENSTACK: TURN-KEY WEB-SCALE INFRASTRUCTURE SOFTWARE. Easy. CloudOS Compendium TECHNICAL WHITEPAPER

Protect Root Abuse privilege on Hypervisor (Cloud Security)

Microsoft System Center Datacentre to Desktop Management. Andrew Kosmadakis Mark Fenwick August 2011

Cloud computing: the IBM point of view

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH Agenda. Security Cases What is Cloud? Road Map Security Concerns

PCI DSS Virtualization Guidelines. Information Supplement: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: June 2011

Virtualization in a Multipurpose Commercial Data Center

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

Why Private Cloud? Nenad BUNCIC VPSI 29-JUNE-2015 EPFL, SI-EXHEB

Software Defined Environments

Services Provider License Agreement Cloud Platform Suite & Guest

Konsolidacija podatkov v oblaku znotraj organizacije

Cloud Computing Security Issues

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Service Automation to implement and operate your Cloud initiatives

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC

FROM A RIGID ECOSYSTEM TO A LOGICAL AND FLEXIBLE ENTITY: THE SOFTWARE- DEFINED DATA CENTRE

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant

Office of the Government Chief Information Officer The Government of the Hong Kong Special Administrative Region

Designing Virtual Network Security Architectures Dave Shackleford

IBM Cloud Computing for SAP IBM Corporation

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

Remote Voting Conference

Cisco Network Services Manager 5.0

Security Threats in Cloud Computing Environments 1

Managed Cloud Services

SECURITY MODELS FOR CLOUD Kurtis E. Minder, CISSP

<Insert Picture Here> Enabling Cloud Deployments with Oracle Virtualization

MPSTOR Technology Overview

College Training Program

Develop a process for applying updates to systems, including verifying properties of the update. Create File Systems

Cloud Security: An Independent Assessent

Ahead of the threat with Security Intelligence

Making Data Security The Foundation Of Your Virtualization Infrastructure

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

Securing Oracle E-Business Suite in the Cloud

Where every interaction matters.

CLOUD COMPUTING OVERVIEW

Cisco Intercloud Fabric for Business

The Private Cloud Your Controlled Access Infrastructure

Application Centric Cloud Solutions. Fast IT! Stefan Ruoss Business Consultant Fast IT! Datacenter Technology Team

David Corriveau, CEO Radix Technologies. Copyright 2011 Radix Technologies

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Effective End-to-End Cloud Security

Cloud Security Who do you trust?

Operationalize Policies. Take Action. Establish Policies. Opportunity to use same tools and practices from desktop management in server environment

FACING SECURITY CHALLENGES

(R)Evolution im Software Defined Datacenter Hyper-Converged Infrastructure

Overcoming Security Challenges to Virtualize Internet-facing Applications

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

CompTIA Cloud+ 9318; 5 Days, Instructor-led

Not for distribution or reproduction.

Secure Cloud Computing

Virtualization and IaaS management

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:

Transcription:

Swisscom Cloud Building a secure cloud SIGS, 09.09.2014 Christof Jungo

Cloud What is changing? 2 Enterprise Datacenter High secure tier 3 & 4 Server typ Processor architecture: various Baremetal & virtual (vmware) Static ressource allocation OS: various UNIX & Windows Storage SAN & NAS Connectivity Physical switches & router Network perimeter (3 tier model) Physical appliances (network) Host based security Encrypted data in motion Cloud Datacenter Tier 2 (MDL) -> Tier 4 (Banking) Server typ Processor architecure: x86 Virtual (vmware, Openstack) Elastic ressource allocation OS: RHEL6+, W2K8+ Storage Software defined storage (SDS) Connectivity Software defined network (SDN) Workload based security model Software based applicances Encrypted data at rest & in motion

Cloud Operation Operation Business Integration Cloud Overall architecture 3 Access Layer Enterprise Management Client Web Portals Admin Reseller Customer Developer Service Abstraction Operation Layer Service Management & Automation Dynamic Services (DCS) Software Services (SaaS) Elastic Plattform Services (PaaS) Monitoring & Metering Hardware Abstraction Hardware Ressource Layer

Threat model More virtualisation, more software, more threats 4 A threat model should include all the different scenarios covering banking grade services, my digital life and everything in between. Identity & Access Insecure storage of identities and personal data Data theft, loss and leakage PKI infrastructure threats Cross-user attacks Breach of administrative layer Elevation of privileges in user self service Elevation of privileges in administration SIEM (security incident & event mgmt) Manipulation of alerting, audit-log and monitoring Configuration Badly configured or programmed software Control layer bypass Breach of administrative layer Insufficient security features Hypervisor breaches Side Channel Attacks Abuse and harmful use of cloud computing Misconfiguration of the cloud environment Bad or missing asset management

Cloud Development topics 5

Cloud Operation Operation Business Integration Trusted environment Secure boot & remote attestation 6 Access Layer Enterprise Management Client Web Portals Admin Reseller Customer Developer Service Abstraction Operation Layer Service Management & Automation Dynamic Services (DCS) Software Services (SaaS) Elastic Plattform Services (PaaS) Monitoring & Metering Hardware Abstraction Hardware Ressource Layer

Cloud Operation Operation Business Integration Encryption by default Self encrypted drives 7 Access Layer Enterprise Management Client Web Portals Admin Reseller Customer Developer Service Abstraction Operation Layer Service Management & Automation Dynamic Services (DCS) Software Services (SaaS) Elastic Plattform Services (PaaS) Monitoring & Metering Hardware Abstraction Hardware Ressource Layer

Cloud Operation Operation Business Integration Secure software development coverage 8 Access Layer Enterprise Management Client Web Portals Admin Reseller Customer Developer Service Abstraction Operation Layer Service Management & Automation Dynamic Services (DCS) Software Services (SaaS) Elastic Plattform Services (PaaS) Monitoring & Metering Hardware Abstraction Hardware Ressource Layer

Secure software development Test results of cloud software components 9

Cloud Operation Operation Business Integration Dynamic workload protection Protection each workload indiviually 10 Access Layer Enterprise Management Client Web Portals Admin Reseller Customer Developer Service Abstraction Operation Layer Service Management & Automation Dynamic Services (DCS) Software Services (SaaS) Elastic Plattform Services (PaaS) Monitoring & Metering Hardware Abstraction Hardware Ressource Layer

Dynamic workload protection system 11 Threat level Governments Advanced Terrorism Organized Crime Hacktivist Skript Kiddies Persistent Threats Toolkit based approach Mitigation functions lookup Solution Pool function 1 Vendor A Vendor B Vendor C function 2 Vendor C Vendor E Vendor F function 3 Vendor A Vendor E Vendor G Continuous testing Application Provisioning of security function

Summary & Questions

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information